public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
From: "Martin Liška" <mliska@suse.cz>
To: Jakub Jelinek <jakub@redhat.com>
Cc: Richard Biener <richard.guenther@gmail.com>,
	GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA)
Date: Tue, 22 Nov 2016 11:55:00 -0000	[thread overview]
Message-ID: <d1728bae-3225-9c09-12f8-5e07d33049e3@suse.cz> (raw)
In-Reply-To: <20161116162841.GX3541@tucnak.redhat.com>

[-- Attachment #1: Type: text/plain, Size: 3540 bytes --]

On 11/16/2016 05:28 PM, Jakub Jelinek wrote:
> On Wed, Nov 16, 2016 at 05:01:31PM +0100, Martin Liška wrote:
>> +  use_operand_p use_p;
>> +  imm_use_iterator imm_iter;
>> +  FOR_EACH_IMM_USE_FAST (use_p, imm_iter, poisoned_var)
>> +    {
>> +      gimple *use = USE_STMT (use_p);
>> +      if (is_gimple_debug (use))
>> +	continue;
>> +
>> +      built_in_function b = (recover_p
>> +			     ? BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE_NOABORT
>> +			     : BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE);
>> +      tree fun = builtin_decl_implicit (b);
>> +      pretty_printer pp;
>> +      pp_tree_identifier (&pp, DECL_NAME (var_decl));
>> +
>> +      gcall *call = gimple_build_call (fun, 2, asan_pp_string (&pp),
>> +				       DECL_SIZE_UNIT (var_decl));
>> +      gimple_set_location (call, gimple_location (use));
>> +
>> +      /* The USE can be a gimple PHI node.  If so, insert the call on
>> +	 all edges leading to the PHI node.  */
>> +      if (is_a <gphi *> (use))
>> +	{
>> +	  gphi * phi = dyn_cast<gphi *> (use);
> 
> No space after *.

Done.

> 
>> +	  for (unsigned i = 0; i < gimple_phi_num_args (phi); ++i)
>> +	    if (gimple_phi_arg_def (phi, i) == poisoned_var)
>> +	      {
>> +		edge e = gimple_phi_arg_edge (phi, i);
>> +		gsi_insert_seq_on_edge (e, call);
>> +		*need_commit_edge_insert = true;
> 
> You clearly don't have a sufficient testsuite coverage for this,
> because this won't really work if you have more than one phi
> argument equal to poisoned_var.  Inserting the same gimple stmt
> into multiple places can't really work.  I bet you want to set
> call to NULL after the gsi_insert_seq_on_edge and before that
> call if (call == NULL) { call = gimple_build_call (...); gimple_set_location (...); }
> Or maybe gimple_copy for the 2nd etc. would work too, dunno.

I see, fixed by using gimple_copy functionality.

> 
>> +	      }
>> +	}
>> +      else
>> +	{
>> +	  gimple_stmt_iterator gsi = gsi_for_stmt (use);
>> +	  gsi_insert_before (&gsi, call, GSI_NEW_STMT);
>> +	}
>> +    }
>> +
>> +  gimple *nop = gimple_build_nop ();
>> +  SSA_NAME_IS_DEFAULT_DEF (poisoned_var) = true;
>> +  SSA_NAME_DEF_STMT (poisoned_var) = nop;
>> +  gsi_replace (iter, nop, GSI_NEW_STMT);
> 
> The last argument of gsi_replace is a bool, not GSI_*.
> But not sure how this will work anyway, I think SSA_NAME_IS_DEFAULT_DEF
> are supposed to have SSA_NAME_DEF_STMT a GIMPLE_NOP that doesn't
> have bb set, while you are putting it into the stmt sequence.
> Shouldn't you just gsi_remove iter instead?

gsi_remove does not work as a SSA name would lost a defining statement. However
setting SSA_NAME_DEF_STMT (poisoned_var) = gimple_build_nop () and removing the stmt
works fine. I haven't known that it can't belong to a BB.

