Support nested functions (PR sanitize/78541).

Message ID	470f7038-bf95-714c-f9b0-4ce7f32a76f6@suse.cz
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of gcc-patches-return-442872-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:to:cc :from:subject:message-id:date:mime-version:content-type; q=dns; s=default; b=eLVBG+Ragw0OxHn6/+hPbD5fgQD5zdzfbvpCSDI3HpsPFqd2D1 VlOo7KHZpXwLNSI0GL6TB3w7qwCHBUQpKkW+p2o8biwJH44llwD4qjx8gVtBi48K VeUIIBpm9CU8qxbPRFLwRO+b4I4QGYuTO43O0z6jbI4x/BsoPAEcMMMzs= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org To: GCC Patches <gcc-patches@gcc.gnu.org> Cc: Jakub Jelinek <jakub@redhat.com> From: =?UTF-8?Q?Martin_Li=c5=a1ka?= <mliska@suse.cz> Subject: [PATCH] Support nested functions (PR sanitize/78541). Message-ID: <470f7038-bf95-714c-f9b0-4ce7f32a76f6@suse.cz> Date: Tue, 29 Nov 2016 11:44:11 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------588DBC339ABDAF70D6A48C3D"

Message ID

470f7038-bf95-714c-f9b0-4ce7f32a76f6@suse.cz

State

New

Headers

Received-SPF: pass (google.com: domain of
	gcc-patches-return-442872-patch=linaro.org@gcc.gnu.org
	designates 209.132.180.131 as permitted sender)
	client-ip=209.132.180.131; 
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:to:cc
	:from:subject:message-id:date:mime-version:content-type; q=dns;
	s=default; b=eLVBG+Ragw0OxHn6/+hPbD5fgQD5zdzfbvpCSDI3HpsPFqd2D1
	VlOo7KHZpXwLNSI0GL6TB3w7qwCHBUQpKkW+p2o8biwJH44llwD4qjx8gVtBi48K
	VeUIIBpm9CU8qxbPRFLwRO+b4I4QGYuTO43O0z6jbI4x/BsoPAEcMMMzs=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Jakub Jelinek <jakub@redhat.com>
From: =?UTF-8?Q?Martin_Li=c5=a1ka?= <mliska@suse.cz>
Subject: [PATCH] Support nested functions (PR sanitize/78541).
Message-ID: <470f7038-bf95-714c-f9b0-4ce7f32a76f6@suse.cz>
Date: Tue, 29 Nov 2016 11:44:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="------------588DBC339ABDAF70D6A48C3D"

Commit Message

Martin Liška Nov. 29, 2016, 10:44 a.m. UTC

Currently we an assert that prevents proper use-after-scope sanitization
in nested functions. With the attached patch, we are able to do so.
I'm adding 2 test-cases, first one is the ICE reported in PR and the second
one tests proper report of use-after-scope passed by FRAME belonging to a
nested function call.

Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.

Ready to be installed?
Martin

Comments

Jeff Law Nov. 30, 2016, 3:03 a.m. UTC | #1

On 11/29/2016 03:44 AM, Martin Liška wrote:
> Currently we an assert that prevents proper use-after-scope sanitization

> in nested functions. With the attached patch, we are able to do so.

> I'm adding 2 test-cases, first one is the ICE reported in PR and the second

> one tests proper report of use-after-scope passed by FRAME belonging to a

> nested function call.

>

> Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.

>

> Ready to be installed?

> Martin

>

>

> 0001-Support-nested-functions-PR-sanitize-78541.patch

>

>

> From 8e02ebdf64a82f0dfc7be531a38702497dece26b Mon Sep 17 00:00:00 2001

> From: marxin <mliska@suse.cz>

> Date: Mon, 28 Nov 2016 13:05:33 +0100

> Subject: [PATCH] Support nested functions (PR sanitize/78541).

>

> gcc/testsuite/ChangeLog:

>

> 2016-11-28  Martin Liska  <mliska@suse.cz>

>

> 	PR sanitize/78541

> 	* gcc.dg/asan/pr78541-2.c: New test.

> 	* gcc.dg/asan/pr78541.c: New test.

>

> gcc/ChangeLog:

>

> 2016-11-28  Martin Liska  <mliska@suse.cz>

>

> 	PR sanitize/78541

> 	* asan.c (asan_expand_mark_ifn): Properly

> 	select a VAR_DECL from FRAME.* component reference.

OK.
jeff

From 8e02ebdf64a82f0dfc7be531a38702497dece26b Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 28 Nov 2016 13:05:33 +0100
Subject: [PATCH] Support nested functions (PR sanitize/78541).

gcc/testsuite/ChangeLog:

2016-11-28  Martin Liska  <mliska@suse.cz>

	PR sanitize/78541
	* gcc.dg/asan/pr78541-2.c: New test.
	* gcc.dg/asan/pr78541.c: New test.

gcc/ChangeLog:

2016-11-28  Martin Liska  <mliska@suse.cz>

	PR sanitize/78541
	* asan.c (asan_expand_mark_ifn): Properly
	select a VAR_DECL from FRAME.* component reference.
---
 gcc/asan.c                            |  6 ++++++
 gcc/testsuite/gcc.dg/asan/pr78541-2.c | 10 ++++++++++
 gcc/testsuite/gcc.dg/asan/pr78541.c   | 25 +++++++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr78541-2.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr78541.c

diff --git a/gcc/asan.c b/gcc/asan.c
index 6e93ea3..cb5d615 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -2713,6 +2713,12 @@  asan_expand_mark_ifn (gimple_stmt_iterator *iter)
   tree base = gimple_call_arg (g, 1);
   gcc_checking_assert (TREE_CODE (base) == ADDR_EXPR);
   tree decl = TREE_OPERAND (base, 0);
+
+  /* For a nested function, we can have: ASAN_MARK (2, &FRAME.2.fp_input, 4) */
+  if (TREE_CODE (decl) == COMPONENT_REF
+      && DECL_NONLOCAL_FRAME (TREE_OPERAND (decl, 0)))
+    decl = TREE_OPERAND (decl, 0);
+
   gcc_checking_assert (TREE_CODE (decl) == VAR_DECL);
   if (asan_handled_variables == NULL)
     asan_handled_variables = new hash_set<tree> (16);
diff --git a/gcc/testsuite/gcc.dg/asan/pr78541-2.c b/gcc/testsuite/gcc.dg/asan/pr78541-2.c
new file mode 100644
index 0000000..44be19c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr78541-2.c
@@ -0,0 +1,10 @@ 
+/* PR sanitizer/78560 */
+/* { dg-do compile } */
+
+void __quadmath_mpn_extract_flt128 (long *fp_input);
+
+int fn1 ()
+{
+  long fp_input[1];
+  int hack_digit () { __quadmath_mpn_extract_flt128 (fp_input); }
+}
diff --git a/gcc/testsuite/gcc.dg/asan/pr78541.c b/gcc/testsuite/gcc.dg/asan/pr78541.c
new file mode 100644
index 0000000..fb02082
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr78541.c
@@ -0,0 +1,25 @@ 
+// PR sanitizer/78560
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+void foo (double a, double b)
+{
+  double *ptr;
+    {
+      double x = a + b;
+      ptr = &x;
+    }
+ double square () { __builtin_printf ("", *ptr); }
+
+ square ();
+}
+
+int main()
+{
+  foo (1.2f, 2.3f);
+  return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size.*" }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
-- 
2.10.2