From patchwork Fri Nov 9 20:36:53 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Burnus X-Patchwork-Id: 198149 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by ozlabs.org (Postfix) with SMTP id 954CE2C0189 for ; Sat, 10 Nov 2012 07:37:08 +1100 (EST) Comment: DKIM? See http://www.dkim.org DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=gcc.gnu.org; s=default; x=1353098230; h=Comment: DomainKey-Signature:Received:Received:Received:Received: Message-ID:Date:From:User-Agent:MIME-Version:To:Subject: Content-Type:Mailing-List:Precedence:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:Sender:Delivered-To; bh=/r9jt/P eNB0BMlbuvgXJmV0XfaI=; b=udDHzEL3JpQvfNJ/sltgTDowLI8Tc4K6kg4kxZi KetAkZA7MvwHRGBPP+lh0EbG3D0TuhFVp/xRtZ5+crcFXk7m3GoFgcY8bilJesc+ 4t2nc2uCP5CYcKo9bzXw3WJ/+dr/Mapj4fiCKiCLLoDDOh36s81HqQTgHqGqqT7X oaJo= Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org; h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To; b=M+a6C8qQyN8dTv6biSelqz/i6WjFRiId4FP8W7ptEWim+y/sAv2NaDfVFPVa3S 4uOsDZ4TiiIMHC75eErIQ3PB4p5hJNzlGUjwjYZ7Ul2PN32X6GGG+ahGd6d1dHp+ /qA3fGrE0F9zoYu51SKMmbsF9gDZKs9U27oXu+cg2RuIs=; Received: (qmail 13112 invoked by alias); 9 Nov 2012 20:37:05 -0000 Received: (qmail 13104 invoked by uid 22791); 9 Nov 2012 20:37:05 -0000 X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_NONE, TW_CX, TW_TM X-Spam-Check-By: sourceware.org Received: from mx02.qsc.de (HELO mx02.qsc.de) (213.148.130.14) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 09 Nov 2012 20:36:57 +0000 Received: from [192.168.178.25] (port-92-195-110-241.dynamic.qsc.de [92.195.110.241]) by mx02.qsc.de (Postfix) with ESMTP id 02BE627773; Fri, 9 Nov 2012 21:36:54 +0100 (CET) Message-ID: <509D6965.5040405@net-b.de> Date: Fri, 09 Nov 2012 21:36:53 +0100 From: Tobias Burnus User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121025 Thunderbird/16.0.2 MIME-Version: 1.0 To: gcc patches , Jakub Jelinek , Wei Mi , Kostya Serebryany , Xinliang David Li Subject: [asan] Patch - fix an ICE in asan.c Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org The attached test case ICEs (segfault) both on the asan branch and on the trunk with Dodji's patches: fail31.ii: In static member function 'static std::size_t std::char_traits::length(const char_type*)': fail31.ii:13:19: internal compiler error: Segmentation fault static size_t length (const char_type * __s) ^ 0xae02ef crash_signal /projects/tob/gcc-git/gcc/gcc/toplev.c:334 0xaf031d gsi_next /projects/tob/gcc-git/gcc/gcc/gimple.h:5072 0xaf031d transform_statements /projects/tob/gcc-git/gcc/gcc/asan.c:1357 0xaf031d asan_instrument /projects/tob/gcc-git/gcc/gcc/asan.c:1556 The problem is in asa.c's transform_statements: FOR_EACH_BB (bb) { if (bb->index >= saved_last_basic_block) continue; for (i = gsi_start_bb (bb); !gsi_end_p (i); gsi_next (&i)) { gimple s = gsi_stmt (i); if (gimple_assign_single_p (s)) instrument_assignment (&i); else if (is_gimple_call (s)) maybe_instrument_call (&i); } Here, "gsi_end_p(i)" is the check "i->ptr == NULL" and gsi_next(&i) is "i->ptr = i->ptr->gsbase.next;" Thus, it looks fine at a glance. However, the problem is that the gsi_end_p check is done before the loop body while "gsi_next" is called after the loop body. That's fine unless "i" is modified in between, which happens in instrument_strlen_call (gimple_stmt_iterator *iter) ... gimple_stmt_iterator gsi = *iter; ... *iter = gsi; } After the call, iter->ptr == NULL. Is the patch okay for the ASAN branch?* Tobias * I still have to do an all-language bootstrap and regtesting, though the latter is probably pointless as there is currently not a single -fasan test case. namespace std { template < typename _Alloc > class allocator; template < class _CharT > struct char_traits; template < typename _CharT, typename _Traits = char_traits < _CharT >, typename _Alloc = allocator < _CharT > >class basic_string; typedef basic_string < char >string; typedef long unsigned int size_t; template <> struct char_traits { typedef char char_type; static size_t length (const char_type * __s) { return __builtin_strlen (__s); } }; namespace __gnu_cxx { template < typename _Tp > class new_allocator { public: typedef size_t size_type; template < typename _Tp1 > struct rebind { typedef new_allocator < _Tp1 > other; }; }; } template < typename _Tp > class allocator:public __gnu_cxx::new_allocator < _Tp > { }; template < typename _CharT, typename _Traits, typename _Alloc > class basic_string { typedef typename _Alloc::template rebind < _CharT >::other _CharT_alloc_type; typedef _Traits traits_type; typedef typename _CharT_alloc_type::size_type size_type; public: basic_string & operator= (const _CharT * __s) { return this->assign (__s, traits_type::length (__s)); } basic_string & assign (const _CharT * __s, size_type __n); }; class Regex { std::string sub (std::string * Error); }; std::string Regex::sub (std::string * Error) { *Error = ""; } } --- gcc/asan.c.orig 2012-11-09 21:26:26.000000000 +0100 +++ gcc/asan.c 2012-11-09 21:26:00.000000000 +0100 @@ -1362,6 +1362,8 @@ transform_statements (void) instrument_assignment (&i); else if (is_gimple_call (s)) maybe_instrument_call (&i); + if (gsi_end_p (i)) + break; } } }