Hello. It can happen with inlining and -fno-tree-dce that VAR_DECL for a SSA NAME was removed and thus the poisoning should not have any usage.
Patch can bootstrap on ppc64le-redhat-linux and survives regression tests. Ready to be installed? Martin
>From d8aa72dc1d696f5500c00b6c2f532f2a87cf58d2 Mon Sep 17 00:00:00 2001 From: marxin <mli...@suse.cz> Date: Thu, 2 Mar 2017 11:55:00 +0100 Subject: [PATCH] Fix ICE in use-after-scope w/ -fno-tree-dce (PR sanitize/79783). gcc/ChangeLog: 2017-03-02 Martin Liska <mli...@suse.cz> PR sanitize/79783 * asan.c (asan_expand_poison_ifn): Do not expand ASAN_POISON when having a SSA NAME w/o VAR_DECL assigned to it. gcc/testsuite/ChangeLog: 2017-03-02 Martin Liska <mli...@suse.cz> PR sanitize/79783 * g++.dg/asan/pr79783.C: New test. --- gcc/asan.c | 5 ++++- gcc/testsuite/g++.dg/asan/pr79783.C | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/g++.dg/asan/pr79783.C diff --git a/gcc/asan.c b/gcc/asan.c index 6cdd59b7ea7..307423ced03 100644 --- a/gcc/asan.c +++ b/gcc/asan.c @@ -3107,7 +3107,10 @@ asan_expand_poison_ifn (gimple_stmt_iterator *iter, { gimple *g = gsi_stmt (*iter); tree poisoned_var = gimple_call_lhs (g); - if (!poisoned_var) + + /* It can happen with inlining and -fno-tree-dce that VAR_DECL for a SSA + NAME was removed and thus the poisoning should not have any usage. */ + if (!poisoned_var || SSA_NAME_VAR (poisoned_var) == NULL_TREE) { gsi_remove (iter, true); return true; diff --git a/gcc/testsuite/g++.dg/asan/pr79783.C b/gcc/testsuite/g++.dg/asan/pr79783.C new file mode 100644 index 00000000000..939f60b2819 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/pr79783.C @@ -0,0 +1,19 @@ +// PR sanitizer/79783 +// { dg-options "-fno-tree-dce" } + +struct A +{ + static void foo(const char&) {} +}; + +struct B +{ + B() { A::foo(char()); } +}; + +struct C +{ + virtual void bar() const { B b; } +}; + +C c; -- 2.11.1