From patchwork Tue Sep 17 15:24:22 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marek Polacek <polacek@redhat.com>
X-Patchwork-Id: 275490
Return-Path: 
 <gcc-patches-return-349297-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 4249D2C00A9
	for <incoming@patchwork.ozlabs.org>;
	Wed, 18 Sep 2013 01:24:41 +1000 (EST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:mime-version:content-type; q=dns;
	s=default; b=bu8qPAoFJbuXOyp5s7AmXqPyOT8g0utqp7zBK7n/JzDa2ueJKK
	JkuC/vWVtD6F9wLDOc5nBMuJMdRjRO+q9bzAjhjB13bCngnj2JsXj/NEBq1w8a7R
	Ra4G54flDggxA+II1RaabR96rOSnUPUFWhHHC9HgGzCf4h39emg6wwsWA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:mime-version:content-type; s=
	default; bh=Lmu+uuGs+z2VmAJ9Gs0UTYmfTrg=; b=bQZggrfGtwfhfUcwe5yT
	8c+xDAaP2Rit52Xb601BZtTuDX+rfoiFTvZsmHhDurtAc9AT3KFUCrVN6r8PnFxK
	7UVU7Ed3o9rxhuKJJ87Z1s1+FR/4MPgcJSUI243nci25KG2cH+54TqRTA8D7Prs5
	SOM1VNmDlV+RUje9ctSWNC4=
Received: (qmail 3371 invoked by alias); 17 Sep 2013 15:24:33 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <mailto:gcc-patches-unsubscribe-##L=##H@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 3362 invoked by uid 89); 17 Sep 2013 15:24:32 -0000
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Tue, 17 Sep 2013 15:24:32 +0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL, BAYES_00,
	RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: mx1.redhat.com
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])	by
	mx1.redhat.com (8.14.4/8.14.4) with ESMTP id
	r8HFORlH007709	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=OK); Tue, 17 Sep 2013 11:24:28 -0400
Received: from redhat.com (ovpn-116-32.ams2.redhat.com [10.36.116.32])	by
	int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4)
	with ESMTP id r8HFONfN000439	(version=TLSv1/SSLv3
	cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Tue, 17 Sep 2013 11:24:25 -0400
Date: Tue, 17 Sep 2013 17:24:22 +0200
From: Marek Polacek <polacek@redhat.com>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Jakub Jelinek <jakub@redhat.com>, Jason Merrill <jason@redhat.com>,
	"Joseph S. Myers" <joseph@codesourcery.com>
Subject: [PATCH] Add no_sanitize_undefined attribute (PR sanitizer/58411)
Message-ID: <20130917152422.GB15960@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)

This patch adds the no_sanitize_undefined attribute, so the user can tell
that a particular function should be ignored by ubsan.

Ran ubsan testsuite/bootstrap-ubsan on x86_64-linux, ok for trunk?

2013-09-17  Marek Polacek  <polacek@redhat.com>

	PR sanitizer/58411
	* doc/extend.texi: Document no_sanitize_undefined attribute.
	* builtins.c (fold_builtin_0): Don't sanitize function if it has the
	no_sanitize_undefined attribute.

c-family/
	* c-common.c (handle_no_sanitize_undefined_attribute): New function.
	Declare it.
	(struct attribute_spec c_common_att): Add no_sanitize_undefined.
cp/
	* typeck.c (cp_build_binary_op): Don't sanitize function if it has the
	no_sanitize_undefined attribute.
c/
	* c-typeck.c (build_binary_op): Don't sanitize function if it has the
	no_sanitize_undefined attribute.

testsuite/
	* c-c++-common/ubsan/attrib-1.c: New test.

	Marek

--- gcc/c-family/c-common.c.mp2	2013-09-17 15:55:56.417946667 +0200
+++ gcc/c-family/c-common.c	2013-09-17 15:58:55.905513029 +0200
@@ -311,6 +311,8 @@ static tree handle_no_sanitize_address_a
 						  int, bool *);
 static tree handle_no_address_safety_analysis_attribute (tree *, tree, tree,
 							 int, bool *);
+static tree handle_no_sanitize_undefined_attribute (tree *, tree, tree, int,
+						    bool *);
 static tree handle_noinline_attribute (tree *, tree, tree, int, bool *);
 static tree handle_noclone_attribute (tree *, tree, tree, int, bool *);
 static tree handle_leaf_attribute (tree *, tree, tree, int, bool *);
@@ -722,6 +724,9 @@ const struct attribute_spec c_common_att
   { "no_sanitize_address",    0, 0, true, false, false,
 			      handle_no_sanitize_address_attribute,
 			      false },
+  { "no_sanitize_undefined",  0, 0, true, false, false,
+			      handle_no_sanitize_undefined_attribute,
+			      false },
   { "warning",		      1, 1, true,  false, false,
 			      handle_error_attribute, false },
   { "error",		      1, 1, true,  false, false,
@@ -6575,6 +6580,22 @@ handle_no_address_safety_analysis_attrib
   return NULL_TREE;
 }
 
