On April 9, 2015 8:11:22 PM GMT+02:00, Jakub Jelinek <ja...@redhat.com> wrote:
>Hi!
>
>As can be seen on the following testcase, instrument_mem_ref (for
>both -fsanitize=alignment and -fsanitize=null) has been using wrong
>type
>to find out what is the access type - instead of the type of MEM_REF
>which is the access type it was using the TREE_TYPE of MEM_REF's
>argument
>type, which can be some arbitrary other type, either due to type
>punning,
>or if it is a SSA_NAME it can be random other type because most pointer
>types are considered type compatible in GIMPLE.
>
>Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok
>for
>trunk?
OK.
Thanks,
Richard.
>2015-04-09 Jakub Jelinek <ja...@redhat.com>
>
> PR tree-optimization/65709
> * ubsan.c (instrument_mem_ref): Use TREE_TYPE (base) instead of
> TREE_TYPE (TREE_TYPE (t)).
>
> * c-c++-common/ubsan/align-9.c: New test.
>
>--- gcc/ubsan.c.jj 2015-03-27 10:48:33.000000000 +0100
>+++ gcc/ubsan.c 2015-04-09 10:05:48.841221438 +0200
>@@ -1232,9 +1232,9 @@ instrument_mem_ref (tree mem, tree base,
> tree t = TREE_OPERAND (base, 0);
> if (!POINTER_TYPE_P (TREE_TYPE (t)))
> return;
>- if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (TREE_TYPE (t))) && mem !=
>base)
>+ if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (base)) && mem != base)
> ikind = UBSAN_MEMBER_ACCESS;
>- tree kind = build_int_cst (TREE_TYPE (t), ikind);
>+ tree kind = build_int_cst (build_pointer_type (TREE_TYPE (base)),
>ikind);
> tree alignt = build_int_cst (pointer_sized_int_node, align);
>gcall *g = gimple_build_call_internal (IFN_UBSAN_NULL, 3, t, kind,
>alignt);
> gimple_set_location (g, gimple_location (gsi_stmt (*iter)));
>--- gcc/testsuite/c-c++-common/ubsan/align-9.c.jj 2015-04-09
>10:11:15.227973011 +0200
>+++ gcc/testsuite/c-c++-common/ubsan/align-9.c 2015-04-09
>10:13:16.857017169 +0200
>@@ -0,0 +1,21 @@
>+/* Limit this to known non-strict alignment targets. */
>+/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */
>+/* { dg-options "-O2 -fsanitize=alignment
>-fsanitize-recover=alignment" } */
>+
>+__attribute__((noinline, noclone)) void
>+foo (void *p, const void *q)
>+{
>+ *(long int *) p = *(const long int *) q;
>+}
>+
>+int
>+main ()
>+{
>+ struct S { long c; char f[64]; char d; char e[2 * sizeof (long)];
>char g[64]; } s;
>+ __builtin_memset (&s, '\0', sizeof s);
>+ foo (&s.e[0], &s.e[sizeof (long)]);
>+ return 0;
>+}
>+
>+/* { dg-output "\.c:8:\[0-9]*: \[^\n\r]*load of misaligned address
>0x\[0-9a-fA-F]* for type 'const long int', which requires \[48] byte
>alignment.*" } */
>+/* { dg-output "\.c:8:\[0-9]*: \[^\n\r]*store to misaligned address
>0x\[0-9a-fA-F]* for type 'long int', which requires \[48] byte
>alignment" } */
>
> Jakub