Maybe we can add a verifier for that?

diff --git a/gcc/tree-ssa.c b/gcc/tree-ssa.c
index 2d9c62d..8fd4e91 100644
--- a/gcc/tree-ssa.c
+++ b/gcc/tree-ssa.c
@@ -767,6 +767,15 @@ verify_ssa_name (tree ssa_name, bool is_virtual)
       return true;
     }
 
+  if (SSA_NAME_IS_DEFAULT_DEF (ssa_name)
+      && gimple_nop_p (SSA_NAME_DEF_STMT (ssa_name))
+      && gimple_bb (SSA_NAME_DEF_STMT (ssa_name)) != NULL)
+    {
+      error ("defining statement of a default name can't belong to a basic "
+	     "block");
+      return true;
+    }
+
   return false;
 }

That can be eventually done independently.

> 
> Otherwise LGTM, but please post the asan patch to llvm-commits
> or through their web review interface.

Good, I'm going to insert the patch to the tool.

Thanks,
Martin

> 
> 	Jakub
> 


[-- Attachment #2: 0001-use-after-scope-introduce-ASAN_POISON-internal-fn-v3.patch --]
[-- Type: text/x-patch, Size: 17372 bytes --]

From da190584d091eaaa509067918de4f1f77e887484 Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 14 Nov 2016 16:49:05 +0100
Subject: [PATCH] use-after-scope: introduce ASAN_POISON internal fn

gcc/ChangeLog:

2016-11-16  Martin Liska  <mliska@suse.cz>

	* asan.c (asan_expand_poison_ifn): New function.
	* asan.h (asan_expand_poison_ifn): Declare the function.
	* internal-fn.c (expand_ASAN_POISON): New function.
	* internal-fn.def (ASAN_POISON): New internal fn.
	* sanitizer.def (BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE_NOABORT):
	New built-in.
	(BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE): Likewise.
	* sanopt.c (pass_sanopt::execute): Expand IFN_ASAN_POISON.
	* tree-ssa.c (is_asan_mark_p): New function.
	(execute_update_addresses_taken): Make local variables as not
	addressable if address of these varibles is just taken by
	ASAN_MARK.

gcc/testsuite/ChangeLog:

2016-11-16  Martin Liska  <mliska@suse.cz>

	* gcc.dg/asan/use-after-scope-3.c: Run just with -O0.
	* gcc.dg/asan/use-after-scope-9.c: Run just with -O2 and
	change expected output.
---
 gcc/asan.c                                    | 77 ++++++++++++++++++++++++++-
 gcc/asan.h                                    |  1 +
 gcc/internal-fn.c                             |  7 +++
 gcc/internal-fn.def                           |  1 +
 gcc/sanitizer.def                             |  8 +++
 gcc/sanopt.c                                  |  9 ++++
 gcc/testsuite/gcc.dg/asan/use-after-scope-3.c |  1 +
 gcc/testsuite/gcc.dg/asan/use-after-scope-9.c |  6 +--
 gcc/tree-ssa.c                                | 71 ++++++++++++++++++++----
 libsanitizer/asan/asan_errors.cc              | 21 ++++++++
 libsanitizer/asan/asan_errors.h               | 19 +++++++
 libsanitizer/asan/asan_report.cc              | 10 ++++
 libsanitizer/asan/asan_report.h               |  3 ++
 libsanitizer/asan/asan_rtl.cc                 | 16 ++++++
 14 files changed, 236 insertions(+), 14 deletions(-)

diff --git a/gcc/asan.c b/gcc/asan.c
index 6e93ea3..5bf8052 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -32,8 +32,8 @@ along with GCC; see the file COPYING3.  If not see
 #include "tree-pass.h"
 #include "memmodel.h"
 #include "tm_p.h"
+#include "ssa.h"
 #include "stringpool.h"
-#include "tree-vrp.h"
 #include "tree-ssanames.h"
 #include "optabs.h"
 #include "emit-rtl.h"
@@ -2979,6 +2979,81 @@ asan_expand_check_ifn (gimple_stmt_iterator *iter, bool use_calls)
   return true;
 }
 
