https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115172
Bug ID: 115172
Summary: Invalid -fsanitize=bool sanitization of variable from
named address space
Product: gcc
Version: 14.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: ubizjak at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 58260
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58260&action=edit
Preprocessed file
Originally reported in PR 111736, comment 42.
Compiling the attached preprocessed file with:
gcc -O2 -fsanitize=kernel-address -fasan-shadow-offset=0xdffffc0000000000
--param asan-instrumentation-with-call-threshold=10000 -fsanitize=bool -S
alternative.i
results in:
movabsq $-2305847407260205056, %rdx
movl $cpu_tlbstate_shared, %eax
shrq $3, %rax
movzbl (%rax,%rdx), %eax
testb %al, %al
je .L399
jle .L473
.L399:
movzbl %gs:cpu_tlbstate_shared(%rip), %r14d
cmpb $1, %r14b
which is wrong. %gs: prefixed addresses should not be sanitized.
Omitting -fsanitize=bool from the above compiles the preprocessed file to:
movzbl %gs:cpu_tlbstate_shared(%rip), %eax
testb %al, %al
where no sanitization is present with the above variable.
