This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH][ubsan] Add VLA bound instrumentation

From: Marek Polacek <polacek at redhat dot com>
To: Jason Merrill <jason at redhat dot com>
Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>
Date: Wed, 30 Oct 2013 17:15:04 +0100
Subject: Re: [PATCH][ubsan] Add VLA bound instrumentation
Authentication-results: sourceware.org; auth=none
References: <20130912122655 dot GN23899 at redhat dot com> <20130925124132 dot GJ12296 at redhat dot com> <52697B9D dot 9000502 at redhat dot com> <20131025165803 dot GF27400 at redhat dot com> <526AB5CC dot 60408 at redhat dot com> <20131025190356 dot GG27400 at redhat dot com> <526AC0C9 dot 1050003 at redhat dot com> <20131030145253 dot GB31396 at redhat dot com> <52712C29 dot 3010206 at redhat dot com>

On Wed, Oct 30, 2013 at 11:56:25AM -0400, Jason Merrill wrote:
> On 10/30/2013 10:52 AM, Marek Polacek wrote:
> >+         if ((flag_sanitize & SANITIZE_VLA)
> >+             && !processing_template_decl
> 
> You don't need to check processing_template_decl; the template case
> was already handled above.

Right, removed.

> >+             tree x = cp_save_expr (size);
> >+             x = build2 (COMPOUND_EXPR, TREE_TYPE (x),
> >+                         ubsan_instrument_vla (input_location, x), x);
> >+             finish_expr_stmt (x);
> 
> Saving 'size' here doesn't help since it's already been used above.
> Could you use itype instead of size here?

I already experimented with that and I think I can't, since we call
the finish_expr_stmt too soon, which results in:

    int x = 1;
    int a[0:(sizetype) SAVE_EXPR <D.2143>];

    <<cleanup_point   int x = 1;>>;
    <<cleanup_point <<< Unknown tree: expr_stmt
    if (SAVE_EXPR <D.2143> <= 0)
      {   
        __builtin___ubsan_handle_vla_bound_not_positive (&*.Lubsan_data0, (unsigned long) SAVE_EXPR <D.2143>);
      }   
    else
      {   
        0   
      }, (void) SAVE_EXPR <D.2143>; >>>>>;
      ssizetype D.2143;
    <<cleanup_point <<< Unknown tree: expr_stmt
    (void) (D.2143 = (ssizetype)  ++x + -1) >>>>>;

and that ICEs in gimplify_var_or_parm_decl, presumably because the
if (SAVE_EXPR <D.2143> <= 0) { ... } should be emitted *after* that
cleanup_point.  When we generated the C++1y check in cp_finish_decl,
we emitted the check after the cleanup_point, and everything was OK.
I admit I don't understand the cleanup_points very much and I don't
know exactly where they are coming from, because normally I don't see
them coming out of C FE. :)  Thanks.

	Marek

Follow-Ups:
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Mike Stump
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Jason Merrill

References:
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Jason Merrill
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Marek Polacek
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Jason Merrill
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Marek Polacek
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Jason Merrill
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Marek Polacek
- Re: [PATCH][ubsan] Add VLA bound instrumentation
  - From: Jason Merrill

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]