+
+/* Expand the ASAN_POISON builtins.  */
+
+bool
+asan_expand_poison_ifn (gimple_stmt_iterator *iter,
+			bool *need_commit_edge_insert)
+{
+  gimple *g = gsi_stmt (*iter);
+  tree poisoned_var = gimple_call_lhs (g);
+  if (!poisoned_var)
+    {
+      gsi_remove (iter, true);
+      return true;
+    }
+
+  tree var_decl = SSA_NAME_VAR (poisoned_var);
+
+  bool recover_p;
+  if (flag_sanitize & SANITIZE_USER_ADDRESS)
+    recover_p = (flag_sanitize_recover & SANITIZE_USER_ADDRESS) != 0;
+  else
+    recover_p = (flag_sanitize_recover & SANITIZE_KERNEL_ADDRESS) != 0;
+
+  use_operand_p use_p;
+  imm_use_iterator imm_iter;
+  FOR_EACH_IMM_USE_FAST (use_p, imm_iter, poisoned_var)
+    {
+      gimple *use = USE_STMT (use_p);
+      if (is_gimple_debug (use))
+	continue;
+
+      built_in_function b = (recover_p
+			     ? BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE_NOABORT
+			     : BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE);
+      tree fun = builtin_decl_implicit (b);
+      pretty_printer pp;
+      pp_tree_identifier (&pp, DECL_NAME (var_decl));
+
+      gcall *call = gimple_build_call (fun, 2, asan_pp_string (&pp),
+				       DECL_SIZE_UNIT (var_decl));
+      gimple_set_location (call, gimple_location (use));
+      gimple *call_to_insert = call;
+
+      /* The USE can be a gimple PHI node.  If so, insert the call on
+	 all edges leading to the PHI node.  */
+      if (is_a <gphi *> (use))
+	{
+	  gphi *phi = dyn_cast<gphi *> (use);
+	  for (unsigned i = 0; i < gimple_phi_num_args (phi); ++i)
+	    if (gimple_phi_arg_def (phi, i) == poisoned_var)
+	      {
+		edge e = gimple_phi_arg_edge (phi, i);
+
+		if (call_to_insert == NULL)
+		  call_to_insert = gimple_copy (call);
+
+		gsi_insert_seq_on_edge (e, call_to_insert);
+		*need_commit_edge_insert = true;
+		call_to_insert = NULL;
+	      }
+	}
+      else
+	{
+	  gimple_stmt_iterator gsi = gsi_for_stmt (use);
+	  gsi_insert_before (&gsi, call, GSI_NEW_STMT);
+	}
+    }
+
+  SSA_NAME_IS_DEFAULT_DEF (poisoned_var) = true;
+  SSA_NAME_DEF_STMT (poisoned_var) = gimple_build_nop ();
+  gsi_remove (iter, true);
+
+  return false;
+}
+
 /* Instrument the current function.  */
 
 static unsigned int
diff --git a/gcc/asan.h b/gcc/asan.h
index 9cf5904..6c25955 100644
--- a/gcc/asan.h
+++ b/gcc/asan.h
@@ -30,6 +30,7 @@ extern void initialize_sanitizer_builtins (void);
 extern tree asan_dynamic_init_call (bool);
 extern bool asan_expand_check_ifn (gimple_stmt_iterator *, bool);
 extern bool asan_expand_mark_ifn (gimple_stmt_iterator *);
+extern bool asan_expand_poison_ifn (gimple_stmt_iterator *, bool *);
 
 extern gimple_stmt_iterator create_cond_insert_point
      (gimple_stmt_iterator *, bool, bool, bool, basic_block *, basic_block *);
diff --git a/gcc/internal-fn.c b/gcc/internal-fn.c
index ca347c5..17624e8 100644
--- a/gcc/internal-fn.c
+++ b/gcc/internal-fn.c
@@ -246,6 +246,13 @@ expand_ASAN_MARK (internal_fn, gcall *)
   gcc_unreachable ();
 }
 
+/* This should get expanded in the sanopt pass.  */
+
+static void
+expand_ASAN_POISON (internal_fn, gcall *)
+{
+  gcc_unreachable ();
+}
 
