https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77966
--- Comment #6 from Josh Poimboeuf <jpoimboe at redhat dot com> ---
(In reply to Arnd Bergmann from comment #5)
> I checked the test case using "-fsanitize=unreachable" and that avoids the
> problem.
>
> Josh, should we set that whenever we enable objtool in the kernel?
In theory, adding -fsanitize=unreachable might be a workable option for
allowing objtool to detect such unreachable blocks.
However, in practice, that option doesn't seem to work as advertised. It seems
to change the control flow unexpectedly. When adding it to the test case, it
doesn't add a __ubsan_handle_builtin_unreachable() call to the unreachable
block. Instead, it treats it as a normal loop, and removes the assumption that
the loop can only run one time.
Here's the same test case from comment #1, with -fsanitize-unreachable added:
0000000000000000 <snic_log_q_error>:
0: 55 push %rbp
1: 53 push %rbx
2: 48 89 fd mov %rdi,%rbp
5: 31 db xor %ebx,%ebx
7: 48 83 ec 08 sub $0x8,%rsp
b: e8 00 00 00 00 callq 10 <snic_log_q_error+0x10>
c: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
10: 8b 45 00 mov 0x0(%rbp),%eax
13: 85 c0 test %eax,%eax
15: 75 11 jne 28 <snic_log_q_error+0x28>
17: 48 83 c4 08 add $0x8,%rsp
1b: 5b pop %rbx
1c: 5d pop %rbp
1d: e9 00 00 00 00 jmpq 22 <snic_log_q_error+0x22>
1e: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
22: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
28: e8 00 00 00 00 callq 2d <snic_log_q_error+0x2d>
29: R_X86_64_PC32 __sanitizer_cov_trace_pc-0x4
2d: 89 d8 mov %ebx,%eax
2f: 83 c3 01 add $0x1,%ebx
32: 48 8b 7c c5 08 mov 0x8(%rbp,%rax,8),%rdi
37: e8 00 00 00 00 callq 3c <snic_log_q_error+0x3c>
38: R_X86_64_PC32 ioread32-0x4
3c: 39 5d 00 cmp %ebx,0x0(%rbp)
3f: 77 e7 ja 28 <snic_log_q_error+0x28>
41: eb d4 jmp 17 <snic_log_q_error+0x17>
