[PATCH] Fix IPA modref ubsan.

Thu Nov 18 12:41:54 GMT 2021

> modref_tree<tree_node*>::merge(modref_tree<tree_node*>*, vec<modref_parm_map, va_heap, vl_ptr>*, modref_parm_map*, bool)
> 
> is called with modref_parm_map chain_map;
> 
> The variable has uninitialized m.parm_offset_known and it is accessed
> here:
> 
> gcc/ipa-modref-tree.h:572 a.parm_offset_known &= m.parm_offset_known;
> 
> Ready to be installed after testing?
> Thanks,
> Martin
> 
> 	PR ipa/103230
> 
> gcc/ChangeLog:
> 
> 	* ipa-modref-tree.h (struct modref_parm_map): Add default
> 	constructor.
> 	* ipa-modref.c (ipa_merge_modref_summary_after_inlining): Use it.
> ---
>  gcc/ipa-modref-tree.h | 5 +++++
>  gcc/ipa-modref.c      | 3 +--
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/gcc/ipa-modref-tree.h b/gcc/ipa-modref-tree.h
> index 0a097349ebd..6796e6ecc34 100644
> --- a/gcc/ipa-modref-tree.h
> +++ b/gcc/ipa-modref-tree.h
> @@ -287,6 +287,11 @@ struct GTY((user)) modref_base_node
>  struct modref_parm_map
>  {
> +  /* Default constructor.  */
> +  modref_parm_map ()
> +  : parm_index (MODREF_UNKNOWN_PARM), parm_offset_known (false), parm_offset ()
> +  {}
> +
I think we are generally not supposed to put non-pods to vec<..>
The diagnostics should be from
			a.parm_offset_known &= m.parm_offset_known;
Becasue both in the parm_map (which is variable m) and access_node
(which is variable a) the parm_offset_known has no meaning when
parm_index == MODREF_UNKNOWN_PARM.

If we want to avoid computing on these, perhaps this will work?

diff --git a/gcc/ipa-modref-tree.h b/gcc/ipa-modref-tree.h
index 0a097349ebd..97736d0d8a4 100644
--- a/gcc/ipa-modref-tree.h
+++ b/gcc/ipa-modref-tree.h
@@ -568,9 +568,13 @@ struct GTY((user)) modref_tree
 				      : (*parm_map) [a.parm_index];
 			    if (m.parm_index == MODREF_LOCAL_MEMORY_PARM)
 			      continue;
-			    a.parm_offset += m.parm_offset;
-			    a.parm_offset_known &= m.parm_offset_known;
 			    a.parm_index = m.parm_index;
+			    if (a.parm_index != MODREF_UNKNOWN_PARM)
+			      {
+				a.parm_offset_known &= m.parm_offset_known;
+				if (a.parm_offset_known)
+				  a.parm_offset += m.parm_offset;
+			      }
 			  }
 		      }
 		    changed |= insert (base_node->base, ref_node->ref, a,
>    /* Index of parameter we translate to.
>       Values from special_params enum are permitted too.  */
>    int parm_index;
> diff --git a/gcc/ipa-modref.c b/gcc/ipa-modref.c
> index c94f0589d44..630d202d5cf 100644
> --- a/gcc/ipa-modref.c
> +++ b/gcc/ipa-modref.c
> @@ -5020,8 +5020,7 @@ ipa_merge_modref_summary_after_inlining (cgraph_edge *edge)
>        auto_vec <modref_parm_map, 32> parm_map;
>        modref_parm_map chain_map;
>        /* TODO: Once we get jump functions for static chains we could
> -	 compute this.  */
> -      chain_map.parm_index = MODREF_UNKNOWN_PARM;
> +	 compute parm_index.  */
>        compute_parm_map (edge, &parm_map);
> -- 
> 2.33.1
> 
