ubsan: Don't -fsanitize=null instrument __seg_fs/gs pointers [PR111736]

On x86 and avr some address spaces allow 0 pointers (on avr actually
even generic as, but libsanitizer isn't ported to it and
I'm not convinced we should completely kill -fsanitize=null in that
case).
The following patch makes sure those aren't diagnosed for -fsanitize=null,
though they are still sanitized for -fsanitize=alignment.

2024-03-22  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/111736
	* ubsan.cc (ubsan_expand_null_ifn, instrument_mem_ref): Avoid
	SANITIZE_NULL instrumentation for non-generic address spaces
	for which targetm.addr_space.zero_address_valid (as) is true.

	* gcc.dg/ubsan/pr111736.c: New test.

(cherry picked from commit ddd4a3ca87410886b039cc225907b4f6e650082e)

diff --git a/gcc/testsuite/gcc.dg/ubsan/pr111736.c b/gcc/testsuite/gcc.dg/ubsan/pr111736.c
new file mode 100644 (file)
index 0000000..359b318
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/pr111736.c
@@ -0,0 +1,23 @@
+/* PR sanitizer/111736 */
+/* { dg-do compile { target i?86-*-* x86_64-*-* } } */
+/* { dg-options "-fsanitize=null,alignment -fdump-tree-optimized -ffat-lto-objects" } */
+/* { dg-final { scan-tree-dump-times "__ubsan_handle_type_mismatch" 1 "optimized" } } */
+/* { dg-final { scan-tree-dump-not "p_\[0-9]*.D. \[=!]= 0" "optimized" } } */
+
+#ifdef __x86_64__
+#define SEG __seg_fs
+#else
+#define SEG __seg_gs
+#endif
+
+int
+foo (int SEG *p, int *q)
+{
+  return *p;
+}
+
+__attribute__((no_sanitize("alignment"))) int
+bar (int SEG *p, int *q)
+{
+  return *p;
+}

diff --git a/gcc/ubsan.cc b/gcc/ubsan.cc
index 0f5b372b195f7e6966c610261961249b9dfa41d8..4d8e7cd86c5db6909a91b5d2bd87215795f398ff 100644 (file)
--- a/gcc/ubsan.cc
+++ b/gcc/ubsan.cc
@@ -49,6 +49,7 @@ along with GCC; see the file COPYING3.  If not see
 #include "tree-cfg.h"
 #include "gimple-fold.h"
 #include "varasm.h"
+#include "target.h"
 
 /* Map from a tree to a VAR_DECL tree.  */
 
@@ -784,6 +785,13 @@ ubsan_expand_null_ifn (gimple_stmt_iterator *gsip)
        }
     }
   check_null = sanitize_flags_p (SANITIZE_NULL);
+  if (check_null && POINTER_TYPE_P (TREE_TYPE (ptr)))
+    {
+      addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (TREE_TYPE (ptr)));
+      if (!ADDR_SPACE_GENERIC_P (as)
+         && targetm.addr_space.zero_address_valid (as))
+       check_null = false;
+    }
 
   if (check_align == NULL_TREE && !check_null)
     {
@@ -1375,8 +1383,15 @@ instrument_mem_ref (tree mem, tree base, gimple_stmt_iterator *iter,
       if (align <= 1)
        align = 0;
     }
-  if (align == 0 && !sanitize_flags_p (SANITIZE_NULL))
-    return;
+  if (align == 0)
+    {
+      if (!sanitize_flags_p (SANITIZE_NULL))
+       return;
+      addr_space_t as = TYPE_ADDR_SPACE (TREE_TYPE (base));
+      if (!ADDR_SPACE_GENERIC_P (as)
+         && targetm.addr_space.zero_address_valid (as))
+       return;
+    }
   tree t = TREE_OPERAND (base, 0);
   if (!POINTER_TYPE_P (TREE_TYPE (t)))
     return;