 /* This should get expanded in the tsan pass.  */
 
diff --git a/gcc/internal-fn.def b/gcc/internal-fn.def
index d1cd1a5..9454afd 100644
--- a/gcc/internal-fn.def
+++ b/gcc/internal-fn.def
@@ -159,6 +159,7 @@ DEF_INTERNAL_FN (ABNORMAL_DISPATCHER, ECF_NORETURN, NULL)
 DEF_INTERNAL_FN (BUILTIN_EXPECT, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
 DEF_INTERNAL_FN (ASAN_CHECK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R...")
 DEF_INTERNAL_FN (ASAN_MARK, ECF_LEAF | ECF_NOTHROW, ".R..")
+DEF_INTERNAL_FN (ASAN_POISON, ECF_LEAF | ECF_NOTHROW | ECF_NOVOPS, NULL)
 DEF_INTERNAL_FN (ADD_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
 DEF_INTERNAL_FN (SUB_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
 DEF_INTERNAL_FN (MUL_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
diff --git a/gcc/sanitizer.def b/gcc/sanitizer.def
index 3db08a7..068c55b 100644
--- a/gcc/sanitizer.def
+++ b/gcc/sanitizer.def
@@ -102,6 +102,14 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_REPORT_STORE_N_NOABORT,
 		      "__asan_report_store_n_noabort",
 		      BT_FN_VOID_PTR_PTRMODE,
 		      ATTR_TMPURE_NOTHROW_LEAF_LIST)
+DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE,
+		      "__asan_report_use_after_scope",
+		      BT_FN_VOID_PTR_PTRMODE,
+		      ATTR_TMPURE_NOTHROW_LEAF_LIST)
+DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_REPORT_USE_AFTER_SCOPE_NOABORT,
+		      "__asan_report_use_after_scope_noabort",
+		      BT_FN_VOID_PTR_PTRMODE,
+		      ATTR_TMPURE_NOTHROW_LEAF_LIST)
 DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_LOAD1, "__asan_load1",
 		      BT_FN_VOID_PTR, ATTR_TMPURE_NOTHROW_LEAF_LIST)
 DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_LOAD2, "__asan_load2",
diff --git a/gcc/sanopt.c b/gcc/sanopt.c
index 320e14e..77307d9 100644
--- a/gcc/sanopt.c
+++ b/gcc/sanopt.c
@@ -698,6 +698,7 @@ pass_sanopt::execute (function *fun)
   bool use_calls = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD < INT_MAX
     && asan_num_accesses >= ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
 
+  bool need_commit_edge_insert = false;
   FOR_EACH_BB_FN (bb, fun)
     {
       gimple_stmt_iterator gsi;
@@ -735,6 +736,10 @@ pass_sanopt::execute (function *fun)
 		case IFN_ASAN_MARK:
 		  no_next = asan_expand_mark_ifn (&gsi);
 		  break;
+		case IFN_ASAN_POISON:
+		  no_next = asan_expand_poison_ifn (&gsi,
+						    &need_commit_edge_insert);
+		  break;
 		default:
 		  break;
 		}
@@ -766,6 +771,10 @@ pass_sanopt::execute (function *fun)
 	    gsi_next (&gsi);
 	}
     }
+
+  if (need_commit_edge_insert)
+    gsi_commit_edge_inserts ();
+
   return 0;
 }
 
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
index 9aeed51..8b11bea 100644
--- a/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
@@ -1,5 +1,6 @@
 // { dg-do run }
 // { dg-shouldfail "asan" }
+// { dg-additional-options "-O0" }
 
 int
 main (void)
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c
index 2e30def..10d7fb5 100644
--- a/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-9.c
@@ -1,5 +1,6 @@
 // { dg-do run }
 // { dg-shouldfail "asan" }
+// { dg-additional-options "-O2" }
 
 int
 main (int argc, char **argv)
@@ -15,6 +16,5 @@ main (int argc, char **argv)
   return *ptr;
 }
 
-// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
-// { dg-output "READ of size .*" }
-// { dg-output ".*'a' <== Memory access at offset \[0-9\]* is inside this variable.*" }
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope at pc.*(\n|\r\n|\r)" }
+// { dg-output "ACCESS of size .* for variable 'a'" }
diff --git a/gcc/tree-ssa.c b/gcc/tree-ssa.c
index 62eea8b..2d9c62d 100644
--- a/gcc/tree-ssa.c
+++ b/gcc/tree-ssa.c
@@ -41,6 +41,7 @@ along with GCC; see the file COPYING3.  If not see
 #include "cfgexpand.h"
 #include "tree-cfg.h"
 #include "tree-dfa.h"
+#include "asan.h"
 
 /* Pointer map of variable mappings, keyed by edge.  */
 static hash_map<edge, auto_vec<edge_var_map> > *edge_var_maps;
@@ -1550,6 +1551,30 @@ maybe_optimize_var (tree var, bitmap addresses_taken, bitmap not_reg_needs,
     }
 }
 
