Re: [PATCH, RFC] Introduce -fsanitize=use-after-scope (v2)

Wed, 02 Nov 2016 03:00:07 -0700 

On Wed, Nov 02, 2016 at 10:36:44AM +0100, Martin Liška wrote:
> On 11/01/2016 03:53 PM, Jakub Jelinek wrote:
> > What kind of false positives it is for each case?  Is it with normal
> > asan-bootstrap (without your -fsanitize-use-after-scope changes), or
> > only with those changes, or only with those changes and
> > -fsanitize-use-after-scope used during bootstrap?
> 
> Ok, the situation is simpler than I thought:

CCing also Marek.
> 
> #include <stdio.h>
> 
> int main(int argc, char **argv)
> {
>   int *ptr;
> 
>   switch (argc)
>     {
>       int a;
> 
>     case 1:
>       break;
> 
>     default:
>       ptr = &a;
>       break;
>     }
> 
>   fprintf (stderr, "v: %d\n", *ptr);
>   return 0;
> }
> 
> Which is gimplified as:
> 
>     int * ptr;
> 
>     switch (argc) <default: <D.2575>, case 1: <D.2573>>
>     {
>       int a;
> 
>       try
>         {
>           ASAN_MARK (2, &a, 4);
>           <D.2573>:
>           goto <D.2574>;
>           <D.2575>:
>           ptr = &a;
>           goto <D.2574>;
>         }
>       finally
>         {
>           ASAN_MARK (1, &a, 4);
>         }
>     }
>     <D.2574>:
>     _1 = *ptr;
>     stderr.0_2 = stderr;
>     fprintf (stderr.0_2, "v: %d\n", _1);
>     D.2577 = 0;
>     return D.2577;
>   }
>   D.2577 = 0;
>   return D.2577;
> 
> and thus we get:
> /tmp/switch-case.c:9:11: warning: statement will never be executed 
> [-Wswitch-unreachable]
>        int a;
> 
> I'm wondering where properly fix that, we can either find all these 
> ASAN_MARKs in gimplify_switch_expr
> and distribute it to all labels (which are gimplified). Or we can put such 
> variables to asan_poisoned_variables
> if we have information that we're gimplifing statements before a first label. 
> Do we know that from gimple context?
> If so, these variables will be unpoisoned at the very beginning of each label 
> and the ASAN_MARK call in between
> switch statement and a first label can be removed.

Wouldn't it be easiest if -Wswitch-unreachable warning just ignored
the ASAN_MARK internal calls altogether?
Do you emit there any other statements, or just ASAN_MARK and nothing else?

Shouldn't there be also ASAN_MARK on the implicit gotos from the switch
statement?  Otherwise, consider this being done in a loop, after the first
iteration you ASAN_MARK (1, &a, 4) (i.e. poison), then you iterate say with
args 1 and have in case 1: a = 0;, won't that trigger runtime error?

        Jakub

Reply via email to