ubsan: -Wreturn-type and ubsan trap-on-error

I noticed that -fsanitize=undefined -fsanitize-undefined-trap-on-error was
omitting the usual -Wreturn-type warning for control flowing off the end of
a function.  This was because the warning code was looking for calls either
to __builtin_unreachable or the UBSan function, but these flags produce a
call to __builtin_trap instead.

gcc/c-family/ChangeLog:

	* c-ubsan.cc (ubsan_instrument_return): Use BUILTINS_LOCATION.

gcc/ChangeLog:

	* tree-cfg.cc (pass_warn_function_return::execute): Also check
	BUILT_IN_TRAP.

gcc/testsuite/ChangeLog:

	* g++.dg/ubsan/return-8.C: New test.

diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 48f948745f8b00c3028f99cdf828f2082d101aca..a2cd8fb3262b6a119bbc04733821d54492793a82 100644 (file)
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -308,7 +308,9 @@ tree
 ubsan_instrument_return (location_t loc)
 {
   if (flag_sanitize_undefined_trap_on_error)
-    return build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
+    return build_call_expr_loc
+      /* pass_warn_function_return checks for BUILTINS_LOCATION.  */
+      (BUILTINS_LOCATION, builtin_decl_explicit (BUILT_IN_TRAP), 0);
 
   tree data = ubsan_create_data ("__ubsan_missing_return_data", 1, &loc,
                                 NULL_TREE, NULL_TREE);

diff --git a/gcc/testsuite/g++.dg/ubsan/return-8.C b/gcc/testsuite/g++.dg/ubsan/return-8.C
new file mode 100644 (file)
index 0000000..354c960
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/return-8.C
@@ -0,0 +1,9 @@
+// { dg-additional-options "-fsanitize=undefined -fsanitize-undefined-trap-on-error" }
+
+bool b;
+
+int f() {
+  if (b) return 42;
+}                      // { dg-warning "-Wreturn-type" }
+
+int main() { f(); }

diff --git a/gcc/tree-cfg.cc b/gcc/tree-cfg.cc
index 9e5d84a980552667dc7dce48519fb45c8e36449c..c67c278dad0eb8e8b749ac9698cde23459e96c23 100644 (file)
--- a/gcc/tree-cfg.cc
+++ b/gcc/tree-cfg.cc
@@ -9543,7 +9543,7 @@ pass_warn_function_return::execute (function *fun)
        }
       /* The C++ FE turns fallthrough from the end of non-void function
         into __builtin_unreachable () call with BUILTINS_LOCATION.
-        Recognize those too.  */
+        Recognize those as well as calls from ubsan_instrument_return.  */
       basic_block bb;
       if (!warning_suppressed_p (fun->decl, OPT_Wreturn_type))
        FOR_EACH_BB_FN (bb, fun)
@@ -9555,7 +9555,8 @@ pass_warn_function_return::execute (function *fun)
              if (last
                  && ((LOCATION_LOCUS (gimple_location (last))
                       == BUILTINS_LOCATION
-                      && gimple_call_builtin_p (last, BUILT_IN_UNREACHABLE))
+                      && (gimple_call_builtin_p (last, BUILT_IN_UNREACHABLE)
+                          || gimple_call_builtin_p (last, BUILT_IN_TRAP)))
                      || gimple_call_builtin_p (last, ubsan_missing_ret)))
                {
                  gimple_stmt_iterator gsi = gsi_for_stmt (last);