On Fri, 22 Mar 2024, Jakub Jelinek wrote:
> Hi!
>
> On x86 and avr some address spaces allow 0 pointers (on avr actually
> even generic as, but libsanitizer isn't ported to it and
> I'm not convinced we should completely kill -fsanitize=null in that
> case).
> The following patch makes sure those aren't diagnosed for -fsanitize=null,
> though they are still sanitized for -fsanitize=alignment.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
OK.
> 2024-03-22 Jakub Jelinek <ja...@redhat.com>
>
> PR sanitizer/111736
> * ubsan.cc (ubsan_expand_null_ifn, instrument_mem_ref): Avoid
> SANITIZE_NULL instrumentation for non-generic address spaces
> for which targetm.addr_space.zero_address_valid (as) is true.
>
> * gcc.dg/ubsan/pr111736.c: New test.
>
> --- gcc/ubsan.cc.jj 2024-03-13 09:16:37.791885010 +0100
> +++ gcc/ubsan.cc 2024-03-22 08:11:50.093131678 +0100
> @@ -858,6 +858,13 @@ ubsan_expand_null_ifn (gimple_stmt_itera
> }
> }
> check_null = sanitize_flags_p (SANITIZE_NULL);
> + if (check_null && POINTER_TYPE_P (TREE_TYPE (ptr)))
> + {
> + addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (TREE_TYPE (ptr)));
> + if (!ADDR_SPACE_GENERIC_P (as)
> + && targetm.addr_space.zero_address_valid (as))
> + check_null = false;
> + }
>
> if (check_align == NULL_TREE && !check_null)
> {
> @@ -1447,8 +1454,15 @@ instrument_mem_ref (tree mem, tree base,
> if (align <= 1)
> align = 0;
> }
> - if (align == 0 && !sanitize_flags_p (SANITIZE_NULL))
> - return;
> + if (align == 0)
> + {
> + if (!sanitize_flags_p (SANITIZE_NULL))
> + return;
> + addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (base));
> + if (!ADDR_SPACE_GENERIC_P (as)
> + && targetm.addr_space.zero_address_valid (as))
> + return;
> + }
> tree t = TREE_OPERAND (base, 0);
> if (!POINTER_TYPE_P (TREE_TYPE (t)))
> return;
> --- gcc/testsuite/gcc.dg/ubsan/pr111736.c.jj 2024-03-21 13:50:49.482348296
> +0100
> +++ gcc/testsuite/gcc.dg/ubsan/pr111736.c 2024-03-21 13:53:33.789091054
> +0100
> @@ -0,0 +1,23 @@
> +/* PR sanitizer/111736 */
> +/* { dg-do compile { target i?86-*-* x86_64-*-* } } */
> +/* { dg-options "-fsanitize=null,alignment -fdump-tree-optimized
> -ffat-lto-objects" } */
> +/* { dg-final { scan-tree-dump-times "__ubsan_handle_type_mismatch" 1
> "optimized" } } */
> +/* { dg-final { scan-tree-dump-not "p_\[0-9]*.D. \[=!]= 0" "optimized" } } */
> +
> +#ifdef __x86_64__
> +#define SEG __seg_fs
> +#else
> +#define SEG __seg_gs
> +#endif
> +
> +int
> +foo (int SEG *p, int *q)
> +{
> + return *p;
> +}
> +
> +__attribute__((no_sanitize("alignment"))) int
> +bar (int SEG *p, int *q)
> +{
> + return *p;
> +}
>
> Jakub
>
>
--
Richard Biener <rguent...@suse.de>
SUSE Software Solutions Germany GmbH,
Frankenstrasse 146, 90461 Nuernberg, Germany;
GF: Ivo Totev, Andrew McDonald, Werner Knoblich; (HRB 36809, AG Nuernberg)
