This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998)
- From: Richard Biener <rguenther at suse dot de>
- To: Jakub Jelinek <jakub at redhat dot com>
- Cc: Martin Liška <mliska at suse dot cz>, gcc-patches at gcc dot gnu dot org
- Date: Tue, 20 Jun 2017 09:41:43 +0200 (CEST)
- Subject: Re: [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998)
- Authentication-results: sourceware.org; auth=none
- References: <20170619182515.GA2123@tucnak>
On Mon, 19 Jun 2017, Jakub Jelinek wrote:
> Hi!
>
> The following patch adds -fsanitize=pointer-overflow support,
> which adds instrumentation (included in -fsanitize=undefined) that checks
> that pointer arithmetics doesn't wrap. If the offset on ptr p+ off when treating
> it as signed value is non-negative, we check whether the result is bigger
> (uintptr_t comparison) than ptr, if it is negative in ssizetype, we check
> whether the result is smaller than ptr, otherwise we check at runtime
> whether (ssizetype) off < 0 and do the check based on that.
> The patch checks both POINTER_PLUS_EXPR, as well as e.g. ADDR_EXPR of
> handled components, and even handled components themselves (exception
> is for constant offset when the base is an automatic non-VLA decl or
> decl that binds to current function where we can at compile time for
> sure guarantee it will fit).
Does this "properly" interact with any array-bound sanitizing we do?
Say, for
&a->b[i].c.d
?
> Martin has said he'll write the sanopt part of optimization
> (if UBSAN_PTR for some pointer is dominated by UBSAN_PTR for the same
> pointer and the offset is constant in both cases and equal or absolute value
> bigger and same sign in the dominating UBSAN_PTR, we can avoid the dominated
> check).
>
> For the cases where there is a dereference (i.e. not ADDR_EXPR of the
> handled component or POINTER_PLUS_EXPR), I wonder if we couldn't ignore
> say constant offsets in range <-4096, 4096> or something similar, hoping
> people don't have anything mapped at the page 0 and -pagesize in hosted
> env. Thoughts on that?
Not sure what the problem is here?
> I've bootstrapped/regtested the patch on x86_64-linux and i686-linux
> and additionally bootstrapped/regtested with bootstrap-ubsan on both too.
> The latter revealed a couple of issues I'd like to discuss:
>
> 1) libcpp/symtab.c contains a couple of spots reduced into:
> #define DELETED ((char *) -1)
> void bar (char *);
> void
> foo (char *p)
> {
> if (p && p != DELETED)
> bar (p);
> }
> where we fold it early into if ((p p+ -1) <= (char *) -3)
> and as the instrumentation is done during ubsan pass, if p is NULL,
> we diagnose this as invalid pointer overflow from NULL to 0xffff*f.
> Shall we change the folder so that during GENERIC folding it
> actually does the addition and comparison in pointer_sized_int
> instead (my preference), or shall I move the UBSAN_PTR instrumentation
> earlier into the FEs (but then I still risk stuff is folded earlier)?
Aww, so we turn the pointer test into a range test ;) That it uses
a pointer type rather than an unsigned integer type is a bug, probably
caused by pointers being TYPE_UNSIGNED.
Not sure if the folding itself is worthwhile to keep though, thus an
option would be to not generate range tests from pointers?
> 2) libcpp/line-map.c has this:
> static int
> location_adhoc_data_update (void **slot, void *data)
> {
> *((char **) slot) += *((int64_t *) data);
> return 1;
> }
> where the (why int64_t always?, we really need just intptr_t) adjusts
> one pointer from an unrelated one (result of realloc). That is a UB
> and actually can trigger this sanitization if the two regions are
> far away from each other, e.g. on i686-linux:
> ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x0899e308 overflowed to 0xf74c4ab8
> ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x08add7c0 overflowed to 0xf74c9a08
> ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x092ba308 overflowed to 0xf741cab8
> ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x0a3757c0 overflowed to 0xf7453a08
> Shall we perform the addition in uintptr_t instead to make it
> implementation defined rather than UB?
Yes.
> 3) not really related to this patch, but something I also saw during the
> bootstrap-ubsan on i686-linux:
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147426384 - 2147475412 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147426384 - 2147478324 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147450216 - 2147451580 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147450216 - 2147465664 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147469348 - 2147451544 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147482364 - 2147475376 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147483624 - 2147475376 cannot be represented in type 'int'
> ../../gcc/bitmap.c:141:12: runtime error: signed integer overflow: -2147483628 - 2147451544 cannot be represented in type 'int'
> ../../gcc/memory-block.cc:59:4: runtime error: signed integer overflow: -2147426384 - 2147475376 cannot be represented in type 'int'
> ../../gcc/memory-block.cc:59:4: runtime error: signed integer overflow: -2147450216 - 2147451544 cannot be represented in type 'int'
> The problem here is that we lower pointer subtraction, e.g.
> long foo (char *p, char *q) { return q - p; }
> as return (ptrdiff_t) ((ssizetype) q - (ssizetype) p);
> and even for a valid testcase where we have an array across
> the middle of the virtual address space, say the first one above
> is (char *) 0x8000dfb0 - (char *) 0x7fffdfd4 subtraction, even if
> there is 128KB array starting at 0x7fffd000, it will yield
> UB (not in the source, but in whatever the compiler lowered it into).
> So, shall we instead do the subtraction in sizetype and only then
> cast? For sizeof (*ptr) > 1 I think we have some outstanding PR,
> and it is more difficult to find out in what types to compute it.
> Or do we want to introduce POINTER_DIFF_EXPR?
Just use uintptr_t for the difference computation (well, an unsigned
integer type of desired precision -- mind address-spaces), then cast
the result to signed.
