[PATCH] Verify __builtin_unreachable and __builtin_trap are not called with arguments
Martin Jambor
mjambor@suse.cz
Fri Apr 22 17:04:00 GMT 2016
Hi,
this patch adds verification that __builtin_unreachable and
__builtin_trap are not called with arguments. The problem with calls
to them with arguments is that functions like gimple_call_builtin_p
return false on them, because they return true only when
gimple_builtin_call_types_compatible_p does. One manifestation of
that was PR 61591 where undefined behavior sanitizer did not replace
such calls with its thing as it should, but there might be others.
I have included __builtin_trap in the verification because they often
seem to be handled together but can either remove it or add more
builtins if people think it better. I concede it is a bit arbitrary.
Honza said he has seen __builtin_unreachable calls with parameters in
LTO builds of Firefox, so it seems this might actually trigger, but I
also think we do not want such calls in the IL.
I have bootstrapped and tested this on x86_64-linux (with all
languages and Ada) and have also run a C, C++ and Fortran LTO
bootstrap with the patch on the same architecture. OK for trunk?
Thanks,
Martin
2016-04-20 Martin Jambor <mjambor@suse.cz>
* tree-cfg.c (verify_gimple_call): Check that calls to
__builtin_unreachable or __builtin_trap do not have actual arguments.
---
gcc/tree-cfg.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/gcc/tree-cfg.c b/gcc/tree-cfg.c
index 04e46fd..3385164 100644
--- a/gcc/tree-cfg.c
+++ b/gcc/tree-cfg.c
@@ -3414,6 +3414,26 @@ verify_gimple_call (gcall *stmt)
return true;
}
+ if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
+ {
+ switch (DECL_FUNCTION_CODE (fndecl))
+ {
+ case BUILT_IN_UNREACHABLE:
+ case BUILT_IN_TRAP:
+ if (gimple_call_num_args (stmt) > 0)
+ {
+ /* Built-in unreachable with parameters might not be caught by
+ undefined behavior santizer. */
+ error ("__builtin_unreachable or __builtin_trap call with "
+ "arguments");
+ return true;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
/* ??? The C frontend passes unpromoted arguments in case it
didn't see a function declaration before the call. So for now
leave the call arguments mostly unverified. Once we gimplify
--
2.8.1
More information about the Gcc-patches
mailing list