diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2021-10-01 14:27:32 +0200 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2021-10-01 14:27:32 +0200 |
| commit | 9c1a633d96926357155d4702b66f8a0ec856a81f (patch) | |
| tree | afb3047a365ca5ae004bdcf0875dace7c9d6b5f1 /.gitattributes | |
| parent | 1c6a8b8013febce5154ed3db8b5a446ca8e1aebf (diff) | |
| download | gcc-9c1a633d96926357155d4702b66f8a0ec856a81f.zip gcc-9c1a633d96926357155d4702b66f8a0ec856a81f.tar.gz gcc-9c1a633d96926357155d4702b66f8a0ec856a81f.tar.bz2 | |
ubsan: Move INT_MIN / -1 instrumentation from -fsanitize=integer-divide-by-zero to -fsanitize=signed-integer-overflow [PR102515]
As noted by Richi, in clang INT_MIN / -1 is instrumented under
-fsanitize=signed-integer-overflow rather than
-fsanitize=integer-divide-by-zero as we did and doing it in the former
makes more sense, as it is overflow during division rather than division
by zero.
I've verified on godbolt that clang behaved that way since 3.2-ish times or
so when sanitizers were added.
Furthermore, we've been using
-f{,no-}sanitize-recover=integer-divide-by-zero to decide on the float
-fsanitize=float-divide-by-zero instrumentation _abort suffix.
The case where INT_MIN / -1 is instrumented by one sanitizer and
x / 0 by another one when both are enabled is slightly harder if
the -f{,no-}sanitize-recover={integer-divide-by-zero,signed-integer-overflow}
flags differ, then we need to emit both __ubsan_handle_divrem_overflow
and __ubsan_handle_divrem_overflow_abort calls guarded by their respective
checks rather than one guarded by check1 || check2.
2021-10-01 Jakub Jelinek <jakub@redhat.com>
Richard Biener <rguenther@suse.de>
PR sanitizer/102515
gcc/
* doc/invoke.texi (-fsanitize=integer-divide-by-zero): Remove
INT_MIN / -1 division detection from here ...
(-fsanitize=signed-integer-overflow): ... and add it here.
gcc/c-family/
* c-ubsan.c (ubsan_instrument_division): Check the right
flag_sanitize_recover bit, depending on which sanitization
is done. Sanitize INT_MIN / -1 under SANITIZE_SI_OVERFLOW
rather than SANITIZE_DIVIDE. If both SANITIZE_SI_OVERFLOW
and SANITIZE_DIVIDE is enabled, neither check is known
to be false and flag_sanitize_recover bits for those two
aren't the same, emit both __ubsan_handle_divrem_overflow
and __ubsan_handle_divrem_overflow_abort calls.
gcc/c/
* c-typeck.c (build_binary_op): Call ubsan_instrument_division
for division even for SANITIZE_SI_OVERFLOW.
gcc/cp/
* typeck.c (cp_build_binary_op): Call ubsan_instrument_division
for division even for SANITIZE_SI_OVERFLOW.
gcc/testsuite/
* c-c++-common/ubsan/div-by-zero-3.c: Use
-fsanitize=signed-integer-overflow instead of
-fsanitize=integer-divide-by-zero.
* c-c++-common/ubsan/div-by-zero-5.c: Likewise.
* c-c++-common/ubsan/div-by-zero-4.c: Likewise. Add
-fsanitize-undefined-trap-on-error.
* c-c++-common/ubsan/float-div-by-zero-2.c: New test.
* c-c++-common/ubsan/overflow-div-1.c: New test.
* c-c++-common/ubsan/overflow-div-2.c: New test.
* c-c++-common/ubsan/overflow-div-3.c: New test.
Diffstat (limited to '.gitattributes')
0 files changed, 0 insertions, 0 deletions