* [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
@ 2025-09-04 17:43 Kees Cook
2026-02-06 8:05 ` Andrew Pinski
2026-02-09 8:28 ` Andrew Pinski
0 siblings, 2 replies; 6+ messages in thread
From: Kees Cook @ 2025-09-04 17:43 UTC (permalink / raw)
To: Indu Bhagat
Cc: Kees Cook, Claudiu Zissulescu, Qing Zhao, Andrew Pinski,
gcc-patches, linux-hardening
The __attribute__((__copy__)) functionality was crashing when copying
sanitizer-related attributes because these attributes violated the standard
GCC attribute infrastructure by storing INTEGER_CST values directly instead
of wrapping them in TREE_LIST like all other attributes.
Wrap sanitizer attributes INTEGER_CST values in TREE_LIST structures
to follow the same pattern as other attributes. This eliminates the
copy_list() crashes when copying sanitizer attributes:
test.c:4:1: internal compiler error: tree check: expected tree that contains ‘common’ structure, have ‘integer_cst’ in copy_list, at tree.cc:1427
4 | __attribute__((__copy__(__tanh)));
| ^~~~~~~~~~~~~
0x859d06 tree_contains_struct_check_failed(tree_node const*, tree_node_structure_enum, char const*, int, char const*)
../../gcc/gcc/tree.cc:9126
0x860f78 contains_struct_check(tree_node*, tree_node_structure_enum, char const*, int, char const*)
../../gcc/gcc/tree.h:3748
0x860f78 copy_list(tree_node*)
../../gcc/gcc/tree.cc:1427
0xa755a5 handle_copy_attribute
../../gcc/gcc/c-family/c-attribs.cc:3077
gcc/c-family/ChangeLog:
PR c/113264
* c-attribs.cc (add_no_sanitize_value): Store INTEGER_CST values
wrapped in TREE_LIST following standard attribute conventions.
(handle_no_sanitize_attribute): Handle both original string
arguments and copied INTEGER_CST values from TREE_LIST format.
gcc/ChangeLog:
PR c/113264
* asan.h (sanitize_flags_p): Extract sanitizer flags from
TREE_LIST wrapper instead of directly from INTEGER_CST.
gcc/d/ChangeLog:
PR c/113264
* d-attribs.cc (d_handle_no_sanitize_attribute): Store INTEGER_CST
values wrapped in TREE_LIST following standard conventions.
gcc/testsuite/ChangeLog:
PR c/113264
* gcc.dg/pr113264.c: New test.
* gcc.dg/pr113264-asan-no-instrumentation.c: New test validating
that copied sanitizer attributes prevent ASAN instrumentation.
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Indu Bhagat <indu.bhagat@oracle.com>
Cc: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
Cc: Qing Zhao <qing.zhao@oracle.com>
Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
---
gcc/asan.h | 8 +-
.../gcc.dg/pr113264-asan-no-instrumentation.c | 60 ++++++++++
gcc/testsuite/gcc.dg/pr113264.c | 107 ++++++++++++++++++
gcc/c-family/c-attribs.cc | 49 +++++---
gcc/d/d-attribs.cc | 17 ++-
5 files changed, 221 insertions(+), 20 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
create mode 100644 gcc/testsuite/gcc.dg/pr113264.c
diff --git a/gcc/asan.h b/gcc/asan.h
index a24562f67a29..f5dc3d7ceb8d 100644
--- a/gcc/asan.h
+++ b/gcc/asan.h
@@ -253,7 +253,13 @@ sanitize_flags_p (sanitize_code_type flag,
{
tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
if (value)
- result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
+ {
+ /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
+ tree attr_args = TREE_VALUE (value);
+ gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
+ sanitize_code_type no_sanitize_flags = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
+ result_flags &= ~no_sanitize_flags;
+ }
}
return result_flags;
diff --git a/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
new file mode 100644
index 000000000000..812c67c33086
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
@@ -0,0 +1,60 @@
+/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
+ Test that copied no_sanitize_address attributes prevent ALL ASAN instrumentation.
+ This file should have NO ASAN calls since all functions have the attribute.
+ { dg-do compile }
+ { dg-options "-fsanitize=address" }
+ { dg-skip-if "no address sanitizer" { no_fsanitize_address } } */
+
+/* Original function with no_sanitize_address */
+__attribute__((no_sanitize_address))
+int original (int *p, int *q)
+{
+ *p = 42;
+ return *q;
+}
+
+/* Copy the attribute - should also have no_sanitize_address */
+__typeof(original) copy1 __attribute__((__copy__(original)));
+int copy1 (int *p, int *q)
+{
+ *p = 43;
+ return *q;
+}
+
+/* Another copy - should also have no_sanitize_address */
+__typeof(original) copy2 __attribute__((__copy__(original)));
+int copy2 (int *p, int *q)
+{
+ *p = 44;
+ return *q;
+}
+
+/* Copy from a copy - should still have no_sanitize_address */
+__typeof(copy1) copy_of_copy __attribute__((__copy__(copy1)));
+int copy_of_copy (int *p, int *q)
+{
+ *p = 45;
+ return *q;
+}
+
+int separate_decl (void);
+__attribute__((noinline)) int separate_decl (void);
+
+__attribute__((__copy__(separate_decl), no_sanitize_address))
+int copy_and_annotated_alias (int *p, int *q)
+{
+ *p = 42;
+ return *q;
+}
+
+__attribute__((__copy__(separate_decl), no_sanitize("address")))
+int copy_and_annotated_string (int *p, int *q)
+{
+ *p = 42;
+ return *q;
+}
+
+/* Since ALL functions have no_sanitize_address (either directly or copied),
+ there should be NO ASAN instrumentation calls in the entire file. */
+/* { dg-final { scan-assembler-not "__asan_report_store" } } */
+/* { dg-final { scan-assembler-not "__asan_report_load" } } */
diff --git a/gcc/testsuite/gcc.dg/pr113264.c b/gcc/testsuite/gcc.dg/pr113264.c
new file mode 100644
index 000000000000..2a49965e26fd
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr113264.c
@@ -0,0 +1,107 @@
+/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
+ Test that the copy attribute correctly handles sanitizer attributes
+ which store their arguments as INTEGER_CST values rather than TREE_LIST.
+ { dg-do compile }
+ { dg-options "-O2" } */
+
+/* Test copying no_sanitize_address attribute. */
+__attribute__((no_sanitize_address)) void f1 (void);
+__typeof(f1) f1_copy __attribute__((__copy__(f1)));
+
+/* Test copying no_sanitize_thread attribute. */
+__attribute__((no_sanitize_thread)) void f2 (void);
+__typeof(f2) f2_copy __attribute__((__copy__(f2)));
+
+/* Test copying no_sanitize_undefined attribute. */
+__attribute__((no_sanitize_undefined)) void f3 (void);
+__typeof(f3) f3_copy __attribute__((__copy__(f3)));
+
+/* Test copying no_sanitize_coverage attribute. */
+__attribute__((no_sanitize_coverage)) void f4 (void);
+__typeof(f4) f4_copy __attribute__((__copy__(f4)));
+
+/* Test copying no_sanitize attribute with string arguments. */
+__attribute__((no_sanitize("address"))) void f5 (void);
+__typeof(f5) f5_copy __attribute__((__copy__(f5)));
+
+__attribute__((no_sanitize("thread"))) void f6 (void);
+__typeof(f6) f6_copy __attribute__((__copy__(f6)));
+
+__attribute__((no_sanitize("undefined"))) void f7 (void);
+__typeof(f7) f7_copy __attribute__((__copy__(f7)));
+
+/* Test copying multiple sanitizer flags. */
+__attribute__((no_sanitize("address", "thread"))) void f8 (void);
+__typeof(f8) f8_copy __attribute__((__copy__(f8)));
+
+/* Test the original bug report case. This may trigger a warning
+ about conflicting with a built-in function name. */
+__attribute__((no_sanitize_address)) void h (void);
+__typeof(h) tanhf64 __attribute__((__copy__(h)));
+/* { dg-warning "conflicting types for built-in function" "" { target *-*-* } .-1 } */
+
+/* Test copying from a function pointer variable - this should trigger a warning. */
+__attribute__((no_sanitize_address)) void f9 (void);
+void (*f9_ptr)(void) = f9; /* { dg-message "symbol 'f9_ptr' referenced" } */
+__typeof(f9) f9_ptr_copy __attribute__((__copy__(*f9_ptr))); /* { dg-warning "'copy' attribute ignored" } */
+
+/* Test with actual function definitions to ensure attributes are properly applied. */
+__attribute__((no_sanitize_address))
+void actual_func (int *p)
+{
+ *p = 100;
+}
+
+__typeof(actual_func) actual_func_copy __attribute__((__copy__(actual_func)));
+
+void actual_func_copy (int *p)
+{
+ *p = 200;
+}
+
+/* Test copying sanitizer attributes along with other attributes. */
+__attribute__((no_sanitize_address, noinline, cold))
+void multi_attr (void);
+
+__typeof(multi_attr) multi_attr_copy __attribute__((__copy__(multi_attr)));
+
+/* Verify that the copy attribute works with function declarations that
+ have sanitizer attributes applied via separate declarations. */
+void separate_decl (void);
+__attribute__((no_sanitize_address)) void separate_decl (void);
+__typeof(separate_decl) separate_decl_copy __attribute__((__copy__(separate_decl)));
+
+/* Test combining copy attribute with additional no_sanitize attributes.
