* c-c++-common/ubsan/bounds-2.c: Adjust dg-output.
(fn1): Remove store to out-of-bounds location. Add memory barrier.
(fn2): Likewise.
(fn5): Likewise.
(fn6): Likewise.
(fn7): Likewise.
(fn8): Likewise.
(fn9): Likewise.
(fn11): Likewise.
* c-c++-common/ubsan/bounds-5.c (fn1): Remove store to out-of-bounds
location. Add memory barrier.
(fn2): Likewise.
(fn3): Likewise.
(fn4): Likewise.
(fn5): Likewise.
* c-c++-common/ubsan/bounds-7.c: New test.
From-SVN: r212061
+2014-06-27 Marek Polacek <polacek@redhat.com>
+
+ * c-c++-common/ubsan/bounds-2.c: Adjust dg-output.
+ (fn1): Remove store to out-of-bounds location. Add memory barrier.
+ (fn2): Likewise.
+ (fn5): Likewise.
+ (fn6): Likewise.
+ (fn7): Likewise.
+ (fn8): Likewise.
+ (fn9): Likewise.
+ (fn11): Likewise.
+ * c-c++-common/ubsan/bounds-5.c (fn1): Remove store to out-of-bounds
+ location. Add memory barrier.
+ (fn2): Likewise.
+ (fn3): Likewise.
+ (fn4): Likewise.
+ (fn5): Likewise.
+ * c-c++-common/ubsan/bounds-7.c: New test.
+
2014-06-26 Jerry DeLisle <jvdelisle@gcc.gnu.org>
PR libgfortran/61499
fn1 (void)
{
volatile int a[5];
- a[5] = 1;
+ asm ("" : : "r" (&a) : "memory");
a[2] = a[5];
}
fn2 (void)
{
volatile int a[5];
+ volatile int j;
int i = 5;
int *p = &i;
- a[*p] = 1;
+ asm ("" : : "r" (&a) : "memory");
+ j = a[*p];
}
static void __attribute__ ((noinline, noclone))
{
int i = 5;
volatile int a[i];
- a[i] = 1;
+ asm ("" : : "r" (&a) : "memory");
a[2] = a[i];
}
{
int i = 5;
volatile int a[i];
+ volatile int j;
fn_p (a[i]);
- a[foo_5 ()] = 1;
+ asm ("" : : "r" (&a) : "memory");
+ j = a[foo_5 ()];
}
static void __attribute__ ((noinline, noclone))
fn7 (void)
{
- int n = 5, i;
+ int n = 5;
+ volatile int i;
volatile int c[n][n][n];
- c[5][2][2] = 2;
- c[2][5][2] = 2;
- c[2][2][5] = 2;
+ asm ("" : : "r" (&c[5]) : "memory");
i = c[5][2][2];
+ asm ("" : : "r" (&c[2]) : "memory");
i = c[2][5][2];
+ asm ("" : : "r" (&c[2]) : "memory");
i = c[2][2][5];
}
static void __attribute__ ((noinline, noclone))
fn8 (void)
{
- int i = 5;
+ volatile int i;
volatile struct S s;
- s.a[10] = 1;
+ asm ("" : : "r" (&s.a) : "memory");
i = s.a[10];
}
fn9 (void)
{
long int *volatile d[10][5];
- d[10][0] = 0;
+ asm ("" : : "r" (&d[10]) : "memory");
d[8][3] = d[10][0];
}
fn11 (void)
{
char ***volatile f[5];
- f[5] = 0;
+ asm ("" : : "r" (&f) : "memory");
f[2] = f[5];
}
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'long int \\\*\\\[10\\\]\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'long int \\\*\\\[10\\\]\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
-/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'char \\\*\\\*\\\*\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'char \\\*\\\*\\\*\\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*index 5 out of bounds for type 'int \\\[5\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
fn1 (void)
{
volatile struct S { char a[1]; char b; } s;
- s.a[0] = 1; // OK
- s.a[1] = 2; // error
+ volatile int i;
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[0]; // OK
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[1]; // error
volatile struct S *p = &s;
- p->a[0] = 1; // OK
- p->a[1] = 1; // error
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[0]; // OK
