Hello.
It can happen with inlining and -fno-tree-dce that VAR_DECL for a SSA
NAME was removed and thus the poisoning should not have any usage.
Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.
Ready to be installed?
Martin
>From d8aa72dc1d696f5500c00b6c2f532f2a87cf58d2 Mon Sep 17 00:00:00 2001
From: marxin <mli...@suse.cz>
Date: Thu, 2 Mar 2017 11:55:00 +0100
Subject: [PATCH] Fix ICE in use-after-scope w/ -fno-tree-dce (PR
sanitize/79783).
gcc/ChangeLog:
2017-03-02 Martin Liska <mli...@suse.cz>
PR sanitize/79783
* asan.c (asan_expand_poison_ifn): Do not expand ASAN_POISON
when having a SSA NAME w/o VAR_DECL assigned to it.
gcc/testsuite/ChangeLog:
2017-03-02 Martin Liska <mli...@suse.cz>
PR sanitize/79783
* g++.dg/asan/pr79783.C: New test.
---
gcc/asan.c | 5 ++++-
gcc/testsuite/g++.dg/asan/pr79783.C | 19 +++++++++++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/g++.dg/asan/pr79783.C
diff --git a/gcc/asan.c b/gcc/asan.c
index 6cdd59b7ea7..307423ced03 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -3107,7 +3107,10 @@ asan_expand_poison_ifn (gimple_stmt_iterator *iter,
{
gimple *g = gsi_stmt (*iter);
tree poisoned_var = gimple_call_lhs (g);
- if (!poisoned_var)
+
+ /* It can happen with inlining and -fno-tree-dce that VAR_DECL for a SSA
+ NAME was removed and thus the poisoning should not have any usage. */
+ if (!poisoned_var || SSA_NAME_VAR (poisoned_var) == NULL_TREE)
{
gsi_remove (iter, true);
return true;
diff --git a/gcc/testsuite/g++.dg/asan/pr79783.C b/gcc/testsuite/g++.dg/asan/pr79783.C
new file mode 100644
index 00000000000..939f60b2819
--- /dev/null
+++ b/gcc/testsuite/g++.dg/asan/pr79783.C
@@ -0,0 +1,19 @@
+// PR sanitizer/79783
+// { dg-options "-fno-tree-dce" }
+
+struct A
+{
+ static void foo(const char&) {}
+};
+
+struct B
+{
+ B() { A::foo(char()); }
+};
+
+struct C
+{
+ virtual void bar() const { B b; }
+};
+
+C c;
--
2.11.1
