This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][ubsan] Add VLA bound instrumentation

On 10/30/2013 12:15 PM, Marek Polacek wrote:
On Wed, Oct 30, 2013 at 11:56:25AM -0400, Jason Merrill wrote:
Saving 'size' here doesn't help since it's already been used above.
Could you use itype instead of size here?

I already experimented with that and I think I can't, since we call
the finish_expr_stmt too soon, which results in:

     int x = 1;
     int a[0:(sizetype) SAVE_EXPR <D.2143>];

     <<cleanup_point   int x = 1;>>;
     <<cleanup_point <<< Unknown tree: expr_stmt
     if (SAVE_EXPR <D.2143> <= 0)
         __builtin___ubsan_handle_vla_bound_not_positive (&*.Lubsan_data0, (unsigned long) SAVE_EXPR <D.2143>);
       }, (void) SAVE_EXPR <D.2143>; >>>>>;
       ssizetype D.2143;
     <<cleanup_point <<< Unknown tree: expr_stmt
     (void) (D.2143 = (ssizetype)  ++x + -1) >>>>>;

Ah, looks like you're getting an unfortunate interaction with stabilize_vla_size, which is replacing the contents of the SAVE_EXPR with a reference to a variable that isn't initialized yet. Perhaps we should move the stabilize_vla_size call into compute_array_index_type, too.

and that ICEs in gimplify_var_or_parm_decl, presumably because the
if (SAVE_EXPR <D.2143> <= 0) { ... } should be emitted *after* that
cleanup_point.  When we generated the C++1y check in cp_finish_decl,
we emitted the check after the cleanup_point, and everything was OK.
I admit I don't understand the cleanup_points very much and I don't
know exactly where they are coming from, because normally I don't see
them coming out of C FE. :)

You can ignore the cleanup_points; they just wrap every full-expression.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]