https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61591
Bug ID: 61591
Summary: Undefined behavior sanitizer does not catch
builtin_unreachable's from impossible devirtualization
Product: gcc
Version: 4.10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jamborm at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Host: x86_64-linux
Target: x86_64-linux
Created attachment 32996
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=32996&action=edit
Testcase
I believe that undefined behavior sanitizer does not fold
__builtin_unreachable into __builtin_trap as Jakub wrote it should in:
https://gcc.gnu.org/ml/gcc-patches/2014-04/msg01823.html
When I tried it on the attached testcase I got no error:
$ ~/gcc/small/inst/bin/g++ modif.C -O3 -fsanitize=unreachable
-fsanitize-undefined-trap-on-error
$ LD_LIBRARY_PATH=/home/mjambor/gcc/mine/inst/lib64/ ./a.out
$ echo $?
0
But when I applied the following patch:
diff --git a/gcc/ipa-cp.c b/gcc/ipa-cp.c
index 33ff9b6..92a152a 100644
--- a/gcc/ipa-cp.c
+++ b/gcc/ipa-cp.c
@@ -1649,7 +1649,7 @@ ipa_get_indirect_edge_target_1 (struct cgraph_edge *ie,
"Type inconsident devirtualization: %s/%i->%s\n",
ie->caller->name (), ie->caller->order,
IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (target)));
- target = builtin_decl_implicit (BUILT_IN_UNREACHABLE);
+ target = builtin_decl_implicit (BUILT_IN_TRAP);
cgraph_get_create_node (target);
}
and tried again, I got the expected behavior (all of this was tried on
recent trunk on x86_64-linux):
$ ~/gcc/small/inst/bin/g++ modif.C -O3
mjambor@virgil:~/gcc/small/tests/devirttrap$ ./a.out
Illegal instruction
