From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 615B03858CDA for ; Tue, 28 Mar 2023 08:04:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 615B03858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1679990680; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type; bh=XbaRvXa/Q5eLQwQ/we2xOIGb9CD0vYQt19DTSBFDLYw=; b=TINsURiXDmFkHUAp9nuAaZI7GdGu9H+qjvzqpLTmgEX6NUPgIlserxObHcCalvobRnPNNd xnMbjQFrbVXuDmFkEEIJUIAt89xe2zpn+4ESjGKZTThZSm4ur1imYlYehrIMkiageMIMT7 fQnrMbFzz7gEF9mhpcSH7A/lQBy35Sg= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-382-wm8zMZHVOcG5U_Qbxz69jQ-1; Tue, 28 Mar 2023 04:04:38 -0400 X-MC-Unique: wm8zMZHVOcG5U_Qbxz69jQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7440180C8C1; Tue, 28 Mar 2023 08:04:38 +0000 (UTC) Received: from tucnak.zalov.cz (unknown [10.39.192.16]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3702DC15BA0; Tue, 28 Mar 2023 08:04:38 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.17.1/8.17.1) with ESMTPS id 32S84Zaf1441980 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 28 Mar 2023 10:04:35 +0200 Received: (from jakub@localhost) by tucnak.zalov.cz (8.17.1/8.17.1/Submit) id 32S84YsW1441979; Tue, 28 Mar 2023 10:04:34 +0200 Date: Tue, 28 Mar 2023 10:04:34 +0200 From: Jakub Jelinek To: Richard Biener Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] sanopt: Return TODO_cleanup_cfg if any .{UB,HWA,A}SAN_* calls were lowered [PR106190] Message-ID: Reply-To: Jakub Jelinek MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi! The following testcase ICEs, because without optimization eh lowering decides not to duplicate finally block of try/finally and so we end up with variable guarded cleanup. The sanopt pass creates a cfg that ought to be cleaned up (some IFN_UBSAN_* functions are lowered in this case with constant conditions in gcond and when not allowing recovery some bbs which end with noreturn calls actually have successor edges), but the cfg cleanup is actually (it is -O0) done only during the optimized pass. We notice there that the d[1][a] = 0; statement which has an EH edge is unreachable (because ubsan would always abort on the out of bounds d[1] access), remove the EH landing pad and block, but because that block just sets a variable and jumps to another one which tests that variable and that one is reachable from normal control flow, the __builtin_eh_pointer (1) later in there is kept in the IL and we ICE during expansion of that statement because the EH region has been removed. The following patch fixes it by doing the cfg cleanup already during sanopt pass if we create something that might need it, while the EH landing pad is then removed already during sanopt pass, there is ehcleanup later and we don't ICE anymore. Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? 2023-03-28 Jakub Jelinek PR middle-end/106190 * sanopt.cc (pass_sanopt::execute): Return TODO_cleanup_cfg if any of the IFN_{UB,HWA,A}SAN_* internal fns are lowered. * gcc.dg/asan/pr106190.c: New test. --- gcc/sanopt.cc.jj 2023-02-15 09:23:27.832389821 +0100 +++ gcc/sanopt.cc 2023-03-27 16:00:23.758621014 +0200 @@ -1300,6 +1300,7 @@ pass_sanopt::execute (function *fun) basic_block bb; int asan_num_accesses = 0; bool contains_asan_mark = false; + int ret = 0; /* Try to remove redundant checks. */ if (optimize @@ -1352,6 +1353,7 @@ pass_sanopt::execute (function *fun) if (gimple_call_internal_p (stmt)) { enum internal_fn ifn = gimple_call_internal_fn (stmt); + int this_ret = TODO_cleanup_cfg; switch (ifn) { case IFN_UBSAN_NULL: @@ -1387,8 +1389,10 @@ pass_sanopt::execute (function *fun) no_next = hwasan_expand_mark_ifn (&gsi); break; default: + this_ret = 0; break; } + ret |= this_ret; } else if (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) { @@ -1418,7 +1422,7 @@ pass_sanopt::execute (function *fun) if (need_commit_edge_insert) gsi_commit_edge_inserts (); - return 0; + return ret; } } // anon namespace --- gcc/testsuite/gcc.dg/asan/pr106190.c.jj 2023-03-27 16:50:15.685501029 +0200 +++ gcc/testsuite/gcc.dg/asan/pr106190.c 2023-03-27 16:51:25.187499082 +0200 @@ -0,0 +1,15 @@ +/* PR middle-end/106190 */ +/* { dg-do compile } */ +/* { dg-options "-fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all" } */ + +int +main () +{ + int a; + int *b[1]; + int c[10]; + int d[1][1]; + for (a = 0; a < 1; a++) + d[1][a] = 0; + return 0; +} Jakub