From 36eb4a8b3542729c9c428ac319d8422bea677869 Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 7 Nov 2016 14:49:00 +0100
Subject: [PATCH] use-after-scope fallout
gcc/testsuite/ChangeLog:
2016-11-08 Martin Liska <mliska@suse.cz>
PR testsuite/78242
* g++.dg/asan/use-after-scope-4.C: New test.
* g++.dg/asan/use-after-scope-types-4.C: Update scanned pattern.
* gcc.dg/asan/use-after-scope-8.c: Remove.
gcc/ChangeLog:
2016-11-08 Martin Liska <mliska@suse.cz>
PR testsuite/78242
* dbgcnt.def: Add new debug counter asan_use_after_scope.
* gimplify.c (gimplify_decl_expr): Do not sanitize vars
with a value expr. Do not add artificial variables to
live_switch_vars. Use the debug counter.
(gimplify_target_expr): Use the debug counter.
* internal-fn.def: Remove ECF_TM_PURE from ASAN_MARK builtin.
* sanitizer.def: Set ATTR_NOTHROW_LEAF_LIST to
BUILT_IN_ASAN_CLOBBER_N and BUILT_IN_ASAN_UNCLOBBER_N.
---
gcc/dbgcnt.def | 1 +
gcc/gimplify.c | 10 ++++--
gcc/internal-fn.def | 2 +-
gcc/sanitizer.def | 4 +--
gcc/testsuite/g++.dg/asan/use-after-scope-4.C | 36 ++++++++++++++++++++++
.../g++.dg/asan/use-after-scope-types-4.C | 2 +-
gcc/testsuite/gcc.dg/asan/use-after-scope-8.c | 14 ---------
7 files changed, 48 insertions(+), 21 deletions(-)
create mode 100644 gcc/testsuite/g++.dg/asan/use-after-scope-4.C
delete mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-8.c
@@ -141,6 +141,7 @@ echo ubound: $ub
*/
/* Debug counter definitions. */
+DEBUG_COUNTER (asan_use_after_scope)
DEBUG_COUNTER (auto_inc_dec)
DEBUG_COUNTER (ccp)
DEBUG_COUNTER (cfg_cleanup)
@@ -60,6 +60,7 @@ along with GCC; see the file COPYING3. If not see
#include "langhooks-def.h" /* FIXME: for lhd_set_decl_assembler_name */
#include "builtins.h"
#include "asan.h"
+#include "dbgcnt.h"
/* Hash set of poisoned variables in a bind expr. */
static hash_set<tree> *asan_poisoned_variables = NULL;
@@ -1622,11 +1623,13 @@ gimplify_decl_expr (tree *stmt_p, gimple_seq *seq_p)
&& !asan_no_sanitize_address_p ()
&& !is_vla
&& TREE_ADDRESSABLE (decl)
- && !TREE_STATIC (decl))
+ && !TREE_STATIC (decl)
+ && !DECL_HAS_VALUE_EXPR_P (decl)
+ && dbg_cnt (asan_use_after_scope))
{
asan_poisoned_variables->add (decl);
asan_poison_variable (decl, false, seq_p);
- if (gimplify_ctxp->live_switch_vars)
+ if (!DECL_ARTIFICIAL (decl) && gimplify_ctxp->live_switch_vars)
gimplify_ctxp->live_switch_vars->add (decl);
}
@@ -6399,7 +6402,8 @@ gimplify_target_expr (tree *expr_p, gimple_seq *pre_p, gimple_seq *post_p)
else
cleanup = clobber;
}
- if (asan_sanitize_use_after_scope ())
+ if (asan_sanitize_use_after_scope ()
+ && dbg_cnt (asan_use_after_scope))
{
tree asan_cleanup = build_asan_poison_call_expr (temp);
if (asan_cleanup)
@@ -158,7 +158,7 @@ DEF_INTERNAL_FN (UBSAN_OBJECT_SIZE, ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (ABNORMAL_DISPATCHER, ECF_NORETURN, NULL)
DEF_INTERNAL_FN (BUILTIN_EXPECT, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (ASAN_CHECK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R...")
-DEF_INTERNAL_FN (ASAN_MARK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, ".R..")
+DEF_INTERNAL_FN (ASAN_MARK, ECF_LEAF | ECF_NOTHROW, ".R..")
DEF_INTERNAL_FN (ADD_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (SUB_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
DEF_INTERNAL_FN (MUL_OVERFLOW, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
@@ -166,9 +166,9 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_AFTER_DYNAMIC_INIT,
"__asan_after_dynamic_init",
BT_FN_VOID, ATTR_NOTHROW_LEAF_LIST)
DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_CLOBBER_N, "__asan_poison_stack_memory",
- BT_FN_VOID_PTR_PTRMODE, 0)
+ BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST)
DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_UNCLOBBER_N, "__asan_unpoison_stack_memory",
- BT_FN_VOID_PTR_PTRMODE, 0)
+ BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST)
/* Thread Sanitizer */
DEF_SANITIZER_BUILTIN(BUILT_IN_TSAN_INIT, "__tsan_init",
new file mode 100644
@@ -0,0 +1,36 @@
+/* Caused ICE in in make_decl_rtl, at varasm.c:1311. */
+/* { dg-do compile } */
+
+class A
+{
+public:
+ A () : value (123) {}
+ int value;
+};
+
+template <typename StoredFunction> class B
+{
+public:
+ template <typename F> B (F p1) : mFunction (p1) { mFunction (); }
+ StoredFunction mFunction;
+};
+template <typename Function>
+void
+NS_NewRunnableFunction (Function p1)
+{
+ (B<Function> (p1));
+}
+class C
+{
+ void DispatchConnectionCloseEvent (A);
+ void AsyncCloseConnectionWithErrorMsg (const A &);
+};
+void
+C::AsyncCloseConnectionWithErrorMsg (const A &)
+{
+ {
+ A message;
+ NS_NewRunnableFunction (
+ [this, message] { DispatchConnectionCloseEvent (message); });
+ }
+}
@@ -13,5 +13,5 @@ int main()
}
// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
-// { dg-output "READ of size 8 at" }
+// { dg-output "READ of size " }
// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
deleted file mode 100644
@@ -1,14 +0,0 @@
-// { dg-do compile }
-// { dg-additional-options "-fdump-tree-asan0" }
-/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
-
-int
-fn1 ()
-{
- int x = 123;
- register int a asm("rdi") = 123;
-
- return x * x;
-}
-
-/* { dg-final { scan-tree-dump-not "ASAN_CHECK" "asan0" } } */
--
2.10.1
Hello. This is fallout fix where I changed: 1) Fix ICE for lambda functions (added test-case: use-after-scope-4.C) 2) Fix ICE in gimplify_switch_expr, at gimplify.c:2269 (fixed by not adding artificial variables) 3) PR testsuite/78242 - I basically removed the test (not interesting) 4) LEAF and NOTHROW flags are properly set on ASAN {un}poison functions 5) dbg_cnt has been added 6) use-after-scope-types-4.C - scanned pattern is updated to work on i686 Patch can bootstrap on ppc64le-redhat-linux and survives regression tests. Ready to be installed? Martin