[Bug sanitizer/97294] ASAN "dynamic-stack-buffer-overflow" false positive with OpenMP reduction to std::vector

Wed Oct 7 15:56:36 GMT 2020

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97294

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |jakub at gcc dot gnu.org
             Status|NEW                         |ASSIGNED

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 49323
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49323&action=edit
gcc11-pr97294.patch

Untested fix.
Self-contained testcase with -O0 -fsanitize=address -fopenmp could be e.g.
__attribute__((noipa)) void
foo (int *p, int n)
{
  int i;
  #pragma omp parallel for num_threads(2) reduction(+:p[:n])
  for (i = 0; i < 10; i++)
    {
      p[0]++;
      p[n - 1] += 2;
    }
}

__attribute__((noipa)) void
bar (void)
{
  unsigned char buf[1024];
  int i;
  asm volatile ("" : : "r" (&buf[0]) : "memory");
  for (i = 0; i < 1024; i++)
    buf[i] = i;
  asm volatile ("" : : "r" (&buf[0]) : "memory");
}

int
main ()
{
  int p[50], i;
  for (i = 0; i < 50; i++)
    p[i] = 0;
  foo (p, 50);
  bar ();
  if (p[0] != 10 || p[49] != 20)
    __builtin_abort ();
  return 0;
}
The problem was that nothing set cfun->calls_alloca flag in the child omp
function and thus the asan code wouldn't add __asan_allocas_unpoison call at
the end of the function.  Normally when optimizing, DCE clears those flags and
recomputes them again, so this was only problematic with -O0.