On Tue, Jul 28, 2015 at 03:13:41PM +0200, Marek Polacek wrote:
> This fixes a problem where on ARM ubsan can introduce an uninitialized
> variable.
> It's ARM only since the ARM C++ ABI says that when creating a pointer to
> member
> function, the LSB of ptr discriminates between the address of a non-virtual
> member
> function and the offset in the class's virtual table of the address of a
> virtual
> function. That means the compiler will create a RSHIFT_EXPR, and with ubsan
> this
> RSHIFT_EXPR is instrumented, i.e. the expression involves SAVE_EXPRs.
>
> But this expr is used more times and that is the crux of the problem:
> get_member_function_from_ptrfunc returns a tree that contains the expr, and
> here
> 4927 fn = get_member_function_from_ptrfunc (&object_addr, fn,
> 4928 complain);
> 4929 vec_safe_insert (*args, 0, object_addr);
> 4930 }
> it also saves the expr into OBJECT_ADDR which is then pushed to args.
>
> Long story short: can't use unshare_expr here, because that doesn't copy
> SAVE_EXPRs. I could use copy_tree_r, as outlined in the PR. But I think
> we can just not instrument the RSHIFT_EXPR -- we know that this one can't
> overflow anyway.
>
> I have tried on a cross that the problem indeed goes away.
>
> Bootstrapped/regtested on x86_64-linux, ok for trunk?
Approved on IRC, I'm going to commit this patch with a minor formatting
issue fixed.
Marek
