[PATCH RFA] ubsan: -Wreturn-type and ubsan trap-on-error

[PATCH RFA] ubsan: -Wreturn-type and ubsan trap-on-error

[Jason Merrill]

I noticed that -fsanitize=undefined -fsanitize-undefined-trap-on-error was
omitting the usual -Wreturn-type warning for control flowing off the end of
a function.  This was because the warning code was looking for calls either
to __builtin_unreachable or the UBSan function, but these flags produce a
call to __builtin_trap instead.

Tested x86_64-pc-linux-gnu, OK for trunk?

gcc/c-family/ChangeLog:

	* c-ubsan.cc (ubsan_instrument_return): Use BUILTINS_LOCATION.

gcc/ChangeLog:

	* tree-cfg.cc (pass_warn_function_return::execute): Also check
	BUILT_IN_TRAP.

gcc/testsuite/ChangeLog:

	* g++.dg/ubsan/return-8.C: New test.
---
 gcc/c-family/c-ubsan.cc               | 4 +++-
 gcc/testsuite/g++.dg/ubsan/return-8.C | 9 +++++++++
 gcc/tree-cfg.cc                       | 5 +++--
 3 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/g++.dg/ubsan/return-8.C

diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 48f948745f8..a2cd8fb3262 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -308,7 +308,9 @@ tree
 ubsan_instrument_return (location_t loc)
 {
   if (flag_sanitize_undefined_trap_on_error)
-    return build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
+    return build_call_expr_loc
+      /* pass_warn_function_return checks for BUILTINS_LOCATION.  */
+      (BUILTINS_LOCATION, builtin_decl_explicit (BUILT_IN_TRAP), 0);
 
   tree data = ubsan_create_data ("__ubsan_missing_return_data", 1, &loc,
 				 NULL_TREE, NULL_TREE);
diff --git a/gcc/testsuite/g++.dg/ubsan/return-8.C b/gcc/testsuite/g++.dg/ubsan/return-8.C
new file mode 100644
index 00000000000..354c96098d2
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/return-8.C
@@ -0,0 +1,9 @@
+// { dg-additional-options "-fsanitize=undefined -fsanitize-undefined-trap-on-error" }
+
+bool b;
+
+int f() {
+  if (b) return 42;
+}			// { dg-warning "-Wreturn-type" }
+
+int main() { f(); }
diff --git a/gcc/tree-cfg.cc b/gcc/tree-cfg.cc
index 9e5d84a9805..c67c278dad0 100644
--- a/gcc/tree-cfg.cc
+++ b/gcc/tree-cfg.cc
@@ -9543,7 +9543,7 @@ pass_warn_function_return::execute (function *fun)
 	}
       /* The C++ FE turns fallthrough from the end of non-void function
 	 into __builtin_unreachable () call with BUILTINS_LOCATION.
-	 Recognize those too.  */
+	 Recognize those as well as calls from ubsan_instrument_return.  */
       basic_block bb;
       if (!warning_suppressed_p (fun->decl, OPT_Wreturn_type))
 	FOR_EACH_BB_FN (bb, fun)
@@ -9555,7 +9555,8 @@ pass_warn_function_return::execute (function *fun)
 	      if (last
 		  && ((LOCATION_LOCUS (gimple_location (last))
 		       == BUILTINS_LOCATION
-		       && gimple_call_builtin_p (last, BUILT_IN_UNREACHABLE))
+		       && (gimple_call_builtin_p (last, BUILT_IN_UNREACHABLE)
+			   || gimple_call_builtin_p (last, BUILT_IN_TRAP)))
 		      || gimple_call_builtin_p (last, ubsan_missing_ret)))
 		{
 		  gimple_stmt_iterator gsi = gsi_for_stmt (last);

base-commit: 13ea4a6e830da1f245136601e636dec62e74d1a7
-- 
2.27.0

Re: [PATCH RFA] ubsan: -Wreturn-type and ubsan trap-on-error

[Jakub Jelinek]

On Mon, Jun 13, 2022 at 03:38:23PM -0400, Jason Merrill via Gcc-patches wrote:
> I noticed that -fsanitize=undefined -fsanitize-undefined-trap-on-error was
> omitting the usual -Wreturn-type warning for control flowing off the end of
> a function.  This was because the warning code was looking for calls either
> to __builtin_unreachable or the UBSan function, but these flags produce a
> call to __builtin_trap instead.
> 
> Tested x86_64-pc-linux-gnu, OK for trunk?
> 
> gcc/c-family/ChangeLog:
> 
> 	* c-ubsan.cc (ubsan_instrument_return): Use BUILTINS_LOCATION.
> 
> gcc/ChangeLog:
> 
> 	* tree-cfg.cc (pass_warn_function_return::execute): Also check
> 	BUILT_IN_TRAP.
> 
> gcc/testsuite/ChangeLog:
> 
> 	* g++.dg/ubsan/return-8.C: New test.

LGTM.

	Jakub