This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug sanitizer/61591] New: Undefined behavior sanitizer does not catch builtin_unreachable's from impossible devirtualization

From: "jamborm at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 24 Jun 2014 12:04:04 +0000
Subject: [Bug sanitizer/61591] New: Undefined behavior sanitizer does not catch builtin_unreachable's from impossible devirtualization
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61591

            Bug ID: 61591
           Summary: Undefined behavior sanitizer does not catch
                    builtin_unreachable's from impossible devirtualization
           Product: gcc
           Version: 4.10.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jamborm at gcc dot gnu.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
              Host: x86_64-linux
            Target: x86_64-linux

Created attachment 32996
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=32996&action=edit
Testcase

I believe that undefined behavior sanitizer does not fold
__builtin_unreachable into __builtin_trap as Jakub wrote it should in:
https://gcc.gnu.org/ml/gcc-patches/2014-04/msg01823.html

When I tried it on the attached testcase I got no error:

$ ~/gcc/small/inst/bin/g++ modif.C -O3 -fsanitize=unreachable
-fsanitize-undefined-trap-on-error
$ LD_LIBRARY_PATH=/home/mjambor/gcc/mine/inst/lib64/ ./a.out 
$ echo $?
0

But when I applied the following patch:

diff --git a/gcc/ipa-cp.c b/gcc/ipa-cp.c
index 33ff9b6..92a152a 100644
--- a/gcc/ipa-cp.c
+++ b/gcc/ipa-cp.c
@@ -1649,7 +1649,7 @@ ipa_get_indirect_edge_target_1 (struct cgraph_edge *ie,
                 "Type inconsident devirtualization: %s/%i->%s\n",
                 ie->caller->name (), ie->caller->order,
                 IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (target)));
-      target = builtin_decl_implicit (BUILT_IN_UNREACHABLE);
+      target = builtin_decl_implicit (BUILT_IN_TRAP);
       cgraph_get_create_node (target);
     }

and tried again, I got the expected behavior (all of this was tried on
recent trunk on x86_64-linux):

$ ~/gcc/small/inst/bin/g++ modif.C -O3
mjambor@virgil:~/gcc/small/tests/devirttrap$ ./a.out 
Illegal instruction

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]