This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[asan] Patch - fix an ICE in asan.c


The attached test case ICEs (segfault) both on the asan branch and on the trunk with Dodji's patches:

fail31.ii: In static member function 'static std::size_t std::char_traits<char>::length(const char_type*)':
fail31.ii:13:19: internal compiler error: Segmentation fault
static size_t length (const char_type * __s)
^
0xae02ef crash_signal
/projects/tob/gcc-git/gcc/gcc/toplev.c:334
0xaf031d gsi_next
/projects/tob/gcc-git/gcc/gcc/gimple.h:5072
0xaf031d transform_statements
/projects/tob/gcc-git/gcc/gcc/asan.c:1357
0xaf031d asan_instrument
/projects/tob/gcc-git/gcc/gcc/asan.c:1556




The problem is in asa.c's transform_statements:

  FOR_EACH_BB (bb)
    {
      if (bb->index >= saved_last_basic_block) continue;
      for (i = gsi_start_bb (bb); !gsi_end_p (i); gsi_next (&i))
        {
          gimple s = gsi_stmt (i);

          if (gimple_assign_single_p (s))
            instrument_assignment (&i);
          else if (is_gimple_call (s))
            maybe_instrument_call (&i);
    }


Here, "gsi_end_p(i)" is the check "i->ptr == NULL" and gsi_next(&i) is "i->ptr = i->ptr->gsbase.next;"


Thus, it looks fine at a glance. However, the problem is that the gsi_end_p check is done before the loop body while "gsi_next" is called after the loop body. That's fine unless "i" is modified in between, which happens in

instrument_strlen_call (gimple_stmt_iterator *iter)
...
  gimple_stmt_iterator gsi = *iter;
...
  *iter = gsi;
}

After the call, iter->ptr == NULL.


Is the patch okay for the ASAN branch?*


Tobias

* I still have to do an all-language bootstrap and regtesting, though the latter is probably pointless as there is currently not a single -fasan test case.
--- gcc/asan.c.orig	2012-11-09 21:26:26.000000000 +0100
+++ gcc/asan.c	2012-11-09 21:26:00.000000000 +0100
@@ -1362,6 +1362,8 @@ transform_statements (void)
 	    instrument_assignment (&i);
 	  else if (is_gimple_call (s))
 	    maybe_instrument_call (&i);
+	  if (gsi_end_p (i))
+	    break;
         }
     }
 }

Attachment: fail31.ii
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]