+/* Return true when STMT is ASAN mark where second argument is an address
+   of a local variable.  */
+
+static bool
+is_asan_mark_p (gimple *stmt)
+{
+  if (!gimple_call_internal_p (stmt, IFN_ASAN_MARK))
+    return false;
+
+  tree addr = get_base_address (gimple_call_arg (stmt, 1));
+  if (TREE_CODE (addr) == ADDR_EXPR
+      && VAR_P (TREE_OPERAND (addr, 0)))
+    {
+      tree var = TREE_OPERAND (addr, 0);
+      unsigned addressable = TREE_ADDRESSABLE (var);
+      TREE_ADDRESSABLE (var) = 0;
+      bool r = is_gimple_reg (var);
+      TREE_ADDRESSABLE (var) = addressable;
+      return r;
+    }
+
+  return false;
+}
+
 /* Compute TREE_ADDRESSABLE and DECL_GIMPLE_REG_P for local variables.  */
 
 void
@@ -1575,17 +1600,23 @@ execute_update_addresses_taken (void)
 	  enum gimple_code code = gimple_code (stmt);
 	  tree decl;
 
-	  if (code == GIMPLE_CALL
-	      && optimize_atomic_compare_exchange_p (stmt))
+	  if (code == GIMPLE_CALL)
 	    {
-	      /* For __atomic_compare_exchange_N if the second argument
-		 is &var, don't mark var addressable;
-		 if it becomes non-addressable, we'll rewrite it into
-		 ATOMIC_COMPARE_EXCHANGE call.  */
-	      tree arg = gimple_call_arg (stmt, 1);
-	      gimple_call_set_arg (stmt, 1, null_pointer_node);
-	      gimple_ior_addresses_taken (addresses_taken, stmt);
-	      gimple_call_set_arg (stmt, 1, arg);
+	      if (optimize_atomic_compare_exchange_p (stmt))
+		{
+		  /* For __atomic_compare_exchange_N if the second argument
+		     is &var, don't mark var addressable;
+		     if it becomes non-addressable, we'll rewrite it into
+		     ATOMIC_COMPARE_EXCHANGE call.  */
+		  tree arg = gimple_call_arg (stmt, 1);
+		  gimple_call_set_arg (stmt, 1, null_pointer_node);
+		  gimple_ior_addresses_taken (addresses_taken, stmt);
+		  gimple_call_set_arg (stmt, 1, arg);
+		}
+	      else if (is_asan_mark_p (stmt))
+		;
+	      else
+		gimple_ior_addresses_taken (addresses_taken, stmt);
 	    }
 	  else
 	    /* Note all addresses taken by the stmt.  */
@@ -1841,6 +1872,26 @@ execute_update_addresses_taken (void)
 			continue;
 		      }
 		  }
+		else if (is_asan_mark_p (stmt))
+		  {
+		    tree var = TREE_OPERAND (gimple_call_arg (stmt, 1), 0);
+		    if (bitmap_bit_p (suitable_for_renaming, DECL_UID (var)))
+		      {
+			HOST_WIDE_INT flags
+			  = tree_to_shwi (gimple_call_arg (stmt, 0));
+			unlink_stmt_vdef (stmt);
+			if (flags & ASAN_MARK_CLOBBER)
+			  {
+			    gcall *call
+			      = gimple_build_call_internal (IFN_ASAN_POISON, 0);
+			    gimple_call_set_lhs (call, var);
+			    gsi_replace (&gsi, call, GSI_SAME_STMT);
+			  }
+			else
+			  gsi_remove (&gsi, true);
+			continue;
+		      }
+		  }
 		for (i = 0; i < gimple_call_num_args (stmt); ++i)
 		  {
 		    tree *argp = gimple_call_arg_ptr (stmt, i);
diff --git a/libsanitizer/asan/asan_errors.cc b/libsanitizer/asan/asan_errors.cc
index 73c4cca..f17c9b7 100644
--- a/libsanitizer/asan/asan_errors.cc
+++ b/libsanitizer/asan/asan_errors.cc
@@ -279,6 +279,27 @@ void ErrorInvalidPointerPair::Print() {
   ReportErrorSummary(bug_type, &stack);
 }
 