+ The copied function should have both the original no_sanitize_address
+ and the new no_sanitize flags. */
+__attribute__((no_sanitize_address))
+int combined_original (int *p, int *q)
+{
+ *p = 42;
+ return *q;
+}
+
+/* Copy the no_sanitize_address attribute and add no_sanitize for alignment. */
+__typeof(combined_original) combined_copy1 __attribute__((__copy__(combined_original), no_sanitize("alignment")));
+
+/* Test with multiple no_sanitize attributes on original. */
+__attribute__((no_sanitize("address", "undefined")))
+int combined_original2 (int *p, int *q)
+{
+ *p = 44;
+ return *q;
+}
+
+/* Copy existing sanitizer attributes and add more. */
+__typeof(combined_original2) combined_copy2 __attribute__((__copy__(combined_original2), no_sanitize("alignment")));
+
+/* Test with no_sanitize_undefined on original. */
+__attribute__((no_sanitize_undefined))
+int combined_original3 (int *p, int *q)
+{
+ *p = 46;
+ return *q;
+}
+
+/* Copy and add no_sanitize_address - combining different sanitizer attributes. */
+__typeof(combined_original3) combined_copy3 __attribute__((__copy__(combined_original3), no_sanitize_address));
diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
index 1e3a94ed9493..e629601579ef 100644
--- a/gcc/c-family/c-attribs.cc
+++ b/gcc/c-family/c-attribs.cc
@@ -1425,20 +1425,27 @@ add_no_sanitize_value (tree node, sanitize_code_type flags)
tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (node));
if (attr)
{
- sanitize_code_type old_value =
- tree_to_sanitize_code_type (TREE_VALUE (attr));
+ /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
+ tree attr_args = TREE_VALUE (attr);
+ gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
+ sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
+
flags |= old_value;
if (flags == old_value)
return;
- TREE_VALUE (attr) = build_int_cst (uint64_type_node, flags);
+ tree new_value = build_tree_list (NULL_TREE,
+ build_int_cst (uint64_type_node, flags));
+ TREE_VALUE (attr) = new_value;
}
else
- DECL_ATTRIBUTES (node)
- = tree_cons (get_identifier ("no_sanitize"),
- build_int_cst (uint64_type_node, flags),
- DECL_ATTRIBUTES (node));
+ {
+ tree attr_value = build_tree_list (NULL_TREE,
+ build_int_cst (uint64_type_node, flags));
+ DECL_ATTRIBUTES (node) = tree_cons (get_identifier ("no_sanitize"), attr_value,
+ DECL_ATTRIBUTES (node));
+ }
}
/* Handle a "no_sanitize" attribute; arguments as in
@@ -1456,17 +1463,29 @@ handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
return NULL_TREE;
}
- for (; args; args = TREE_CHAIN (args))
+ /* Handle both original string arguments and copied attributes that
+ have already been processed into INTEGER_CST wrapped in TREE_LIST. */
+ if (args && TREE_CODE (args) == TREE_LIST
+ && TREE_VALUE (args) && TREE_CODE (TREE_VALUE (args)) == INTEGER_CST)
{
- tree id = TREE_VALUE (args);
- if (TREE_CODE (id) != STRING_CST)
+ /* This is a copied attribute with the flags already processed. */
+ flags = tree_to_sanitize_code_type (TREE_VALUE (args));
+ }
+ else
+ {
+ /* Process original string arguments. */
+ for (; args; args = TREE_CHAIN (args))
{
- error ("%qE argument not a string", name);
- return NULL_TREE;
- }
+ tree id = TREE_VALUE (args);
+ if (TREE_CODE (id) != STRING_CST)
+ {
+ error ("%qE argument not a string", name);
+ return NULL_TREE;
+ }
- char *string = ASTRDUP (TREE_STRING_POINTER (id));
- flags |= parse_no_sanitize_attribute (string);
+ char *string = ASTRDUP (TREE_STRING_POINTER (id));
+ flags |= parse_no_sanitize_attribute (string);
+ }
}
add_no_sanitize_value (*node, flags);
diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
index 53aea5e2e904..342702b05acb 100644
--- a/gcc/d/d-attribs.cc
+++ b/gcc/d/d-attribs.cc
@@ -1424,17 +1424,26 @@ d_handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
merge existing flags if no_sanitize was previously handled. */
if (tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (*node)))
{
- sanitize_code_type old_value =
- tree_to_sanitize_code_type (TREE_VALUE (attr));
+ /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
+ tree attr_args = TREE_VALUE (attr);
+ gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
+ sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
+
flags |= old_value;
if (flags != old_value)
- TREE_VALUE (attr) = build_int_cst (d_ulong_type, flags);
+ {
+ tree new_value = build_tree_list (NULL_TREE,
+ build_int_cst (d_ulong_type, flags));
+ TREE_VALUE (attr) = new_value;
+ }
}
else
{
+ tree attr_value = build_tree_list (NULL_TREE,
+ build_int_cst (d_ulong_type, flags));
DECL_ATTRIBUTES (*node) = tree_cons (get_identifier ("no_sanitize"),
- build_int_cst (d_ulong_type, flags),
+ attr_value,
DECL_ATTRIBUTES (*node));
}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
2025-09-04 17:43 [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264] Kees Cook
@ 2026-02-06 8:05 ` Andrew Pinski
2026-02-06 18:16 ` Kees Cook
2026-02-09 8:28 ` Andrew Pinski
1 sibling, 1 reply; 6+ messages in thread
From: Andrew Pinski @ 2026-02-06 8:05 UTC (permalink / raw)
To: Kees Cook
Cc: Indu Bhagat, Claudiu Zissulescu, Qing Zhao, gcc-patches,
linux-hardening
On Thu, Sep 4, 2025 at 10:43 AM Kees Cook <kees@kernel.org> wrote:
>
> The __attribute__((__copy__)) functionality was crashing when copying
> sanitizer-related attributes because these attributes violated the standard
> GCC attribute infrastructure by storing INTEGER_CST values directly instead
> of wrapping them in TREE_LIST like all other attributes.
I am going to review this over the weekend. I see it was not reviewed yet.
>
> Wrap sanitizer attributes INTEGER_CST values in TREE_LIST structures
> to follow the same pattern as other attributes. This eliminates the
> copy_list() crashes when copying sanitizer attributes:
>
> test.c:4:1: internal compiler error: tree check: expected tree that contains ‘common’ structure, have ‘integer_cst’ in copy_list, at tree.cc:1427
> 4 | __attribute__((__copy__(__tanh)));
> | ^~~~~~~~~~~~~
> 0x859d06 tree_contains_struct_check_failed(tree_node const*, tree_node_structure_enum, char const*, int, char const*)
> ../../gcc/gcc/tree.cc:9126
> 0x860f78 contains_struct_check(tree_node*, tree_node_structure_enum, char const*, int, char const*)
> ../../gcc/gcc/tree.h:3748
> 0x860f78 copy_list(tree_node*)
> ../../gcc/gcc/tree.cc:1427
> 0xa755a5 handle_copy_attribute
> ../../gcc/gcc/c-family/c-attribs.cc:3077
>
> gcc/c-family/ChangeLog:
>
> PR c/113264
> * c-attribs.cc (add_no_sanitize_value): Store INTEGER_CST values
> wrapped in TREE_LIST following standard attribute conventions.
> (handle_no_sanitize_attribute): Handle both original string
> arguments and copied INTEGER_CST values from TREE_LIST format.
>
> gcc/ChangeLog:
>
> PR c/113264
> * asan.h (sanitize_flags_p): Extract sanitizer flags from
> TREE_LIST wrapper instead of directly from INTEGER_CST.
>
> gcc/d/ChangeLog:
>
> PR c/113264
> * d-attribs.cc (d_handle_no_sanitize_attribute): Store INTEGER_CST
> values wrapped in TREE_LIST following standard conventions.
>
> gcc/testsuite/ChangeLog:
>
> PR c/113264
> * gcc.dg/pr113264.c: New test.
> * gcc.dg/pr113264-asan-no-instrumentation.c: New test validating
> that copied sanitizer attributes prevent ASAN instrumentation.
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> Cc: Indu Bhagat <indu.bhagat@oracle.com>
> Cc: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
> Cc: Qing Zhao <qing.zhao@oracle.com>
> Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
> ---
> gcc/asan.h | 8 +-
> .../gcc.dg/pr113264-asan-no-instrumentation.c | 60 ++++++++++
> gcc/testsuite/gcc.dg/pr113264.c | 107 ++++++++++++++++++
> gcc/c-family/c-attribs.cc | 49 +++++---
> gcc/d/d-attribs.cc | 17 ++-
> 5 files changed, 221 insertions(+), 20 deletions(-)
> create mode 100644 gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> create mode 100644 gcc/testsuite/gcc.dg/pr113264.c
>
> diff --git a/gcc/asan.h b/gcc/asan.h
> index a24562f67a29..f5dc3d7ceb8d 100644
> --- a/gcc/asan.h
> +++ b/gcc/asan.h
> @@ -253,7 +253,13 @@ sanitize_flags_p (sanitize_code_type flag,
> {
> tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
> if (value)
> - result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
> + {
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (value);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type no_sanitize_flags = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> + result_flags &= ~no_sanitize_flags;
> + }
> }
>
> return result_flags;
> diff --git a/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> new file mode 100644
> index 000000000000..812c67c33086
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> @@ -0,0 +1,60 @@
> +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> + Test that copied no_sanitize_address attributes prevent ALL ASAN instrumentation.
> + This file should have NO ASAN calls since all functions have the attribute.
