[PATCH] Verify __builtin_unreachable and __builtin_trap are not called with arguments

Martin Jambor mjambor@suse.cz
Fri Apr 22 17:04:00 GMT 2016 

Hi,

this patch adds verification that __builtin_unreachable and
__builtin_trap are not called with arguments.  The problem with calls
to them with arguments is that functions like gimple_call_builtin_p
return false on them, because they return true only when
gimple_builtin_call_types_compatible_p does.  One manifestation of
that was PR 61591 where undefined behavior sanitizer did not replace
such calls with its thing as it should, but there might be others.

I have included __builtin_trap in the verification because they often
seem to be handled together but can either remove it or add more
builtins if people think it better.  I concede it is a bit arbitrary.

Honza said he has seen __builtin_unreachable calls with parameters in
LTO builds of Firefox, so it seems this might actually trigger, but I
also think we do not want such calls in the IL.

I have bootstrapped and tested this on x86_64-linux (with all
languages and Ada) and have also run a C, C++ and Fortran LTO
bootstrap with the patch on the same architecture.  OK for trunk?

Thanks,

Martin


2016-04-20  Martin Jambor  <mjambor@suse.cz>

	* tree-cfg.c (verify_gimple_call): Check that calls to
	__builtin_unreachable or __builtin_trap do not have actual arguments.
---
 gcc/tree-cfg.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/gcc/tree-cfg.c b/gcc/tree-cfg.c
index 04e46fd..3385164 100644
--- a/gcc/tree-cfg.c
+++ b/gcc/tree-cfg.c
@@ -3414,6 +3414,26 @@ verify_gimple_call (gcall *stmt)
       return true;
     }
 
+  if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
+    {
+      switch (DECL_FUNCTION_CODE (fndecl))
+	{
+	case BUILT_IN_UNREACHABLE:
+	case BUILT_IN_TRAP:
+	  if (gimple_call_num_args (stmt) > 0)
+	    {
+	      /* Built-in unreachable with parameters might not be caught by
+		 undefined behavior santizer. */
+	      error ("__builtin_unreachable or __builtin_trap call with "
+		     "arguments");
+	      return true;
+	    }
+	  break;
+	default:
+	  break;
+	}
+    }
+
   /* ???  The C frontend passes unpromoted arguments in case it
      didn't see a function declaration before the call.  So for now
      leave the call arguments mostly unverified.  Once we gimplify
-- 
2.8.1

More information about the Gcc-patches mailing list