| Message ID | Zk0KV9aqUb7vOE7V@tucnak |
|---|---|
| State | New |
| Headers | show |
| Series | ubsan: Use right address space for MEM_REF created for bool/enum sanitization [PR115172] | expand |
On Tue, 21 May 2024, Jakub Jelinek wrote: > Hi! > > The following testcase is miscompiled, because -fsanitize=bool,enum > creates a MEM_REF without propagating there address space qualifiers, > so what should be normally loaded using say %gs:/%fs: segment prefix > isn't. Together with asan it then causes that load to be sanitized. > > Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, > ok for trunk and release branches? OK. Thanks, Richard. > 2024-05-21 Jakub Jelinek <jakub@redhat.com> > > PR sanitizer/115172 > * ubsan.cc (instrument_bool_enum_load): If rhs is not in generic > address space, use qualified version of utype with the right > address space. Formatting fix. > > * gcc.dg/asan/pr115172.c: New test. > > --- gcc/ubsan.cc.jj 2024-03-22 09:23:37.695296775 +0100 > +++ gcc/ubsan.cc 2024-05-21 12:10:24.261454107 +0200 > @@ -1776,13 +1776,17 @@ instrument_bool_enum_load (gimple_stmt_i > || TREE_CODE (gimple_assign_lhs (stmt)) != SSA_NAME) > return; > > + addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (rhs)); > + if (as != TYPE_ADDR_SPACE (utype)) > + utype = build_qualified_type (utype, TYPE_QUALS (utype) > + | ENCODE_QUAL_ADDR_SPACE (as)); > bool ends_bb = stmt_ends_bb_p (stmt); > location_t loc = gimple_location (stmt); > tree lhs = gimple_assign_lhs (stmt); > tree ptype = build_pointer_type (TREE_TYPE (rhs)); > tree atype = reference_alias_ptr_type (rhs); > gimple *g = gimple_build_assign (make_ssa_name (ptype), > - build_fold_addr_expr (rhs)); > + build_fold_addr_expr (rhs)); > gimple_set_location (g, loc); > gsi_insert_before (gsi, g, GSI_SAME_STMT); > tree mem = build2 (MEM_REF, utype, gimple_assign_lhs (g), > --- gcc/testsuite/gcc.dg/asan/pr115172.c.jj 2024-05-21 17:28:18.302815400 +0200 > +++ gcc/testsuite/gcc.dg/asan/pr115172.c 2024-05-21 22:50:43.272753785 +0200 > @@ -0,0 +1,20 @@ > +/* PR sanitizer/115172 */ > +/* { dg-do compile { target i?86-*-* x86_64-*-* } } */ > +/* { dg-options "-O2 -fsanitize=address,bool -ffat-lto-objects -fdump-tree-asan1" } */ > +/* { dg-final { scan-tree-dump-not "\.ASAN_CHECK " "asan1" } } */ > + > +#ifdef __x86_64__ > +#define SEG __seg_gs > +#else > +#define SEG __seg_fs > +#endif > + > +extern struct S { _Bool b; } s; > +void bar (void); > + > +void > +foo (void) > +{ > + if (*(volatile _Bool SEG *) (__UINTPTR_TYPE__) &s.b) > + bar (); > +} > > Jakub > >
--- gcc/ubsan.cc.jj 2024-03-22 09:23:37.695296775 +0100 +++ gcc/ubsan.cc 2024-05-21 12:10:24.261454107 +0200 @@ -1776,13 +1776,17 @@ instrument_bool_enum_load (gimple_stmt_i || TREE_CODE (gimple_assign_lhs (stmt)) != SSA_NAME) return; + addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (rhs)); + if (as != TYPE_ADDR_SPACE (utype)) + utype = build_qualified_type (utype, TYPE_QUALS (utype) + | ENCODE_QUAL_ADDR_SPACE (as)); bool ends_bb = stmt_ends_bb_p (stmt); location_t loc = gimple_location (stmt); tree lhs = gimple_assign_lhs (stmt); tree ptype = build_pointer_type (TREE_TYPE (rhs)); tree atype = reference_alias_ptr_type (rhs); gimple *g = gimple_build_assign (make_ssa_name (ptype), - build_fold_addr_expr (rhs)); + build_fold_addr_expr (rhs)); gimple_set_location (g, loc); gsi_insert_before (gsi, g, GSI_SAME_STMT); tree mem = build2 (MEM_REF, utype, gimple_assign_lhs (g), --- gcc/testsuite/gcc.dg/asan/pr115172.c.jj 2024-05-21 17:28:18.302815400 +0200 +++ gcc/testsuite/gcc.dg/asan/pr115172.c 2024-05-21 22:50:43.272753785 +0200 @@ -0,0 +1,20 @@ +/* PR sanitizer/115172 */ +/* { dg-do compile { target i?86-*-* x86_64-*-* } } */ +/* { dg-options "-O2 -fsanitize=address,bool -ffat-lto-objects -fdump-tree-asan1" } */ +/* { dg-final { scan-tree-dump-not "\.ASAN_CHECK " "asan1" } } */ + +#ifdef __x86_64__ +#define SEG __seg_gs +#else +#define SEG __seg_fs +#endif + +extern struct S { _Bool b; } s; +void bar (void); + +void +foo (void) +{ + if (*(volatile _Bool SEG *) (__UINTPTR_TYPE__) &s.b) + bar (); +}