Hi!
The following testcase ICEs, because base_checks vector contains
stale statements, and can_remove_asan_check relies on them not to be
there anymore (assumes that all statements in the vector dominate
the current statement, if that is not true, the loop going through immediate
dominators won't reach the basic block of the stmt in the vector).
Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
2014-12-03 Jakub Jelinek <ja...@redhat.com>
PR sanitizer/64170
* sanopt.c (maybe_optimize_asan_check_ifn): If base_checks is
non-NULL, call maybe_get_dominating_check on it even if g is
non-NULL.
* gcc.dg/asan/pr64170.c: New test.
--- gcc/sanopt.c.jj 2014-12-03 16:33:05.000000000 +0100
+++ gcc/sanopt.c 2014-12-03 20:40:17.792093188 +0100
@@ -408,12 +408,13 @@ maybe_optimize_asan_check_ifn (struct sa
}
gimple g = maybe_get_dominating_check (*ptr_checks);
+ gimple g2 = NULL;
- if (!g && base_checks)
+ if (base_checks)
/* Try with base address as well. */
- g = maybe_get_dominating_check (*base_checks);
+ g2 = maybe_get_dominating_check (*base_checks);
- if (!g)
+ if (g == NULL && g2 == NULL)
{
/* For this PTR we don't have any ASAN_CHECK stmts recorded, so there's
nothing to optimize yet. */
--- gcc/testsuite/gcc.dg/asan/pr64170.c.jj 2014-12-03 20:43:38.632538130
+0100
+++ gcc/testsuite/gcc.dg/asan/pr64170.c 2014-12-03 20:46:20.123679590 +0100
@@ -0,0 +1,17 @@
+/* PR sanitizer/64170 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=address,null" } */
+
+int a, *b, c;
+void bar (int);
+
+void
+foo (void)
+{
+ char *d = (char *) b;
+ if (d[0] && d[1])
+ return;
+ if (c)
+ a = *(int *) d;
+ bar (*(int *) d);
+}
Jakub
