On Mon, Jun 13, 2016 at 08:39:43PM +0200, Jakub Jelinek wrote:
> Hi!
>
> As has been discussed in the original -fsanitize=bounds submission,
> walk_tree for BIND_EXPR walks the body and
> DECL_INITIAL/DECL_SIZE/DECL_SIZE_UNIT of all the BIND_EXPR_VARS.
> For -fsanitize=bounds instrumentation, we want to avoid walking DECL_INITIAL
> of TREE_STATIC vars, so should set *walk_subtrees to 0 and walk it all
> ourselves. But, what the committed code actually does is that for
> BIND_EXPRs that contain no TREE_STATIC vars, it walks
> DECL_INITIAL/DECL_SIZE/DECL_SIZE_UNIT of all the BIND_EXPR_VARS, and then
> walks subtrees normally, which means walking the body (good) and all the
> DECL_INITIAL/DECL_SIZE/DECL_SIZE_UNIT exprs again (waste of time, we use
> hash_set for duplicates, so just inefficiency).
> But, if any TREE_STATIC vars appears, we set *walk_subtrees to 0 and
> forget to walk the body (the primary bug).
Ouch :(.
> Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
> trunk?
Ok, thanks.
Marek