Richard.
> 2017-06-19 Jakub Jelinek <jakub@redhat.com>
>
> PR sanitizer/80998
> * sanopt.c (pass_sanopt::execute): Handle IFN_UBSAN_PTR.
> * tree-ssa-alias.c (call_may_clobber_ref_p_1): Likewise.
> * flag-types.h (enum sanitize_code): Add SANITIZER_POINTER_OVERFLOW.
> Or it into SANITIZER_UNDEFINED.
> * ubsan.c: Include gimple-fold.h and varasm.h.
> (ubsan_expand_null_ifn): Use PROB_VERY_LIKELY instead of
> REG_BR_PROB_BASE - PROB_VERY_UNLIKELY.
> (ubsan_expand_ptr_ifn): New function.
> (instrument_pointer_overflow): New function.
> (maybe_instrument_pointer_overflow): New function.
> (instrument_object_size): Formatting fix.
> (pass_ubsan::execute): Call instrument_pointer_overflow
> and maybe_instrument_pointer_overflow.
> * internal-fn.c (expand_UBSAN_PTR): New function.
> * ubsan.h (ubsan_expand_ptr_ifn): Declare.
> * sanitizer.def (__ubsan_handle_pointer_overflow,
> __ubsan_handle_pointer_overflow_abort): New builtins.
> * tree-ssa-tail-merge.c (merge_stmts_p): Handle IFN_UBSAN_PTR.
> * internal-fn.def (UBSAN_PTR): New internal function.
> * opts.c (sanitizer_opts): Add pointer-overflow.
> * lto-streamer-in.c (input_function): Handle IFN_UBSAN_PTR.
> gcc/testsuite/
> * c-c++-common/ubsan/ptr-overflow-1.c: New test.
> * c-c++-common/ubsan/ptr-overflow-2.c: New test.
> libsanitizer/
> * ubsan/ubsan_handlers.cc: Cherry-pick upstream r304461.
> * ubsan/ubsan_checks.inc: Likewise.
> * ubsan/ubsan_handlers.h: Likewise.
>
> --- gcc/sanopt.c.jj 2017-06-14 18:07:46.459748266 +0200
> +++ gcc/sanopt.c 2017-06-15 11:06:53.567321615 +0200
> @@ -924,6 +924,9 @@ pass_sanopt::execute (function *fun)
> case IFN_UBSAN_OBJECT_SIZE:
> no_next = ubsan_expand_objsize_ifn (&gsi);
> break;
> + case IFN_UBSAN_PTR:
> + no_next = ubsan_expand_ptr_ifn (&gsi);
> + break;
> case IFN_UBSAN_VPTR:
> no_next = ubsan_expand_vptr_ifn (&gsi);
> break;
> --- gcc/tree-ssa-alias.c.jj 2017-06-14 18:07:46.215751214 +0200
> +++ gcc/tree-ssa-alias.c 2017-06-15 11:06:53.568321603 +0200
> @@ -1991,6 +1991,7 @@ call_may_clobber_ref_p_1 (gcall *call, a
> case IFN_UBSAN_BOUNDS:
> case IFN_UBSAN_VPTR:
> case IFN_UBSAN_OBJECT_SIZE:
> + case IFN_UBSAN_PTR:
> case IFN_ASAN_CHECK:
> return false;
> default:
> --- gcc/flag-types.h.jj 2017-06-14 18:07:46.068752990 +0200
> +++ gcc/flag-types.h 2017-06-15 11:06:53.569321591 +0200
> @@ -238,6 +238,7 @@ enum sanitize_code {
> SANITIZE_OBJECT_SIZE = 1UL << 21,
> SANITIZE_VPTR = 1UL << 22,
> SANITIZE_BOUNDS_STRICT = 1UL << 23,
> + SANITIZE_POINTER_OVERFLOW = 1UL << 24,
> SANITIZE_SHIFT = SANITIZE_SHIFT_BASE | SANITIZE_SHIFT_EXPONENT,
> SANITIZE_UNDEFINED = SANITIZE_SHIFT | SANITIZE_DIVIDE | SANITIZE_UNREACHABLE
> | SANITIZE_VLA | SANITIZE_NULL | SANITIZE_RETURN
> @@ -245,7 +246,8 @@ enum sanitize_code {
> | SANITIZE_BOUNDS | SANITIZE_ALIGNMENT
> | SANITIZE_NONNULL_ATTRIBUTE
> | SANITIZE_RETURNS_NONNULL_ATTRIBUTE
> - | SANITIZE_OBJECT_SIZE | SANITIZE_VPTR,
> + | SANITIZE_OBJECT_SIZE | SANITIZE_VPTR
> + | SANITIZE_POINTER_OVERFLOW,
> SANITIZE_UNDEFINED_NONDEFAULT = SANITIZE_FLOAT_DIVIDE | SANITIZE_FLOAT_CAST
> | SANITIZE_BOUNDS_STRICT
> };
> --- gcc/ubsan.c.jj 2017-06-15 11:06:45.275423452 +0200
> +++ gcc/ubsan.c 2017-06-16 13:27:48.946545636 +0200
> @@ -45,6 +45,8 @@ along with GCC; see the file COPYING3.
