From: "Martin Liška" <mliska@suse.cz>
To: Jakub Jelinek <jakub@redhat.com>
Cc: David Malcolm <dmalcolm@redhat.com>,
Marek Polacek <polacek@redhat.com>,
GCC Patches <gcc-patches@gcc.gnu.org>,
jit@gcc.gnu.org
Subject: [PATCH] use-after-scope fallout
Date: Fri, 01 Jan 2016 00:00:00 -0000 [thread overview]
Message-ID: <26e56fb7-f60f-4438-d118-e4346d43305c@suse.cz> (raw)
In-Reply-To: <20161108094052.GT3541@tucnak.redhat.com>
[-- Attachment #1: Type: text/plain, Size: 565 bytes --]
Hello.
This is fallout fix where I changed:
1) Fix ICE for lambda functions (added test-case: use-after-scope-4.C)
2) Fix ICE in gimplify_switch_expr, at gimplify.c:2269 (fixed by not adding
artificial variables)
3) PR testsuite/78242 - I basically removed the test (not interesting)
4) LEAF and NOTHROW flags are properly set on ASAN {un}poison functions
5) dbg_cnt has been added
6) use-after-scope-types-4.C - scanned pattern is updated to work on i686
Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.
Ready to be installed?
Martin
[-- Attachment #2: 0001-use-after-scope-fallout.patch --]
[-- Type: text/x-patch, Size: 6781 bytes --]
From 36eb4a8b3542729c9c428ac319d8422bea677869 Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 7 Nov 2016 14:49:00 +0100
Subject: [PATCH] use-after-scope fallout
gcc/testsuite/ChangeLog:
2016-11-08 Martin Liska <mliska@suse.cz>
PR testsuite/78242
* g++.dg/asan/use-after-scope-4.C: New test.
* g++.dg/asan/use-after-scope-types-4.C: Update scanned pattern.
* gcc.dg/asan/use-after-scope-8.c: Remove.
gcc/ChangeLog:
2016-11-08 Martin Liska <mliska@suse.cz>
PR testsuite/78242
* dbgcnt.def: Add new debug counter asan_use_after_scope.
* gimplify.c (gimplify_decl_expr): Do not sanitize vars
with a value expr. Do not add artificial variables to
live_switch_vars. Use the debug counter.
(gimplify_target_expr): Use the debug counter.
* internal-fn.def: Remove ECF_TM_PURE from ASAN_MARK builtin.
* sanitizer.def: Set ATTR_NOTHROW_LEAF_LIST to
BUILT_IN_ASAN_CLOBBER_N and BUILT_IN_ASAN_UNCLOBBER_N.
---
gcc/dbgcnt.def | 1 +
gcc/gimplify.c | 10 ++++--
gcc/internal-fn.def | 2 +-
gcc/sanitizer.def | 4 +--
gcc/testsuite/g++.dg/asan/use-after-scope-4.C | 36 ++++++++++++++++++++++
.../g++.dg/asan/use-after-scope-types-4.C | 2 +-
gcc/testsuite/gcc.dg/asan/use-after-scope-8.c | 14 ---------
7 files changed, 48 insertions(+), 21 deletions(-)
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-4.C
delete mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
diff --git a/gcc/dbgcnt.def b/gcc/dbgcnt.def
index 78ddcc2..0a45bac 100644
--- a/gcc/dbgcnt.def
+++ b/gcc/dbgcnt.def
@@ -141,6 +141,7 @@ echo ubound: $ub
*/
/* Debug counter definitions. */
+DEBUG_COUNTER (asan_use_after_scope)
DEBUG_COUNTER (auto_inc_dec)
DEBUG_COUNTER (ccp)
DEBUG_COUNTER (cfg_cleanup)
diff --git a/gcc/gimplify.c b/gcc/gimplify.c
index e5930e6..d392450 100644
--- a/gcc/gimplify.c
+++ b/gcc/gimplify.c
@@ -60,6 +60,7 @@ along with GCC; see the file COPYING3. If not see
#include "langhooks-def.h" /* FIXME: for lhd_set_decl_assembler_name */
#include "builtins.h"
#include "asan.h"
+#include "dbgcnt.h"
/* Hash set of poisoned variables in a bind expr. */
static hash_set<tree> *asan_poisoned_variables = NULL;
@@ -1622,11 +1623,13 @@ gimplify_decl_expr (tree *stmt_p, gimple_seq *seq_p)
&& !asan_no_sanitize_address_p ()
&& !is_vla
&& TREE_ADDRESSABLE (decl)
- && !TREE_STATIC (decl))
+ && !TREE_STATIC (decl)
+ && !DECL_HAS_VALUE_EXPR_P (decl)
+ && dbg_cnt (asan_use_after_scope))
{
asan_poisoned_variables->add (decl);
asan_poison_variable (decl, false, seq_p);
- if (gimplify_ctxp->live_switch_vars)
+ if (!DECL_ARTIFICIAL (decl) && gimplify_ctxp->live_switch_vars)
gimplify_ctxp->live_switch_vars->add (decl);
}
@@ -6399,7 +6402,8 @@ gimplify_target_expr (tree *expr_p, gimple_seq *pre_p, gimple_seq *post_p)
else
cleanup = clobber;
}
- if (asan_sanitize_use_after_scope ())
+ if (asan_sanitize_use_after_scope ()
+ && dbg_cnt (asan_use_after_scope))
{
tree asan_cleanup = build_asan_poison_call_expr (temp);
if (asan_cleanup)
diff --git a/gcc/internal-fn.def b/gcc/internal-fn.def
index 6a0a7f6..0869b2f 100644
--- a/gcc/internal-fn.def
+++ b/gcc/internal-fn.def
@@ -158,7 +158,7 @@ DEF_INTERNAL_FN (UBSAN_OBJECT_SIZE, ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (ABNORMAL_DISPATCHER, ECF_NORETURN, NULL)
DEF_INTERNAL_FN (BUILTIN_EXPECT, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (ASAN_CHECK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R...")
