asan: Fix ICE during instrumentation of returns_twice calls [PR112709]

The following patch on top of the previously posted ubsan/gimple-iterator one handles asan the same. While the case of returning by hidden reference is handled differently because of the first recently posted asan patch, this deals with instrumentation of the aggregates returned in registers case as well as instrumentation of loads from aggregate memory in the function arguments of returns_twice calls. 2024-03-13 Jakub Jelinek <jakub@redhat.com> PR sanitizer/112709 * asan.cc (maybe_create_ssa_name, maybe_cast_to_ptrmode, build_check_stmt, maybe_instrument_call, asan_expand_mark_ifn): Use gsi_safe_insert_before instead of gsi_insert_before. * gcc.dg/asan/pr112709-2.c: New test.
2024-03-13 09:19:05 +01:00 · 2024-03-13 09:19:05 +01:00 · 6586359e8e
commit 6586359e8e
parent 364c684c47
2 changed files with 55 additions and 5 deletions
--- a/gcc/asan.cc
+++ b/gcc/asan.cc
@ -2574,7 +2574,7 @@ maybe_create_ssa_name (location_t loc, tree base, gimple_stmt_iterator *iter,
  gimple *g = gimple_build_assign (make_ssa_name (TREE_TYPE (base)), base);
  gimple_set_location (g, loc);
  if (before_p)
-    gsi_insert_before (iter, g, GSI_SAME_STMT);
+    gsi_safe_insert_before (iter, g);
  else
    gsi_insert_after (iter, g, GSI_NEW_STMT);
  return gimple_assign_lhs (g);
@ -2593,7 +2593,7 @@ maybe_cast_to_ptrmode (location_t loc, tree len, gimple_stmt_iterator *iter,
 				  NOP_EXPR, len);
  gimple_set_location (g, loc);
  if (before_p)
-    gsi_insert_before (iter, g, GSI_SAME_STMT);
+    gsi_safe_insert_before (iter, g);
  else
    gsi_insert_after (iter, g, GSI_NEW_STMT);
  return gimple_assign_lhs (g);
@ -2684,7 +2684,7 @@ build_check_stmt (location_t loc, tree base, tree len,
 						 align / BITS_PER_UNIT));
  gimple_set_location (g, loc);
  if (before_p)
-    gsi_insert_before (&gsi, g, GSI_SAME_STMT);
+    gsi_safe_insert_before (&gsi, g);
  else
    {
      gsi_insert_after (&gsi, g, GSI_NEW_STMT);
@ -3025,7 +3025,7 @@ maybe_instrument_call (gimple_stmt_iterator *iter)
 	  tree decl = builtin_decl_implicit (BUILT_IN_ASAN_HANDLE_NO_RETURN);
 	  gimple *g = gimple_build_call (decl, 0);
 	  gimple_set_location (g, gimple_location (stmt));
-	  gsi_insert_before (iter, g, GSI_SAME_STMT);
+	  gsi_safe_insert_before (iter, g);
 	}
    }

@ -3852,7 +3852,7 @@ asan_expand_mark_ifn (gimple_stmt_iterator *iter)
      g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
 			       NOP_EXPR, len);
      gimple_set_location (g, loc);
-      gsi_insert_before (iter, g, GSI_SAME_STMT);
+      gsi_safe_insert_before (iter, g);
      tree sz_arg = gimple_assign_lhs (g);

      tree fun
--- a/gcc/testsuite/gcc.dg/asan/pr112709-2.c
+++ b/gcc/testsuite/gcc.dg/asan/pr112709-2.c
@ -0,0 +1,50 @@
+/* PR sanitizer/112709 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=address -O2" } */
+
+struct S { char c[1024]; } *p;
+int foo (int);
+
+__attribute__((returns_twice, noipa)) int
+bar (struct S x)
+{
+  (void) x.c[0];
+  return 0;
+}
+
+void
+baz (int *y)
+{
+  foo (1);
+  *y = bar (*p);
+}
+
+void
+qux (int x, int *y)
+{
+  if (x == 25)
+    x = foo (2);
+  else if (x == 42)
+    x = foo (foo (3));
+  *y = bar (*p);
+}
+
+void
+corge (int x, int *y)
+{
+  void *q[] = { &&l1, &&l2, &&l3, &&l3 };
+  if (x == 25)
+    {
+    l1:
+      x = foo (2);
+    }
+  else if (x == 42)
+    {
+    l2:
+      x = foo (foo (3));
+    }
+l3:
+  *y = bar (*p);
+  if (x < 4)
+    goto *q[x & 3];
+}