From patchwork Tue Nov 8 12:00:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Martin_Li=C5=A1ka?= X-Patchwork-Id: 81292 Delivered-To: patch@linaro.org Received: by 10.140.97.165 with SMTP id m34csp1505150qge; Tue, 8 Nov 2016 04:01:01 -0800 (PST) X-Received: by 10.98.192.21 with SMTP id x21mr22460472pff.94.1478606461011; Tue, 08 Nov 2016 04:01:01 -0800 (PST) Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id f192si36523948pfa.60.2016.11.08.04.01.00 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Nov 2016 04:01:01 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-return-440730-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org; spf=pass (google.com: domain of gcc-patches-return-440730-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=gcc-patches-return-440730-patch=linaro.org@gcc.gnu.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type; q=dns; s=default; b=bk23277tkG66TUz4+ /Umd6v+nLdr6Q4xfsPj6F+O2zIk0U1G1KYAWs60Eu3F/EpzjeqBvHdhzegekL4ny IE/B0OGB9+ommzaYXU9f6caMLzWSl1/A3MTOQiBhATPK/sNhda5QETfCQ+5KJYpP i9JFvnXgJMsl2UW31s9TgZiPBg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type; s=default; bh=UB8p7L7cAPXi0OmMTW4FQyG msCM=; b=YA52QZVAspqXMrdPLhQxWrJc9sMEGQES+3a/ZXFPrrUQC1lsActOpYM KUpmfGdtO2YIh40YnLNt8IWyknO/qaWJQN1x79yzikTh+FSVXPviYmCzFpFvmx0o 9DbsGih6EUTwdc8GGTt1BNrJqmG3WAYzlO9Z9b0zm/NHhwI6Pw3U= Received: (qmail 43498 invoked by alias); 8 Nov 2016 12:00:34 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 43443 invoked by uid 89); 8 Nov 2016 12:00:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, SPF_PASS autolearn=ham version=3.3.2 spammy=*x, scanned, 20161108 X-Spam-User: qpsmtpd, 2 recipients X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 08 Nov 2016 12:00:22 +0000 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 3C801ACCE; Tue, 8 Nov 2016 12:00:20 +0000 (UTC) Subject: [PATCH] use-after-scope fallout To: Jakub Jelinek References: <20161102142028.GQ5939@redhat.com> <8ac49efe-83af-933b-2aa5-f4b22972fa6a@suse.cz> <20161102143511.GV3541@tucnak.redhat.com> <20161104093254.GS3541@tucnak.redhat.com> <0e0fd0f9-1c7d-ac9e-8dfc-9349611b5efe@suse.cz> <59fde5a4-3633-5fc8-daa0-ed485d75a5db@suse.cz> <1478534833.7673.11.camel@redhat.com> <20161107161741.GN3541@tucnak.redhat.com> <20161108094052.GT3541@tucnak.redhat.com> Cc: David Malcolm , Marek Polacek , GCC Patches , jit@gcc.gnu.org From: =?UTF-8?Q?Martin_Li=c5=a1ka?= Message-ID: <26e56fb7-f60f-4438-d118-e4346d43305c@suse.cz> Date: Tue, 8 Nov 2016 13:00:19 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161108094052.GT3541@tucnak.redhat.com> X-IsSubscribed: yes Hello. This is fallout fix where I changed: 1) Fix ICE for lambda functions (added test-case: use-after-scope-4.C) 2) Fix ICE in gimplify_switch_expr, at gimplify.c:2269 (fixed by not adding artificial variables) 3) PR testsuite/78242 - I basically removed the test (not interesting) 4) LEAF and NOTHROW flags are properly set on ASAN {un}poison functions 5) dbg_cnt has been added 6) use-after-scope-types-4.C - scanned pattern is updated to work on i686 Patch can bootstrap on ppc64le-redhat-linux and survives regression tests. Ready to be installed? Martin >From 36eb4a8b3542729c9c428ac319d8422bea677869 Mon Sep 17 00:00:00 2001 From: marxin Date: Mon, 7 Nov 2016 14:49:00 +0100 Subject: [PATCH] use-after-scope fallout gcc/testsuite/ChangeLog: 2016-11-08 Martin Liska PR testsuite/78242 * g++.dg/asan/use-after-scope-4.C: New test. * g++.dg/asan/use-after-scope-types-4.C: Update scanned pattern. * gcc.dg/asan/use-after-scope-8.c: Remove. gcc/ChangeLog: 2016-11-08 Martin Liska PR testsuite/78242 * dbgcnt.def: Add new debug counter asan_use_after_scope. * gimplify.c (gimplify_decl_expr): Do not sanitize vars with a value expr. Do not add artificial variables to live_switch_vars. Use the debug counter. (gimplify_target_expr): Use the debug counter. * internal-fn.def: Remove ECF_TM_PURE from ASAN_MARK builtin. * sanitizer.def: Set ATTR_NOTHROW_LEAF_LIST to BUILT_IN_ASAN_CLOBBER_N and BUILT_IN_ASAN_UNCLOBBER_N. --- gcc/dbgcnt.def | 1 + gcc/gimplify.c | 10 ++++-- gcc/internal-fn.def | 2 +- gcc/sanitizer.def | 4 +-- gcc/testsuite/g++.dg/asan/use-after-scope-4.C | 36 ++++++++++++++++++++++ .../g++.dg/asan/use-after-scope-types-4.C | 2 +- gcc/testsuite/gcc.dg/asan/use-after-scope-8.c | 14 --------- 7 files changed, 48 insertions(+), 21 deletions(-) create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-4.C delete mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-8.c diff --git a/gcc/dbgcnt.def b/gcc/dbgcnt.def index 78ddcc2..0a45bac 100644 --- a/gcc/dbgcnt.def +++ b/gcc/dbgcnt.def @@ -141,6 +141,7 @@ echo ubound: $ub */ /* Debug counter definitions. */ +DEBUG_COUNTER (asan_use_after_scope) DEBUG_COUNTER (auto_inc_dec) DEBUG_COUNTER (ccp) DEBUG_COUNTER (cfg_cleanup) diff --git a/gcc/gimplify.c b/gcc/gimplify.c index e5930e6..d392450 100644 --- a/gcc/gimplify.c +++ b/gcc/gimplify.c @@ -60,6 +60,7 @@ along with GCC; see the file COPYING3. If not see #include "langhooks-def.h" /* FIXME: for lhd_set_decl_assembler_name */ #include "builtins.h" #include "asan.h" +#include "dbgcnt.h" /* Hash set of poisoned variables in a bind expr. */ static hash_set *asan_poisoned_variables = NULL; @@ -1622,11 +1623,13 @@ gimplify_decl_expr (tree *stmt_p, gimple_seq *seq_p) && !asan_no_sanitize_address_p () && !is_vla && TREE_ADDRESSABLE (decl) - && !TREE_STATIC (decl)) + && !TREE_STATIC (decl) + && !DECL_HAS_VALUE_EXPR_P (decl) + && dbg_cnt (asan_use_after_scope)) { asan_poisoned_variables->add (decl); asan_poison_variable (decl, false, seq_p); - if (gimplify_ctxp->live_switch_vars) + if (!DECL_ARTIFICIAL (decl) && gimplify_ctxp->live_switch_vars) gimplify_ctxp->live_switch_vars->add (decl); } @@ -6399,7 +6402,8 @@ gimplify_target_expr (tree *expr_p, gimple_seq *pre_p, gimple_seq *post_p) else cleanup = clobber; } - if (asan_sanitize_use_after_scope ()) + if (asan_sanitize_use_after_scope () + && dbg_cnt (asan_use_after_scope)) { tree asan_cleanup = build_asan_poison_call_expr (temp); if (asan_cleanup) diff --git a/gcc/internal-fn.def b/gcc/internal-fn.def index 6a0a7f6..0869b2f 100644 --- a/gcc/internal-fn.def +++ b/gcc/internal-fn.def @@ -158,7 +158,7 @@ DEF_INTERNAL_FN (UBSAN_OBJECT_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) DEF_INTERNAL_FN (ABNORMAL_DISPATCHER, ECF_NORETURN, NULL) DEF_INTERNAL_FN (BUILTIN_EXPECT, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL) DEF_INTERNAL_FN (ASAN_CHECK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R...") -DEF_INTERNAL_FN (ASAN_MARK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R..") +DEF_INTERNAL_FN (ASAN_MARK, ECF_LEAF | ECF_NOTHROW, ".R..") DEF_INTERNAL_FN (ADD_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL) DEF_INTERNAL_FN (SUB_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL) DEF_INTERNAL_FN (MUL_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL) diff --git a/gcc/sanitizer.def b/gcc/sanitizer.def index 1c142e9..c11c95a 100644 --- a/gcc/sanitizer.def +++ b/gcc/sanitizer.def @@ -166,9 +166,9 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_AFTER_DYNAMIC_INIT, "__asan_after_dynamic_init", BT_FN_VOID, ATTR_NOTHROW_LEAF_LIST) DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_CLOBBER_N, "__asan_poison_stack_memory", - BT_FN_VOID_PTR_PTRMODE, 0) + BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST) DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_UNCLOBBER_N, "__asan_unpoison_stack_memory", - BT_FN_VOID_PTR_PTRMODE, 0) + BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST) /* Thread Sanitizer */ DEF_SANITIZER_BUILTIN(BUILT_IN_TSAN_INIT, "__tsan_init", diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-4.C b/gcc/testsuite/g++.dg/asan/use-after-scope-4.C new file mode 100644 index 0000000..c3b6932 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-4.C @@ -0,0 +1,36 @@ +/* Caused ICE in in make_decl_rtl, at varasm.c:1311. */ +/* { dg-do compile } */ + +class A +{ +public: + A () : value (123) {} + int value; +}; + +template class B +{ +public: + template B (F p1) : mFunction (p1) { mFunction (); } + StoredFunction mFunction; +}; +template +void +NS_NewRunnableFunction (Function p1) +{ + (B (p1)); +} +class C +{ + void DispatchConnectionCloseEvent (A); + void AsyncCloseConnectionWithErrorMsg (const A &); +}; +void +C::AsyncCloseConnectionWithErrorMsg (const A &) +{ + { + A message; + NS_NewRunnableFunction ( + [this, message] { DispatchConnectionCloseEvent (message); }); + } +} diff --git a/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C index dd06e94..44f4d3b 100644 --- a/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C +++ b/gcc/testsuite/g++.dg/asan/use-after-scope-types-4.C @@ -13,5 +13,5 @@ int main() } // { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" } -// { dg-output "READ of size 8 at" } +// { dg-output "READ of size " } // { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" } diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c deleted file mode 100644 index b204206..0000000 --- a/gcc/testsuite/gcc.dg/asan/use-after-scope-8.c +++ /dev/null @@ -1,14 +0,0 @@ -// { dg-do compile } -// { dg-additional-options "-fdump-tree-asan0" } -/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */ - -int -fn1 () -{ - int x = 123; - register int a asm("rdi") = 123; - - return x * x; -} - -/* { dg-final { scan-tree-dump-not "ASAN_CHECK" "asan0" } } */ -- 2.10.1