> + { dg-do compile }
> + { dg-options "-fsanitize=address" }
> + { dg-skip-if "no address sanitizer" { no_fsanitize_address } } */
> +
> +/* Original function with no_sanitize_address */
> +__attribute__((no_sanitize_address))
> +int original (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Copy the attribute - should also have no_sanitize_address */
> +__typeof(original) copy1 __attribute__((__copy__(original)));
> +int copy1 (int *p, int *q)
> +{
> + *p = 43;
> + return *q;
> +}
> +
> +/* Another copy - should also have no_sanitize_address */
> +__typeof(original) copy2 __attribute__((__copy__(original)));
> +int copy2 (int *p, int *q)
> +{
> + *p = 44;
> + return *q;
> +}
> +
> +/* Copy from a copy - should still have no_sanitize_address */
> +__typeof(copy1) copy_of_copy __attribute__((__copy__(copy1)));
> +int copy_of_copy (int *p, int *q)
> +{
> + *p = 45;
> + return *q;
> +}
> +
> +int separate_decl (void);
> +__attribute__((noinline)) int separate_decl (void);
> +
> +__attribute__((__copy__(separate_decl), no_sanitize_address))
> +int copy_and_annotated_alias (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +__attribute__((__copy__(separate_decl), no_sanitize("address")))
> +int copy_and_annotated_string (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Since ALL functions have no_sanitize_address (either directly or copied),
> + there should be NO ASAN instrumentation calls in the entire file. */
> +/* { dg-final { scan-assembler-not "__asan_report_store" } } */
> +/* { dg-final { scan-assembler-not "__asan_report_load" } } */
> diff --git a/gcc/testsuite/gcc.dg/pr113264.c b/gcc/testsuite/gcc.dg/pr113264.c
> new file mode 100644
> index 000000000000..2a49965e26fd
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/pr113264.c
> @@ -0,0 +1,107 @@
> +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> + Test that the copy attribute correctly handles sanitizer attributes
> + which store their arguments as INTEGER_CST values rather than TREE_LIST.
> + { dg-do compile }
> + { dg-options "-O2" } */
> +
> +/* Test copying no_sanitize_address attribute. */
> +__attribute__((no_sanitize_address)) void f1 (void);
> +__typeof(f1) f1_copy __attribute__((__copy__(f1)));
> +
> +/* Test copying no_sanitize_thread attribute. */
> +__attribute__((no_sanitize_thread)) void f2 (void);
> +__typeof(f2) f2_copy __attribute__((__copy__(f2)));
> +
> +/* Test copying no_sanitize_undefined attribute. */
> +__attribute__((no_sanitize_undefined)) void f3 (void);
> +__typeof(f3) f3_copy __attribute__((__copy__(f3)));
> +
> +/* Test copying no_sanitize_coverage attribute. */
> +__attribute__((no_sanitize_coverage)) void f4 (void);
> +__typeof(f4) f4_copy __attribute__((__copy__(f4)));
> +
> +/* Test copying no_sanitize attribute with string arguments. */
> +__attribute__((no_sanitize("address"))) void f5 (void);
> +__typeof(f5) f5_copy __attribute__((__copy__(f5)));
> +
> +__attribute__((no_sanitize("thread"))) void f6 (void);
> +__typeof(f6) f6_copy __attribute__((__copy__(f6)));
> +
> +__attribute__((no_sanitize("undefined"))) void f7 (void);
> +__typeof(f7) f7_copy __attribute__((__copy__(f7)));
> +
> +/* Test copying multiple sanitizer flags. */
> +__attribute__((no_sanitize("address", "thread"))) void f8 (void);
> +__typeof(f8) f8_copy __attribute__((__copy__(f8)));
> +
> +/* Test the original bug report case. This may trigger a warning
> + about conflicting with a built-in function name. */
> +__attribute__((no_sanitize_address)) void h (void);
> +__typeof(h) tanhf64 __attribute__((__copy__(h)));
> +/* { dg-warning "conflicting types for built-in function" "" { target *-*-* } .-1 } */
> +
> +/* Test copying from a function pointer variable - this should trigger a warning. */
> +__attribute__((no_sanitize_address)) void f9 (void);
> +void (*f9_ptr)(void) = f9; /* { dg-message "symbol 'f9_ptr' referenced" } */
> +__typeof(f9) f9_ptr_copy __attribute__((__copy__(*f9_ptr))); /* { dg-warning "'copy' attribute ignored" } */
> +
> +/* Test with actual function definitions to ensure attributes are properly applied. */
> +__attribute__((no_sanitize_address))
> +void actual_func (int *p)
> +{
> + *p = 100;
> +}
> +
> +__typeof(actual_func) actual_func_copy __attribute__((__copy__(actual_func)));
> +
> +void actual_func_copy (int *p)
> +{
> + *p = 200;
> +}
> +
> +/* Test copying sanitizer attributes along with other attributes. */
> +__attribute__((no_sanitize_address, noinline, cold))
> +void multi_attr (void);
> +
> +__typeof(multi_attr) multi_attr_copy __attribute__((__copy__(multi_attr)));
> +
> +/* Verify that the copy attribute works with function declarations that
> + have sanitizer attributes applied via separate declarations. */
> +void separate_decl (void);
> +__attribute__((no_sanitize_address)) void separate_decl (void);
> +__typeof(separate_decl) separate_decl_copy __attribute__((__copy__(separate_decl)));
> +
> +/* Test combining copy attribute with additional no_sanitize attributes.
> + The copied function should have both the original no_sanitize_address
> + and the new no_sanitize flags. */
> +__attribute__((no_sanitize_address))
> +int combined_original (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Copy the no_sanitize_address attribute and add no_sanitize for alignment. */
> +__typeof(combined_original) combined_copy1 __attribute__((__copy__(combined_original), no_sanitize("alignment")));
> +
> +/* Test with multiple no_sanitize attributes on original. */
> +__attribute__((no_sanitize("address", "undefined")))
> +int combined_original2 (int *p, int *q)
> +{
> + *p = 44;
> + return *q;
> +}
> +
> +/* Copy existing sanitizer attributes and add more. */
> +__typeof(combined_original2) combined_copy2 __attribute__((__copy__(combined_original2), no_sanitize("alignment")));
> +
> +/* Test with no_sanitize_undefined on original. */
> +__attribute__((no_sanitize_undefined))
> +int combined_original3 (int *p, int *q)
> +{
> + *p = 46;
> + return *q;
> +}
> +
> +/* Copy and add no_sanitize_address - combining different sanitizer attributes. */
> +__typeof(combined_original3) combined_copy3 __attribute__((__copy__(combined_original3), no_sanitize_address));
> diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
> index 1e3a94ed9493..e629601579ef 100644
> --- a/gcc/c-family/c-attribs.cc
> +++ b/gcc/c-family/c-attribs.cc
> @@ -1425,20 +1425,27 @@ add_no_sanitize_value (tree node, sanitize_code_type flags)
> tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (node));
> if (attr)
> {
> - sanitize_code_type old_value =
> - tree_to_sanitize_code_type (TREE_VALUE (attr));
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (attr);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> +
> flags |= old_value;
>
> if (flags == old_value)
> return;
>
> - TREE_VALUE (attr) = build_int_cst (uint64_type_node, flags);
> + tree new_value = build_tree_list (NULL_TREE,
> + build_int_cst (uint64_type_node, flags));
> + TREE_VALUE (attr) = new_value;
> }
> else
> - DECL_ATTRIBUTES (node)
> - = tree_cons (get_identifier ("no_sanitize"),
> - build_int_cst (uint64_type_node, flags),
> - DECL_ATTRIBUTES (node));
> + {
> + tree attr_value = build_tree_list (NULL_TREE,
> + build_int_cst (uint64_type_node, flags));
> + DECL_ATTRIBUTES (node) = tree_cons (get_identifier ("no_sanitize"), attr_value,
> + DECL_ATTRIBUTES (node));
> + }
> }
>
> /* Handle a "no_sanitize" attribute; arguments as in
> @@ -1456,17 +1463,29 @@ handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> return NULL_TREE;
> }
>
> - for (; args; args = TREE_CHAIN (args))
> + /* Handle both original string arguments and copied attributes that
> + have already been processed into INTEGER_CST wrapped in TREE_LIST. */
> + if (args && TREE_CODE (args) == TREE_LIST
> + && TREE_VALUE (args) && TREE_CODE (TREE_VALUE (args)) == INTEGER_CST)
> {
> - tree id = TREE_VALUE (args);
> - if (TREE_CODE (id) != STRING_CST)
> + /* This is a copied attribute with the flags already processed. */
> + flags = tree_to_sanitize_code_type (TREE_VALUE (args));
> + }
> + else
> + {
> + /* Process original string arguments. */
> + for (; args; args = TREE_CHAIN (args))
> {
> - error ("%qE argument not a string", name);
> - return NULL_TREE;
> - }
> + tree id = TREE_VALUE (args);
> + if (TREE_CODE (id) != STRING_CST)
> + {
> + error ("%qE argument not a string", name);
> + return NULL_TREE;
> + }
>
> - char *string = ASTRDUP (TREE_STRING_POINTER (id));
> - flags |= parse_no_sanitize_attribute (string);
> + char *string = ASTRDUP (TREE_STRING_POINTER (id));
> + flags |= parse_no_sanitize_attribute (string);
> + }
> }
>
> add_no_sanitize_value (*node, flags);
> diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> index 53aea5e2e904..342702b05acb 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -1424,17 +1424,26 @@ d_handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> merge existing flags if no_sanitize was previously handled. */
> if (tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (*node)))
> {
> - sanitize_code_type old_value =
> - tree_to_sanitize_code_type (TREE_VALUE (attr));
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (attr);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> +
> flags |= old_value;
>
> if (flags != old_value)
> - TREE_VALUE (attr) = build_int_cst (d_ulong_type, flags);
> + {
> + tree new_value = build_tree_list (NULL_TREE,
> + build_int_cst (d_ulong_type, flags));
> + TREE_VALUE (attr) = new_value;
> + }
> }
> else
> {
> + tree attr_value = build_tree_list (NULL_TREE,
> + build_int_cst (d_ulong_type, flags));
> DECL_ATTRIBUTES (*node) = tree_cons (get_identifier ("no_sanitize"),
> - build_int_cst (d_ulong_type, flags),
> + attr_value,
> DECL_ATTRIBUTES (*node));
> }
>
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
2026-02-06 8:05 ` Andrew Pinski
@ 2026-02-06 18:16 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2026-02-06 18:16 UTC (permalink / raw)
To: Andrew Pinski
Cc: Indu Bhagat, Claudiu Zissulescu, Qing Zhao, gcc-patches,
linux-hardening
On Fri, Feb 06, 2026 at 12:05:04AM -0800, Andrew Pinski wrote:
> On Thu, Sep 4, 2025 at 10:43 AM Kees Cook <kees@kernel.org> wrote:
> >
> > The __attribute__((__copy__)) functionality was crashing when copying
> > sanitizer-related attributes because these attributes violated the standard
> > GCC attribute infrastructure by storing INTEGER_CST values directly instead
> > of wrapping them in TREE_LIST like all other attributes.