+void ErrorUseAfterScope::Print() {
+  const char *bug_type = "stack-use-after-scope";
+  Decorator d;
+  Printf("%s", d.Warning());
+
+  Report("ERROR: AddressSanitizer: stack-use-after-scope at pc %p bp %p sp %p\n",
+         variable_name, variable_size, pc, bp, sp);
+  Printf("%s", d.EndWarning());
+  scariness.Print();
+
+  char tname[128];
+  Printf("ACCESS of size %zu for variable '%s' thread T%d%s%s\n",
+         variable_size, variable_name, tid,
+         ThreadNameWithParenthesis(tid, tname, sizeof(tname)), d.EndAccess());
+
+  GET_STACK_TRACE_FATAL(pc, bp);
+  stack.Print();
+  ReportErrorSummary(bug_type, &stack);
+}
+
+
 static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) {
   return s[-1] > 127 && s[1] > 127;
 }
diff --git a/libsanitizer/asan/asan_errors.h b/libsanitizer/asan/asan_errors.h
index 6262dcf..a843859 100644
--- a/libsanitizer/asan/asan_errors.h
+++ b/libsanitizer/asan/asan_errors.h
@@ -294,6 +294,24 @@ struct ErrorInvalidPointerPair : ErrorBase {
   void Print();
 };
 
+struct ErrorUseAfterScope : ErrorBase {
+  uptr pc, bp, sp;
+  const char *variable_name;
+  uptr variable_size;
+  // VS2013 doesn't implement unrestricted unions, so we need a trivial default
+  // constructor
+  ErrorUseAfterScope() = default;
+  ErrorUseAfterScope(u32 tid, uptr pc_, uptr bp_, uptr sp_,
+                     const char *variable_name_, uptr variable_size_)
+      : ErrorBase(tid),
+        pc(pc_),
+        bp(bp_),
+        sp(sp_),
+	variable_name(variable_name_),
+	variable_size(variable_size_) {}
+  void Print();
+};
+
 struct ErrorGeneric : ErrorBase {
   AddressDescription addr_description;
   uptr pc, bp, sp;
@@ -324,6 +342,7 @@ struct ErrorGeneric : ErrorBase {
   macro(BadParamsToAnnotateContiguousContainer) \
   macro(ODRViolation)                           \
   macro(InvalidPointerPair)                     \
+  macro(UseAfterScope)                          \
   macro(Generic)
 // clang-format on
 
diff --git a/libsanitizer/asan/asan_report.cc b/libsanitizer/asan/asan_report.cc
index 84d6764..db39d42 100644
--- a/libsanitizer/asan/asan_report.cc
+++ b/libsanitizer/asan/asan_report.cc
@@ -353,6 +353,16 @@ static INLINE void CheckForInvalidPointerPair(void *p1, void *p2) {
     return ReportInvalidPointerPair(pc, bp, sp, a1, a2);
   }
 }
+// ----------------------- ReportUseAfterScope ----------- {{{1
+void ReportUseAfterScope(const char *variable_name, uptr variable_size,
+                         bool fatal) {
+  ScopedInErrorReport in_report (fatal);
+  GET_CALLER_PC_BP_SP;
+  ErrorUseAfterScope error(GetCurrentTidOrInvalid(), pc, bp, sp, variable_name,
+                           variable_size);
+  in_report.ReportError(error);
+}
+
 // ----------------------- Mac-specific reports ----------------- {{{1
 
 void ReportMacMzReallocUnknown(uptr addr, uptr zone_ptr, const char *zone_name,
diff --git a/libsanitizer/asan/asan_report.h b/libsanitizer/asan/asan_report.h
index 111b840..2fa158a 100644
--- a/libsanitizer/asan/asan_report.h
+++ b/libsanitizer/asan/asan_report.h
@@ -68,6 +68,9 @@ void ReportBadParamsToAnnotateContiguousContainer(uptr beg, uptr end,
 void ReportODRViolation(const __asan_global *g1, u32 stack_id1,
                         const __asan_global *g2, u32 stack_id2);
 
