From e07d30fdcaec4906e0dcb948fc4748bf74c15c05 Mon Sep 17 00:00:00 2001
From: Martin Sebor <msebor@redhat.com>
Date: Tue, 20 Jul 2021 13:08:39 -0600
Subject: [PATCH] Handle all UBSAN built-ins in -Wuninitialized [PR101300].

Resolves:
PR middle-end/101300 - -fsanitize=undefined suppresses -Wuninitialized for a VLA read at -O0

gcc/ChangeLog:
	PR middle-end/101300
	* tree-ssa-uninit.c (check_defs): Handle UBSAN built-ins.

gcc/testsuite/ChangeLog:
	PR middle-end/101300
	* gcc.dg/uninit-pr101300.c: New test.
---
 gcc/testsuite/gcc.dg/uninit-pr101300.c | 53 ++++++++++++++++++++++++++++++++++
 gcc/tree-ssa-uninit.c                  | 23 +++++++++++++--
 2 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/uninit-pr101300.c

diff --git a/gcc/testsuite/gcc.dg/uninit-pr101300.c b/gcc/testsuite/gcc.dg/uninit-pr101300.c
new file mode 100644
index 0000000..4392e8b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/uninit-pr101300.c
@@ -0,0 +1,53 @@
+/* PR middle-end/101300 - -fsanitize=undefined suppresses -Wuninitialized
+   for a VLA read at -O0
+   { dg-do compile }
+   { dg-options "-O0 -Wall -fsanitize=undefined" } */
+
+int warn_vla_rd0 (int n)
+{
+  char a[n];
+  return a[0];      // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+int warn_vla_rd1 (int n)
+{
+  char a[n];
+  return a[1];      // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+int warn_vla_rdi (int n, int i)
+{
+  char a[n];
+  return a[i];      // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+
+int warn_vla_wr0_rd2_1_0 (int n)
+{
+  char a[n];
+  a[0] = __LINE__;
+  int x = a[2];     // { dg-warning "\\\[-Wuninitialized]" }
+  int y = a[1];     // { dg-warning "\\\[-Wuninitialized]" }
+  int z = a[0];
+  return x + y + z;
+}
+
+int warn_vla_wr1_rd2_1_0 (int n)
+{
+  char a[n];
+  a[1] = __LINE__;
+  int x = a[2];     // { dg-warning "\\\[-Wuninitialized]" }
+  int y = a[1];
+  int z = a[0];     // { dg-warning "\\\[-Wuninitialized]" }
+  return x + y + z;
+}
+
+int warn_vla_wr2_rd2_1_0 (int n)
+{
+  char a[n];
+  a[2] = __LINE__;
+  int x = a[2];
+  int y = a[1];     // { dg-warning "\\\[-Wuninitialized]" }
+  int z = a[0];     // { dg-warning "\\\[-Wuninitialized]" }
+  return x + y + z;
+}
diff --git a/gcc/tree-ssa-uninit.c b/gcc/tree-ssa-uninit.c
index 24ac031..148f3c2 100644
--- a/gcc/tree-ssa-uninit.c
+++ b/gcc/tree-ssa-uninit.c
@@ -228,9 +228,26 @@ check_defs (ao_ref *ref, tree vdef, void *data_)
   gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
 
   /* The ASAN_MARK intrinsic doesn't modify the variable.  */
-  if (is_gimple_call (def_stmt)
-      && gimple_call_internal_p (def_stmt, IFN_ASAN_MARK))
-    return false;
+  if (is_gimple_call (def_stmt))
+    {
+      if (gimple_call_internal_p (def_stmt)
+	  && gimple_call_internal_fn (def_stmt) == IFN_ASAN_MARK)
+       return false;
+
+      if (tree fndecl = gimple_call_fndecl (def_stmt))
+       {
+	 /* Some sanitizer calls pass integer arguments to built-ins
+	    that expect pointers.  Avoid using gimple_call_builtin_p()
+	    which fails for such calls.  */
+	 if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
+	   {
+	     built_in_function fncode = DECL_FUNCTION_CODE (fndecl);
+	     if (fncode > BEGIN_SANITIZER_BUILTINS
+		 && fncode < END_SANITIZER_BUILTINS)
+	       return false;
+	   }
+       }
+    }
 
   /* End of VLA scope is not a kill.  */
   if (gimple_call_builtin_p (def_stmt, BUILT_IN_STACK_RESTORE))
-- 
2.7.4