> #include "builtins.h"
> #include "tree-object-size.h"
> #include "tree-cfg.h"
> +#include "gimple-fold.h"
> +#include "varasm.h"
>
> /* Map from a tree to a VAR_DECL tree. */
>
> @@ -792,7 +794,7 @@ ubsan_expand_null_ifn (gimple_stmt_itera
> e = find_edge (cond_bb, fallthru_bb);
> e->flags = EDGE_FALSE_VALUE;
> e->count = cond_bb->count;
> - e->probability = REG_BR_PROB_BASE - PROB_VERY_UNLIKELY;
> + e->probability = PROB_VERY_LIKELY;
>
> /* Update dominance info for the newly created then_bb; note that
> fallthru_bb's dominance info has already been updated by
> @@ -861,7 +863,7 @@ ubsan_expand_null_ifn (gimple_stmt_itera
> e = find_edge (cond1_bb, cond2_bb);
> e->flags = EDGE_FALSE_VALUE;
> e->count = cond1_bb->count;
> - e->probability = REG_BR_PROB_BASE - PROB_VERY_UNLIKELY;
> + e->probability = PROB_VERY_LIKELY;
>
> /* Update dominance info. */
> if (dom_info_available_p (CDI_DOMINATORS))
> @@ -1011,6 +1013,170 @@ ubsan_expand_objsize_ifn (gimple_stmt_it
> return true;
> }
>
> +/* Expand UBSAN_PTR internal call. */
> +
> +bool
> +ubsan_expand_ptr_ifn (gimple_stmt_iterator *gsip)
> +{
> + gimple_stmt_iterator gsi = *gsip;
> + gimple *stmt = gsi_stmt (gsi);
> + location_t loc = gimple_location (stmt);
> + gcc_assert (gimple_call_num_args (stmt) == 2);
> + tree ptr = gimple_call_arg (stmt, 0);
> + tree off = gimple_call_arg (stmt, 1);
> +
> + if (integer_zerop (off))
> + {
> + gsi_remove (gsip, true);
> + unlink_stmt_vdef (stmt);
> + return true;
> + }
> +
> + basic_block cur_bb = gsi_bb (gsi);
> + tree ptrplusoff = make_ssa_name (pointer_sized_int_node);
> + tree ptri = make_ssa_name (pointer_sized_int_node);
> + int pos_neg = get_range_pos_neg (off);
> +
> + /* Split the original block holding the pointer dereference. */
> + edge e = split_block (cur_bb, stmt);
> +
> + /* Get a hold on the 'condition block', the 'then block' and the
> + 'else block'. */
> + basic_block cond_bb = e->src;
> + basic_block fallthru_bb = e->dest;
> + basic_block then_bb = create_empty_bb (cond_bb);
> + basic_block cond_pos_bb = NULL, cond_neg_bb = NULL;
> + add_bb_to_loop (then_bb, cond_bb->loop_father);
> + loops_state_set (LOOPS_NEED_FIXUP);
> +
> + /* Set up the fallthrough basic block. */
> + e->flags = EDGE_FALSE_VALUE;
> + if (pos_neg != 3)
> + {
> + e->count = cond_bb->count;
> + e->probability = PROB_VERY_LIKELY;
> +
> + /* Connect 'then block' with the 'else block'. This is needed
> + as the ubsan routines we call in the 'then block' are not noreturn.
> + The 'then block' only has one outcoming edge. */
> + make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
> +
> + /* Make an edge coming from the 'cond block' into the 'then block';
> + this edge is unlikely taken, so set up the probability
> + accordingly. */
> + e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
> + e->probability = PROB_VERY_UNLIKELY;
> + }
> + else
> + {
> + profile_count count = cond_bb->count.apply_probability (PROB_EVEN);
> + e->count = count;
> + e->probability = PROB_EVEN;
> +
> + e = split_block (fallthru_bb, (gimple *) NULL);
> + cond_neg_bb = e->src;
> + fallthru_bb = e->dest;
> + e->count = count;
> + e->probability = PROB_VERY_LIKELY;
> + e->flags = EDGE_FALSE_VALUE;
> +
> + e = make_edge (cond_neg_bb, then_bb, EDGE_TRUE_VALUE);
> + e->probability = PROB_VERY_UNLIKELY;
> +
> + cond_pos_bb = create_empty_bb (cond_bb);
> + add_bb_to_loop (cond_pos_bb, cond_bb->loop_father);
> +
> + e = make_edge (cond_bb, cond_pos_bb, EDGE_TRUE_VALUE);
> + e->count = count;
> + e->probability = PROB_EVEN;
> +
> + e = make_edge (cond_pos_bb, then_bb, EDGE_TRUE_VALUE);
> + e->probability = PROB_VERY_UNLIKELY;
> +
> + e = make_edge (cond_pos_bb, fallthru_bb, EDGE_FALSE_VALUE);
> + e->count = count;
> + e->probability = PROB_VERY_LIKELY;
> +
> + make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
> + }
> +
> + gimple *g = gimple_build_assign (ptri, NOP_EXPR, ptr);
> + gimple_set_location (g, loc);
> + gsi_insert_before (&gsi, g, GSI_SAME_STMT);
> + g = gimple_build_assign (ptrplusoff, PLUS_EXPR, ptri, off);
> + gimple_set_location (g, loc);
> + gsi_insert_before (&gsi, g, GSI_SAME_STMT);
> +
> + /* Update dominance info for the newly created then_bb; note that
> + fallthru_bb's dominance info has already been updated by
> + split_block. */
> + if (dom_info_available_p (CDI_DOMINATORS))
> + {
> + set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
> + if (pos_neg == 3)
> + {
> + set_immediate_dominator (CDI_DOMINATORS, cond_pos_bb, cond_bb);
> + set_immediate_dominator (CDI_DOMINATORS, fallthru_bb, cond_bb);
> + }
> + }
> +
> + /* Put the ubsan builtin call into the newly created BB. */
> + if (flag_sanitize_undefined_trap_on_error)
> + g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
