[PATCH] Fix not caught use-after-scope with -O1 (PR sanitize/78106)

Martin Liška mliska@suse.cz
Tue Oct 25 12:16:00 GMT 2016 

On 10/25/2016 01:52 PM, Jakub Jelinek wrote:
> On Tue, Oct 25, 2016 at 01:40:03PM +0200, Martin Liška wrote:
>> While reading and trying to understand sanopt code, I've noticed that we can possibly
>> optimize out a ASAN_CHECK when there's a BB in between DOM(BB) and BB which can
>> call a freeing function.
>>
>> Ready to be installed after it survives regression tests?
>> Martin
> 
>> >From d8ed43c1f8e29cfe63ebd7c40a76715c9c644522 Mon Sep 17 00:00:00 2001
>> From: marxin <mliska@suse.cz>
>> Date: Tue, 25 Oct 2016 13:29:47 +0200
>> Subject: [PATCH] Fix not caught use-after-scope with -O1 (PR sanitize/78106)
>>
>> gcc/ChangeLog:
>>
>> 2016-10-25  Martin Liska  <mliska@suse.cz>
>>
>> 	PR sanitizer/78106
>> 	* sanopt.c (imm_dom_path_with_freeing_call): Handle gasm
>> 	statements as they can also contain possibly a freeing call.
> 
> Other places use something like
>       if ((gimple_code (stmt) == GIMPLE_ASM && gimple_vdef (stmt))
>           || (is_gimple_call (stmt)
>               && (!nonfreeing_call_p (stmt) || !nonbarrier_call_p (stmt))))
> though what you added matches more what ipa-pure-const.c does, ok.

Yes, I basically took the same code as we already have on a different place in the file:

sanopt.c:531
      if (!is_gimple_call (stmt))
	{
	  /* Handle asm volatile or asm with "memory" clobber
	     the same as potentionally freeing call.  */
	  gasm *asm_stmt = dyn_cast <gasm *> (stmt);
	  if (asm_stmt
	      && asan_check_optimize
	      && (gimple_asm_clobbers_memory_p (asm_stmt)
		  || gimple_asm_volatile_p (asm_stmt)))
	    info->freeing_call_events++;
	  gsi_next (&gsi);
	  continue;
	}

      if (asan_check_optimize && !nonfreeing_call_p (stmt))
	info->freeing_call_events++;

> 
>> gcc/testsuite/ChangeLog:
>>
>> 2016-10-25  Martin Liska  <mliska@suse.cz>
>>
>> 	PR sanitizer/78106
>> 	* gcc.dg/asan/pr78106.c: New test.
> 
> The test is bad.  1) asan is supported on various architectures, call release
> is x86 specific, and even there on some OSes the syntax might be different
> (_release, etc.?) 2) you aren't trying to maintain required stack alignment
> 
> So, I think it would be better to just use dg-do compile and just scan some
> dump.

I see! I changed the code to scan sanopts-details dump file.

Ready to install with the change?
Thanks,
Martin

> 
> 	Jakub
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-not-caught-use-after-scope-with-O1-PR-sanitize-7-v2.patch
Type: text/x-patch
Size: 2262 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20161025/c2effb6f/attachment.bin>

More information about the Gcc-patches mailing list