[Bug sanitizer/95137] Sanitizers seem to be missing support for coroutines

Sun, 30 Jan 2022 15:37:50 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95137

Barnabás Pőcze <pobrn at protonmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pobrn at protonmail dot com

--- Comment #46 from Barnabás Pőcze <pobrn at protonmail dot com> ---
(In reply to stream009 from comment #42)
> I got strange compile error when I use coroutine with UBSAN.
> 
> The weird thing is error is reported in compile time not runtime.
> The code compile fine without UBSAN.
> [...]
> === begin compile error ===
> <source>: In function 'void _Z5errori.actor(error(int)::_Z5errori.frame*)':
> <source>:21:9: warning: '<anonymous>' may be used uninitialized
> [-Wmaybe-uninitialized]
>    21 |         co_return;
>       |         ^~~~~~~~~
> <source>:21:9: note: '<anonymous>' was declared here
>    21 |         co_return;
>       |         ^~~~~~~~~
> === end compile error ===

I am not familiar with the internals of gcc at all, but it appears that this is
due to incorrect code generation. When ubsan is not used, the generated gimple
looks like this:

            if (_13 == 0) goto <D.9511>; else goto <D.9512>;
            <D.9511>:
            _14 = &frame_ptr->__p;
            result::promise_type::return_void (_14);
            goto final.suspend;
            <D.9512>:
            _15 = &frame_ptr->__p;
            result::promise_type::return_void (_15);

when ubsan is used, however:

            if (_8 == 0) goto <D.9936>; else goto <D.9937>;
            <D.9936>:
            D.9938 = &frame_ptr->__p;
            .UBSAN_NULL (D.9938, 4B, 0);
            result::promise_type::return_void (D.9938);
            goto final.suspend;
            <D.9937>:
            .UBSAN_NULL (D.9938, 4B, 0);
            result::promise_type::return_void (D.9938);

`D.9938` is not initialized, and I guess hence the warning.

---

I have noticed that this does not happen on
f6f2d6cfec1c2fe9570b98211be58329d8d7749b, so out of curiosity I tried to bisect
gcc:

> git bisect start
> # new: [f6f2d6cfec1c2fe9570b98211be58329d8d7749b] Daily bump.
> git bisect new f6f2d6cfec1c2fe9570b98211be58329d8d7749b
> # old: [7ca388565af176bd4efd4f8db1e5e9e11e98ef45] Update ChangeLog and 
> version files for release
> git bisect old 7ca388565af176bd4efd4f8db1e5e9e11e98ef45
> # old: [250f234988b6231669a720c52101d3686d645072] testsuite: Fix up 
> gcc.target/s390/zero-scratch-regs-1.c
> git bisect old 250f234988b6231669a720c52101d3686d645072
> # old: [79513dc0b2d980bfd1b109d0d502de487c02b894] compiler: don't pad 
> zero-sized trailing field in results struct
> git bisect old 79513dc0b2d980bfd1b109d0d502de487c02b894
> # new: [1b62cddcf091fb8cadf575246a7d3ff778650a6b] Fix ipa-modref pure/const 
> discovery
> git bisect new 1b62cddcf091fb8cadf575246a7d3ff778650a6b
> # new: [247bac507e63b32d4dc23ef1c55f300aafea24c6] libstdc++: Simplify 
> std::basic_regex::assign
> git bisect new 247bac507e63b32d4dc23ef1c55f300aafea24c6
> # new: [d5f8abe1d3f718a75cbff0a453c1d961be5939b7] Use on-demand ranges in 
> ssa_name_has_boolean_range before querying nonzero bits.
> git bisect new d5f8abe1d3f718a75cbff0a453c1d961be5939b7
> # new: [7d79c3ebc3f3f6f8aecf83726c97474ae5cfe957] Don't record string 
> concatenation data for 'RESERVED_LOCATION_P'
> git bisect new 7d79c3ebc3f3f6f8aecf83726c97474ae5cfe957
> # new: [8137be3958be4e5421c283cce3e5b50dbb80b84e] mips: Fix macro typo
> git bisect new 8137be3958be4e5421c283cce3e5b50dbb80b84e
> # old: [caef5203d64e61da506909d58890035af32a6239] Fix internal error on 
> pointer-to-pointer binding in LTO mode
> git bisect old caef5203d64e61da506909d58890035af32a6239
> # new: [cc1e28878a228b6c4a0872e56d97ac88971b7725] libstdc++: Check for TLS 
> support on mingw cross-compilers
> git bisect new cc1e28878a228b6c4a0872e56d97ac88971b7725
> # new: [70ee703c479081ac2ea67eb67041551216e66783] coroutines: Make proxy vars 
> for the function arg copies.
> git bisect new 70ee703c479081ac2ea67eb67041551216e66783
> # old: [bd55fa102715c7442c050b193dadfdb5337e2377] Fix PR ada/101970
> git bisect old bd55fa102715c7442c050b193dadfdb5337e2377
> # old: [f008fd3a480e3718436156697ebe7eeb47841457] c++: Fix 
> __is_*constructible/assignable for templates [PR102305]
> git bisect old f008fd3a480e3718436156697ebe7eeb47841457
> # old: [de07cff96abd43f6f65dcf333958899c2ec42598] c++: empty union member 
> activation during constexpr [PR102163]
> git bisect old de07cff96abd43f6f65dcf333958899c2ec42598
> # skip: [c5a735fa9df7eca4666c8da5e51ed9c5ab7cc81a] coroutines: Expose 
> implementation state to the debugger.
> git bisect skip c5a735fa9df7eca4666c8da5e51ed9c5ab7cc81a
> # only skipped commits left to test
> # possible first new commit: [70ee703c479081ac2ea67eb67041551216e66783] 
> coroutines: Make proxy vars for the function arg copies.
> # possible first new commit: [c5a735fa9df7eca4666c8da5e51ed9c5ab7cc81a] 
> coroutines: Expose implementation state to the debugger.