> + else
> + {
> + enum built_in_function bcode
> + = (flag_sanitize_recover & SANITIZE_POINTER_OVERFLOW)
> + ? BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW
> + : BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW_ABORT;
> + tree fn = builtin_decl_implicit (bcode);
> + tree data
> + = ubsan_create_data ("__ubsan_ptrovf_data", 1, &loc,
> + NULL_TREE, NULL_TREE);
> + data = build_fold_addr_expr_loc (loc, data);
> + g = gimple_build_call (fn, 3, data, ptr, ptrplusoff);
> + }
> + gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
> + gimple_set_location (g, loc);
> + gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
> +
> + /* Unlink the UBSAN_PTRs vops before replacing it. */
> + unlink_stmt_vdef (stmt);
> +
> + if (TREE_CODE (off) == INTEGER_CST)
> + g = gimple_build_cond (wi::neg_p (off) ? LT_EXPR : GE_EXPR, ptri,
> + fold_build1 (NEGATE_EXPR, sizetype, off),
> + NULL_TREE, NULL_TREE);
> + else if (pos_neg != 3)
> + g = gimple_build_cond (pos_neg == 1 ? LT_EXPR : GT_EXPR,
> + ptrplusoff, ptri, NULL_TREE, NULL_TREE);
> + else
> + {
> + gsi2 = gsi_start_bb (cond_pos_bb);
> + g = gimple_build_cond (LT_EXPR, ptrplusoff, ptri, NULL_TREE, NULL_TREE);
> + gimple_set_location (g, loc);
> + gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
> +
> + gsi2 = gsi_start_bb (cond_neg_bb);
> + g = gimple_build_cond (GT_EXPR, ptrplusoff, ptri, NULL_TREE, NULL_TREE);
> + gimple_set_location (g, loc);
> + gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
> +
> + gimple_seq seq = NULL;
> + tree t = gimple_build (&seq, loc, NOP_EXPR, ssizetype, off);
> + t = gimple_build (&seq, loc, GE_EXPR, boolean_type_node,
> + t, ssize_int (0));
> + gsi_insert_seq_before (&gsi, seq, GSI_SAME_STMT);
> + g = gimple_build_cond (NE_EXPR, t, boolean_false_node,
> + NULL_TREE, NULL_TREE);
> + }
> + gimple_set_location (g, loc);
> + /* Replace the UBSAN_PTR with a GIMPLE_COND stmt. */
> + gsi_replace (&gsi, g, false);
> + return false;
> +}
> +
> +
> /* Cached __ubsan_vptr_type_cache decl. */
> static GTY(()) tree ubsan_vptr_type_cache_decl;
>
> @@ -1215,6 +1381,103 @@ instrument_null (gimple_stmt_iterator gs
> instrument_mem_ref (t, base, &gsi, is_lhs);
> }
>
> +/* Instrument pointer arithmetics PTR p+ OFF. */
> +
> +static void
> +instrument_pointer_overflow (gimple_stmt_iterator *gsi, tree ptr, tree off)
> +{
> + if (TYPE_PRECISION (sizetype) != POINTER_SIZE)
> + return;
> + gcall *g = gimple_build_call_internal (IFN_UBSAN_PTR, 2, ptr, off);
> + gimple_set_location (g, gimple_location (gsi_stmt (*gsi)));
> + gsi_insert_before (gsi, g, GSI_SAME_STMT);
> +}
> +
> +/* Instrument pointer arithmetics if any. */
> +
> +static void
> +maybe_instrument_pointer_overflow (gimple_stmt_iterator *gsi, tree t)
> +{
> + if (TYPE_PRECISION (sizetype) != POINTER_SIZE)
> + return;
> +
> + /* Handle also e.g. &s->i. */
> + if (TREE_CODE (t) == ADDR_EXPR)
> + t = TREE_OPERAND (t, 0);
> +
> + switch (TREE_CODE (t))
> + {
> + case COMPONENT_REF:
> + if (TREE_CODE (t) == COMPONENT_REF
> + && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
> + {
> + tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
> + t = build3 (COMPONENT_REF, TREE_TYPE (repr), TREE_OPERAND (t, 0),
> + repr, TREE_OPERAND (t, 2));
> + }
> + break;
> + case ARRAY_REF:
> + case MEM_REF:
> + break;
> + default:
> + return;
> + }
> +
> + HOST_WIDE_INT bitsize, bitpos;
> + tree offset;
> + machine_mode mode;
> + int volatilep = 0, reversep, unsignedp = 0;
> + tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, &mode,
> + &unsignedp, &reversep, &volatilep);
> +
> + if ((offset == NULL_TREE && bitpos == 0)
> + || bitpos % BITS_PER_UNIT != 0)
> + return;
> +
> + bool decl_p = DECL_P (inner);
> + tree base;
> + if (decl_p)
> + {
> + if (DECL_REGISTER (inner))
> + return;
> + base = inner;
> + /* If BASE is a fixed size automatic variable or
> + global variable defined in the current TU and bitpos
> + fits, don't instrument anything. */
> + if (offset == NULL_TREE
> + && bitpos > 0
> + && (VAR_P (base)
> + || TREE_CODE (base) == PARM_DECL
> + || TREE_CODE (base) == RESULT_DECL)
> + && DECL_SIZE (base)
> + && TREE_CODE (DECL_SIZE (base)) == INTEGER_CST
> + && compare_tree_int (DECL_SIZE (base), bitpos) >= 0
> + && (!is_global_var (base) || decl_binds_to_current_def_p (base)))
> + return;
> + }
> + else if (TREE_CODE (inner) == MEM_REF)
> + base = TREE_OPERAND (inner, 0);
> + else
> + return;
> + tree ptr = build1 (ADDR_EXPR, build_pointer_type (TREE_TYPE (t)), t);
> +
> + if (!POINTER_TYPE_P (TREE_TYPE (base)) && !DECL_P (base))
> + return;
> +
> + tree base_addr = base;
> + if (decl_p)
> + base_addr = build1 (ADDR_EXPR,
> + build_pointer_type (TREE_TYPE (base)), base);
