From patchwork Fri Apr 22 17:04:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Jambor X-Patchwork-Id: 613799 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3qs26Y4fXFz9s9k for ; Sat, 23 Apr 2016 03:04:53 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b=q/pKkGd/; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; q=dns; s= default; b=UDxqiZIvJexn4xP4fe9rzjSsf/SniaxA9Zfa7XioS07gJ+1misT3m IjdCX1IaevL3rPFjVRuXmoj7FR1NBnh+3UIzFOuU1Dx+VLi7wL7H6jgdPDbvykaO ZZHq/AseEHPK+V+rmqZyTy/UecL0w92N5CwORoe9ze8Xs4zylq88eY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; s= default; bh=Qn30siUiRj6I8FcSlJZ2yfodc0Y=; b=q/pKkGd/tNkpS3Z7c0tF oYzeYdxStr16OOK6pjxdf/i+gn0FZL4EFpcUJb7ow+uNo/OZD48HTtW9kv5ZoGVL hLe0iFF1UrJ6rC5cL1vPIArUs+4Z7HCoEn3nAnQVv8O/LgXgprdEghjXLN5n29FZ XkMBu54X4wzHBU+CCFFggK0= Received: (qmail 45789 invoked by alias); 22 Apr 2016 17:04:46 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 45773 invoked by uid 89); 22 Apr 2016 17:04:45 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=H*F:D*cz, BUILT_IN_NORMAL, built_in_normal X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (CAMELLIA256-SHA encrypted) ESMTPS; Fri, 22 Apr 2016 17:04:35 +0000 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id CFB4AABB4 for ; Fri, 22 Apr 2016 17:04:29 +0000 (UTC) Date: Fri, 22 Apr 2016 19:04:31 +0200 From: Martin Jambor To: GCC Patches Subject: [PATCH] Verify __builtin_unreachable and __builtin_trap are not called with arguments Message-ID: <20160422170431.GB13517@virgil.suse.cz> Mail-Followup-To: GCC Patches MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.6.0 (2016-04-01) X-IsSubscribed: yes Hi, this patch adds verification that __builtin_unreachable and __builtin_trap are not called with arguments. The problem with calls to them with arguments is that functions like gimple_call_builtin_p return false on them, because they return true only when gimple_builtin_call_types_compatible_p does. One manifestation of that was PR 61591 where undefined behavior sanitizer did not replace such calls with its thing as it should, but there might be others. I have included __builtin_trap in the verification because they often seem to be handled together but can either remove it or add more builtins if people think it better. I concede it is a bit arbitrary. Honza said he has seen __builtin_unreachable calls with parameters in LTO builds of Firefox, so it seems this might actually trigger, but I also think we do not want such calls in the IL. I have bootstrapped and tested this on x86_64-linux (with all languages and Ada) and have also run a C, C++ and Fortran LTO bootstrap with the patch on the same architecture. OK for trunk? Thanks, Martin 2016-04-20 Martin Jambor * tree-cfg.c (verify_gimple_call): Check that calls to __builtin_unreachable or __builtin_trap do not have actual arguments. --- gcc/tree-cfg.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/gcc/tree-cfg.c b/gcc/tree-cfg.c index 04e46fd..3385164 100644 --- a/gcc/tree-cfg.c +++ b/gcc/tree-cfg.c @@ -3414,6 +3414,26 @@ verify_gimple_call (gcall *stmt) return true; } + if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL) + { + switch (DECL_FUNCTION_CODE (fndecl)) + { + case BUILT_IN_UNREACHABLE: + case BUILT_IN_TRAP: + if (gimple_call_num_args (stmt) > 0) + { + /* Built-in unreachable with parameters might not be caught by + undefined behavior santizer. */ + error ("__builtin_unreachable or __builtin_trap call with " + "arguments"); + return true; + } + break; + default: + break; + } + } + /* ??? The C frontend passes unpromoted arguments in case it didn't see a function declaration before the call. So for now leave the call arguments mostly unverified. Once we gimplify