On Wed, Jan 18, 2017 at 04:34:48PM +0100, Martin Liška wrote: > Hello. > > During bootstrap, I came to following test-case: > > struct A > { > int regno; > }; > struct > { > A base; > } typedef *df_ref; > int *a; > void > fn1 (int N) > { > for (int i = 0; i < N; i++) > { > df_ref b; > a[(b)->base.regno]++; > } > }
Well, in this case it is UB too, just not actually out of bounds access, but use of uninitialized variable. Perhaps what we should do, in addition to turning ASAN_MARK (POISON, &b, ...) into b = ASAN_POISON (); turn ASAN_MARK (UNPOISON, &b, ...) into b = b_YYY(D); The following seems to do the job: --- gcc/tree-ssa.c.jj 2017-01-19 17:20:15.000000000 +0100 +++ gcc/tree-ssa.c 2017-01-19 17:29:58.015356370 +0100 @@ -1911,7 +1911,16 @@ execute_update_addresses_taken (void) gsi_replace (&gsi, call, GSI_SAME_STMT); } else - gsi_remove (&gsi, true); + { + /* In ASAN_MARK (UNPOISON, &b, ...) the variable + is uninitialized. Avoid dependencies on + previous out of scope value. */ + tree clobber + = build_constructor (TREE_TYPE (var), NULL); + TREE_THIS_VOLATILE (clobber) = 1; + gimple *g = gimple_build_assign (var, clobber); + gsi_replace (&gsi, g, GSI_SAME_STMT); + } continue; } } Jakub