This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Fix ubsan/bounds-2.c
- From: Marek Polacek <polacek at redhat dot com>
- To: Jakub Jelinek <jakub at redhat dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Ramana Radhakrishnan <ramana dot radhakrishnan at arm dot com>
- Date: Wed, 25 Jun 2014 16:03:51 +0200
- Subject: Re: [PATCH] Fix ubsan/bounds-2.c
- Authentication-results: sourceware.org; auth=none
- References: <20140625124039 dot GB489 at redhat dot com> <20140625124956 dot GE31640 at tucnak dot redhat dot com> <20140625133638 dot GC489 at redhat dot com> <20140625134737 dot GF31640 at tucnak dot redhat dot com>
On Wed, Jun 25, 2014 at 03:47:37PM +0200, Jakub Jelinek wrote:
> Please don't invoke undefined behavior in the asm statements.
> So, "r" (&c[5]) is fine, but not &c[5][2][2] is not, &x[-1] is not, etc.
> I'd say it should be ok to always just take address of the base
> variable in the asm. Otherwise it looks good to me.
Ah, sure, hopefully the following is fine then:
2014-06-25 Marek Polacek <polacek@redhat.com>
* c-c++-common/ubsan/bounds-2.c: Adjust dg-output.
(fn1): Remove store to out-of-bounds location. Add memory barrier.
(fn2): Likewise.
(fn5): Likewise.
(fn6): Likewise.
(fn7): Likewise.
(fn8): Likewise.
(fn9): Likewise.
(fn11): Likewise.
* c-c++-common/ubsan/bounds-5.c (fn1): Remove store to out-of-bounds
location. Add memory barrier.
(fn2): Likewise.
(fn3): Likewise.
(fn4): Likewise.
(fn5): Likewise.
* c-c++-common/ubsan/bounds-7.c: New test.
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-2.c gcc/testsuite/c-c++-common/ubsan/bounds-2.c
index 95f77c2..7ef71aa 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-2.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-2.c
@@ -22,7 +22,7 @@ static void __attribute__ ((noinline, noclone))
fn1 (void)
{
volatile int a[5];
- a[5] = 1;
+ asm ("" : : "r" (&a) : "memory");
a[2] = a[5];
}
@@ -30,9 +30,11 @@ static void __attribute__ ((noinline, noclone))
fn2 (void)
{
volatile int a[5];
+ volatile int j;
int i = 5;
int *p = &i;
- a[*p] = 1;
+ asm ("" : : "r" (&a) : "memory");
+ j = a[*p];
}
static void __attribute__ ((noinline, noclone))
@@ -54,7 +56,7 @@ fn5 (void)
{
int i = 5;
volatile int a[i];
- a[i] = 1;
+ asm ("" : : "r" (&a) : "memory");
a[2] = a[i];
}
@@ -63,29 +65,32 @@ fn6 (void)
{
int i = 5;
volatile int a[i];
+ volatile int j;
fn_p (a[i]);
- a[foo_5 ()] = 1;
+ asm ("" : : "r" (&a) : "memory");
+ j = a[foo_5 ()];
}
static void __attribute__ ((noinline, noclone))
fn7 (void)
{
- int n = 5, i;
+ int n = 5;
+ volatile int i;
volatile int c[n][n][n];
- c[5][2][2] = 2;
- c[2][5][2] = 2;
- c[2][2][5] = 2;
+ asm ("" : : "r" (&c[5]) : "memory");
i = c[5][2][2];
+ asm ("" : : "r" (&c[2]) : "memory");
i = c[2][5][2];
+ asm ("" : : "r" (&c[2]) : "memory");
i = c[2][2][5];
}
static void __attribute__ ((noinline, noclone))
fn8 (void)
{
- int i = 5;
+ volatile int i;
volatile struct S s;
- s.a[10] = 1;
+ asm ("" : : "r" (&s.a) : "memory");
i = s.a[10];
}
@@ -93,7 +98,7 @@ static void __attribute__ ((noinline, noclone))
fn9 (void)
{
long int *volatile d[10][5];
- d[10][0] = 0;
+ asm ("" : : "r" (&d[10]) : "memory");
d[8][3] = d[10][0];
}
@@ -115,7 +120,7 @@ static void __attribute__ ((noinline, noclone))
fn11 (void)
{
char ***volatile f[5];
- f[5] = 0;
+ asm ("" : : "r" (&f) : "memory");
f[2] = f[5];
}
@@ -148,21 +153,13 @@ main (void)
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'long int \\\*\\\[10\\\]\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'long int \\\*\\\[10\\\]\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'char \\\*\\\*\\\*\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'char \\\*\\\*\\\*\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-5.c gcc/testsuite/c-c++-common/ubsan/bounds-5.c
index 7b7d76d..9698529 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-5.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-5.c
@@ -9,11 +9,16 @@ void
fn1 (void)
{
volatile struct S { char a[1]; char b; } s;
- s.a[0] = 1; // OK
- s.a[1] = 2; // error
+ volatile int i;
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[0]; // OK
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[1]; // error
volatile struct S *p = &s;
- p->a[0] = 1; // OK
- p->a[1] = 1; // error
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[0]; // OK
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[1]; // error
}
__attribute__ ((noinline, noclone))
@@ -22,11 +27,16 @@ fn2 (void)
{
struct S { int c; char d[4]; };
volatile struct T { int e; struct S f; int g; } t;
- t.f.d[3] = 1; // OK
- t.f.d[4] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&t.f.d) : "memory");
+ i = t.f.d[3]; // OK
+ asm ("" : : "r" (&t.f.d) : "memory");
+ i = t.f.d[4]; // error
volatile struct T *p = &t;
- p->f.d[3] = 1; // OK
- p->f.d[4] = 1; // error
+ asm ("" : : "r" (&p->f.d) : "memory");
+ i = p->f.d[3]; // OK
+ asm ("" : : "r" (&p->f.d) : "memory");
+ i = p->f.d[4]; // error
}
__attribute__ ((noinline, noclone))
@@ -34,11 +44,16 @@ void
fn3 (void)
{
volatile struct S { char b; char a[1]; } s;
- s.a[0] = 1; // OK
- s.a[1] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[0]; // OK
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[1]; // error
volatile struct S *p = &s;
- p->a[0] = 1; // OK
- p->a[1] = 1; // error in strict mode
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[0]; // OK
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[1]; // error in strict mode
}
__attribute__ ((noinline, noclone))
@@ -47,11 +62,16 @@ fn4 (void)
{
volatile struct S { char b; char a[1]; } s;
volatile struct T { struct S s; int i; } t;
- t.s.a[0] = 1; // OK
- t.s.a[1] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&t.s.a) : "memory");
+ i = t.s.a[0]; // OK
+ asm ("" : : "r" (&t.s.a) : "memory");
+ i = t.s.a[1]; // error
volatile struct T *pt = &t;
- pt->s.a[0] = 1; // OK
- pt->s.a[1] = 1; // error
+ asm ("" : : "r" (&pt->s.a) : "memory");
+ i = pt->s.a[0]; // OK
+ asm ("" : : "r" (&pt->s.a) : "memory");
+ i = pt->s.a[1]; // error
}
__attribute__ ((noinline, noclone))
@@ -60,11 +80,16 @@ fn5 (void)
{
volatile struct S { char b; char a[1]; } s;
volatile struct U { int a; struct S s; } u;
- u.s.a[0] = 1; // OK
- u.s.a[1] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&u.s.a) : "memory");
+ i = u.s.a[0]; // OK
+ asm ("" : : "r" (&u.s.a) : "memory");
+ i = u.s.a[1]; // error
volatile struct U *pu = &u;
- pu->s.a[0] = 1; // OK
- pu->s.a[1] = 1; // error in strict mode
+ asm ("" : : "r" (&pu->s.a) : "memory");
+ i = pu->s.a[0]; // OK
+ asm ("" : : "r" (&pu->s.a) : "memory");
+ i = pu->s.a[1]; // error in strict mode
}
int
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-7.c gcc/testsuite/c-c++-common/ubsan/bounds-7.c
index e69de29..2d7cc3b 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-7.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-7.c
@@ -0,0 +1,54 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+
+/* Test negative bounds. */
+
+struct S { int a[10]; };
+
+__attribute__ ((noinline, noclone))
+void
+fn1 (void)
+{
+ volatile int i;
+ int m = -1;
+ volatile int a[7];
+ asm ("" : : "r" (&a) : "memory");
+ i = a[-1];
+ asm ("" : : "r" (&a) : "memory");
+ i = a[m];
+}
+
+__attribute__ ((noinline, noclone))
+void
+fn2 (void)
+{
+ volatile int i;
+ int m = 7;
+ volatile int a[m];
+ asm ("" : : "r" (&a) : "memory");
+ i = a[-1];
+}
+
+__attribute__ ((noinline, noclone))
+void
+fn3 (void)
+{
+ volatile int i;
+ volatile struct S s;
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[-1];
+}
+
+int
+main (void)
+{
+ fn1 ();
+ fn2 ();
+ fn3 ();
+ return 0;
+}
+
+/* { dg-output "index -1 out of bounds for type 'int \\\[7\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[7\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
Marek