+/* Handle a "no_sanitize_undefined" attribute; arguments as in
+   struct attribute_spec.handler.  */
+
+static tree
+handle_no_sanitize_undefined_attribute (tree *node, tree name, tree, int,
+				      bool *no_add_attrs)
+{
+  if (TREE_CODE (*node) != FUNCTION_DECL)
+    {
+      warning (OPT_Wattributes, "%qE attribute ignored", name);
+      *no_add_attrs = true;
+    }
+
+  return NULL_TREE;
+}
+
 /* Handle a "noinline" attribute; arguments as in
    struct attribute_spec.handler.  */
 
--- gcc/doc/extend.texi.mp2	2013-09-17 15:55:44.250907707 +0200
+++ gcc/doc/extend.texi	2013-09-17 16:06:21.439974916 +0200
@@ -2136,6 +2136,7 @@ attributes are currently defined for fun
 @code{warn_unused_result}, @code{nonnull}, @code{gnu_inline},
 @code{externally_visible}, @code{hot}, @code{cold}, @code{artificial},
 @code{no_sanitize_address}, @code{no_address_safety_analysis},
+@code{no_sanitize_undefined},
 @code{error} and @code{warning}.
 Several other attributes are defined for functions on particular
 target systems.  Other attributes, including @code{section} are
@@ -3500,6 +3501,12 @@ The @code{no_address_safety_analysis} is
 @code{no_sanitize_address} attribute, new code should use
 @code{no_sanitize_address}.
 
+@item no_sanitize_undefined
+@cindex @code{no_sanitize_undefined} function attribute
+The @code{no_sanitize_undefined} attribute on functions is used
+to inform the compiler that it should not check for undefined behavior
+in the function when compiling with the @option{-fsanitize=undefined} option.
+
 @item regparm (@var{number})
 @cindex @code{regparm} attribute
 @cindex functions that are passed arguments in registers on the 386
--- gcc/cp/typeck.c.mp2	2013-09-17 16:10:49.935644344 +0200
+++ gcc/cp/typeck.c	2013-09-17 16:11:20.601743694 +0200
@@ -4887,6 +4887,8 @@ cp_build_binary_op (location_t location,
   if ((flag_sanitize & SANITIZE_UNDEFINED)
       && !processing_template_decl
       && current_function_decl != 0
+      && !lookup_attribute ("no_sanitize_undefined",
+			    DECL_ATTRIBUTES (current_function_decl))
       && (doing_div_or_mod || doing_shift))
     {
       /* OP0 and/or OP1 might have side-effects.  */
--- gcc/c/c-typeck.c.mp2	2013-09-17 16:09:31.423381687 +0200
+++ gcc/c/c-typeck.c	2013-09-17 16:10:00.626476422 +0200
@@ -10498,6 +10498,8 @@ build_binary_op (location_t location, en
 
   if (flag_sanitize & SANITIZE_UNDEFINED
       && current_function_decl != 0
+      && !lookup_attribute ("no_sanitize_undefined",
+			    DECL_ATTRIBUTES (current_function_decl))
       && (doing_div_or_mod || doing_shift))
     {
       /* OP0 and/or OP1 might have side-effects.  */
--- gcc/testsuite/c-c++-common/ubsan/attrib-1.c.mp2	2013-09-17 16:33:46.729660165 +0200
+++ gcc/testsuite/c-c++-common/ubsan/attrib-1.c	2013-09-17 16:43:22.308566840 +0200
@@ -0,0 +1,33 @@
+/* PR sanitizer/58411 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=undefined -w" } */
+
+__attribute__((no_sanitize_undefined)) int
+f1 (int i)
+{
+  return 16 << i;
+}
+
+int f2 (int i);
+int f2 (int i) __attribute__((no_sanitize_undefined));
+int f2 (int i) __attribute__((no_sanitize_undefined));
+int f2 (int i);
+
+int
+f2 (int i)
+{
+  return 1 / i;
+}
+
+void f3 (void);
+__typeof (f3) f3  __attribute__((__no_sanitize_undefined__));
+
+void
+f3 (void)
+{
+  __builtin_unreachable ();
+}
+
+/* { dg-final { scan-assembler-not "__ubsan_handle_shift_out_of_bounds" } } */
+/* { dg-final { scan-assembler-not "__ubsan_handle_divrem_overflow" } } */
+/* { dg-final { scan-assembler-not "__ubsan_handle_builtin_unreachable" } } */
--- gcc/builtins.c.mp2	2013-09-17 16:13:26.623161281 +0200
+++ gcc/builtins.c	2013-09-17 16:15:20.846557451 +0200
@@ -10313,7 +10313,9 @@ fold_builtin_0 (location_t loc, tree fnd
       return fold_builtin_classify_type (NULL_TREE);
 
     case BUILT_IN_UNREACHABLE:
-      if (flag_sanitize & SANITIZE_UNREACHABLE)
+      if (flag_sanitize & SANITIZE_UNREACHABLE
+	  && !lookup_attribute ("no_sanitize_undefined",
+				DECL_ATTRIBUTES (current_function_decl)))
 	return ubsan_instrument_unreachable (loc);
       break;