[PATCH, RFC] Introduce -fsanitize=use-after-scope
Martin Liška
mliska@suse.cz
Fri May 6 11:16:00 GMT 2016
Hello.
One more issue I forgot to mention in the previous email:
e) As one can come up with a source code which jumps to a label within
a block scope (use-after-scope-goto-1.c):
// { dg-do run }
// { dg-additional-options "-fsanitize=use-after-scope -fstack-reuse=none" }
int main(int argc, char **argv)
{
int a = 123;
if (argc == 0)
{
int *ptr;
label:
{
ptr = &a;
*ptr = 1;
return 0;
}
}
else
goto label;
return 0;
}
It's necessary to record all local variables in gimplifier and possibly
emit unpoisoning code when a LABEL_EXPR is seen. That results in following gimple
output:
label:
_20 = (unsigned long) &a;
_21 = (unsigned long) 4;
__builtin___asan_unpoison_stack_memory (_20, _21);
_22 = (unsigned long) &ptr;
_23 = (unsigned long) 8;
__builtin___asan_unpoison_stack_memory (_22, _23);
ptr = &a;
ptr.0_10 = ptr;
_24 = (unsigned long) ptr.0_10;
_25 = _24 >> 3;
_26 = _25 + 2147450880;
_27 = (signed char *) _26;
_28 = *_27;
_29 = _28 != 0;
_30 = _24 & 7;
_31 = (signed char) _30;
_32 = _31 + 3;
_33 = _32 >= _28;
_34 = _29 & _33;
if (_34 != 0)
goto <bb 5>;
else
goto <bb 6>;
I know that the solution is a big hammer, but it works.
Martin
More information about the Gcc-patches
mailing list