+void ReportUseAfterScope(const char *variable_name, uptr variable_size,
+                         bool fatal);
+
 // Mac-specific errors and warnings.
 void ReportMacMzReallocUnknown(uptr addr, uptr zone_ptr,
                                const char *zone_name,
diff --git a/libsanitizer/asan/asan_rtl.cc b/libsanitizer/asan/asan_rtl.cc
index 38009d2..f637d71 100644
--- a/libsanitizer/asan/asan_rtl.cc
+++ b/libsanitizer/asan/asan_rtl.cc
@@ -253,6 +253,22 @@ void __asan_storeN_noabort(uptr addr, uptr size) {
   }
 }
 
+#include <stdio.h>
+
+extern "C"
+NOINLINE INTERFACE_ATTRIBUTE
+void __asan_report_use_after_scope(const char *variable_name,
+                                   uptr variable_size) {
+  ReportUseAfterScope(variable_name, variable_size, true);
+}
+
+extern "C"
+NOINLINE INTERFACE_ATTRIBUTE
+void __asan_report_use_after_scope_noabort(const char *variable_name,
+                                           uptr variable_size) {
+  ReportUseAfterScope(variable_name, variable_size, false);
+}
+
 // Force the linker to keep the symbols for various ASan interface functions.
 // We want to keep those in the executable in order to let the instrumented
 // dynamic libraries access the symbol even if it is not used by the executable
-- 
2.10.2


  reply	other threads:[~2016-11-22 11:55 UTC|newest]