> + t = fold_build2 (MINUS_EXPR, sizetype,
> + fold_convert (pointer_sized_int_node, ptr),
> + fold_convert (pointer_sized_int_node, base_addr));
> + t = force_gimple_operand_gsi (gsi, t, true, NULL_TREE, true,
> + GSI_SAME_STMT);
> + base_addr = force_gimple_operand_gsi (gsi, base_addr, true, NULL_TREE, true,
> + GSI_SAME_STMT);
> + instrument_pointer_overflow (gsi, base_addr, t);
> +}
> +
> /* Build an ubsan builtin call for the signed-integer-overflow
> sanitization. CODE says what kind of builtin are we building,
> LOC is a location, LHSTYPE is the type of LHS, OP0 and OP1
> @@ -1828,7 +2091,7 @@ instrument_object_size (gimple_stmt_iter
> {
> tree rhs1 = gimple_assign_rhs1 (def_stmt);
> if (TREE_CODE (rhs1) == SSA_NAME
> - && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
> + && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
> break;
> else
> base = rhs1;
> @@ -1952,7 +2215,8 @@ public:
> | SANITIZE_ALIGNMENT
> | SANITIZE_NONNULL_ATTRIBUTE
> | SANITIZE_RETURNS_NONNULL_ATTRIBUTE
> - | SANITIZE_OBJECT_SIZE));
> + | SANITIZE_OBJECT_SIZE
> + | SANITIZE_POINTER_OVERFLOW));
> }
>
> virtual unsigned int execute (function *);
> @@ -2043,6 +2307,32 @@ pass_ubsan::execute (function *fun)
> }
> }
> }
> +
> + if (sanitize_flags_p (SANITIZE_POINTER_OVERFLOW, fun->decl))
> + {
> + if (is_gimple_assign (stmt)
> + && gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
> + instrument_pointer_overflow (&gsi,
> + gimple_assign_rhs1 (stmt),
> + gimple_assign_rhs2 (stmt));
> + if (gimple_store_p (stmt))
> + maybe_instrument_pointer_overflow (&gsi,
> + gimple_get_lhs (stmt));
> + if (gimple_assign_single_p (stmt))
> + maybe_instrument_pointer_overflow (&gsi,
> + gimple_assign_rhs1 (stmt));
> + if (is_gimple_call (stmt))
> + {
> + unsigned args_num = gimple_call_num_args (stmt);
> + for (unsigned i = 0; i < args_num; ++i)
> + {
> + tree arg = gimple_call_arg (stmt, i);
> + if (is_gimple_reg (arg))
> + continue;
> + maybe_instrument_pointer_overflow (&gsi, arg);
> + }
> + }
> + }
>
> gsi_next (&gsi);
> }
> --- gcc/internal-fn.c.jj 2017-06-15 11:03:25.053821114 +0200
> +++ gcc/internal-fn.c 2017-06-15 11:06:53.570321578 +0200
> @@ -401,6 +401,14 @@ expand_UBSAN_VPTR (internal_fn, gcall *)
> /* This should get expanded in the sanopt pass. */
>
> static void
> +expand_UBSAN_PTR (internal_fn, gcall *)
> +{
> + gcc_unreachable ();
> +}
> +
> +/* This should get expanded in the sanopt pass. */
> +
> +static void
> expand_UBSAN_OBJECT_SIZE (internal_fn, gcall *)
> {
> gcc_unreachable ();
> --- gcc/ubsan.h.jj 2017-06-14 18:07:46.174751709 +0200
> +++ gcc/ubsan.h 2017-06-15 11:06:53.570321578 +0200
> @@ -45,6 +45,7 @@ enum ubsan_print_style {
> extern bool ubsan_expand_bounds_ifn (gimple_stmt_iterator *);
> extern bool ubsan_expand_null_ifn (gimple_stmt_iterator *);
> extern bool ubsan_expand_objsize_ifn (gimple_stmt_iterator *);
> +extern bool ubsan_expand_ptr_ifn (gimple_stmt_iterator *);
> extern bool ubsan_expand_vptr_ifn (gimple_stmt_iterator *);
> extern bool ubsan_instrument_unreachable (gimple_stmt_iterator *);
> extern tree ubsan_create_data (const char *, int, const location_t *, ...);
> --- gcc/sanitizer.def.jj 2017-06-15 11:03:25.054821102 +0200
> +++ gcc/sanitizer.def 2017-06-15 11:06:53.571321566 +0200
> @@ -444,6 +444,10 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_UBSAN_HAN
> "__ubsan_handle_load_invalid_value",
> BT_FN_VOID_PTR_PTR,
> ATTR_COLD_NOTHROW_LEAF_LIST)
> +DEF_SANITIZER_BUILTIN(BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW,
> + "__ubsan_handle_pointer_overflow",
> + BT_FN_VOID_PTR_PTR_PTR,
> + ATTR_COLD_NOTHROW_LEAF_LIST)
> DEF_SANITIZER_BUILTIN(BUILT_IN_UBSAN_HANDLE_DIVREM_OVERFLOW_ABORT,
> "__ubsan_handle_divrem_overflow_abort",
> BT_FN_VOID_PTR_PTR_PTR,
> @@ -480,6 +484,10 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_UBSAN_HAN
> "__ubsan_handle_load_invalid_value_abort",
> BT_FN_VOID_PTR_PTR,
> ATTR_COLD_NORETURN_NOTHROW_LEAF_LIST)
> +DEF_SANITIZER_BUILTIN(BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW_ABORT,
> + "__ubsan_handle_pointer_overflow_abort",
> + BT_FN_VOID_PTR_PTR_PTR,
> + ATTR_COLD_NORETURN_NOTHROW_LEAF_LIST)
> DEF_SANITIZER_BUILTIN(BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW,
> "__ubsan_handle_float_cast_overflow",
> BT_FN_VOID_PTR_PTR,
> --- gcc/tree-ssa-tail-merge.c.jj 2017-06-14 18:07:45.739756964 +0200
> +++ gcc/tree-ssa-tail-merge.c 2017-06-15 11:06:53.571321566 +0200
> @@ -1239,6 +1239,7 @@ merge_stmts_p (gimple *stmt1, gimple *st
> case IFN_UBSAN_CHECK_SUB:
> case IFN_UBSAN_CHECK_MUL:
> case IFN_UBSAN_OBJECT_SIZE:
> + case IFN_UBSAN_PTR:
> case IFN_ASAN_CHECK:
> /* For these internal functions, gimple_location is an implicit
> parameter, which will be used explicitly after expansion.