Unfortunately, when I got to c5a735fa9df7eca4666c8da5e51ed9c5ab7cc81a, it did
not build; I am not sure where I had gone wrong:

> g++ -std=c++11  -fno-PIE -c  -DIN_GCC_FRONTEND -g -DIN_GCC     
> -fno-exceptions -fno-rtti -fasynchronous-unwind-tables -W -Wall 
> -Wno-narrowing -Wwrite-strings -Wcast-qual -Wno-error=format-diag -Wno-format 
> -Wmissing-format-attribute -Woverloaded-virtual -pedantic -Wno-long-long 
> -Wno-variadic-macros -Wno-overlength-strings   -DHAVE_CONFIG_H -I. -Icp 
> -I../.././gcc -I../.././gcc/cp -I../.././gcc/../include 
> -I../.././gcc/../libcpp/include -I../.././gcc/../libcody  
> -I../.././gcc/../libdecnumber -I../.././gcc/../libdecnumber/bid 
> -I../libdecnumber -I../.././gcc/../libbacktrace   -o cp/coroutines.o -MT 
> cp/coroutines.o -MMD -MP -MF cp/.deps/coroutines.TPo 
> ../.././gcc/cp/coroutines.cc
> ../.././gcc/cp/coroutines.cc: In function ‘void build_actor_fn(location_t, 
> tree, tree, tree, tree, hash_map<tree_node*, local_var_info>*, 
> vec<tree_node*, va_gc>*, tree, unsigned int, tree)’:
> ../.././gcc/cp/coroutines.cc:2180:30: error: ‘param_uses’ was not declared in 
> this scope
>  2180 |           param_info &parm = param_uses->get_or_insert (arg, 
> &existed);
>       |                              ^~~~~~~~~~

---

Nonetheless, on 70ee703c479081ac2ea67eb67041551216e66783, the generated gimple
with ubsan looks like this:

            if (_13 == 0) goto <D.9957>; else goto <D.9958>;
            <D.9957>:
            _14 = &frame_ptr->_Coro_promise;
            result::promise_type::return_void (_14);
            goto final.suspend;
            <D.9958>:
            _15 = &frame_ptr->_Coro_promise;
            result::promise_type::return_void (_15);

Interestingly, even with ubsan, the checks are now gone.

Reply via email to