Thread overview: 111+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-06 11:04 [PATCH, RFC] Introduce -fsanitize=use-after-scope Martin Liška
2016-05-06 11:08 ` [PATCH] Introduce tests for -fsanitize=use-after-scope Martin Liška
2016-05-11 12:56   ` Martin Liška
2016-05-06 11:16 ` [PATCH, RFC] Introduce -fsanitize=use-after-scope Martin Liška
2016-05-06 11:48 ` Yury Gribov
2016-05-06 12:39   ` Jakub Jelinek
2016-05-06 13:07     ` Martin Liška
2016-05-06 14:22     ` Yury Gribov
2016-05-06 14:39       ` Jakub Jelinek
2016-05-10 15:03         ` Martin Liška
2016-05-10 15:15           ` Jakub Jelinek
2016-05-06 13:17   ` Martin Liška
2016-05-06 13:25     ` Jakub Jelinek
2016-05-06 14:41       ` Martin Liška
2016-05-06 14:46         ` Jakub Jelinek
2016-05-06 12:22 ` Jakub Jelinek
2016-05-11 12:54   ` Martin Liška
2016-05-12 10:42     ` Jakub Jelinek
2016-05-12 14:12       ` Martin Liška
2016-08-12 12:42         ` Martin Liška
2016-08-18 13:36         ` Jakub Jelinek
2016-10-03  9:27           ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-10-03  9:30             ` [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope Martin Liška
2016-11-07 10:04               ` [PATCH, 02/N] Introduce tests for -fsanitize-address-use-after-scope (v3) Martin Liška
2016-11-07 10:09                 ` Jakub Jelinek
2016-10-03  9:39             ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Jakub Jelinek
2016-10-07 11:13             ` Jakub Jelinek
2016-10-12 14:08               ` Martin Liška
2016-10-21 14:26                 ` Jakub Jelinek
2016-10-25 13:18                   ` Martin Liška
2016-10-27 14:40                   ` Martin Liška
2016-10-27 17:24                     ` Jakub Jelinek
2016-11-01 14:48                       ` Martin Liška
2016-11-01 14:54                         ` Jakub Jelinek
2016-11-01 15:01                           ` Martin Liška
2016-11-02  9:36                           ` Martin Liška
2016-11-02  9:59                             ` Jakub Jelinek
2016-11-02 10:09                               ` Martin Liška
2016-11-02 10:11                               ` Jakub Jelinek
2016-11-02 14:20                                 ` Marek Polacek
2016-11-02 14:27                                   ` Martin Liška
2016-11-02 14:35                                     ` Jakub Jelinek
2016-11-04  9:17                                       ` Martin Liška
2016-11-04  9:33                                         ` Jakub Jelinek
2016-11-04 10:59                                           ` Martin Liška
2016-11-07 10:03                                             ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3) Martin Liška
2016-11-07 10:08                                               ` Jakub Jelinek
2016-11-08  8:58                                                 ` Question about lambda function variables Martin Liška
2016-11-08  9:12                                                   ` Jakub Jelinek
2016-11-08  9:35                                                     ` Martin Liška
2016-11-07 16:07                                               ` Fix build of jit (was Re: [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3)) David Malcolm
2016-11-07 16:17                                                 ` Jakub Jelinek
2016-11-08  9:38                                                   ` Martin Liška
2016-11-08  9:41                                                     ` Jakub Jelinek
2016-11-08 12:00                                                       ` [PATCH] use-after-scope fallout Martin Liška
2016-11-08 12:10                                                         ` Jakub Jelinek
2016-11-08 18:05                                                         ` David Malcolm
2016-11-01 14:54                       ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-11-01 15:12                         ` Jakub Jelinek
2016-11-02  9:40                           ` Richard Biener
2016-11-02  9:44                             ` Martin Liška
2016-11-02  9:52                             ` Jakub Jelinek
2016-11-02 12:36                               ` Richard Biener
2016-11-02 12:56                                 ` Jakub Jelinek
2016-11-02 12:59                                   ` Richard Biener
2016-11-02 13:06                                     ` Jakub Jelinek
2016-11-02 13:16                                       ` Richard Biener
2016-11-02 14:38                                         ` Martin Liška
2016-11-02 14:51                                           ` Jakub Jelinek
2016-11-02 15:25                                             ` Martin Liška
2016-11-03 13:34                                             ` Martin Liška
2016-11-03 13:44                                               ` Jakub Jelinek
2016-11-03 14:02                                                 ` Martin Liška
2016-11-03 14:04                                                   ` Jakub Jelinek
2016-11-03 14:18                                                     ` Martin Liška
2016-11-16 12:25                                         ` [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA) Martin Liška
2016-11-16 12:53                                           ` Martin Liška
2016-11-16 13:07                                           ` Jakub Jelinek
2016-11-16 16:01                                             ` Martin Liška
2016-11-16 16:28                                               ` Jakub Jelinek
2016-11-22 11:55                                                 ` Martin Liška [this message]
2016-11-23 13:57                                                   ` Martin Liška
2016-11-23 14:14                                                     ` Jakub Jelinek
2016-12-01 16:30                                                       ` Martin Liška
2016-12-02 12:29                                                         ` Richard Biener
2016-12-08 12:51                                                           ` Martin Liška
2016-12-13 14:16                                                             ` Richard Biener
2016-12-20 11:34                                                 ` [PATCH] Speed-up use-after-scope (re-writing to SSA) (version 2) Martin Liška
2016-12-21  9:19                                                   ` Jakub Jelinek
2016-12-22 17:11                                                     ` Martin Liška
2016-12-22 17:28                                                       ` Jakub Jelinek
2017-01-09 14:58                                                         ` Martin Liška
2017-01-16 14:20                                                           ` Jakub Jelinek
2017-01-17 16:22                                                             ` Martin Liška
2017-01-17 16:55                                                               ` Jakub Jelinek
2017-01-18 15:37                                                                 ` Martin Liška
2017-01-19 16:43                                                                   ` Jakub Jelinek
2017-01-20 11:55                                                                     ` Martin Liška
2017-01-20 14:27                                                                       ` Martin Liška
2017-01-20 14:30                                                                         ` Jakub Jelinek
2017-01-20 14:42                                                                           ` Markus Trippelsdorf
2017-01-23  9:38                                                                           ` Martin Liška
2017-01-23  9:39                                                                             ` Jakub Jelinek
2017-01-23 12:07                                                                               ` Martin Liška
2017-01-26  9:04                                                                             ` Thomas Schwinge
2017-01-26 10:55                                                                               ` Jakub Jelinek
2017-01-26 20:45                                                                                 ` Thomas Schwinge
2017-01-26 20:52                                                                                   ` Jakub Jelinek
2016-11-16 16:09                                             ` [RFC][PATCH] Speed-up use-after-scope (re-writing to SSA) Martin Liška
2016-11-02  9:52                           ` [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2) Martin Liška
2016-09-03 15:23         ` [PATCH, RFC] Introduce -fsanitize=use-after-scope Jakub Jelinek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d1728bae-3225-9c09-12f8-5e07d33049e3@suse.cz \
    --to=mliska@suse.cz \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jakub@redhat.com \
    --cc=richard.guenther@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).