-DEF_INTERNAL_FN (ASAN_MARK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R..")
+DEF_INTERNAL_FN (ASAN_MARK, ECF_LEAF | ECF_NOTHROW, ".R..")
DEF_INTERNAL_FN (ADD_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (SUB_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (MUL_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
diff --git a/gcc/sanitizer.def b/gcc/sanitizer.def
index 1c142e9..c11c95a 100644
--- a/gcc/sanitizer.def
+++ b/gcc/sanitizer.def
@@ -166,9 +166,9 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_AFTER_DYNAMIC_INIT,
"__asan_after_dynamic_init",
BT_FN_VOID, ATTR_NOTHROW_LEAF_LIST)
DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_CLOBBER_N, "__asan_poison_stack_memory",
- BT_FN_VOID_PTR_PTRMODE, 0)
+ BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST)
DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_UNCLOBBER_N, "__asan_unpoison_stack_memory",
- BT_FN_VOID_PTR_PTRMODE, 0)
+ BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST)
/* Thread Sanitizer */
DEF_SANITIZER_BUILTIN(BUILT_IN_TSAN_INIT, "__tsan_init",
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-4.C b/gcc/testsuite/g++.dg/asan/use-after-scope-4.C
new file mode 100644
index 0000000..c3b6932
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-4.C
@@ -0,0 +1,36 @@
+/* Caused ICE in in make_decl_rtl, at varasm.c:1311. */
+/* { dg-do compile } */
+
+class A
+{
+public:
+ A () : value (123) {}
+ int value;
+};
+
+template <typename StoredFunction> class B
+{
+public:
+ template <typename F> B (F p1) : mFunction (p1) { mFunction (); }
+ StoredFunction mFunction;
+};
+template <typename Function>
+void
+NS_NewRunnableFunction (Function p1)
+{
+ (B<Function> (p1));
+}
+class C
+{
+ void DispatchConnectionCloseEvent (A);
+ void AsyncCloseConnectionWithErrorMsg (const A &);
+};
+void
+C::AsyncCloseConnectionWithErrorMsg (const A &)
+{
+ {
+ A message;
+ NS_NewRunnableFunction (
+ [this, message] { DispatchConnectionCloseEvent (message); });
+ }
+}
diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C
index dd06e94..44f4d3b 100644
--- a/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C
+++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C
@@ -13,5 +13,5 @@ int main()
}
// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
-// { dg-output "READ of size 8 at" }
+// { dg-output "READ of size " }
// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
deleted file mode 100644
index b204206..0000000
--- a/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
+++ /dev/null
@@ -1,14 +0,0 @@
-// { dg-do compile }
-// { dg-additional-options "-fdump-tree-asan0" }
-/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
-
-int
-fn1 ()
-{
- int x = 123;
- register int a asm("rdi") = 123;
-
- return x * x;
-}
-
-/* { dg-final { scan-tree-dump-not "ASAN_CHECK" "asan0" } } */
--
2.10.1
next prev parent reply other threads:[~2016-11-08 12:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20161027172358.GN3541@tucnak.redhat.com>
[not found] ` <782727c2-9173-24ab-4e4c-07918dc16bf6@suse.cz>
[not found] ` <20161101145350.GS3541@tucnak.redhat.com>
[not found] ` <3f0181a4-e1b2-406f-7cf1-e63e9e9824fe@suse.cz>
[not found] ` <20161102095926.GM3541@tucnak.redhat.com>
[not found] ` <20161102101053.GN3541@tucnak.redhat.com>
[not found] ` <20161102142028.GQ5939@redhat.com>
[not found] ` <8ac49efe-83af-933b-2aa5-f4b22972fa6a@suse.cz>
[not found] ` <20161102143511.GV3541@tucnak.redhat.com>
[not found] ` <e04b1ac8-e3ff-b13f-4006-bf961af6d2ea@suse.cz>
[not found] ` <20161104093254.GS3541@tucnak.redhat.com>
[not found] ` <0e0fd0f9-1c7d-ac9e-8dfc-9349611b5efe@suse.cz>
[not found] ` <59fde5a4-3633-5fc8-daa0-ed485d75a5db@suse.cz>
2016-01-01 0:00 ` Fix build of jit (was Re: [PATCH, RFC] Introduce -fsanitize=use-after-scope (v3)) David Malcolm
2016-01-01 0:00 ` Jakub Jelinek
2016-01-01 0:00 ` Martin Liška
2016-01-01 0:00 ` Jakub Jelinek
2016-01-01 0:00 ` Martin Liška [this message]
2016-01-01 0:00 ` [PATCH] use-after-scope fallout Jakub Jelinek
2016-01-01 0:00 ` David Malcolm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26e56fb7-f60f-4438-d118-e4346d43305c@suse.cz \
--to=mliska@suse.cz \
--cc=dmalcolm@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=jit@gcc.gnu.org \
--cc=polacek@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).