Patchwork Fix ubsan/bounds-2.c

login
register
mail settings
Submitter Marek Polacek
Date June 25, 2014, 2:03 p.m.
Message ID <20140625140351.GD489@redhat.com>
Download mbox | patch
Permalink /patch/364012/
State New
Headers show

Comments

Marek Polacek - June 25, 2014, 2:03 p.m.
On Wed, Jun 25, 2014 at 03:47:37PM +0200, Jakub Jelinek wrote:
> Please don't invoke undefined behavior in the asm statements.
> So, "r" (&c[5]) is fine, but not &c[5][2][2] is not, &x[-1] is not, etc.
> I'd say it should be ok to always just take address of the base
> variable in the asm.  Otherwise it looks good to me.

Ah, sure, hopefully the following is fine then:

2014-06-25  Marek Polacek  <polacek@redhat.com>

	* c-c++-common/ubsan/bounds-2.c: Adjust dg-output.
	(fn1): Remove store to out-of-bounds location.  Add memory barrier.
	(fn2): Likewise.
	(fn5): Likewise.
	(fn6): Likewise.
	(fn7): Likewise.
	(fn8): Likewise.
	(fn9): Likewise.
	(fn11): Likewise.
	* c-c++-common/ubsan/bounds-5.c (fn1): Remove store to out-of-bounds
	location.  Add memory barrier.
	(fn2): Likewise.
	(fn3): Likewise.
	(fn4): Likewise.
	(fn5): Likewise.
	* c-c++-common/ubsan/bounds-7.c: New test.


	Marek

Patch

diff --git gcc/testsuite/c-c++-common/ubsan/bounds-2.c gcc/testsuite/c-c++-common/ubsan/bounds-2.c
index 95f77c2..7ef71aa 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-2.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-2.c
@@ -22,7 +22,7 @@  static void __attribute__ ((noinline, noclone))
 fn1 (void)
 {
   volatile int a[5];
-  a[5] = 1;
+  asm ("" : : "r" (&a) : "memory");
   a[2] = a[5];
 }
 
@@ -30,9 +30,11 @@  static void __attribute__ ((noinline, noclone))
 fn2 (void)
 {
   volatile int a[5];
+  volatile int j;
   int i = 5;
   int *p = &i;
-  a[*p] = 1;
+  asm ("" : : "r" (&a) : "memory");
+  j = a[*p];
 }
 
 static void __attribute__ ((noinline, noclone))
@@ -54,7 +56,7 @@  fn5 (void)
 {
   int i = 5;
   volatile int a[i];
-  a[i] = 1;
+  asm ("" : : "r" (&a) : "memory");
   a[2] = a[i];
 }
 
@@ -63,29 +65,32 @@  fn6 (void)
 {
   int i = 5;
   volatile int a[i];
+  volatile int j;
   fn_p (a[i]);
-  a[foo_5 ()] = 1;
+  asm ("" : : "r" (&a) : "memory");
+  j = a[foo_5 ()];
 }
 
 static void __attribute__ ((noinline, noclone))
 fn7 (void)
 {
-  int n = 5, i;
+  int n = 5;
+  volatile int i;
   volatile int c[n][n][n];
-  c[5][2][2] = 2;
-  c[2][5][2] = 2;
-  c[2][2][5] = 2;
+  asm ("" : : "r" (&c[5]) : "memory");
   i = c[5][2][2];
+  asm ("" : : "r" (&c[2]) : "memory");
   i = c[2][5][2];
+  asm ("" : : "r" (&c[2]) : "memory");
   i = c[2][2][5];
 }
 
 static void __attribute__ ((noinline, noclone))
 fn8 (void)
 {
-  int i = 5;
+  volatile int i;
   volatile struct S s;
-  s.a[10] = 1;
+  asm ("" : : "r" (&s.a) : "memory");
   i = s.a[10];
 }
 
@@ -93,7 +98,7 @@  static void __attribute__ ((noinline, noclone))
 fn9 (void)
 {
   long int *volatile d[10][5];
-  d[10][0] = 0;
+  asm ("" : : "r" (&d[10]) : "memory");
   d[8][3] = d[10][0];
 }
 
@@ -115,7 +120,7 @@  static void __attribute__ ((noinline, noclone))
 fn11 (void)
 {
   char ***volatile f[5];
-  f[5] = 0;
+  asm ("" : : "r" (&f) : "memory");
   f[2] = f[5];
 }
 
@@ -148,21 +153,13 @@  main (void)
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 10 out of bounds for type 'long int \\\*\\\[10\\\]\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'long int \\\*\\\[10\\\]\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'char \\\*\\\*\\\*\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'char \\\*\\\*\\\*\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
 /* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-5.c gcc/testsuite/c-c++-common/ubsan/bounds-5.c
index 7b7d76d..9698529 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-5.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-5.c
@@ -9,11 +9,16 @@  void
 fn1 (void)
 {
   volatile struct S { char a[1]; char b; } s;
-  s.a[0] = 1; // OK
-  s.a[1] = 2; // error
+  volatile int i;
+  asm ("" : : "r" (&s.a) : "memory");
+  i = s.a[0]; // OK
+  asm ("" : : "r" (&s.a) : "memory");
+  i = s.a[1]; // error
   volatile struct S *p = &s;
-  p->a[0] = 1; // OK
-  p->a[1] = 1; // error
+  asm ("" : : "r" (&p->a) : "memory");
+  i = p->a[0]; // OK
+  asm ("" : : "r" (&p->a) : "memory");
+  i = p->a[1]; // error
 }
 