>
> I am going to review this over the weekend. I see it was not reviewed yet.
Thanks! I'd love to get this landed (I don't have commit access).
--
Kees Cook
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
2025-09-04 17:43 [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264] Kees Cook
2026-02-06 8:05 ` Andrew Pinski
@ 2026-02-09 8:28 ` Andrew Pinski
2026-02-09 11:47 ` 答复: " hanwei (K)
2026-02-10 2:34 ` Andrew Pinski
1 sibling, 2 replies; 6+ messages in thread
From: Andrew Pinski @ 2026-02-09 8:28 UTC (permalink / raw)
To: Kees Cook
Cc: Indu Bhagat, Claudiu Zissulescu, Qing Zhao, gcc-patches,
linux-hardening
On Thu, Sep 4, 2025 at 10:43 AM Kees Cook <kees@kernel.org> wrote:
>
> The __attribute__((__copy__)) functionality was crashing when copying
> sanitizer-related attributes because these attributes violated the standard
> GCC attribute infrastructure by storing INTEGER_CST values directly instead
> of wrapping them in TREE_LIST like all other attributes.
>
> Wrap sanitizer attributes INTEGER_CST values in TREE_LIST structures
> to follow the same pattern as other attributes. This eliminates the
> copy_list() crashes when copying sanitizer attributes:
>
> test.c:4:1: internal compiler error: tree check: expected tree that contains ‘common’ structure, have ‘integer_cst’ in copy_list, at tree.cc:1427
> 4 | __attribute__((__copy__(__tanh)));
> | ^~~~~~~~~~~~~
> 0x859d06 tree_contains_struct_check_failed(tree_node const*, tree_node_structure_enum, char const*, int, char const*)
> ../../gcc/gcc/tree.cc:9126
> 0x860f78 contains_struct_check(tree_node*, tree_node_structure_enum, char const*, int, char const*)
> ../../gcc/gcc/tree.h:3748
> 0x860f78 copy_list(tree_node*)
> ../../gcc/gcc/tree.cc:1427
> 0xa755a5 handle_copy_attribute
> ../../gcc/gcc/c-family/c-attribs.cc:3077
I am not a fan of the wrapping because it increases the memory usage
slightly but it is required since the rest of the attributes code
requires TREE_LIST here.
So Ok. I will do final testing either Monday or Tuesday and push it after that.
Thanks,
Andrew
>
> gcc/c-family/ChangeLog:
>
> PR c/113264
> * c-attribs.cc (add_no_sanitize_value): Store INTEGER_CST values
> wrapped in TREE_LIST following standard attribute conventions.
> (handle_no_sanitize_attribute): Handle both original string
> arguments and copied INTEGER_CST values from TREE_LIST format.
>
> gcc/ChangeLog:
>
> PR c/113264
> * asan.h (sanitize_flags_p): Extract sanitizer flags from
> TREE_LIST wrapper instead of directly from INTEGER_CST.
>
> gcc/d/ChangeLog:
>
> PR c/113264
> * d-attribs.cc (d_handle_no_sanitize_attribute): Store INTEGER_CST
> values wrapped in TREE_LIST following standard conventions.
>
> gcc/testsuite/ChangeLog:
>
> PR c/113264
> * gcc.dg/pr113264.c: New test.
> * gcc.dg/pr113264-asan-no-instrumentation.c: New test validating
> that copied sanitizer attributes prevent ASAN instrumentation.
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> Cc: Indu Bhagat <indu.bhagat@oracle.com>
> Cc: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
> Cc: Qing Zhao <qing.zhao@oracle.com>
> Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
> ---
> gcc/asan.h | 8 +-
> .../gcc.dg/pr113264-asan-no-instrumentation.c | 60 ++++++++++
> gcc/testsuite/gcc.dg/pr113264.c | 107 ++++++++++++++++++
> gcc/c-family/c-attribs.cc | 49 +++++---
> gcc/d/d-attribs.cc | 17 ++-
> 5 files changed, 221 insertions(+), 20 deletions(-)
> create mode 100644 gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> create mode 100644 gcc/testsuite/gcc.dg/pr113264.c
>
> diff --git a/gcc/asan.h b/gcc/asan.h
> index a24562f67a29..f5dc3d7ceb8d 100644
> --- a/gcc/asan.h
> +++ b/gcc/asan.h
> @@ -253,7 +253,13 @@ sanitize_flags_p (sanitize_code_type flag,
> {
> tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
> if (value)
> - result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
> + {
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (value);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type no_sanitize_flags = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> + result_flags &= ~no_sanitize_flags;
> + }
> }
>
> return result_flags;
> diff --git a/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> new file mode 100644
> index 000000000000..812c67c33086
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> @@ -0,0 +1,60 @@
> +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> + Test that copied no_sanitize_address attributes prevent ALL ASAN instrumentation.
> + This file should have NO ASAN calls since all functions have the attribute.
> + { dg-do compile }
> + { dg-options "-fsanitize=address" }
> + { dg-skip-if "no address sanitizer" { no_fsanitize_address } } */
> +
> +/* Original function with no_sanitize_address */
> +__attribute__((no_sanitize_address))
> +int original (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Copy the attribute - should also have no_sanitize_address */
> +__typeof(original) copy1 __attribute__((__copy__(original)));
> +int copy1 (int *p, int *q)
> +{
> + *p = 43;
> + return *q;
> +}
> +
> +/* Another copy - should also have no_sanitize_address */
> +__typeof(original) copy2 __attribute__((__copy__(original)));
> +int copy2 (int *p, int *q)
> +{
> + *p = 44;
> + return *q;
> +}
> +
> +/* Copy from a copy - should still have no_sanitize_address */
> +__typeof(copy1) copy_of_copy __attribute__((__copy__(copy1)));
> +int copy_of_copy (int *p, int *q)
> +{
> + *p = 45;
> + return *q;
> +}
> +
> +int separate_decl (void);
> +__attribute__((noinline)) int separate_decl (void);
> +
> +__attribute__((__copy__(separate_decl), no_sanitize_address))
> +int copy_and_annotated_alias (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +__attribute__((__copy__(separate_decl), no_sanitize("address")))
> +int copy_and_annotated_string (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Since ALL functions have no_sanitize_address (either directly or copied),
> + there should be NO ASAN instrumentation calls in the entire file. */
> +/* { dg-final { scan-assembler-not "__asan_report_store" } } */
> +/* { dg-final { scan-assembler-not "__asan_report_load" } } */
> diff --git a/gcc/testsuite/gcc.dg/pr113264.c b/gcc/testsuite/gcc.dg/pr113264.c
> new file mode 100644
> index 000000000000..2a49965e26fd
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/pr113264.c
> @@ -0,0 +1,107 @@
> +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> + Test that the copy attribute correctly handles sanitizer attributes
> + which store their arguments as INTEGER_CST values rather than TREE_LIST.
> + { dg-do compile }
> + { dg-options "-O2" } */
> +
> +/* Test copying no_sanitize_address attribute. */
> +__attribute__((no_sanitize_address)) void f1 (void);
> +__typeof(f1) f1_copy __attribute__((__copy__(f1)));
> +
> +/* Test copying no_sanitize_thread attribute. */
> +__attribute__((no_sanitize_thread)) void f2 (void);
> +__typeof(f2) f2_copy __attribute__((__copy__(f2)));
> +
> +/* Test copying no_sanitize_undefined attribute. */
> +__attribute__((no_sanitize_undefined)) void f3 (void);
> +__typeof(f3) f3_copy __attribute__((__copy__(f3)));
> +
> +/* Test copying no_sanitize_coverage attribute. */
> +__attribute__((no_sanitize_coverage)) void f4 (void);
> +__typeof(f4) f4_copy __attribute__((__copy__(f4)));
> +
> +/* Test copying no_sanitize attribute with string arguments. */
> +__attribute__((no_sanitize("address"))) void f5 (void);
> +__typeof(f5) f5_copy __attribute__((__copy__(f5)));
> +
> +__attribute__((no_sanitize("thread"))) void f6 (void);
> +__typeof(f6) f6_copy __attribute__((__copy__(f6)));
> +
> +__attribute__((no_sanitize("undefined"))) void f7 (void);
> +__typeof(f7) f7_copy __attribute__((__copy__(f7)));
> +
> +/* Test copying multiple sanitizer flags. */
> +__attribute__((no_sanitize("address", "thread"))) void f8 (void);
> +__typeof(f8) f8_copy __attribute__((__copy__(f8)));
> +
> +/* Test the original bug report case. This may trigger a warning
> + about conflicting with a built-in function name. */
> +__attribute__((no_sanitize_address)) void h (void);
> +__typeof(h) tanhf64 __attribute__((__copy__(h)));
> +/* { dg-warning "conflicting types for built-in function" "" { target *-*-* } .-1 } */
> +
> +/* Test copying from a function pointer variable - this should trigger a warning. */
> +__attribute__((no_sanitize_address)) void f9 (void);
> +void (*f9_ptr)(void) = f9; /* { dg-message "symbol 'f9_ptr' referenced" } */
> +__typeof(f9) f9_ptr_copy __attribute__((__copy__(*f9_ptr))); /* { dg-warning "'copy' attribute ignored" } */
> +
> +/* Test with actual function definitions to ensure attributes are properly applied. */
> +__attribute__((no_sanitize_address))
> +void actual_func (int *p)
> +{
> + *p = 100;
> +}
> +
> +__typeof(actual_func) actual_func_copy __attribute__((__copy__(actual_func)));
> +
> +void actual_func_copy (int *p)
> +{
> + *p = 200;
> +}
> +
> +/* Test copying sanitizer attributes along with other attributes. */
> +__attribute__((no_sanitize_address, noinline, cold))
> +void multi_attr (void);
> +
> +__typeof(multi_attr) multi_attr_copy __attribute__((__copy__(multi_attr)));
> +
> +/* Verify that the copy attribute works with function declarations that
> + have sanitizer attributes applied via separate declarations. */
> +void separate_decl (void);
> +__attribute__((no_sanitize_address)) void separate_decl (void);
> +__typeof(separate_decl) separate_decl_copy __attribute__((__copy__(separate_decl)));
> +
> +/* Test combining copy attribute with additional no_sanitize attributes.
