[Bug sanitizer/83388] reference statement index not found error with -fsanitize=null

Tue Dec 12 10:16:00 GMT 2017

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83388

--- Comment #5 from rguenther at suse dot de <rguenther at suse dot de> ---
On Tue, 12 Dec 2017, jakub at gcc dot gnu.org wrote:

> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83388
> 
> --- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
> (In reply to rguenther@suse.de from comment #3)
> > > That said, what we are doing with the sanitizers is similar to what we are
> > > doing with debug stmts, if compilation is with -flto -g and linking without -g,
> > > then
> > > debug stmts are dropped.  Likewise, IFN_*SAN* is dropped from the IL if linking
> > > without corresponding -fsanitize= options.
> > 
> > Ah.  So the error is about cgraph input not finding the corresponding
> > GIMPLE call stmt that are referenced form a cgraph edge we input
> > (e->call_stmt).  This might be the case then when we drop those calls?
> 
> We only drop internal fns, lto-streamer-in.c has:
>               if (is_gimple_call (stmt)
>                   && gimple_call_internal_p (stmt))
>                 {
>                   switch (gimple_call_internal_fn (stmt))
>                     {
>                     case IFN_UBSAN_NULL:
>                       if ((flag_sanitize
>                           & (SANITIZE_NULL | SANITIZE_ALIGNMENT)) == 0)
>                         remove = true;
> etc.
> Now, ifns shouldn't have any cgraph edges, should they?

They shouldn't - but the error hints at stmts[uid] being NULL...

Hmm.

(gdb) p ref->referring
$3 = (symtab_node *) 0x7ffff6e2f2e0
(gdb) p $3->debug ()
i.constprop.0/8 (i.constprop) @0x7ffff6e2f2e0
  Type: function definition analyzed
  Visibility:
  References: c/0 (addr)f/1 (read)
  Referring: 
  Read from file: /tmp/cc93A4UG.ltrans0.o
  Function i.constprop/8 is inline copy in j/3
  Clone of i/2
  Availability: local
  First run: 0
  Function flags: count: 1073741825 (estimated locally) local
  Called by: j/3 (inlined) (1073741825 (estimated locally),1.00 per call) 
  Calls: e/4 (1073741824 (estimated locally),1.00 per call) g/5 (354334802 
(estimated locally),0.33 per call) 
$4 = void
(gdb) p ref->referred->debug ()
c/0 (c) @0x7ffff6e30000
  Type: variable definition analyzed
  Visibility: externally_visible prevailing_def_ironly_exp public common
  References: 
  Referring: i.constprop.0/8 (addr)
  Read from file: /tmp/cc93A4UG.ltrans0.o
  Availability: available
  Varpool flags:
$5 = void

(gdb) p ref->lto_stmt_uid - 1
$6 = 2
(gdb) p stmts
$7 = (gimple **) 0x2a5afb0
(gdb) p stmts[0]
$8 = <gimple_call 0x7ffff6e30200>
(gdb) p stmts[1]
$9 = <gimple_cond 0x7ffff6e350f0>
(gdb) p stmts[2]
$10 = <gimple 0x0>
(gdb) p stmts[3]
$11 = <gimple_assign 0x7ffff6e35140>

(gdb) p debug_gimple_stmt (stmt)
# .MEM = VDEF <.MEM>
UBSAN_NULL (&c, 3B, 0);
$1 = void
(gdb) p gimple_uid (stmt)
$2 = 2

so we have a IPA ref reference to a variable in the IFN stmt which
we remove.  I suspect we're better off replacing non-debug stmts with
GIMPLE_NOPs ...