 __attribute__ ((noinline, noclone))
@@ -22,11 +27,16 @@  fn2 (void)
 {
   struct S { int c; char d[4]; };
   volatile struct T { int e; struct S f; int g; } t;
-  t.f.d[3] = 1; // OK
-  t.f.d[4] = 1; // error
+  volatile int i;
+  asm ("" : : "r" (&t.f.d) : "memory");
+  i = t.f.d[3]; // OK
+  asm ("" : : "r" (&t.f.d) : "memory");
+  i = t.f.d[4]; // error
   volatile struct T *p = &t;
-  p->f.d[3] = 1; // OK
-  p->f.d[4] = 1; // error
+  asm ("" : : "r" (&p->f.d) : "memory");
+  i = p->f.d[3]; // OK
+  asm ("" : : "r" (&p->f.d) : "memory");
+  i = p->f.d[4]; // error
 }
 
 __attribute__ ((noinline, noclone))
@@ -34,11 +44,16 @@  void
 fn3 (void)
 {
   volatile struct S { char b; char a[1]; } s;
-  s.a[0] = 1; // OK
-  s.a[1] = 1; // error
+  volatile int i;
+  asm ("" : : "r" (&s.a) : "memory");
+  i = s.a[0]; // OK
+  asm ("" : : "r" (&s.a) : "memory");
+  i = s.a[1]; // error
   volatile struct S *p = &s;
-  p->a[0] = 1; // OK
-  p->a[1] = 1; // error in strict mode
+  asm ("" : : "r" (&p->a) : "memory");
+  i = p->a[0]; // OK
+  asm ("" : : "r" (&p->a) : "memory");
+  i = p->a[1]; // error in strict mode
 }
 
 __attribute__ ((noinline, noclone))
@@ -47,11 +62,16 @@  fn4 (void)
 {
   volatile struct S { char b; char a[1]; } s;
   volatile struct T { struct S s; int i; } t;
-  t.s.a[0] = 1; // OK
-  t.s.a[1] = 1; // error
+  volatile int i;
+  asm ("" : : "r" (&t.s.a) : "memory");
+  i = t.s.a[0]; // OK
+  asm ("" : : "r" (&t.s.a) : "memory");
+  i = t.s.a[1]; // error
   volatile struct T *pt = &t;
-  pt->s.a[0] = 1; // OK
-  pt->s.a[1] = 1; // error
+  asm ("" : : "r" (&pt->s.a) : "memory");
+  i = pt->s.a[0]; // OK
+  asm ("" : : "r" (&pt->s.a) : "memory");
+  i = pt->s.a[1]; // error
 }
 
 __attribute__ ((noinline, noclone))
@@ -60,11 +80,16 @@  fn5 (void)
 {
   volatile struct S { char b; char a[1]; } s;
   volatile struct U { int a; struct S s; } u;
-  u.s.a[0] = 1; // OK
-  u.s.a[1] = 1; // error
+  volatile int i;
+  asm ("" : : "r" (&u.s.a) : "memory");
+  i = u.s.a[0]; // OK
+  asm ("" : : "r" (&u.s.a) : "memory");
+  i = u.s.a[1]; // error
   volatile struct U *pu = &u;
-  pu->s.a[0] = 1; // OK
-  pu->s.a[1] = 1; // error in strict mode
+  asm ("" : : "r" (&pu->s.a) : "memory");
+  i = pu->s.a[0]; // OK
+  asm ("" : : "r" (&pu->s.a) : "memory");
+  i = pu->s.a[1]; // error in strict mode
 }
 
 int
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-7.c gcc/testsuite/c-c++-common/ubsan/bounds-7.c
index e69de29..2d7cc3b 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-7.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-7.c
@@ -0,0 +1,54 @@ 
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+
+/* Test negative bounds.  */
+
+struct S { int a[10]; };
+
+__attribute__ ((noinline, noclone))
+void
+fn1 (void)
+{
+  volatile int i;
+  int m = -1;
+  volatile int a[7];
+  asm ("" : : "r" (&a) : "memory");
+  i = a[-1];
+  asm ("" : : "r" (&a) : "memory");
+  i = a[m];
+}
+
+__attribute__ ((noinline, noclone))
+void
+fn2 (void)
+{
+  volatile int i;
+  int m = 7;
+  volatile int a[m];
+  asm ("" : : "r" (&a) : "memory");
+  i = a[-1];
+}
+
+__attribute__ ((noinline, noclone))
+void
+fn3 (void)
+{
+  volatile int i;
+  volatile struct S s;
+  asm ("" : : "r" (&s.a) : "memory");
+  i = s.a[-1];
+}
+
+int
+main (void)
+{
+  fn1 ();
+  fn2 ();
+  fn3 ();
+  return 0;
+}
+
+/* { dg-output "index -1 out of bounds for type 'int \\\[7\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[7\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */