[PATCH] Fix ubsan type reporting (PR tree-optimization/65709)

[PATCH] Fix ubsan type reporting (PR tree-optimization/65709)

[Jakub Jelinek]

Hi!

As can be seen on the following testcase, instrument_mem_ref (for
both -fsanitize=alignment and -fsanitize=null) has been using wrong type
to find out what is the access type - instead of the type of MEM_REF
which is the access type it was using the TREE_TYPE of MEM_REF's argument
type, which can be some arbitrary other type, either due to type punning,
or if it is a SSA_NAME it can be random other type because most pointer
types are considered type compatible in GIMPLE.

Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
trunk?

2015-04-09  Jakub Jelinek  <jakub@redhat.com>

	PR tree-optimization/65709
	* ubsan.c (instrument_mem_ref): Use TREE_TYPE (base) instead of
	TREE_TYPE (TREE_TYPE (t)).

	* c-c++-common/ubsan/align-9.c: New test.

--- gcc/ubsan.c.jj	2015-03-27 10:48:33.000000000 +0100
+++ gcc/ubsan.c	2015-04-09 10:05:48.841221438 +0200
@@ -1232,9 +1232,9 @@ instrument_mem_ref (tree mem, tree base,
   tree t = TREE_OPERAND (base, 0);
   if (!POINTER_TYPE_P (TREE_TYPE (t)))
     return;
-  if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (TREE_TYPE (t))) && mem != base)
+  if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (base)) && mem != base)
     ikind = UBSAN_MEMBER_ACCESS;
-  tree kind = build_int_cst (TREE_TYPE (t), ikind);
+  tree kind = build_int_cst (build_pointer_type (TREE_TYPE (base)), ikind);
   tree alignt = build_int_cst (pointer_sized_int_node, align);
   gcall *g = gimple_build_call_internal (IFN_UBSAN_NULL, 3, t, kind, alignt);
   gimple_set_location (g, gimple_location (gsi_stmt (*iter)));
--- gcc/testsuite/c-c++-common/ubsan/align-9.c.jj	2015-04-09 10:11:15.227973011 +0200
+++ gcc/testsuite/c-c++-common/ubsan/align-9.c	2015-04-09 10:13:16.857017169 +0200
@@ -0,0 +1,21 @@
+/* Limit this to known non-strict alignment targets.  */
+/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */
+/* { dg-options "-O2 -fsanitize=alignment -fsanitize-recover=alignment" } */
+
+__attribute__((noinline, noclone)) void
+foo (void *p, const void *q)
+{
+  *(long int *) p = *(const long int *) q;
+}
+
+int
+main ()
+{
+  struct S { long c; char f[64]; char d; char e[2 * sizeof (long)]; char g[64]; } s;
+  __builtin_memset (&s, '\0', sizeof s);
+  foo (&s.e[0], &s.e[sizeof (long)]);
+  return 0;
+}
+
+/* { dg-output "\.c:8:\[0-9]*: \[^\n\r]*load of misaligned address 0x\[0-9a-fA-F]* for type 'const long int', which requires \[48] byte alignment.*" } */
+/* { dg-output "\.c:8:\[0-9]*: \[^\n\r]*store to misaligned address 0x\[0-9a-fA-F]* for type 'long int', which requires \[48] byte alignment" } */

	Jakub

Re: [PATCH] Fix ubsan type reporting (PR tree-optimization/65709)

[Richard Biener]

On April 9, 2015 8:11:22 PM GMT+02:00, Jakub Jelinek <jakub@redhat.com> wrote:
>Hi!
>
>As can be seen on the following testcase, instrument_mem_ref (for
>both -fsanitize=alignment and -fsanitize=null) has been using wrong
>type
>to find out what is the access type - instead of the type of MEM_REF
>which is the access type it was using the TREE_TYPE of MEM_REF's
>argument
>type, which can be some arbitrary other type, either due to type
>punning,
>or if it is a SSA_NAME it can be random other type because most pointer
>types are considered type compatible in GIMPLE.
>
>Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok
>for
>trunk?

OK.

Thanks,
Richard.

>2015-04-09  Jakub Jelinek  <jakub@redhat.com>
>
>	PR tree-optimization/65709
>	* ubsan.c (instrument_mem_ref): Use TREE_TYPE (base) instead of
>	TREE_TYPE (TREE_TYPE (t)).
>
>	* c-c++-common/ubsan/align-9.c: New test.
>
>--- gcc/ubsan.c.jj	2015-03-27 10:48:33.000000000 +0100
>+++ gcc/ubsan.c	2015-04-09 10:05:48.841221438 +0200
>@@ -1232,9 +1232,9 @@ instrument_mem_ref (tree mem, tree base,
>   tree t = TREE_OPERAND (base, 0);
>   if (!POINTER_TYPE_P (TREE_TYPE (t)))
>     return;
>-  if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (TREE_TYPE (t))) && mem !=
>base)
>+  if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (base)) && mem != base)
>     ikind = UBSAN_MEMBER_ACCESS;
>-  tree kind = build_int_cst (TREE_TYPE (t), ikind);
>+  tree kind = build_int_cst (build_pointer_type (TREE_TYPE (base)),
>ikind);
>   tree alignt = build_int_cst (pointer_sized_int_node, align);
>gcall *g = gimple_build_call_internal (IFN_UBSAN_NULL, 3, t, kind,
>alignt);
>   gimple_set_location (g, gimple_location (gsi_stmt (*iter)));
>--- gcc/testsuite/c-c++-common/ubsan/align-9.c.jj	2015-04-09
>10:11:15.227973011 +0200
>+++ gcc/testsuite/c-c++-common/ubsan/align-9.c	2015-04-09
>10:13:16.857017169 +0200
>@@ -0,0 +1,21 @@
>+/* Limit this to known non-strict alignment targets.  */
>+/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */
>+/* { dg-options "-O2 -fsanitize=alignment
>-fsanitize-recover=alignment" } */
>+
>+__attribute__((noinline, noclone)) void
>+foo (void *p, const void *q)
>+{
>+  *(long int *) p = *(const long int *) q;
>+}
>+
>+int
>+main ()
>+{
>+  struct S { long c; char f[64]; char d; char e[2 * sizeof (long)];
>char g[64]; } s;
>+  __builtin_memset (&s, '\0', sizeof s);
>+  foo (&s.e[0], &s.e[sizeof (long)]);
>+  return 0;
>+}
>+
>+/* { dg-output "\.c:8:\[0-9]*: \[^\n\r]*load of misaligned address
>0x\[0-9a-fA-F]* for type 'const long int', which requires \[48] byte
>alignment.*" } */
>+/* { dg-output "\.c:8:\[0-9]*: \[^\n\r]*store to misaligned address
>0x\[0-9a-fA-F]* for type 'long int', which requires \[48] byte
>alignment" } */
>
>	Jakub