We have found a weakness (CWE-483) using PVS-Studio tool. PVS-Studio is a static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/ Analyzer warning: V640 The code's operational logic does not correspond with its formatting. The second statement will always be executed. It is possible that curly brackets are missing. asan.c 2582 void initialize_sanitizer_builtins (void) { .... #define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) \ decl = add_builtin_function ("__builtin_" NAME, TYPE, ENUM, \ BUILT_IN_NORMAL, NAME, NULL_TREE); \ set_call_expr_flags (decl, ATTRS); \ set_builtin_decl (ENUM, decl, true); #include "sanitizer.def" /* -fsanitize=object-size uses __builtin_object_size, but that might not be available for e.g. Fortran at this point. We use DEF_SANITIZER_BUILTIN here only as a convenience macro. */ if ((flag_sanitize & SANITIZE_OBJECT_SIZE) && !builtin_decl_implicit_p (BUILT_IN_OBJECT_SIZE)) DEF_SANITIZER_BUILTIN (BUILT_IN_OBJECT_SIZE, "object_size", // <= BT_FN_SIZE_CONST_PTR_INT, ATTR_PURE_NOTHROW_LEAF_LIST) .... } The conditional operator covers only the first expression of the macro, the other two expressions will always be executed. Perhaps this is a mistake, the macro should be enclosed in braces.
This does look wrong. Macros shouldn't expand to multiple statements. The conditional was introduced in r218084, the macro itself in r194103. I CC the author of the former.
This is also a missing warning from -Wmisleading-indentation
Guess we should --- a/gcc/asan.c +++ b/gcc/asan.c @@ -2566,11 +2566,12 @@ initialize_sanitizer_builtins (void) #undef DEF_BUILTIN_STUB #define DEF_BUILTIN_STUB(ENUM, NAME) #undef DEF_SANITIZER_BUILTIN -#define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) \ +#define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) do { \ decl = add_builtin_function ("__builtin_" NAME, TYPE, ENUM, \ BUILT_IN_NORMAL, NAME, NULL_TREE); \ set_call_expr_flags (decl, ATTRS); \ - set_builtin_decl (ENUM, decl, true); + set_builtin_decl (ENUM, decl, true); \ +} while (0); #include "sanitizer.def"
Please reformat it properly: #define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) \ do { \ decl = add_builtin_function ("__builtin_" NAME, TYPE, ENUM, \ BUILT_IN_NORMAL, NAME, NULL_TREE); \ set_call_expr_flags (decl, ATTRS); \ set_builtin_decl (ENUM, decl, true); \ } while (0); Ok with that change.
As for the warning, we should open an enhancement request, though not sure it is something for -Wmisleading-indentation. I'd say that we just should warn whenever a macro defines several statements and the macro is used as a body of a conditional, so only the first statement from the macro is conditional.
Author: mpolacek Date: Mon Mar 20 13:31:28 2017 New Revision: 246278 URL: https://gcc.gnu.org/viewcvs?rev=246278&root=gcc&view=rev Log: PR sanitizer/80063 * asan.c (DEF_SANITIZER_BUILTIN): Use do { } while (0). Modified: trunk/gcc/ChangeLog trunk/gcc/asan.c
Fixed.
I created PR80116 to track the warning addition.