[RFA] ubsan: -Wreturn-type and ubsan trap-on-error

Message ID	20220613193823.3233868-1-jason@redhat.com
State	New
Headers	show Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org> DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8170138582AD To: gcc-patches@gcc.gnu.org Subject: [PATCH RFA] ubsan: -Wreturn-type and ubsan trap-on-error Date: Mon, 13 Jun 2022 15:38:23 -0400 Message-Id: <20220613193823.3233868-1-jason@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true Precedence: list From: Jason Merrill via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: Jason Merrill <jason@redhat.com> Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
Series	[RFA] ubsan: -Wreturn-type and ubsan trap-on-error \| expand [RFA] ubsan: -Wreturn-type and ubsan trap-on-error

Message ID

20220613193823.3233868-1-jason@redhat.com

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8170138582AD
To: gcc-patches@gcc.gnu.org
Subject: [PATCH RFA] ubsan: -Wreturn-type and ubsan trap-on-error
Date: Mon, 13 Jun 2022 15:38:23 -0400
Message-Id: <20220613193823.3233868-1-jason@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
Precedence: list
From: Jason Merrill via Gcc-patches <gcc-patches@gcc.gnu.org>
Reply-To: Jason Merrill <jason@redhat.com>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

Series

[RFA] ubsan: -Wreturn-type and ubsan trap-on-error | expand

Commit Message

Jason Merrill June 13, 2022, 7:38 p.m. UTC

I noticed that -fsanitize=undefined -fsanitize-undefined-trap-on-error was
omitting the usual -Wreturn-type warning for control flowing off the end of
a function.  This was because the warning code was looking for calls either
to __builtin_unreachable or the UBSan function, but these flags produce a
call to __builtin_trap instead.

Tested x86_64-pc-linux-gnu, OK for trunk?

gcc/c-family/ChangeLog:

	* c-ubsan.cc (ubsan_instrument_return): Use BUILTINS_LOCATION.

gcc/ChangeLog:

	* tree-cfg.cc (pass_warn_function_return::execute): Also check
	BUILT_IN_TRAP.

gcc/testsuite/ChangeLog:

	* g++.dg/ubsan/return-8.C: New test.
---
 gcc/c-family/c-ubsan.cc               | 4 +++-
 gcc/testsuite/g++.dg/ubsan/return-8.C | 9 +++++++++
 gcc/tree-cfg.cc                       | 5 +++--
 3 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/g++.dg/ubsan/return-8.C


base-commit: 13ea4a6e830da1f245136601e636dec62e74d1a7

Comments

Jakub Jelinek June 13, 2022, 8:03 p.m. UTC | #1

On Mon, Jun 13, 2022 at 03:38:23PM -0400, Jason Merrill via Gcc-patches wrote:
> I noticed that -fsanitize=undefined -fsanitize-undefined-trap-on-error was
> omitting the usual -Wreturn-type warning for control flowing off the end of
> a function.  This was because the warning code was looking for calls either
> to __builtin_unreachable or the UBSan function, but these flags produce a
> call to __builtin_trap instead.
> 
> Tested x86_64-pc-linux-gnu, OK for trunk?
> 
> gcc/c-family/ChangeLog:
> 
> 	* c-ubsan.cc (ubsan_instrument_return): Use BUILTINS_LOCATION.
> 
> gcc/ChangeLog:
> 
> 	* tree-cfg.cc (pass_warn_function_return::execute): Also check
> 	BUILT_IN_TRAP.
> 
> gcc/testsuite/ChangeLog:
> 
> 	* g++.dg/ubsan/return-8.C: New test.

LGTM.

	Jakub

diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 48f948745f8..a2cd8fb3262 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -308,7 +308,9 @@  tree
 ubsan_instrument_return (location_t loc)
 {
   if (flag_sanitize_undefined_trap_on_error)
-    return build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
+    return build_call_expr_loc
+      /* pass_warn_function_return checks for BUILTINS_LOCATION.  */
+      (BUILTINS_LOCATION, builtin_decl_explicit (BUILT_IN_TRAP), 0);
 
   tree data = ubsan_create_data ("__ubsan_missing_return_data", 1, &loc,
 				 NULL_TREE, NULL_TREE);
diff --git a/gcc/testsuite/g++.dg/ubsan/return-8.C b/gcc/testsuite/g++.dg/ubsan/return-8.C
new file mode 100644
index 00000000000..354c96098d2
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/return-8.C
@@ -0,0 +1,9 @@ 
+// { dg-additional-options "-fsanitize=undefined -fsanitize-undefined-trap-on-error" }
+
+bool b;
+
+int f() {
+  if (b) return 42;
+}			// { dg-warning "-Wreturn-type" }
+
+int main() { f(); }
diff --git a/gcc/tree-cfg.cc b/gcc/tree-cfg.cc
index 9e5d84a9805..c67c278dad0 100644
--- a/gcc/tree-cfg.cc
+++ b/gcc/tree-cfg.cc
@@ -9543,7 +9543,7 @@  pass_warn_function_return::execute (function *fun)
 	}
       /* The C++ FE turns fallthrough from the end of non-void function
 	 into __builtin_unreachable () call with BUILTINS_LOCATION.
-	 Recognize those too.  */
+	 Recognize those as well as calls from ubsan_instrument_return.  */
       basic_block bb;
       if (!warning_suppressed_p (fun->decl, OPT_Wreturn_type))
 	FOR_EACH_BB_FN (bb, fun)
@@ -9555,7 +9555,8 @@  pass_warn_function_return::execute (function *fun)
 	      if (last
 		  && ((LOCATION_LOCUS (gimple_location (last))
 		       == BUILTINS_LOCATION
-		       && gimple_call_builtin_p (last, BUILT_IN_UNREACHABLE))
+		       && (gimple_call_builtin_p (last, BUILT_IN_UNREACHABLE)
+			   || gimple_call_builtin_p (last, BUILT_IN_TRAP)))
 		      || gimple_call_builtin_p (last, ubsan_missing_ret)))
 		{
 		  gimple_stmt_iterator gsi = gsi_for_stmt (last);

[RFA] ubsan: -Wreturn-type and ubsan trap-on-error

Commit Message

Comments

Patch