[PATCH] tighten up checking for virtual bases (PR 99502)
Martin Sebor
msebor@gmail.com
Wed Mar 17 20:47:53 GMT 2021
On 3/17/21 1:40 PM, Jason Merrill wrote:
> On 3/17/21 3:03 PM, Martin Sebor wrote:
>> On 3/16/21 2:24 PM, Jason Merrill wrote:
>>> On 3/11/21 1:06 PM, Martin Sebor wrote:
>>>> More extensive testing of the patch I just committed in r11-7563 to
>>>> avoid the false positive -Warray-bounds on accesses to members of
>>>> virtual bases has exposed a couple of problems that cause many false
>>>> negatives for even basic bugs like:
>>>>
>>>> typedef struct A { int i; } A;
>>>>
>>>> void* g (void)
>>>> {
>>>> A *p = (A*)malloc (3);
>>>> p->i = 0; // missing warning in C++
>>>> return p;
>>>> }
>>>>
>>>> as well as a number of others, including more complex ones involving
>>>> virtual base classes that can, with some additional work, be reliably
>>>> detected. Most of them were successfully diagnosed before the fix
>>>> for PR 98266. Unfortunately, the tests that exercise this are all
>>>> C so the C++ only regressions due to the divergence went unnoticed.
>>>>
>>>> The root cause is twofold: a) the simplistic check for TYPE_BINFO
>>>> in the new inbounds_vbase_memaccess_p() function means we exclude
>>>> from checking any member accesses whose leading offset is in bounds,
>>>> and b) the check for the leading offset misses cases where just
>>>> the ending offset of an access is out of bounds.
>>>>
>>>> The attached patch adds code to restrict the original solution
>>>> to just the narrow subset of accesses to members of classes with
>>>> virtual bases, and also adds a check for the ending offset.
>>>
>>> Is it enough to just fix the ending offset check, and maybe remove
>>> "vbase" from the function name? The shortcut should be valid for
>>> classes without vbases, as well.
>>
>> You mean check just the ending offset? I did both in case the size
>> of the member wasn't known or constant but I don't think those cases
>> come up here. The C++ front end rejects both flexible array members
>> and variably-modified types in base classes so the size of any such
>> member should always be constant (right?)
>>
>> Is the attached update what you're suggesting?
>
> Ah, no, I meant dropping the has_virtual_base check.
I see. I wanted to constrain the check just to when it's necessary
but it does seem to work either way at the expense of more checking.
I did have to restore the test for the beginning offset because
the code now lets flexible array members through. How's the attached
revision?
>
>> Martin
>>
>>>
>>>> Is the patch okay for trunk?
>>>>
>>>> (The code for has_virtual_base() is adapted from
>>>> polymorphic_type_binfo_p() in ipa-utils.h. It seems like a handy
>>>> utility that could go in tree.h.)
>>>>
>>>> Martin
>>>>
>>>> PS There is another regression I discovered while working on this.
>>>> It's a false positive but unrelated to the r11-7563 fix so I'll
>>>> post a patch for separately.
>>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcc-99502.diff
Type: text/x-patch
Size: 18149 bytes
Desc: not available
URL: <https://gcc.gnu.org/pipermail/gcc-patches/attachments/20210317/b2b64538/attachment-0001.bin>
More information about the Gcc-patches
mailing list