diff options
| author | Martin Liska <marxin@gcc.gnu.org> | 2017-01-23 12:06:13 +0000 |
|---|---|---|
| committer | Martin Liska <marxin@gcc.gnu.org> | 2017-01-23 12:06:13 +0000 |
| commit | f6b9f2ffc190054ca8f4dad110d85613964d2006 (patch) | |
| tree | 36be2ac0b98ff565f4e87f29d7da27515ced8305 /gcc/tree-into-ssa.c | |
| parent | a51368fad9985f84e3215cf9897f389698fbbba5 (diff) | |
| download | gcc-f6b9f2ffc190054ca8f4dad110d85613964d2006.zip gcc-f6b9f2ffc190054ca8f4dad110d85613964d2006.tar.gz gcc-f6b9f2ffc190054ca8f4dad110d85613964d2006.tar.bz2 | |
use-after-scope: handle writes to a poisoned variable
2017-01-23 Martin Liska <mliska@suse.cz>
* gcc.dg/asan/use-after-scope-10.c: New test.
* gcc.dg/asan/use-after-scope-11.c: New test.
* g++.dg/asan/use-after-scope-5.C: New test.
2017-01-23 Jakub Jelinek <jakub@redhat.com>
Martin Liska <mliska@suse.cz>
* asan.h: Define ASAN_USE_AFTER_SCOPE_ATTRIBUTE.
* asan.c (asan_expand_poison_ifn): Support stores and use
appropriate ASAN report function.
* internal-fn.c (expand_ASAN_POISON_USE): New function.
* internal-fn.def (ASAN_POISON_USE): Declare.
* tree-into-ssa.c (maybe_add_asan_poison_write): New function.
(maybe_register_def): Create ASAN_POISON_USE when sanitizing.
* tree-ssa-dce.c (eliminate_unnecessary_stmts): Remove
ASAN_POISON calls w/o LHS.
* tree-ssa.c (execute_update_addresses_taken): Create clobber
for ASAN_MARK (UNPOISON, &x, ...) in order to prevent usage of a LHS
from ASAN_MARK (POISON, &x, ...) coming to a PHI node.
* gimplify.c (asan_poison_variables): Add attribute
use_after_scope_memory to variables that really needs to live
in memory.
* tree-ssa.c (is_asan_mark_p): Do not rewrite into SSA when
having the attribute.
From-SVN: r244793
Diffstat (limited to 'gcc/tree-into-ssa.c')
| -rw-r--r-- | gcc/tree-into-ssa.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/gcc/tree-into-ssa.c b/gcc/tree-into-ssa.c index c7df237..22261c1 100644 --- a/gcc/tree-into-ssa.c +++ b/gcc/tree-into-ssa.c @@ -38,6 +38,7 @@ along with GCC; see the file COPYING3. If not see #include "tree-ssa.h" #include "domwalk.h" #include "statistics.h" +#include "asan.h" #define PERCENT(x,y) ((float)(x) * 100.0 / (float)(y)) @@ -1807,6 +1808,26 @@ maybe_replace_use_in_debug_stmt (use_operand_p use_p) } +/* If DEF has x_5 = ASAN_POISON () as its current def, add + ASAN_POISON_USE (x_5) stmt before GSI to denote the stmt writes into + a poisoned (out of scope) variable. */ + +static void +maybe_add_asan_poison_write (tree def, gimple_stmt_iterator *gsi) +{ + tree cdef = get_current_def (def); + if (cdef != NULL + && TREE_CODE (cdef) == SSA_NAME + && gimple_call_internal_p (SSA_NAME_DEF_STMT (cdef), IFN_ASAN_POISON)) + { + gcall *call + = gimple_build_call_internal (IFN_ASAN_POISON_USE, 1, cdef); + gimple_set_location (call, gimple_location (gsi_stmt (*gsi))); + gsi_insert_before (gsi, call, GSI_SAME_STMT); + } +} + + /* If the operand pointed to by DEF_P is an SSA name in NEW_SSA_NAMES or OLD_SSA_NAMES, or if it is a symbol marked for renaming, register it as the current definition for the names replaced by @@ -1837,7 +1858,11 @@ maybe_register_def (def_operand_p def_p, gimple *stmt, def = get_or_create_ssa_default_def (cfun, sym); } else - def = make_ssa_name (def, stmt); + { + if (asan_sanitize_use_after_scope ()) + maybe_add_asan_poison_write (def, &gsi); + def = make_ssa_name (def, stmt); + } SET_DEF (def_p, def); tree tracked_var = target_for_debug_bind (sym); |