This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/79944] New: asan: incorrect instrumentation of atomic operations
- From: "dvyukov at google dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 07 Mar 2017 18:08:17 +0000
- Subject: [Bug sanitizer/79944] New: asan: incorrect instrumentation of atomic operations
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79944
Bug ID: 79944
Summary: asan: incorrect instrumentation of atomic operations
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: dvyukov at google dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 40915
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=40915&action=edit
reproducer
Reduced from kernel miscompilation, but reproduces with user-space asan as
well.
gcc version 7.0.1 20170307 (experimental) (GCC)
Last Changed Rev: 245952
Last Changed Date: 2017-03-07 15:13:10 +0100 (Tue, 07 Mar 2017)
The program is attached. It prints:
==138034==ERROR: AddressSanitizer: unknown-crash on address 0x61b0000006c0 at
pc 0x0000004009b0 bp 0x7ffef6db2af0 sp 0x7ffef6db2ae8
WRITE of size 1640 at 0x61b0000006c0 thread T0
#0 0x4009af in atomic_add /tmp/reduced-delta4.c:4
#1 0x4009af in cpupri_set /tmp/reduced-delta4.c:34
#2 0x4007d3 in cpupri_set /tmp/reduced-delta4.c:19
#3 0x4007d3 in main /tmp/reduced-delta4.c:40
Note the 1640 size. It's bogus. 1640 is size of whole struct cpupri, but the
access happens only to 'int counter'.
I've localized it to this part of get_mem_refs_of_builtin_call:
else if (TREE_CODE (dest) == SSA_NAME || TREE_CODE (dest) ==
INTEGER_CST)
dest = build2 (MEM_REF, TREE_TYPE (TREE_TYPE (dest)),
dest, build_int_cst (TREE_TYPE (dest), 0));
before that line int_size_in_bytes (TREE_TYPE (dest)) == 8, after 1640.