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[1]; // error
}
__attribute__ ((noinline, noclone))
{
struct S { int c; char d[4]; };
volatile struct T { int e; struct S f; int g; } t;
- t.f.d[3] = 1; // OK
- t.f.d[4] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&t.f.d) : "memory");
+ i = t.f.d[3]; // OK
+ asm ("" : : "r" (&t.f.d) : "memory");
+ i = t.f.d[4]; // error
volatile struct T *p = &t;
- p->f.d[3] = 1; // OK
- p->f.d[4] = 1; // error
+ asm ("" : : "r" (&p->f.d) : "memory");
+ i = p->f.d[3]; // OK
+ asm ("" : : "r" (&p->f.d) : "memory");
+ i = p->f.d[4]; // error
}
__attribute__ ((noinline, noclone))
fn3 (void)
{
volatile struct S { char b; char a[1]; } s;
- s.a[0] = 1; // OK
- s.a[1] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[0]; // OK
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[1]; // error
volatile struct S *p = &s;
- p->a[0] = 1; // OK
- p->a[1] = 1; // error in strict mode
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[0]; // OK
+ asm ("" : : "r" (&p->a) : "memory");
+ i = p->a[1]; // error in strict mode
}
__attribute__ ((noinline, noclone))
{
volatile struct S { char b; char a[1]; } s;
volatile struct T { struct S s; int i; } t;
- t.s.a[0] = 1; // OK
- t.s.a[1] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&t.s.a) : "memory");
+ i = t.s.a[0]; // OK
+ asm ("" : : "r" (&t.s.a) : "memory");
+ i = t.s.a[1]; // error
volatile struct T *pt = &t;
- pt->s.a[0] = 1; // OK
- pt->s.a[1] = 1; // error
+ asm ("" : : "r" (&pt->s.a) : "memory");
+ i = pt->s.a[0]; // OK
+ asm ("" : : "r" (&pt->s.a) : "memory");
+ i = pt->s.a[1]; // error
}
__attribute__ ((noinline, noclone))
{
volatile struct S { char b; char a[1]; } s;
volatile struct U { int a; struct S s; } u;
- u.s.a[0] = 1; // OK
- u.s.a[1] = 1; // error
+ volatile int i;
+ asm ("" : : "r" (&u.s.a) : "memory");
+ i = u.s.a[0]; // OK
+ asm ("" : : "r" (&u.s.a) : "memory");
+ i = u.s.a[1]; // error
volatile struct U *pu = &u;
- pu->s.a[0] = 1; // OK
- pu->s.a[1] = 1; // error in strict mode
+ asm ("" : : "r" (&pu->s.a) : "memory");
+ i = pu->s.a[0]; // OK
+ asm ("" : : "r" (&pu->s.a) : "memory");
+ i = pu->s.a[1]; // error in strict mode
}
int
--- /dev/null
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+
+/* Test negative bounds. */
+
+struct S { int a[10]; };
+
+__attribute__ ((noinline, noclone))
+void
+fn1 (void)
+{
+ volatile int i;
+ int m = -1;
+ volatile int a[7];
+ asm ("" : : "r" (&a) : "memory");
+ i = a[-1];
+ asm ("" : : "r" (&a) : "memory");
+ i = a[m];
+}
+
+__attribute__ ((noinline, noclone))
+void
+fn2 (void)
+{
+ volatile int i;
+ int m = 7;
+ volatile int a[m];
+ asm ("" : : "r" (&a) : "memory");
+ i = a[-1];
+}
+
+__attribute__ ((noinline, noclone))
+void
+fn3 (void)
+{
+ volatile int i;
+ volatile struct S s;
+ asm ("" : : "r" (&s.a) : "memory");
+ i = s.a[-1];
+}
+
+int
+main (void)
+{
+ fn1 ();
+ fn2 ();
+ fn3 ();
+ return 0;
+}
+
+/* { dg-output "index -1 out of bounds for type 'int \\\[7\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[7\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index -1 out of bounds for type 'int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
projects / gcc.git / commitdiff