This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug sanitizer/66977] New: -fsanitize=shift may introduce uninitialized variables

From: "chefmax at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Thu, 23 Jul 2015 14:12:29 +0000
Subject: [Bug sanitizer/66977] New: -fsanitize=shift may introduce uninitialized variables
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66977

            Bug ID: 66977
           Summary: -fsanitize=shift may introduce uninitialized variables
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: chefmax at gcc dot gnu.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
                    mpolacek at gcc dot gnu.org, y.gribov at samsung dot com
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu
            Target: arm-linux-gnueabi

It looks like that -fsanitize=shift sometimes may introduce uninitialized
variables. This testcase is ARM specific, but I suppose this may be reproduced
on other targets too.

For arm-linux-gnueabi target:

$ cat test.cpp

class Foo {

private:

  int a_;

public:

  Foo (int a) : a_(a) {};

  inline int get_a () { return a_; };
};

int bar (int (Foo::*get)()) {
  Foo *A = new Foo(1);
  int result = (A->*get)();
  delete (A);
  return result;
}

int main () {
  return bar (&Foo::get_a);
}

$ armv7l-tizen-linux-gnueabi-g++ -S -fsanitize=shift test.cpp
-fdump-tree-gimple

  <D.6138>
.......................
      D.6137 = get.__delta;
      D.6138 = D.6137 & 1;
      if (D.6138 == 0) goto <D.6139>; else goto <D.6140>;
  <D.6139>:
      iftmp.1 = get.__pfn;
      goto <D.6141>;
  <D.6140>:
      A.2 = A;
==>   D.6143 = get.__delta;
      D.6144 = D.6143 >> 1;
      D.6145 = (sizetype) D.6144;
      D.6146 = A.2 + D.6145;
      D.6147 = MEM[(int (*__vtbl_ptr_type) () * *)D.6146];
      D.6148 = get.__pfn; 
      D.6149 = (sizetype) D.6148;
      D.6150 = D.6147 + D.6149;
      iftmp.1 = *D.6150;
  <D.6141>:
      A.3 = A; 
==>   ????????
      D.6152 = D.6143 >> 1;
      D.6153 = (sizetype) D.6152;
      D.6154 = A.3 + D.6153;
      result = iftmp.1 (D.6154);

Here, <D.6138> => <D.6139> => <D.6141> introduces uninitialized D.6153 value
and broken *this parameter for called method.

Compiling this testcase with -O2 -Wall option introduces this warning:

$ armv7l-tizen-linux-gnueabi-g++ -S -fsanitize=shift test.cpp -O2 -Wall

test.cpp: In function 'int bar(int (Foo::*)())':
test.cpp:16:26: warning: '<anonymous>' may be used uninitialized in this
function [-Wmaybe-uninitialized]
   int result = (A->*get)();

$ armv7l-tizen-linux-gnueabi-g++ -v
Using built-in specs.
COLLECT_GCC=armv7l-tizen-linux-gnueabi-g++
COLLECT_LTO_WRAPPER=/home/max/install/armv7l-tizen/libexec/gcc/armv7l-tizen-linux-gnueabi/6.0.0/lto-wrapper
Target: armv7l-tizen-linux-gnueabi
Configured with: /home/max/src/v6/gcc/configure
--prefix=/home/max/install/armv7l-tizen --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=armv7l-tizen-linux-gnueabi --disable-nls
--enable-poison-system-directories
--with-pkgversion=Tizen.armv7l.GA2.2015-07-15
--with-sysroot=/home/max/install/armv7l-tizen/armv7l-tizen-linux-gnueabi/sys-root
--with-gmp=/home/max/build/v6/fake-root
--with-libelf=/home/max/build/v6/fake-root
--with-mpc=/home/max/build/v6/fake-root
--with-mpfr=/home/max/build/v6/fake-root --without-cloog --without-ppl
--with-host-libstdcxx='-static-libgcc -Wl,-Bstatic,-lstdc++,-Bdynamic -lm'
--enable-languages=c,c++,fortran --disable-libstdcxx-pch --enable-__cxa_atexit
--enable-libssp --enable-lto --enable-checking=release
--with-build-time-tools=/home/max/install/armv7l-tizen/bin --with-gnu-as
--with-gnu-ld
--with-specs='%{funwind-tables|fno-unwind-tables|mabi=*|ffreestanding|nostdlib:;:-funwind-tables}
%{!Werror=unused-local-typedefs:%{!Wno-error=unused-local-typedefs:-Wno-error=unused-local-typedefs}}
%{fuse-linker-plugin|fno-use-linker-plugin|flto|flto=*:;:-fno-use-linker-plugin}'
--disable-multilib --disable-gnu-unique-object --enable-linker-build-id
--with-mode=arm --with-fpu=neon-vfpv4 --with-cpu=cortex-a15.cortex-a7
--with-float=softfp --enable-libgomp --enable-linux-futex

Follow-Ups:
- [Bug sanitizer/66977] -fsanitize=shift may introduce uninitialized variables
  - From: mpolacek at gcc dot gnu.org
- [Bug sanitizer/66977] -fsanitize=shift may introduce uninitialized variables
  - From: mpolacek at gcc dot gnu.org
- [Bug sanitizer/66977] -fsanitize=shift may introduce uninitialized variables
  - From: mpolacek at gcc dot gnu.org
- [Bug sanitizer/66977] -fsanitize=shift may introduce uninitialized variables
  - From: mpolacek at gcc dot gnu.org
- [Bug sanitizer/66977] -fsanitize=shift may introduce uninitialized variables
  - From: mpolacek at gcc dot gnu.org
- [Bug sanitizer/66977] -fsanitize=shift may introduce uninitialized variables
  - From: mpolacek at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]