> + The copied function should have both the original no_sanitize_address
> + and the new no_sanitize flags. */
> +__attribute__((no_sanitize_address))
> +int combined_original (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Copy the no_sanitize_address attribute and add no_sanitize for alignment. */
> +__typeof(combined_original) combined_copy1 __attribute__((__copy__(combined_original), no_sanitize("alignment")));
> +
> +/* Test with multiple no_sanitize attributes on original. */
> +__attribute__((no_sanitize("address", "undefined")))
> +int combined_original2 (int *p, int *q)
> +{
> + *p = 44;
> + return *q;
> +}
> +
> +/* Copy existing sanitizer attributes and add more. */
> +__typeof(combined_original2) combined_copy2 __attribute__((__copy__(combined_original2), no_sanitize("alignment")));
> +
> +/* Test with no_sanitize_undefined on original. */
> +__attribute__((no_sanitize_undefined))
> +int combined_original3 (int *p, int *q)
> +{
> + *p = 46;
> + return *q;
> +}
> +
> +/* Copy and add no_sanitize_address - combining different sanitizer attributes. */
> +__typeof(combined_original3) combined_copy3 __attribute__((__copy__(combined_original3), no_sanitize_address));
> diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
> index 1e3a94ed9493..e629601579ef 100644
> --- a/gcc/c-family/c-attribs.cc
> +++ b/gcc/c-family/c-attribs.cc
> @@ -1425,20 +1425,27 @@ add_no_sanitize_value (tree node, sanitize_code_type flags)
> tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (node));
> if (attr)
> {
> - sanitize_code_type old_value =
> - tree_to_sanitize_code_type (TREE_VALUE (attr));
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (attr);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> +
> flags |= old_value;
>
> if (flags == old_value)
> return;
>
> - TREE_VALUE (attr) = build_int_cst (uint64_type_node, flags);
> + tree new_value = build_tree_list (NULL_TREE,
> + build_int_cst (uint64_type_node, flags));
> + TREE_VALUE (attr) = new_value;
> }
> else
> - DECL_ATTRIBUTES (node)
> - = tree_cons (get_identifier ("no_sanitize"),
> - build_int_cst (uint64_type_node, flags),
> - DECL_ATTRIBUTES (node));
> + {
> + tree attr_value = build_tree_list (NULL_TREE,
> + build_int_cst (uint64_type_node, flags));
> + DECL_ATTRIBUTES (node) = tree_cons (get_identifier ("no_sanitize"), attr_value,
> + DECL_ATTRIBUTES (node));
> + }
> }
>
> /* Handle a "no_sanitize" attribute; arguments as in
> @@ -1456,17 +1463,29 @@ handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> return NULL_TREE;
> }
>
> - for (; args; args = TREE_CHAIN (args))
> + /* Handle both original string arguments and copied attributes that
> + have already been processed into INTEGER_CST wrapped in TREE_LIST. */
> + if (args && TREE_CODE (args) == TREE_LIST
> + && TREE_VALUE (args) && TREE_CODE (TREE_VALUE (args)) == INTEGER_CST)
> {
> - tree id = TREE_VALUE (args);
> - if (TREE_CODE (id) != STRING_CST)
> + /* This is a copied attribute with the flags already processed. */
> + flags = tree_to_sanitize_code_type (TREE_VALUE (args));
> + }
> + else
> + {
> + /* Process original string arguments. */
> + for (; args; args = TREE_CHAIN (args))
> {
> - error ("%qE argument not a string", name);
> - return NULL_TREE;
> - }
> + tree id = TREE_VALUE (args);
> + if (TREE_CODE (id) != STRING_CST)
> + {
> + error ("%qE argument not a string", name);
> + return NULL_TREE;
> + }
>
> - char *string = ASTRDUP (TREE_STRING_POINTER (id));
> - flags |= parse_no_sanitize_attribute (string);
> + char *string = ASTRDUP (TREE_STRING_POINTER (id));
> + flags |= parse_no_sanitize_attribute (string);
> + }
> }
>
> add_no_sanitize_value (*node, flags);
> diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> index 53aea5e2e904..342702b05acb 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -1424,17 +1424,26 @@ d_handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> merge existing flags if no_sanitize was previously handled. */
> if (tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (*node)))
> {
> - sanitize_code_type old_value =
> - tree_to_sanitize_code_type (TREE_VALUE (attr));
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (attr);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> +
> flags |= old_value;
>
> if (flags != old_value)
> - TREE_VALUE (attr) = build_int_cst (d_ulong_type, flags);
> + {
> + tree new_value = build_tree_list (NULL_TREE,
> + build_int_cst (d_ulong_type, flags));
> + TREE_VALUE (attr) = new_value;
> + }
> }
> else
> {
> + tree attr_value = build_tree_list (NULL_TREE,
> + build_int_cst (d_ulong_type, flags));
> DECL_ATTRIBUTES (*node) = tree_cons (get_identifier ("no_sanitize"),
> - build_int_cst (d_ulong_type, flags),
> + attr_value,
> DECL_ATTRIBUTES (*node));
> }
>
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* 答复: [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
2026-02-09 8:28 ` Andrew Pinski
@ 2026-02-09 11:47 ` hanwei (K)
2026-02-10 2:34 ` Andrew Pinski
1 sibling, 0 replies; 6+ messages in thread
From: hanwei (K) @ 2026-02-09 11:47 UTC (permalink / raw)
To: Andrew Pinski, Kees Cook
Cc: Indu Bhagat, Claudiu Zissulescu, Qing Zhao,
gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Some code style advice below can be fix:
Lines should not exceed 80 characters.
14:+ sanitize_code_type no_sanitize_flags = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
33:+ sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
42:+ build_int_cst (uint64_type_node, flags));
52:+ build_int_cst (uint64_type_node, flags));
53:+ DECL_ATTRIBUTES (node) = tree_cons (get_identifier ("no_sanitize"), attr_value,
110:+ sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
118:+ build_int_cst (d_ulong_type, flags));
If this is trivial, please ignore it. I'm not familiar with gcc :)
-----邮件原件-----
发件人: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
发送时间: 2026年2月9日 16:28
收件人: Kees Cook <kees@kernel.org>
抄送: Indu Bhagat <indu.bhagat@oracle.com>; Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>; Qing Zhao <qing.zhao@oracle.com>; gcc-patches@gcc.gnu.org; linux-hardening@vger.kernel.org
主题: Re: [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
On Thu, Sep 4, 2025 at 10:43 AM Kees Cook <kees@kernel.org> wrote:
>
> The __attribute__((__copy__)) functionality was crashing when copying
> sanitizer-related attributes because these attributes violated the
> standard GCC attribute infrastructure by storing INTEGER_CST values
> directly instead of wrapping them in TREE_LIST like all other attributes.
>
> Wrap sanitizer attributes INTEGER_CST values in TREE_LIST structures
> to follow the same pattern as other attributes. This eliminates the
> copy_list() crashes when copying sanitizer attributes:
>
> test.c:4:1: internal compiler error: tree check: expected tree that contains ‘common’ structure, have ‘integer_cst’ in copy_list, at tree.cc:1427
> 4 | __attribute__((__copy__(__tanh)));
> | ^~~~~~~~~~~~~
> 0x859d06 tree_contains_struct_check_failed(tree_node const*, tree_node_structure_enum, char const*, int, char const*)
> ../../gcc/gcc/tree.cc:9126
> 0x860f78 contains_struct_check(tree_node*, tree_node_structure_enum, char const*, int, char const*)
> ../../gcc/gcc/tree.h:3748
> 0x860f78 copy_list(tree_node*)
> ../../gcc/gcc/tree.cc:1427
> 0xa755a5 handle_copy_attribute
> ../../gcc/gcc/c-family/c-attribs.cc:3077
I am not a fan of the wrapping because it increases the memory usage slightly but it is required since the rest of the attributes code requires TREE_LIST here.
So Ok. I will do final testing either Monday or Tuesday and push it after that.
Thanks,
Andrew
>
> gcc/c-family/ChangeLog:
>
> PR c/113264
> * c-attribs.cc (add_no_sanitize_value): Store INTEGER_CST values
> wrapped in TREE_LIST following standard attribute conventions.
> (handle_no_sanitize_attribute): Handle both original string
> arguments and copied INTEGER_CST values from TREE_LIST format.
>
> gcc/ChangeLog:
>
> PR c/113264
> * asan.h (sanitize_flags_p): Extract sanitizer flags from
> TREE_LIST wrapper instead of directly from INTEGER_CST.
>
> gcc/d/ChangeLog:
>
> PR c/113264
> * d-attribs.cc (d_handle_no_sanitize_attribute): Store INTEGER_CST
> values wrapped in TREE_LIST following standard conventions.
>
> gcc/testsuite/ChangeLog:
>
> PR c/113264
> * gcc.dg/pr113264.c: New test.
