On Wed, Oct 30, 2013 at 11:56:25AM -0400, Jason Merrill wrote:
> On 10/30/2013 10:52 AM, Marek Polacek wrote:
> >+ if ((flag_sanitize & SANITIZE_VLA)
> >+ && !processing_template_decl
>
> You don't need to check processing_template_decl; the template case
> was already handled above.
Right, removed.
> >+ tree x = cp_save_expr (size);
> >+ x = build2 (COMPOUND_EXPR, TREE_TYPE (x),
> >+ ubsan_instrument_vla (input_location, x), x);
> >+ finish_expr_stmt (x);
>
> Saving 'size' here doesn't help since it's already been used above.
> Could you use itype instead of size here?
I already experimented with that and I think I can't, since we call
the finish_expr_stmt too soon, which results in:
int x = 1;
int a[0:(sizetype) SAVE_EXPR <D.2143>];
<<cleanup_point int x = 1;>>;
<<cleanup_point <<< Unknown tree: expr_stmt
if (SAVE_EXPR <D.2143> <= 0)
{
__builtin___ubsan_handle_vla_bound_not_positive (&*.Lubsan_data0,
(unsigned long) SAVE_EXPR <D.2143>);
}
else
{
0
}, (void) SAVE_EXPR <D.2143>; >>>>>;
ssizetype D.2143;
<<cleanup_point <<< Unknown tree: expr_stmt
(void) (D.2143 = (ssizetype) ++x + -1) >>>>>;
and that ICEs in gimplify_var_or_parm_decl, presumably because the
if (SAVE_EXPR <D.2143> <= 0) { ... } should be emitted *after* that
cleanup_point. When we generated the C++1y check in cp_finish_decl,
we emitted the check after the cleanup_point, and everything was OK.
I admit I don't understand the cleanup_points very much and I don't
know exactly where they are coming from, because normally I don't see
them coming out of C FE. :) Thanks.
Marek
