On Tue, 21 May 2024, Jakub Jelinek wrote:
> Hi!
>
> The following testcase is miscompiled, because -fsanitize=bool,enum
> creates a MEM_REF without propagating there address space qualifiers,
> so what should be normally loaded using say %gs:/%fs: segment prefix
> isn't. Together with asan it then causes that load to be sanitized.
>
> Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux,
> ok for trunk and release branches?
OK.
Thanks,
Richard.
> 2024-05-21 Jakub Jelinek <ja...@redhat.com>
>
> PR sanitizer/115172
> * ubsan.cc (instrument_bool_enum_load): If rhs is not in generic
> address space, use qualified version of utype with the right
> address space. Formatting fix.
>
> * gcc.dg/asan/pr115172.c: New test.
>
> --- gcc/ubsan.cc.jj 2024-03-22 09:23:37.695296775 +0100
> +++ gcc/ubsan.cc 2024-05-21 12:10:24.261454107 +0200
> @@ -1776,13 +1776,17 @@ instrument_bool_enum_load (gimple_stmt_i
> || TREE_CODE (gimple_assign_lhs (stmt)) != SSA_NAME)
> return;
>
> + addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (rhs));
> + if (as != TYPE_ADDR_SPACE (utype))
> + utype = build_qualified_type (utype, TYPE_QUALS (utype)
> + | ENCODE_QUAL_ADDR_SPACE (as));
> bool ends_bb = stmt_ends_bb_p (stmt);
> location_t loc = gimple_location (stmt);
> tree lhs = gimple_assign_lhs (stmt);
> tree ptype = build_pointer_type (TREE_TYPE (rhs));
> tree atype = reference_alias_ptr_type (rhs);
> gimple *g = gimple_build_assign (make_ssa_name (ptype),
> - build_fold_addr_expr (rhs));
> + build_fold_addr_expr (rhs));
> gimple_set_location (g, loc);
> gsi_insert_before (gsi, g, GSI_SAME_STMT);
> tree mem = build2 (MEM_REF, utype, gimple_assign_lhs (g),
> --- gcc/testsuite/gcc.dg/asan/pr115172.c.jj 2024-05-21 17:28:18.302815400
> +0200
> +++ gcc/testsuite/gcc.dg/asan/pr115172.c 2024-05-21 22:50:43.272753785
> +0200
> @@ -0,0 +1,20 @@
> +/* PR sanitizer/115172 */
> +/* { dg-do compile { target i?86-*-* x86_64-*-* } } */
> +/* { dg-options "-O2 -fsanitize=address,bool -ffat-lto-objects
> -fdump-tree-asan1" } */
> +/* { dg-final { scan-tree-dump-not "\.ASAN_CHECK " "asan1" } } */
> +
> +#ifdef __x86_64__
> +#define SEG __seg_gs
> +#else
> +#define SEG __seg_fs
> +#endif
> +
> +extern struct S { _Bool b; } s;
> +void bar (void);
> +
> +void
> +foo (void)
> +{
> + if (*(volatile _Bool SEG *) (__UINTPTR_TYPE__) &s.b)
> + bar ();
> +}
>
> Jakub
>
>
--
Richard Biener <rguent...@suse.de>
SUSE Software Solutions Germany GmbH,
Frankenstrasse 146, 90461 Nuernberg, Germany;
GF: Ivo Totev, Andrew McDonald, Werner Knoblich; (HRB 36809, AG Nuernberg)
