do not tailcall __sanitizer_cov_trace_pc [PR90746]

When instrumentation is requested via -fsanitize-coverage=trace-pc, GCC
emits calls of __sanitizer_cov_trace_pc callback in each basic block.
This callback is supposed to be implemented by the user, and should be
able to identify the containing basic block by inspecting its return
address. Tailcalling the callback prevents that, so disallow it.

gcc/ChangeLog:

	PR sanitizer/90746
	* calls.cc (can_implement_as_sibling_call_p): Reject calls
	to __sanitizer_cov_trace_pc.

gcc/testsuite/ChangeLog:

	PR sanitizer/90746
	* gcc.dg/sancov/basic0.c: Verify absence of tailcall.

1 files changed, 10 insertions, 0 deletions

diff --git a/gcc/calls.cc b/gcc/calls.cc
index 4d7f6c3..1c9abcc 100644
--- a/gcc/calls.cc
+++ b/gcc/calls.cc
@@ -2541,6 +2541,16 @@ can_implement_as_sibling_call_p (tree exp,
       return false;
     }
 
+  /* __sanitizer_cov_trace_pc is supposed to inspect its return address
+     to identify the caller, and therefore should not be tailcalled.  */
+  if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
+      && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_SANITIZER_COV_TRACE_PC)
+    {
+      /* No need for maybe_complain_about_tail_call here:
+	 the call is synthesized by the compiler.  */
+      return false;
+    }
+
   /* If the called function is nested in the current one, it might access
      some of the caller's arguments, but could clobber them beforehand if
      the argument areas are shared.  */