Limit removal of UBSAN_NULL checks

Message ID	20141105213745.GZ20462@redhat.com
State	New
Headers	show Return-Path: <gcc-patches-return-382997-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; q=dns; s= default; b=b8PYGoEBTjlUXOOQwLOViTlAZQHrVflICi8eQ53gBCbybSCyF09i4 wEwvA8TEhCV+r0IvMER6xfwl5wQS7eq4FKJmWd23Pj/mA7zjhU/AWRagF+yqxDJS oECIZmct9YmVPY3PDbMa2gtQMFWnmMvsL9Imi9ukZip7sqG44GtP1g= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org Date: Wed, 5 Nov 2014 22:37:46 +0100 From: Marek Polacek <polacek@redhat.com> To: GCC Patches <gcc-patches@gcc.gnu.org>, Jakub Jelinek <jakub@redhat.com> Subject: [PATCH] Limit removal of UBSAN_NULL checks Message-ID: <20141105213745.GZ20462@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12)

diff --git gcc/sanopt.c gcc/sanopt.c index 4483ff7..cb172d3 100644 --- gcc/sanopt.c +++ gcc/sanopt.c @@ -130,7 +130,27 @@ sanopt_optimize_walker (basic_block bb, struct sanopt_ctx *ctx) /* At this point we shouldn't have any statements that aren't dominating the current BB. */ tree align = gimple_call_arg (g, 2); - remove = tree_int_cst_le (cur_align, align); + int kind = tree_to_shwi (gimple_call_arg (g, 1)); + /* If this is a NULL pointer check where we had segv + anyway, we can remove it. */ + if (integer_zerop (align) + && (kind == UBSAN_LOAD_OF + || kind == UBSAN_STORE_OF + || kind == UBSAN_MEMBER_ACCESS)) + remove = true; + /* Otherwise remove the check in non-recovering + mode, or if the stmts have same location. */ + else if (integer_zerop (align)) + remove = !(flag_sanitize_recover & SANITIZE_NULL) + || flag_sanitize_undefined_trap_on_error + || gimple_location (g) + == gimple_location (stmt); + else if (tree_int_cst_le (cur_align, align)) + remove = !(flag_sanitize_recover + & SANITIZE_ALIGNMENT) + || flag_sanitize_undefined_trap_on_error + || gimple_location (g) + == gimple_location (stmt); break; } } diff --git gcc/testsuite/c-c++-common/ubsan/align-2.c gcc/testsuite/c-c++-common/ubsan/align-2.c index 02a26e2..071de8c 100644 --- gcc/testsuite/c-c++-common/ubsan/align-2.c +++ gcc/testsuite/c-c++-common/ubsan/align-2.c @@ -51,4 +51,6 @@ main () /* { dg-output "\.c:(13|16):\[0-9]*: \[^\n\r]*store to misaligned address 0x\[0-9a-fA-F]* for type 'int', which requires 4 byte alignment.*" } */ /* { dg-output "\.c:23:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ /* { dg-output "\.c:(29|30):\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\.c:30:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\.c:31:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ /* { dg-output "\.c:37:\[0-9]*: \[^\n\r]*load of misaligned address 0x\[0-9a-fA-F]* for type 'long long int', which requires \[48] byte alignment" } */ diff --git gcc/testsuite/c-c++-common/ubsan/align-4.c gcc/testsuite/c-c++-common/ubsan/align-4.c index f010589..3252595 100644 --- gcc/testsuite/c-c++-common/ubsan/align-4.c +++ gcc/testsuite/c-c++-common/ubsan/align-4.c @@ -9,4 +9,6 @@ /* { dg-output "\[^\n\r]*\.c:(13|16):\[0-9]*: \[^\n\r]*store to misaligned address 0x\[0-9a-fA-F]* for type 'int', which requires 4 byte alignment.