> * gcc.dg/pr113264-asan-no-instrumentation.c: New test validating
> that copied sanitizer attributes prevent ASAN instrumentation.
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> Cc: Indu Bhagat <indu.bhagat@oracle.com>
> Cc: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
> Cc: Qing Zhao <qing.zhao@oracle.com>
> Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
> ---
> gcc/asan.h | 8 +-
> .../gcc.dg/pr113264-asan-no-instrumentation.c | 60 ++++++++++
> gcc/testsuite/gcc.dg/pr113264.c | 107 ++++++++++++++++++
> gcc/c-family/c-attribs.cc | 49 +++++---
> gcc/d/d-attribs.cc | 17 ++-
> 5 files changed, 221 insertions(+), 20 deletions(-) create mode
> 100644 gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> create mode 100644 gcc/testsuite/gcc.dg/pr113264.c
>
> diff --git a/gcc/asan.h b/gcc/asan.h
> index a24562f67a29..f5dc3d7ceb8d 100644
> --- a/gcc/asan.h
> +++ b/gcc/asan.h
> @@ -253,7 +253,13 @@ sanitize_flags_p (sanitize_code_type flag,
> {
> tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
> if (value)
> - result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
> + {
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (value);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type no_sanitize_flags = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> + result_flags &= ~no_sanitize_flags;
> + }
> }
>
> return result_flags;
> diff --git a/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> new file mode 100644
> index 000000000000..812c67c33086
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> @@ -0,0 +1,60 @@
> +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> + Test that copied no_sanitize_address attributes prevent ALL ASAN instrumentation.
> + This file should have NO ASAN calls since all functions have the attribute.
> + { dg-do compile }
> + { dg-options "-fsanitize=address" }
> + { dg-skip-if "no address sanitizer" { no_fsanitize_address } } */
> +
> +/* Original function with no_sanitize_address */
> +__attribute__((no_sanitize_address))
> +int original (int *p, int *q)
> +{
> + *p = 42;
> + return *q;
> +}
> +
> +/* Copy the attribute - should also have no_sanitize_address */
> +__typeof(original) copy1 __attribute__((__copy__(original)));
> +int copy1 (int *p, int *q)
> +{
> + *p = 43;
> + return *q;
> +}
> +
> +/* Another copy - should also have no_sanitize_address */
> +__typeof(original) copy2 __attribute__((__copy__(original)));
> +int copy2 (int *p, int *q)
> +{
> + *p = 44;
> + return *q;
> +}
> +
> +/* Copy from a copy - should still have no_sanitize_address */
> +__typeof(copy1) copy_of_copy __attribute__((__copy__(copy1))); int
> +copy_of_copy (int *p, int *q) {
> + *p = 45;
> + return *q;
> +}
> +
> +int separate_decl (void);
> +__attribute__((noinline)) int separate_decl (void);
> +
> +__attribute__((__copy__(separate_decl), no_sanitize_address)) int
> +copy_and_annotated_alias (int *p, int *q) {
> + *p = 42;
> + return *q;
> +}
> +
> +__attribute__((__copy__(separate_decl), no_sanitize("address"))) int
> +copy_and_annotated_string (int *p, int *q) {
> + *p = 42;
> + return *q;
> +}
> +
> +/* Since ALL functions have no_sanitize_address (either directly or copied),
> + there should be NO ASAN instrumentation calls in the entire file.
> +*/
> +/* { dg-final { scan-assembler-not "__asan_report_store" } } */
> +/* { dg-final { scan-assembler-not "__asan_report_load" } } */
> diff --git a/gcc/testsuite/gcc.dg/pr113264.c
> b/gcc/testsuite/gcc.dg/pr113264.c new file mode 100644 index
> 000000000000..2a49965e26fd
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/pr113264.c
> @@ -0,0 +1,107 @@
> +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> + Test that the copy attribute correctly handles sanitizer attributes
> + which store their arguments as INTEGER_CST values rather than TREE_LIST.
> + { dg-do compile }
> + { dg-options "-O2" } */
> +
> +/* Test copying no_sanitize_address attribute. */
> +__attribute__((no_sanitize_address)) void f1 (void);
> +__typeof(f1) f1_copy __attribute__((__copy__(f1)));
> +
> +/* Test copying no_sanitize_thread attribute. */
> +__attribute__((no_sanitize_thread)) void f2 (void);
> +__typeof(f2) f2_copy __attribute__((__copy__(f2)));
> +
> +/* Test copying no_sanitize_undefined attribute. */
> +__attribute__((no_sanitize_undefined)) void f3 (void);
> +__typeof(f3) f3_copy __attribute__((__copy__(f3)));
> +
> +/* Test copying no_sanitize_coverage attribute. */
> +__attribute__((no_sanitize_coverage)) void f4 (void);
> +__typeof(f4) f4_copy __attribute__((__copy__(f4)));
> +
> +/* Test copying no_sanitize attribute with string arguments. */
> +__attribute__((no_sanitize("address"))) void f5 (void);
> +__typeof(f5) f5_copy __attribute__((__copy__(f5)));
> +
> +__attribute__((no_sanitize("thread"))) void f6 (void);
> +__typeof(f6) f6_copy __attribute__((__copy__(f6)));
> +
> +__attribute__((no_sanitize("undefined"))) void f7 (void);
> +__typeof(f7) f7_copy __attribute__((__copy__(f7)));
> +
> +/* Test copying multiple sanitizer flags. */
> +__attribute__((no_sanitize("address", "thread"))) void f8 (void);
> +__typeof(f8) f8_copy __attribute__((__copy__(f8)));
> +
> +/* Test the original bug report case. This may trigger a warning
> + about conflicting with a built-in function name. */
> +__attribute__((no_sanitize_address)) void h (void);
> +__typeof(h) tanhf64 __attribute__((__copy__(h)));
> +/* { dg-warning "conflicting types for built-in function" "" { target
> +*-*-* } .-1 } */
> +
> +/* Test copying from a function pointer variable - this should
> +trigger a warning. */
> +__attribute__((no_sanitize_address)) void f9 (void); void
> +(*f9_ptr)(void) = f9; /* { dg-message "symbol 'f9_ptr' referenced" }
> +*/
> +__typeof(f9) f9_ptr_copy __attribute__((__copy__(*f9_ptr))); /* {
> +dg-warning "'copy' attribute ignored" } */
> +
> +/* Test with actual function definitions to ensure attributes are
> +properly applied. */
> +__attribute__((no_sanitize_address))
> +void actual_func (int *p)
> +{
> + *p = 100;
> +}
> +
> +__typeof(actual_func) actual_func_copy
> +__attribute__((__copy__(actual_func)));
> +
> +void actual_func_copy (int *p)
> +{
> + *p = 200;
> +}
> +
> +/* Test copying sanitizer attributes along with other attributes. */
> +__attribute__((no_sanitize_address, noinline, cold)) void multi_attr
> +(void);
> +
> +__typeof(multi_attr) multi_attr_copy
> +__attribute__((__copy__(multi_attr)));
> +
> +/* Verify that the copy attribute works with function declarations that
> + have sanitizer attributes applied via separate declarations. */
> +void separate_decl (void);
> +__attribute__((no_sanitize_address)) void separate_decl (void);
> +__typeof(separate_decl) separate_decl_copy
> +__attribute__((__copy__(separate_decl)));
> +
> +/* Test combining copy attribute with additional no_sanitize attributes.
