From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 0B49A38582B0 for ; Fri, 17 Mar 2023 13:59:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0B49A38582B0 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1679061587; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y5/SptOaLPDQFYlmejMfhJyuZbZly4df1ePzKnRc9XQ=; b=BFgBgogDiqo8fpRsVaKiG1RmeC4hX+EhMf6ylZXBKYUPwVEpbFtu5dnpET+PzuFaVWZ9Js KOFVm8K4jGV7XE+uI7caW0GPq8QoTP+h2hDnkmV44CFlHCN0O/pYr7G8a/f28vpaYtFb3c fihf3GFdL83yqPW5czKBWD+2pYsXCoY= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-261-j5s05LAZPieHu9L1unfN0Q-1; Fri, 17 Mar 2023 09:59:46 -0400 X-MC-Unique: j5s05LAZPieHu9L1unfN0Q-1 Received: by mail-qt1-f199.google.com with SMTP id i2-20020ac84882000000b003d6fee1d438so2573308qtq.1 for ; Fri, 17 Mar 2023 06:59:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679061586; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Y5/SptOaLPDQFYlmejMfhJyuZbZly4df1ePzKnRc9XQ=; b=mlehn3b/Emsx44hqWSjbo1OQvrAQqohh0KHhFnadv5MRCym9k7CuWdp3JL+SinC17+ cvWe+ldWs3AtDyeqcwXLUSno5CcHIcUgi8HYW8UOtSLEkS1aud/gMihIiuVoCHUwn9Ex darP8TJNnwsw4fwkFTHk7GbnM0kKX87LwTs3RQcSsyWyuLqwSw8rCA/0+npQyhDctdIh LzRgEb+TqwaWKSPgdu5DH6bgoQGOoolqR+Go12MRPt16xMuCN2WjZhZA48voFLZwADKi 2GF9mI3OH5bl52Amj1aJThGknPSmlSX5kjDgYpwuQMshUeB+MVmiK7cKlZpCWVnwJt1N ZIkw== X-Gm-Message-State: AO0yUKVMw+1G8TBVkXb0Xc1XGie2AbgkeVrN/4UbKjjvsP4hux1DkPmE vHTkrPzC4aHcZTZzDpidhPlQN7r50VA47kxwcSonUuBO4F4l/XvXPhCb74iWAvKF94qDeujZHvE He2nwYPa9vn51GzdrjA== X-Received: by 2002:ac8:5989:0:b0:3bf:c5a7:595f with SMTP id e9-20020ac85989000000b003bfc5a7595fmr11716485qte.21.1679061585941; Fri, 17 Mar 2023 06:59:45 -0700 (PDT) X-Google-Smtp-Source: AK7set8vFcL9PD7Xn2Tf9hQLcChFcR+d/Ir3iuYmPP8Ori+q42xgnlmPRhSXEq2rduDlCQL5N1m1Zw== X-Received: by 2002:ac8:5989:0:b0:3bf:c5a7:595f with SMTP id e9-20020ac85989000000b003bfc5a7595fmr11716446qte.21.1679061585567; Fri, 17 Mar 2023 06:59:45 -0700 (PDT) Received: from ?IPV6:2607:fea8:a263:f600::759b? ([2607:fea8:a263:f600::759b]) by smtp.gmail.com with ESMTPSA id fu48-20020a05622a5db000b003b9b8ec742csm1553784qtb.14.2023.03.17.06.59.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Mar 2023 06:59:45 -0700 (PDT) Message-ID: Date: Fri, 17 Mar 2023 09:59:43 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH] tree-optimization/109170 - bogus use-after-free with __builtin_expect To: Jakub Jelinek , Richard Biener Cc: gcc-patches@gcc.gnu.org, aldyh@redhat.com References: <20230317121833.16A961346F@imap2.suse-dmz.suse.de> From: Andrew MacLeod In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 3/17/23 08:59, Jakub Jelinek wrote: > On Fri, Mar 17, 2023 at 12:53:48PM +0000, Richard Biener wrote: >> On Fri, 17 Mar 2023, Jakub Jelinek wrote: >> >>> On Fri, Mar 17, 2023 at 01:18:32PM +0100, Richard Biener wrote: >>>> The following adds a missing range-op for __builtin_expect which >>>> helps -Wuse-after-free to detect the case a realloc original >>>> pointer is used when the result was NULL. >>>> >>>> Bootstrap and regtest running on x86_64-unknown-linux-gnu, OK? >>>> >>>> PR tree-optimization/109170 >>>> * gimple-range-op.cc (cfn_expect): New. >>>> (gimple_range_op_handler::maybe_builtin_call): Handle >>>> __builtin_expect. >>>> >>>> * gcc.dg/Wuse-after-free-pr109170.c: New testcase. >>> Shouldn't that be something we handle generically for all >>> ERF_RETURNS_ARG calls (and not just for irange, but for any >>> supported ranges)? >>> >>> Though, admittedly __builtin_expect probably doesn't set that >>> and all the other current builtins with ERF_RETURNS_ARG return >>> pointers I think. >> Looking at builtin_fnspec we're indeed missing BUILT_IN_EXPECT, >> but we could indeed use gimple_call_fnspec and look for a >> returned argument. If it's not the first handling this >> generically is going to be interesting wrt op?_range though, >> so we'd need a range operator for each case (returns arg 1, >> returns arg 2, more args are not supported?). Currently > I think fnspec supports 1-4, but nothing actually uses anything but 1 > or none; I could be wrong. > > Anyway, I think it is fine to implement __builtin_expect this way > for now, ERF_RETURNS_ARG will be more important for pointers, especially if > we propagate something more than just maybe be/can't be/must be null. > Don't you need to handle BUILT_IN_EXPECT_WITH_PROBABILITY the same though? > I think thats fine for now. Im going to address improving dispatch for range-ops in stage 1 when it opens. we want to handle non-standard ops more generally like we did for WIDEN_MULT_EXPR, plus we didnt know the actualy requirements for the initial cut of vrange ->irange/frange dispatch.   We'll clean that up to make adding more range kinds cleaner. as for gimple_fnspec, im sure we can do something better than what we have.  Current range-ops works only with 2 operands, but via this mechanism they can be any 2. (I think :-) We can fold arbitrary statements in gimpe-range-fold::fold_using_range(), so it is only the op[12]_range/relation  routines we loose... Im not sure if there is anything that critical there, but if we find something, well we can look at it. Andrew