> --- gcc/internal-fn.def.jj 2017-06-14 18:07:45.679757689 +0200
> +++ gcc/internal-fn.def 2017-06-15 11:06:53.572321554 +0200
> @@ -165,6 +165,7 @@ DEF_INTERNAL_FN (UBSAN_VPTR, ECF_LEAF |
> DEF_INTERNAL_FN (UBSAN_CHECK_ADD, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
> DEF_INTERNAL_FN (UBSAN_CHECK_SUB, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
> DEF_INTERNAL_FN (UBSAN_CHECK_MUL, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
> +DEF_INTERNAL_FN (UBSAN_PTR, ECF_LEAF | ECF_NOTHROW, ".R.")
> DEF_INTERNAL_FN (UBSAN_OBJECT_SIZE, ECF_LEAF | ECF_NOTHROW, NULL)
> DEF_INTERNAL_FN (ABNORMAL_DISPATCHER, ECF_NORETURN, NULL)
> DEF_INTERNAL_FN (BUILTIN_EXPECT, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL)
> --- gcc/opts.c.jj 2017-06-14 18:07:46.411748846 +0200
> +++ gcc/opts.c 2017-06-15 11:06:53.572321554 +0200
> @@ -1504,6 +1504,7 @@ const struct sanitizer_opts_s sanitizer_
> true),
> SANITIZER_OPT (object-size, SANITIZE_OBJECT_SIZE, true),
> SANITIZER_OPT (vptr, SANITIZE_VPTR, true),
> + SANITIZER_OPT (pointer-overflow, SANITIZE_POINTER_OVERFLOW, true),
> SANITIZER_OPT (all, ~0U, true),
> #undef SANITIZER_OPT
> { NULL, 0U, 0UL, false }
> --- gcc/lto-streamer-in.c.jj 2017-06-14 18:07:45.803756191 +0200
> +++ gcc/lto-streamer-in.c 2017-06-15 11:06:53.573321541 +0200
> @@ -1143,6 +1143,10 @@ input_function (tree fn_decl, struct dat
> if ((flag_sanitize & SANITIZE_OBJECT_SIZE) == 0)
> remove = true;
> break;
> + case IFN_UBSAN_PTR:
> + if ((flag_sanitize & SANITIZE_POINTER_OVERFLOW) == 0)
> + remove = true;
> + break;
> case IFN_ASAN_MARK:
> if ((flag_sanitize & SANITIZE_ADDRESS) == 0)
> remove = true;
> --- gcc/testsuite/c-c++-common/ubsan/ptr-overflow-1.c.jj 2017-06-15 11:06:17.700755118 +0200
> +++ gcc/testsuite/c-c++-common/ubsan/ptr-overflow-1.c 2017-06-16 13:04:29.216377665 +0200
> @@ -0,0 +1,65 @@
> +/* PR sanitizer/80998 */
> +/* { dg-do run } */
> +/* { dg-options "-fsanitize=pointer-overflow -fno-sanitize-recover=pointer-overflow -Wall" } */
> +
> +struct S { int a; int b; int c[64]; };
> +__attribute__((noinline, noclone)) char *f1 (char *p) { return p + 1; }
> +__attribute__((noinline, noclone)) char *f2 (char *p) { return p - 1; }
> +__attribute__((noinline, noclone)) char *f3 (char *p, int i) { return p + i; }
> +__attribute__((noinline, noclone)) char *f4 (char *p, int i) { return p - i; }
> +__attribute__((noinline, noclone)) char *f5 (char *p, unsigned long int i) { return p + i; }
> +__attribute__((noinline, noclone)) char *f6 (char *p, unsigned long int i) { return p - i; }
> +__attribute__((noinline, noclone)) int *f7 (struct S *p) { return &p->a; }
> +__attribute__((noinline, noclone)) int *f8 (struct S *p) { return &p->b; }
> +__attribute__((noinline, noclone)) int *f9 (struct S *p) { return &p->c[64]; }
> +__attribute__((noinline, noclone)) int *f10 (struct S *p, int i) { return &p->c[i]; }
> +
> +char *volatile p;
> +struct S *volatile q;
> +char a[64];
> +struct S s;
> +int *volatile r;
> +
> +int
> +main ()
> +{
> + struct S t;
> + p = &a[32];
> + p = f1 (p);
> + p = f1 (p);
> + p = f2 (p);
> + p = f3 (p, 1);
> + p = f3 (p, -1);
> + p = f3 (p, 3);
> + p = f3 (p, -6);
> + p = f4 (p, 1);
> + p = f4 (p, -1);
> + p = f4 (p, 3);
> + p = f4 (p, -6);
> + p = f5 (p, 1);
> + p = f5 (p, 3);
> + p = f6 (p, 1);
> + p = f6 (p, 3);
> + if (sizeof (unsigned long) >= sizeof (char *))
> + {
> + p = f5 (p, -1);
> + p = f5 (p, -6);
> + p = f6 (p, -1);
> + p = f6 (p, -6);
> + }
> + q = &s;
> + r = f7 (q);
> + r = f8 (q);
> + r = f9 (q);
> + r = f10 (q, 0);
> + r = f10 (q, 10);
> + r = f10 (q, 64);
> + q = &t;
> + r = f7 (q);
> + r = f8 (q);
> + r = f9 (q);
> + r = f10 (q, 0);
> + r = f10 (q, 10);
> + r = f10 (q, 64);
> + return 0;
> +}
> --- gcc/testsuite/c-c++-common/ubsan/ptr-overflow-2.c.jj 2017-06-15 11:06:17.700755118 +0200
> +++ gcc/testsuite/c-c++-common/ubsan/ptr-overflow-2.c 2017-06-16 14:00:57.545611263 +0200
> @@ -0,0 +1,113 @@
> +/* PR sanitizer/80998 */
> +/* { dg-do run } */
> +/* { dg-options "-fsanitize=pointer-overflow -fsanitize-recover=pointer-overflow -fno-ipa-icf -Wall" } */
> +
> +__attribute__((noinline, noclone)) char * f1 (char *p) { return p + 1; }
> +__attribute__((noinline, noclone)) char * f2 (char *p) { return p - 1; }