> + The copied function should have both the original no_sanitize_address
> + and the new no_sanitize flags. */
> +__attribute__((no_sanitize_address))
> +int combined_original (int *p, int *q) {
> + *p = 42;
> + return *q;
> +}
> +
> +/* Copy the no_sanitize_address attribute and add no_sanitize for
> +alignment. */
> +__typeof(combined_original) combined_copy1
> +__attribute__((__copy__(combined_original),
> +no_sanitize("alignment")));
> +
> +/* Test with multiple no_sanitize attributes on original. */
> +__attribute__((no_sanitize("address", "undefined"))) int
> +combined_original2 (int *p, int *q) {
> + *p = 44;
> + return *q;
> +}
> +
> +/* Copy existing sanitizer attributes and add more. */
> +__typeof(combined_original2) combined_copy2
> +__attribute__((__copy__(combined_original2),
> +no_sanitize("alignment")));
> +
> +/* Test with no_sanitize_undefined on original. */
> +__attribute__((no_sanitize_undefined))
> +int combined_original3 (int *p, int *q) {
> + *p = 46;
> + return *q;
> +}
> +
> +/* Copy and add no_sanitize_address - combining different sanitizer
> +attributes. */
> +__typeof(combined_original3) combined_copy3
> +__attribute__((__copy__(combined_original3), no_sanitize_address));
> diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
> index 1e3a94ed9493..e629601579ef 100644
> --- a/gcc/c-family/c-attribs.cc
> +++ b/gcc/c-family/c-attribs.cc
> @@ -1425,20 +1425,27 @@ add_no_sanitize_value (tree node, sanitize_code_type flags)
> tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (node));
> if (attr)
> {
> - sanitize_code_type old_value =
> - tree_to_sanitize_code_type (TREE_VALUE (attr));
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (attr);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type old_value = tree_to_sanitize_code_type
> + (TREE_VALUE (attr_args));
> +
> flags |= old_value;
>
> if (flags == old_value)
> return;
>
> - TREE_VALUE (attr) = build_int_cst (uint64_type_node, flags);
> + tree new_value = build_tree_list (NULL_TREE,
> + build_int_cst (uint64_type_node, flags));
> + TREE_VALUE (attr) = new_value;
> }
> else
> - DECL_ATTRIBUTES (node)
> - = tree_cons (get_identifier ("no_sanitize"),
> - build_int_cst (uint64_type_node, flags),
> - DECL_ATTRIBUTES (node));
> + {
> + tree attr_value = build_tree_list (NULL_TREE,
> + build_int_cst (uint64_type_node, flags));
> + DECL_ATTRIBUTES (node) = tree_cons (get_identifier ("no_sanitize"), attr_value,
> + DECL_ATTRIBUTES (node));
> + }
> }
>
> /* Handle a "no_sanitize" attribute; arguments as in @@ -1456,17
> +1463,29 @@ handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> return NULL_TREE;
> }
>
> - for (; args; args = TREE_CHAIN (args))
> + /* Handle both original string arguments and copied attributes that
> + have already been processed into INTEGER_CST wrapped in
> + TREE_LIST. */ if (args && TREE_CODE (args) == TREE_LIST
> + && TREE_VALUE (args) && TREE_CODE (TREE_VALUE (args)) ==
> + INTEGER_CST)
> {
> - tree id = TREE_VALUE (args);
> - if (TREE_CODE (id) != STRING_CST)
> + /* This is a copied attribute with the flags already processed. */
> + flags = tree_to_sanitize_code_type (TREE_VALUE (args));
> + }
> + else
> + {
> + /* Process original string arguments. */
> + for (; args; args = TREE_CHAIN (args))
> {
> - error ("%qE argument not a string", name);
> - return NULL_TREE;
> - }
> + tree id = TREE_VALUE (args);
> + if (TREE_CODE (id) != STRING_CST)
> + {
> + error ("%qE argument not a string", name);
> + return NULL_TREE;
> + }
>
> - char *string = ASTRDUP (TREE_STRING_POINTER (id));
> - flags |= parse_no_sanitize_attribute (string);
> + char *string = ASTRDUP (TREE_STRING_POINTER (id));
> + flags |= parse_no_sanitize_attribute (string);
> + }
> }
>
> add_no_sanitize_value (*node, flags); diff --git
> a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc index
> 53aea5e2e904..342702b05acb 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -1424,17 +1424,26 @@ d_handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> merge existing flags if no_sanitize was previously handled. */
> if (tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (*node)))
> {
> - sanitize_code_type old_value =
> - tree_to_sanitize_code_type (TREE_VALUE (attr));
> + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> + tree attr_args = TREE_VALUE (attr);
> + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> + sanitize_code_type old_value = tree_to_sanitize_code_type
> + (TREE_VALUE (attr_args));
> +
> flags |= old_value;
>
> if (flags != old_value)
> - TREE_VALUE (attr) = build_int_cst (d_ulong_type, flags);
> + {
> + tree new_value = build_tree_list (NULL_TREE,
> + build_int_cst (d_ulong_type, flags));
> + TREE_VALUE (attr) = new_value;
> + }
> }
> else
> {
> + tree attr_value = build_tree_list (NULL_TREE,
> + build_int_cst (d_ulong_type,
> + flags));
> DECL_ATTRIBUTES (*node) = tree_cons (get_identifier ("no_sanitize"),
> - build_int_cst (d_ulong_type, flags),
> + attr_value,
> DECL_ATTRIBUTES (*node));
> }
>
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264]
2026-02-09 8:28 ` Andrew Pinski
2026-02-09 11:47 ` 答复: " hanwei (K)
@ 2026-02-10 2:34 ` Andrew Pinski
1 sibling, 0 replies; 6+ messages in thread
From: Andrew Pinski @ 2026-02-10 2:34 UTC (permalink / raw)
To: Kees Cook
Cc: Indu Bhagat, Claudiu Zissulescu, Qing Zhao, gcc-patches,
linux-hardening
On Mon, Feb 9, 2026 at 12:28 AM Andrew Pinski
<andrew.pinski@oss.qualcomm.com> wrote:
>
> On Thu, Sep 4, 2025 at 10:43 AM Kees Cook <kees@kernel.org> wrote:
> >
> > The __attribute__((__copy__)) functionality was crashing when copying
> > sanitizer-related attributes because these attributes violated the standard
> > GCC attribute infrastructure by storing INTEGER_CST values directly instead
> > of wrapping them in TREE_LIST like all other attributes.
> >
> > Wrap sanitizer attributes INTEGER_CST values in TREE_LIST structures
> > to follow the same pattern as other attributes. This eliminates the
> > copy_list() crashes when copying sanitizer attributes:
> >
> > test.c:4:1: internal compiler error: tree check: expected tree that contains ‘common’ structure, have ‘integer_cst’ in copy_list, at tree.cc:1427
> > 4 | __attribute__((__copy__(__tanh)));
> > | ^~~~~~~~~~~~~
> > 0x859d06 tree_contains_struct_check_failed(tree_node const*, tree_node_structure_enum, char const*, int, char const*)
> > ../../gcc/gcc/tree.cc:9126
> > 0x860f78 contains_struct_check(tree_node*, tree_node_structure_enum, char const*, int, char const*)
> > ../../gcc/gcc/tree.h:3748
> > 0x860f78 copy_list(tree_node*)
> > ../../gcc/gcc/tree.cc:1427
> > 0xa755a5 handle_copy_attribute
> > ../../gcc/gcc/c-family/c-attribs.cc:3077
>
>
> I am not a fan of the wrapping because it increases the memory usage
> slightly but it is required since the rest of the attributes code
> requires TREE_LIST here.
>
> So Ok. I will do final testing either Monday or Tuesday and push it after that.
So this causes some ICEs in the testsuite:
FAIL: c-c++-common/asan/inline-kernel.c -O0 (internal compiler
error: in tree_to_sanitize_code_type, at tree.cc:6704)
0xa4376b fancy_abort(char const*, int, char const*)
/home/apinski/src/upstream-gcc-new/gcc/gcc/diagnostics/context.cc:1812
0x92f581 tree_to_sanitize_code_type(tree_node const*)
/home/apinski/src/upstream-gcc-new/gcc/gcc/tree.cc:6704
0x92f581 tree_to_sanitize_code_type(tree_node const*)
/home/apinski/src/upstream-gcc-new/gcc/gcc/tree.cc:6702
0x128bea2 print_no_sanitize_attr_value
/home/apinski/src/upstream-gcc-new/gcc/gcc/tree-cfg.cc:8223
0x128bea2 dump_function_to_file(tree_node*, _IO_FILE*, dump_flag)
/home/apinski/src/upstream-gcc-new/gcc/gcc/tree-cfg.cc:8276
Looks like you forgot to update dump_function_to_file too.
Can you double check all of the locations that use
tree_to_sanitize_code_type to make sure they all have been fixed?
Thanks,
Andrew
>
> Thanks,
> Andrew
>
> >
> > gcc/c-family/ChangeLog:
> >
> > PR c/113264
> > * c-attribs.cc (add_no_sanitize_value): Store INTEGER_CST values
> > wrapped in TREE_LIST following standard attribute conventions.
> > (handle_no_sanitize_attribute): Handle both original string
> > arguments and copied INTEGER_CST values from TREE_LIST format.
> >
> > gcc/ChangeLog:
> >
> > PR c/113264
> > * asan.h (sanitize_flags_p): Extract sanitizer flags from
> > TREE_LIST wrapper instead of directly from INTEGER_CST.
> >
> > gcc/d/ChangeLog:
> >
> > PR c/113264
> > * d-attribs.cc (d_handle_no_sanitize_attribute): Store INTEGER_CST
> > values wrapped in TREE_LIST following standard conventions.
> >
> > gcc/testsuite/ChangeLog:
> >
> > PR c/113264
> > * gcc.dg/pr113264.c: New test.
> > * gcc.dg/pr113264-asan-no-instrumentation.c: New test validating
> > that copied sanitizer attributes prevent ASAN instrumentation.
> >
> > Signed-off-by: Kees Cook <kees@kernel.org>
> > ---
> > Cc: Indu Bhagat <indu.bhagat@oracle.com>
> > Cc: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
> > Cc: Qing Zhao <qing.zhao@oracle.com>
> > Cc: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
> > ---
> > gcc/asan.h | 8 +-
> > .../gcc.dg/pr113264-asan-no-instrumentation.c | 60 ++++++++++
> > gcc/testsuite/gcc.dg/pr113264.c | 107 ++++++++++++++++++
> > gcc/c-family/c-attribs.cc | 49 +++++---
> > gcc/d/d-attribs.cc | 17 ++-
> > 5 files changed, 221 insertions(+), 20 deletions(-)
> > create mode 100644 gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> > create mode 100644 gcc/testsuite/gcc.dg/pr113264.c
> >
> > diff --git a/gcc/asan.h b/gcc/asan.h
> > index a24562f67a29..f5dc3d7ceb8d 100644
> > --- a/gcc/asan.h
> > +++ b/gcc/asan.h
> > @@ -253,7 +253,13 @@ sanitize_flags_p (sanitize_code_type flag,
> > {
> > tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
> > if (value)
> > - result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
> > + {
> > + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> > + tree attr_args = TREE_VALUE (value);
> > + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> > + sanitize_code_type no_sanitize_flags = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> > + result_flags &= ~no_sanitize_flags;
> > + }
> > }
> >
> > return result_flags;
> > diff --git a/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> > new file mode 100644
> > index 000000000000..812c67c33086
> > --- /dev/null
> > +++ b/gcc/testsuite/gcc.dg/pr113264-asan-no-instrumentation.c
> > @@ -0,0 +1,60 @@
> > +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> > + Test that copied no_sanitize_address attributes prevent ALL ASAN instrumentation.
> > + This file should have NO ASAN calls since all functions have the attribute.
