[PATCH] Fix not caught use-after-scope with -O1 (PR sanitize/78106)

Jakub Jelinek jakub@redhat.com
Tue Oct 25 11:52:00 GMT 2016


On Tue, Oct 25, 2016 at 01:40:03PM +0200, Martin Liška wrote:
> While reading and trying to understand sanopt code, I've noticed that we can possibly
> optimize out a ASAN_CHECK when there's a BB in between DOM(BB) and BB which can
> call a freeing function.
> 
> Ready to be installed after it survives regression tests?
> Martin

> >From d8ed43c1f8e29cfe63ebd7c40a76715c9c644522 Mon Sep 17 00:00:00 2001
> From: marxin <mliska@suse.cz>
> Date: Tue, 25 Oct 2016 13:29:47 +0200
> Subject: [PATCH] Fix not caught use-after-scope with -O1 (PR sanitize/78106)
> 
> gcc/ChangeLog:
> 
> 2016-10-25  Martin Liska  <mliska@suse.cz>
> 
> 	PR sanitizer/78106
> 	* sanopt.c (imm_dom_path_with_freeing_call): Handle gasm
> 	statements as they can also contain possibly a freeing call.

Other places use something like
      if ((gimple_code (stmt) == GIMPLE_ASM && gimple_vdef (stmt))
          || (is_gimple_call (stmt)
              && (!nonfreeing_call_p (stmt) || !nonbarrier_call_p (stmt))))
though what you added matches more what ipa-pure-const.c does, ok.

> gcc/testsuite/ChangeLog:
> 
> 2016-10-25  Martin Liska  <mliska@suse.cz>
> 
> 	PR sanitizer/78106
> 	* gcc.dg/asan/pr78106.c: New test.

The test is bad.  1) asan is supported on various architectures, call release
is x86 specific, and even there on some OSes the syntax might be different
(_release, etc.?) 2) you aren't trying to maintain required stack alignment

So, I think it would be better to just use dg-do compile and just scan some
dump.

	Jakub



More information about the Gcc-patches mailing list