> +__attribute__((noinline, noclone)) char * f3 (char *p, int i) { return p + i; }
> +__attribute__((noinline, noclone)) char * f4 (char *p, int i) { return p + i; }
> +__attribute__((noinline, noclone)) char * f5 (char *p, int i) { return p - i; }
> +__attribute__((noinline, noclone)) char * f6 (char *p, int i) { return p - i; }
> +__attribute__((noinline, noclone)) char * f7 (char *p, unsigned long int i) { return p + i; }
> +__attribute__((noinline, noclone)) char * f8 (char *p, unsigned long int i) { return p + i; }
> +__attribute__((noinline, noclone)) char * f9 (char *p, unsigned long int i) { return p - i; }
> +__attribute__((noinline, noclone)) char * f10 (char *p, unsigned long int i) { return p - i; }
> +struct S { int a; int b; int c[64]; };
> +__attribute__((noinline, noclone)) int *f11 (struct S *p) { return &p->a; }
> +__attribute__((noinline, noclone)) int *f12 (struct S *p) { return &p->b; }
> +__attribute__((noinline, noclone)) int *f13 (struct S *p) { return &p->c[64]; }
> +__attribute__((noinline, noclone)) int *f14 (struct S *p, int i) { return &p->c[i]; }
> +__attribute__((noinline, noclone)) int *f15 (struct S *p, int i) { return &p->c[i]; }
> +__attribute__((noinline, noclone)) int *f16 (struct S *p) { return &p->a; }
> +__attribute__((noinline, noclone)) int *f17 (struct S *p) { return &p->b; }
> +__attribute__((noinline, noclone)) int *f18 (struct S *p) { return &p->c[64]; }
> +__attribute__((noinline, noclone)) int *f19 (struct S *p, int i) { return &p->c[i]; }
> +__attribute__((noinline, noclone)) int *f20 (struct S *p, int i) { return &p->c[i]; }
> +__attribute__((noinline, noclone)) int *f21 (struct S *p) { return &p->a; }
> +__attribute__((noinline, noclone)) int *f22 (struct S *p) { return &p->b; }
> +__attribute__((noinline, noclone)) int *f23 (struct S *p) { return &p->c[64]; }
> +__attribute__((noinline, noclone)) int *f24 (struct S *p, int i) { return &p->c[i]; }
> +__attribute__((noinline, noclone)) int *f25 (struct S *p, int i) { return &p->c[i]; }
> +
> +char *volatile p;
> +__UINTPTR_TYPE__ volatile u;
> +struct S *volatile q;
> +int *volatile r;
> +
> +int
> +main ()
> +{
> + u = ~(__UINTPTR_TYPE__) 0;
> + p = (char *) u;
> + p = f1 (p);
> + u = 0;
> + p = (char *) u;
> + p = f2 (p);
> + u = -(__UINTPTR_TYPE__) 7;
> + p = (char *) u;
> + p = f3 (p, 7);
> + u = 3;
> + p = (char *) u;
> + p = f4 (p, -4);
> + u = 23;
> + p = (char *) u;
> + p = f5 (p, 27);
> + u = -(__UINTPTR_TYPE__) 15;
> + p = (char *) u;
> + p = f6 (p, -15);
> + u = -(__UINTPTR_TYPE__) 29;
> + p = (char *) u;
> + p = f7 (p, 31);
> + u = 23;
> + p = (char *) u;
> + p = f9 (p, 24);
> + if (sizeof (unsigned long) < sizeof (char *))
> + return 0;
> + u = 7;
> + p = (char *) u;
> + p = f8 (p, -8);
> + u = -(__UINTPTR_TYPE__) 25;
> + p = (char *) u;
> + p = f10 (p, -25);
> + u = ~(__UINTPTR_TYPE__) 0;
> + q = (struct S *) u;
> + r = f11 (q);
> + r = f12 (q);
> + r = f13 (q);
> + r = f14 (q, 0);
> + r = f15 (q, 63);
> + u = ~(__UINTPTR_TYPE__) 0 - (17 * sizeof (int));
> + q = (struct S *) u;
> + r = f16 (q);
> + r = f17 (q);
> + r = f18 (q);
> + r = f19 (q, 0);
> + r = f20 (q, 63);
> + u = 3 * sizeof (int);
> + q = (struct S *) u;
> + r = f21 (q);
> + r = f22 (q);
> + r = f23 (q);
> + r = f24 (q, -2);
> + r = f25 (q, -6);
> + return 0;
> +}
> +
> +/* { dg-output ":5:6\[79]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+ overflowed to (0\[xX])?0\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:6:6\[79]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?0\+ overflowed to (0\[xX])?\[fF]\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:7:7\[46]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+9 overflowed to (0\[xX])?0\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:8:7\[46]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?0\+3 overflowed to (0\[xX])?\[fF]\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:9:7\[46]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?0\+17 overflowed to (0\[xX])?\[fF]\+\[cC](\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:10:7\[46]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+1 overflowed to (0\[xX])?0\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:11:\[89]\[80]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+\[eE]3 overflowed to (0\[xX])?0\+2(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:13:\[89]\[80]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?0\+17 overflowed to (0\[xX])?\[fF]\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:12:\[89]\[80]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?0\+7 overflowed to (0\[xX])?\[fF]\+(\n|\r\n|\r)" } */
