On 09/02/2018 19:07, Jakub Jelinek wrote: > On Fri, Feb 09, 2018 at 07:01:08PM +0100, Richard Biener wrote: >>> which indeed fixes the testcase and seems not to break asan.exp. >> >> Huh. Need to double check why that makes sense ;) > > I think it does, for both ASAN_CHECK and ASAN_MARK the pointer argument > is the second one, the first one is an integer argument with flags. > And ASAN_MARK, both poison and unpoison, works kind like a clobber on the > referenced variable, before unpoison it is generally inaccessible and after > poison too.
This was too optimistic. :( In use-after-scope-types-1.C, after the patch FRE+DSE are able to optimize away the problematic read. In general it seems to me that the sanitizer passes should be before DSE if we want ASAN builtins to have precise info, otherwise some reads or stores might not be instrumented---GCC was being lucky here. The obvious change here is: Index: passes.def =================================================================== --- passes.def (revision 257584) +++ passes.def (working copy) @@ -95,6 +95,9 @@ NEXT_PASS (pass_fre); NEXT_PASS (pass_early_vrp); NEXT_PASS (pass_merge_phi); + NEXT_PASS (pass_sancov); + NEXT_PASS (pass_asan); + NEXT_PASS (pass_tsan); NEXT_PASS (pass_dse); NEXT_PASS (pass_cd_dce); NEXT_PASS (pass_early_ipa_sra); @@ -259,9 +262,6 @@ NEXT_PASS (pass_walloca, false); NEXT_PASS (pass_pre); NEXT_PASS (pass_sink_code); - NEXT_PASS (pass_sancov); - NEXT_PASS (pass_asan); - NEXT_PASS (pass_tsan); NEXT_PASS (pass_dce); /* Pass group that runs when 1) enabled, 2) there are loops in the function. Make sure to run pass_fix_loops before which seems to work (this time for real... not sure what went wrong in my previous testing) but it's a pretty large change that I'd like to run by you guys before posting it. Paolo