On 11/01/2016 03:53 PM, Jakub Jelinek wrote:
> What kind of false positives it is for each case? Is it with normal
> asan-bootstrap (without your -fsanitize-use-after-scope changes), or
> only with those changes, or only with those changes and
> -fsanitize-use-after-scope used during bootstrap?
Ok, the situation is simpler than I thought:
#include <stdio.h>
int main(int argc, char **argv)
{
int *ptr;
switch (argc)
{
int a;
case 1:
break;
default:
ptr = &a;
break;
}
fprintf (stderr, "v: %d\n", *ptr);
return 0;
}
Which is gimplified as:
int * ptr;
switch (argc) <default: <D.2575>, case 1: <D.2573>>
{
int a;
try
{
ASAN_MARK (2, &a, 4);
<D.2573>:
goto <D.2574>;
<D.2575>:
ptr = &a;
goto <D.2574>;
}
finally
{
ASAN_MARK (1, &a, 4);
}
}
<D.2574>:
_1 = *ptr;
stderr.0_2 = stderr;
fprintf (stderr.0_2, "v: %d\n", _1);
D.2577 = 0;
return D.2577;
}
D.2577 = 0;
return D.2577;
and thus we get:
/tmp/switch-case.c:9:11: warning: statement will never be executed
[-Wswitch-unreachable]
int a;
I'm wondering where properly fix that, we can either find all these ASAN_MARKs
in gimplify_switch_expr
and distribute it to all labels (which are gimplified). Or we can put such
variables to asan_poisoned_variables
if we have information that we're gimplifing statements before a first label.
Do we know that from gimple context?
If so, these variables will be unpoisoned at the very beginning of each label
and the ASAN_MARK call in between
switch statement and a first label can be removed.
Thoughts?
Thanks,
Martin
