From patchwork Tue Oct 22 18:17:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Jelinek X-Patchwork-Id: 99346 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E84B73858402 for ; Tue, 22 Oct 2024 18:18:07 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id B51953858D21 for ; Tue, 22 Oct 2024 18:17:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B51953858D21 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B51953858D21 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729621055; cv=none; b=cPV4WU61+3DKLeB/3dz/CYk2LBhgVudXVj40Dn0LrghFQL50wQkd5cexVHnzRbfwq32m/Qc8jvJ+2/bFcS6FUFoG2HfNrfg5xDiwtxN3Cw7GZ4RQVpdnLKtvLc10jeG6gZHmo+i46QelKqVW3AlqFmr+JdbGNSitHgjofa8eYM4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729621055; c=relaxed/simple; bh=7PFl+OU9quqvifnHq9db8Yc4JlKduiD5nD3Aw8j3nPU=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=H8/jL88TLv09BRbZ+sv9GyXwQ0jHqedJsgPU5DVxntwvBiwp38Q5Asi68G/vafhxzUE98mtcX6NGVOtK9LB/lURPoJTYJi5quf5LZbNu7w1XXJGB3+765YrKOEwW5fwrmLFFC08rsv+fJ07WQtrSA1zJUcdOLggd6Kjlezd6I7Q= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729621053; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type; bh=oQRKAQxMWbKbT8Dv6hsEM+ILf+HFhSH+5ouftPIW7XY=; b=NCTfA4i34cgWHQ7ZAT6zKqXyngWHRSEuGPtNxz8XvDSjVoQtbyqmKxW8ItJrGCp6GO4GZq anCkNJySq2cGgvHkL1T1yeUwmUBLJA3kHviUlbgNaJkTYiZPjzWY+90wfLHWvzVyT00omq x9v68Eazy7sg2S4sxS8hJTgsQlPVQJU= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-546-smxrIW-4OY6LV_Xybtuy9g-1; Tue, 22 Oct 2024 14:17:32 -0400 X-MC-Unique: smxrIW-4OY6LV_Xybtuy9g-1 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 72C051955D71 for ; Tue, 22 Oct 2024 18:17:31 +0000 (UTC) Received: from tucnak.zalov.cz (unknown [10.45.224.16]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E963119560A2; Tue, 22 Oct 2024 18:17:30 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.17.1/8.17.1) with ESMTPS id 49MIHRFg3499949 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 22 Oct 2024 20:17:27 +0200 Received: (from jakub@localhost) by tucnak.zalov.cz (8.17.1/8.17.1/Submit) id 49MIHRZm3499948; Tue, 22 Oct 2024 20:17:27 +0200 Date: Tue, 22 Oct 2024 20:17:26 +0200 From: Jakub Jelinek To: Jason Merrill Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] c++: Further fix for get_member_function_from_ptrfunc [PR117259] Message-ID: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Jakub Jelinek Errors-To: gcc-patches-bounces~patchwork=sourceware.org@gcc.gnu.org Hi! The following testcase shows that the previous get_member_function_from_ptrfunc changes weren't sufficient and we still have cases where -fsanitize=undefined with pointers to member functions can cause wrong code being generated and related false positive warnings. The problem is that save_expr doesn't always create SAVE_EXPR, it can skip some invariant arithmetics and in the end it could be really large expressions which would be evaluated several times (and what is worse, with -fsanitize=undefined those expressions then can have SAVE_EXPRs added to their subparts for -fsanitize=bounds or -fsanitize=null or -fsanitize=alignment instrumentation). Tried to just build1 a SAVE_EXPR + add TREE_SIDE_EFFECTS instead of save_expr, but that doesn't work either, because cp_fold happily optimizes those SAVE_EXPRs away when it sees SAVE_EXPR operand is tree_invariant_p. So, the following patch instead of using save_expr or building SAVE_EXPR manually builds a TARGET_EXPR. Both types are pointers, so it doesn't need to be destroyed in any way, but TARGET_EXPR is what doesn't get optimized away immediately. Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? 2024-10-22 Jakub Jelinek PR c++/117259 * typeck.cc (get_member_function_from_ptrfunc): Use force_target_expr rather than save_expr for instance_ptr and function. Don't call it for TREE_CONSTANT. * g++.dg/ubsan/pr117259.C: New test. Jakub --- gcc/cp/typeck.cc.jj 2024-10-16 14:42:58.835725318 +0200 +++ gcc/cp/typeck.cc 2024-10-22 16:12:58.462731292 +0200 @@ -4193,24 +4193,27 @@ get_member_function_from_ptrfunc (tree * if (!nonvirtual && is_dummy_object (instance_ptr)) nonvirtual = true; - /* Use save_expr even when instance_ptr doesn't have side-effects, - unless it is a simple decl (save_expr won't do anything on - constants), so that we don't ubsan instrument the expression - multiple times. See PR116449. */ + /* Use force_target_expr even when instance_ptr doesn't have + side-effects, unless it is a simple decl or constant, so + that we don't ubsan instrument the expression multiple times. + Don't use save_expr, as save_expr can avoid building a SAVE_EXPR + and building a SAVE_EXPR manually can be optimized away during + cp_fold. See PR116449 and PR117259. */ if (TREE_SIDE_EFFECTS (instance_ptr) - || (!nonvirtual && !DECL_P (instance_ptr))) - { - instance_save_expr = save_expr (instance_ptr); - if (instance_save_expr == instance_ptr) - instance_save_expr = NULL_TREE; - else - instance_ptr = instance_save_expr; - } + || (!nonvirtual + && !DECL_P (instance_ptr) + && !TREE_CONSTANT (instance_ptr))) + instance_ptr = instance_save_expr + = force_target_expr (TREE_TYPE (instance_ptr), instance_ptr, + complain); /* See above comment. */ if (TREE_SIDE_EFFECTS (function) - || (!nonvirtual && !DECL_P (function))) - function = save_expr (function); + || (!nonvirtual + && !DECL_P (function) + && !TREE_CONSTANT (function))) + function + = force_target_expr (TREE_TYPE (function), function, complain); /* Start by extracting all the information from the PMF itself. */ e3 = pfn_from_ptrmemfunc (function); --- gcc/testsuite/g++.dg/ubsan/pr117259.C.jj 2024-10-22 17:00:52.156114344 +0200 +++ gcc/testsuite/g++.dg/ubsan/pr117259.C 2024-10-22 17:05:20.470324367 +0200 @@ -0,0 +1,13 @@ +// PR c++/117259 +// { dg-do compile } +// { dg-options "-Wuninitialized -fsanitize=undefined" } + +struct A { void foo () {} }; +struct B { void (A::*b) (); B (void (A::*x) ()) : b(x) {}; }; +const B c[1] = { &A::foo }; + +void +foo (A *x, int y) +{ + (x->*c[y].b) (); +}