*" } */ /* { dg-output "\[^\n\r]*\.c:23:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ /* { dg-output "\[^\n\r]*\.c:(29|30):\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\[^\n\r]*\.c:30:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\[^\n\r]*\.c:31:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ /* { dg-output "\[^\n\r]*\.c:37:\[0-9]*: \[^\n\r]*load of misaligned address 0x\[0-9a-fA-F]* for type 'long long int', which requires \[48] byte alignment" } */ diff --git gcc/testsuite/c-c++-common/ubsan/align-6.c gcc/testsuite/c-c++-common/ubsan/align-6.c index e69de29..5521292 100644 --- gcc/testsuite/c-c++-common/ubsan/align-6.c +++ gcc/testsuite/c-c++-common/ubsan/align-6.c @@ -0,0 +1,33 @@ +/* Limit this to known non-strict alignment targets. */ +/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */ +/* { dg-options "-O -fsanitize=alignment -fsanitize-recover=alignment" } */ + +struct S { int a; char b; long long c; short d[10]; }; +struct T { char a; long long b; }; +struct U { char a; int b; int c; long long d; struct S e; struct T f; } __attribute__((packed)); +struct V { long long a; struct S b; struct T c; struct U u; } v; + +__attribute__((noinline, noclone)) int +foo (struct S *p) +{ + volatile int i; + i = p->a; + i = p->a; + i = p->a; + i = p->a; + return p->a; +} + +int +main () +{ + if (foo (&v.u.e)) + __builtin_abort (); + return 0; +} + +/* { dg-output "\.c:14:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\.c:15:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\.c:16:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\.c:17:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-output "\.c:18:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ diff --git gcc/testsuite/c-c++-common/ubsan/align-7.c gcc/testsuite/c-c++-common/ubsan/align-7.c index e69de29..4a18d8d 100644 --- gcc/testsuite/c-c++-common/ubsan/align-7.c +++ gcc/testsuite/c-c++-common/ubsan/align-7.c @@ -0,0 +1,32 @@ +/* Limit this to known non-strict alignment targets. */ +/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */ +/* { dg-options "-O -fsanitize=alignment -fno-sanitize-recover=alignment -fdump-tree-sanopt-details" } */ +/* { dg-shouldfail "ubsan" } */ + +struct S { int a; char b; long long c; short d[10]; }; +struct T { char a; long long b; }; +struct U { char a; int b; int c; long long d; struct S e; struct T f; } __attribute__((packed)); +struct V { long long a; struct S b; struct T c; struct U u; } v; + +__attribute__((noinline, noclone)) int +foo (struct S *p) +{ + volatile int i; + i = p->a; + i = p->a; + i = p->a; + i = p->a; + return p->a; +} + +int +main () +{ + if (foo (&v.u.e)) + __builtin_abort (); + return 0; +} + +/* { dg-output "\.c:15:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */ +/* { dg-final { scan-tree-dump-times "Optimizing" 4 "sanopt"} } */ +/* { dg-final { cleanup-tree-dump "sanopt" } } */ diff --git gcc/testsuite/c-c++-common/ubsan/align-8.c gcc/testsuite/c-c++-common/ubsan/align-8.c index e69de29..b930162 100644 --- gcc/testsuite/c-c++-common/ubsan/align-8.c +++ gcc/testsuite/c-c++-common/ubsan/align-8.c @@ -0,0 +1,31 @@ +/* Limit this to known non-strict alignment targets. */ +/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */ +/* { dg-options "-O -fsanitize=alignment -fsanitize-undefined-trap-on-error -fdump-tree-sanopt-details" } */ +/* { dg-shouldfail "ubsan" } */ + +struct S { int a; char b; long long c; short d[10]; }; +struct T { char a; long long b; }; +struct U { char a; int b; int c; long long d; struct S e; struct T f; } __attribute__((packed)); +struct V { long long a; struct S b; struct T c; struct U u; } v; + +__attribute__((noinline, noclone)) int +foo (struct S *p) +{ + volatile int i; + i = p->a; + i = p->a; + i = p->a; + i = p->a; + return p->a; +} + +int +main () +{ + if (foo (&v.u.e)) + __builtin_abort (); + return 0; +} + +/* { dg-final { scan-tree-dump-times "Optimizing" 4 "sanopt"} } */ +/* { dg-final { cleanup-tree-dump "sanopt" } } */ diff --git gcc/testsuite/g++.dg/ubsan/null-1.C gcc/testsuite/g++.dg/ubsan/null-1.C index 83b3033..e1524b1 100644 --- gcc/testsuite/g++.dg/ubsan/null-1.C +++ gcc/testsuite/g++.dg/ubsan/null-1.C @@ -25,4 +25,6 @@ main (void) } // { dg-output "reference binding to null pointer of type 'int'(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*reference binding to null pointer of type 'int'(\n|\r\n|\r)" } // { dg-output "\[^\n\r]*reference binding to null pointer of type 'const L'(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*reference binding to null pointer of type 'int'(\n|\r\n|\r)" } diff --git gcc/testsuite/g++.dg/ubsan/null-2.C gcc/testsuite/g++.dg/ubsan/null-2.C index 0230c7c..88f387e 100644 --- gcc/testsuite/g++.dg/ubsan/null-2.C +++ gcc/testsuite/g++.dg/ubsan/null-2.C @@ -35,3 +35,5 @@ main (void) // { dg-output "\.C:26:\[0-9]*:\[\^\n\r]*member call on null pointer of type 'struct U'.*" } // { dg-output "\.C:29:\[0-9]*:\[\^\n\r]*member call on null pointer of type 'struct V'.*" } +// { dg-output "\.C:31:\[0-9]*:\[\^\n\r]*member call on null pointer of type 'struct V'.*" } +// { dg-output "\.C:33:\[0-9]*:\[\^\n\r]*member call on null pointer of type 'struct V'" } diff --git gcc/testsuite/g++.dg/ubsan/null-3.C gcc/testsuite/g++.dg/ubsan/null-3.C index e69de29..cd3716b 100644 --- gcc/testsuite/g++.dg/ubsan/null-3.C +++ gcc/testsuite/g++.dg/ubsan/null-3.C @@ -0,0 +1,20 @@ +// { dg-do run } +// { dg-options "-fsanitize=null" } + +int +main (void) +{ + int *p = 0; + + int &r1 = *p; + int &r2 = *p; + int &r3 = *p; + int &r4 = *p; + int &r5 = *p; +} + +// { dg-output "reference binding to null pointer of type 'int'(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*reference binding to null pointer of type 'int'(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*reference binding to null pointer of type 'int'(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*reference binding to null pointer of type 'int'(\n|\r\n|\r)" } +// { dg-output "\[^\n\r]*reference binding to null pointer of type 'int'(\n|\r\n|\r)" } diff --git gcc/testsuite/g++.dg/ubsan/null-4.C gcc/testsuite/g++.dg/ubsan/null-4.C index e69de29..9cb04ef 100644 --- gcc/testsuite/g++.dg/ubsan/null-4.C +++ gcc/testsuite/g++.dg/ubsan/null-4.C @@ -0,0 +1,19 @@ +// { dg-do run } +// { dg-options "-O -fsanitize=null -fno-sanitize-recover=null -fdump-tree-sanopt-details" } +// { dg-shouldfail "ubsan" } + +int +main (void) +{ + int *p = 0; + + int &r1 = *p; + int &r2 = *p; + int &r3 = *p; + int &r4 = *p; + int &r5 = *p; +} + +// { dg-output "reference binding to null pointer of type 'int'(\n|\r\n|\r)" } +// { dg-final { scan-tree-dump-times "Optimizing" 4 "sanopt"} } +// { dg-final { cleanup-tree-dump "sanopt" } } diff --git gcc/testsuite/g++.dg/ubsan/null-5.C gcc/testsuite/g++.dg/ubsan/null-5.C index e69de29..d8e4a68 100644 --- gcc/testsuite/g++.dg/ubsan/null-5.C +++ gcc/testsuite/g++.dg/ubsan/null-5.C @@ -0,0 +1,18 @@ +// { dg-do run } +// { dg-options "-O -fsanitize=null -fsanitize-undefined-trap-on-error -fdump-tree-sanopt-details" } +// { dg-shouldfail "ubsan" } + +int +main (void) +{ + int *p = 0; + + int &r1 = *p; + int &r2 = *p; + int &r3 = *p; + int &r4 = *p; + int &r5 = *p; +} + +// { dg-final { scan-tree-dump-times "Optimizing" 4 "sanopt"} } +// { dg-final { cleanup-tree-dump "sanopt" } }

Limit removal of UBSAN_NULL checks

Commit Message

Comments

Patch