> +/* { dg-output "\[^\n\r]*:14:\[89]\[91]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+\[eE]7 overflowed to (0\[xX])?0\+" } */
> +/* { dg-output "(\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:17:\[67]\[82]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+ overflowed to (0\[xX])?0\+3(\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:18:\[67]\[86]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+ overflowed to (0\[xX])?0\+107(\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:19:\[78]\[52]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+ overflowed to (0\[xX])?0\+7(\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:20:\[78]\[52]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+ overflowed to (0\[xX])?0\+103(\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:23:\[67]\[86]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+\[bB]\[bB] overflowed to (0\[xX])?0\+\[cC]3(\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:25:\[78]\[52]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?\[fF]\+\[bB]\[bB] overflowed to (0\[xX])?0\+\[bB]\[fF](\n|\r\n|\r)" { target int32 } } */
> +/* { dg-output "\[^\n\r]*:30:\[78]\[52]\[^\n\r]*runtime error: pointer index expression with base (0\[xX])?0\+\[cC] overflowed to (0\[xX])?\[fF]\+\[cC]" { target int32 } } */
> --- libsanitizer/ubsan/ubsan_handlers.cc.jj 2016-11-16 18:51:53.028794605 +0100
> +++ libsanitizer/ubsan/ubsan_handlers.cc 2017-06-14 09:54:25.571687721 +0200
> @@ -521,6 +521,37 @@ void __ubsan::__ubsan_handle_nonnull_arg
> Die();
> }
>
> +static void handlePointerOverflowImpl(PointerOverflowData *Data,
> + ValueHandle Base,
> + ValueHandle Result,
> + ReportOptions Opts) {
> + SourceLocation Loc = Data->Loc.acquire();
> + ErrorType ET = ErrorType::PointerOverflow;
> +
> + if (ignoreReport(Loc, Opts, ET))
> + return;
> +
> + ScopedReport R(Opts, Loc, ET);
> +
> + Diag(Loc, DL_Error, "pointer index expression with base %0 overflowed to %1")
> + << (void *)Base << (void*)Result;
> +}
> +
> +void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
> + ValueHandle Base,
> + ValueHandle Result) {
> + GET_REPORT_OPTIONS(false);
> + handlePointerOverflowImpl(Data, Base, Result, Opts);
> +}
> +
> +void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
> + ValueHandle Base,
> + ValueHandle Result) {
> + GET_REPORT_OPTIONS(true);
> + handlePointerOverflowImpl(Data, Base, Result, Opts);
> + Die();
> +}
> +
> static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
> ReportOptions Opts) {
> if (Data->CheckKind != CFITCK_ICall)
> --- libsanitizer/ubsan/ubsan_checks.inc.jj 2016-11-09 15:22:50.139249654 +0100
> +++ libsanitizer/ubsan/ubsan_checks.inc 2017-06-14 09:54:25.571687721 +0200
> @@ -17,6 +17,7 @@
>
> UBSAN_CHECK(GenericUB, "undefined-behavior", "undefined")
> UBSAN_CHECK(NullPointerUse, "null-pointer-use", "null")
> +UBSAN_CHECK(PointerOverflow, "pointer-overflow", "pointer-overflow")
> UBSAN_CHECK(MisalignedPointerUse, "misaligned-pointer-use", "alignment")
> UBSAN_CHECK(InsufficientObjectSize, "insufficient-object-size", "object-size")
> UBSAN_CHECK(SignedIntegerOverflow, "signed-integer-overflow",
> --- libsanitizer/ubsan/ubsan_handlers.h.jj 2016-11-16 18:51:53.029794593 +0100
> +++ libsanitizer/ubsan/ubsan_handlers.h 2017-06-14 09:54:25.571687721 +0200
> @@ -146,6 +146,13 @@ struct NonNullArgData {
> /// \brief Handle passing null pointer to function with nonnull attribute.
> RECOVERABLE(nonnull_arg, NonNullArgData *Data)
>
> +struct PointerOverflowData {
> + SourceLocation Loc;
> +};
> +
> +RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,
> + ValueHandle Result)
> +
> /// \brief Known CFI check kinds.
> /// Keep in sync with the enum of the same name in CodeGenFunction.h
> enum CFITypeCheckKind : unsigned char {
>
> Jakub
>
>
--
Richard Biener <rguenther@suse.de>
SUSE LINUX GmbH, GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)