> > + { dg-do compile }
> > + { dg-options "-fsanitize=address" }
> > + { dg-skip-if "no address sanitizer" { no_fsanitize_address } } */
> > +
> > +/* Original function with no_sanitize_address */
> > +__attribute__((no_sanitize_address))
> > +int original (int *p, int *q)
> > +{
> > + *p = 42;
> > + return *q;
> > +}
> > +
> > +/* Copy the attribute - should also have no_sanitize_address */
> > +__typeof(original) copy1 __attribute__((__copy__(original)));
> > +int copy1 (int *p, int *q)
> > +{
> > + *p = 43;
> > + return *q;
> > +}
> > +
> > +/* Another copy - should also have no_sanitize_address */
> > +__typeof(original) copy2 __attribute__((__copy__(original)));
> > +int copy2 (int *p, int *q)
> > +{
> > + *p = 44;
> > + return *q;
> > +}
> > +
> > +/* Copy from a copy - should still have no_sanitize_address */
> > +__typeof(copy1) copy_of_copy __attribute__((__copy__(copy1)));
> > +int copy_of_copy (int *p, int *q)
> > +{
> > + *p = 45;
> > + return *q;
> > +}
> > +
> > +int separate_decl (void);
> > +__attribute__((noinline)) int separate_decl (void);
> > +
> > +__attribute__((__copy__(separate_decl), no_sanitize_address))
> > +int copy_and_annotated_alias (int *p, int *q)
> > +{
> > + *p = 42;
> > + return *q;
> > +}
> > +
> > +__attribute__((__copy__(separate_decl), no_sanitize("address")))
> > +int copy_and_annotated_string (int *p, int *q)
> > +{
> > + *p = 42;
> > + return *q;
> > +}
> > +
> > +/* Since ALL functions have no_sanitize_address (either directly or copied),
> > + there should be NO ASAN instrumentation calls in the entire file. */
> > +/* { dg-final { scan-assembler-not "__asan_report_store" } } */
> > +/* { dg-final { scan-assembler-not "__asan_report_load" } } */
> > diff --git a/gcc/testsuite/gcc.dg/pr113264.c b/gcc/testsuite/gcc.dg/pr113264.c
> > new file mode 100644
> > index 000000000000..2a49965e26fd
> > --- /dev/null
> > +++ b/gcc/testsuite/gcc.dg/pr113264.c
> > @@ -0,0 +1,107 @@
> > +/* PR c/113264 - __attribute__((copy)) crashes with sanitizer attributes
> > + Test that the copy attribute correctly handles sanitizer attributes
> > + which store their arguments as INTEGER_CST values rather than TREE_LIST.
> > + { dg-do compile }
> > + { dg-options "-O2" } */
> > +
> > +/* Test copying no_sanitize_address attribute. */
> > +__attribute__((no_sanitize_address)) void f1 (void);
> > +__typeof(f1) f1_copy __attribute__((__copy__(f1)));
> > +
> > +/* Test copying no_sanitize_thread attribute. */
> > +__attribute__((no_sanitize_thread)) void f2 (void);
> > +__typeof(f2) f2_copy __attribute__((__copy__(f2)));
> > +
> > +/* Test copying no_sanitize_undefined attribute. */
> > +__attribute__((no_sanitize_undefined)) void f3 (void);
> > +__typeof(f3) f3_copy __attribute__((__copy__(f3)));
> > +
> > +/* Test copying no_sanitize_coverage attribute. */
> > +__attribute__((no_sanitize_coverage)) void f4 (void);
> > +__typeof(f4) f4_copy __attribute__((__copy__(f4)));
> > +
> > +/* Test copying no_sanitize attribute with string arguments. */
> > +__attribute__((no_sanitize("address"))) void f5 (void);
> > +__typeof(f5) f5_copy __attribute__((__copy__(f5)));
> > +
> > +__attribute__((no_sanitize("thread"))) void f6 (void);
> > +__typeof(f6) f6_copy __attribute__((__copy__(f6)));
> > +
> > +__attribute__((no_sanitize("undefined"))) void f7 (void);
> > +__typeof(f7) f7_copy __attribute__((__copy__(f7)));
> > +
> > +/* Test copying multiple sanitizer flags. */
> > +__attribute__((no_sanitize("address", "thread"))) void f8 (void);
> > +__typeof(f8) f8_copy __attribute__((__copy__(f8)));
> > +
> > +/* Test the original bug report case. This may trigger a warning
> > + about conflicting with a built-in function name. */
> > +__attribute__((no_sanitize_address)) void h (void);
> > +__typeof(h) tanhf64 __attribute__((__copy__(h)));
> > +/* { dg-warning "conflicting types for built-in function" "" { target *-*-* } .-1 } */
> > +
> > +/* Test copying from a function pointer variable - this should trigger a warning. */
> > +__attribute__((no_sanitize_address)) void f9 (void);
> > +void (*f9_ptr)(void) = f9; /* { dg-message "symbol 'f9_ptr' referenced" } */
> > +__typeof(f9) f9_ptr_copy __attribute__((__copy__(*f9_ptr))); /* { dg-warning "'copy' attribute ignored" } */
> > +
> > +/* Test with actual function definitions to ensure attributes are properly applied. */
> > +__attribute__((no_sanitize_address))
> > +void actual_func (int *p)
> > +{
> > + *p = 100;
> > +}
> > +
> > +__typeof(actual_func) actual_func_copy __attribute__((__copy__(actual_func)));
> > +
> > +void actual_func_copy (int *p)
> > +{
> > + *p = 200;
> > +}
> > +
> > +/* Test copying sanitizer attributes along with other attributes. */
> > +__attribute__((no_sanitize_address, noinline, cold))
> > +void multi_attr (void);
> > +
> > +__typeof(multi_attr) multi_attr_copy __attribute__((__copy__(multi_attr)));
> > +
> > +/* Verify that the copy attribute works with function declarations that
> > + have sanitizer attributes applied via separate declarations. */
> > +void separate_decl (void);
> > +__attribute__((no_sanitize_address)) void separate_decl (void);
> > +__typeof(separate_decl) separate_decl_copy __attribute__((__copy__(separate_decl)));
> > +
> > +/* Test combining copy attribute with additional no_sanitize attributes.
> > + The copied function should have both the original no_sanitize_address
> > + and the new no_sanitize flags. */
> > +__attribute__((no_sanitize_address))
> > +int combined_original (int *p, int *q)
> > +{
> > + *p = 42;
> > + return *q;
> > +}
> > +
> > +/* Copy the no_sanitize_address attribute and add no_sanitize for alignment. */
> > +__typeof(combined_original) combined_copy1 __attribute__((__copy__(combined_original), no_sanitize("alignment")));
> > +
> > +/* Test with multiple no_sanitize attributes on original. */
> > +__attribute__((no_sanitize("address", "undefined")))
> > +int combined_original2 (int *p, int *q)
> > +{
> > + *p = 44;
> > + return *q;
> > +}
> > +
> > +/* Copy existing sanitizer attributes and add more. */
> > +__typeof(combined_original2) combined_copy2 __attribute__((__copy__(combined_original2), no_sanitize("alignment")));
> > +
> > +/* Test with no_sanitize_undefined on original. */
> > +__attribute__((no_sanitize_undefined))
> > +int combined_original3 (int *p, int *q)
> > +{
> > + *p = 46;
> > + return *q;
> > +}
> > +
> > +/* Copy and add no_sanitize_address - combining different sanitizer attributes. */
> > +__typeof(combined_original3) combined_copy3 __attribute__((__copy__(combined_original3), no_sanitize_address));
> > diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
> > index 1e3a94ed9493..e629601579ef 100644
> > --- a/gcc/c-family/c-attribs.cc
> > +++ b/gcc/c-family/c-attribs.cc
> > @@ -1425,20 +1425,27 @@ add_no_sanitize_value (tree node, sanitize_code_type flags)
> > tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (node));
> > if (attr)
> > {
> > - sanitize_code_type old_value =
> > - tree_to_sanitize_code_type (TREE_VALUE (attr));
> > + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> > + tree attr_args = TREE_VALUE (attr);
> > + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> > + sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> > +
> > flags |= old_value;
> >
> > if (flags == old_value)
> > return;
> >
> > - TREE_VALUE (attr) = build_int_cst (uint64_type_node, flags);
> > + tree new_value = build_tree_list (NULL_TREE,
> > + build_int_cst (uint64_type_node, flags));
> > + TREE_VALUE (attr) = new_value;
> > }
> > else
> > - DECL_ATTRIBUTES (node)
> > - = tree_cons (get_identifier ("no_sanitize"),
> > - build_int_cst (uint64_type_node, flags),
> > - DECL_ATTRIBUTES (node));
> > + {
> > + tree attr_value = build_tree_list (NULL_TREE,
> > + build_int_cst (uint64_type_node, flags));
> > + DECL_ATTRIBUTES (node) = tree_cons (get_identifier ("no_sanitize"), attr_value,
> > + DECL_ATTRIBUTES (node));
> > + }
> > }
> >
> > /* Handle a "no_sanitize" attribute; arguments as in
> > @@ -1456,17 +1463,29 @@ handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> > return NULL_TREE;
> > }
> >
> > - for (; args; args = TREE_CHAIN (args))
> > + /* Handle both original string arguments and copied attributes that
> > + have already been processed into INTEGER_CST wrapped in TREE_LIST. */
> > + if (args && TREE_CODE (args) == TREE_LIST
> > + && TREE_VALUE (args) && TREE_CODE (TREE_VALUE (args)) == INTEGER_CST)
> > {
> > - tree id = TREE_VALUE (args);
> > - if (TREE_CODE (id) != STRING_CST)
> > + /* This is a copied attribute with the flags already processed. */
> > + flags = tree_to_sanitize_code_type (TREE_VALUE (args));
> > + }
> > + else
> > + {
> > + /* Process original string arguments. */
> > + for (; args; args = TREE_CHAIN (args))
> > {
> > - error ("%qE argument not a string", name);
> > - return NULL_TREE;
> > - }
> > + tree id = TREE_VALUE (args);
> > + if (TREE_CODE (id) != STRING_CST)
> > + {
> > + error ("%qE argument not a string", name);
> > + return NULL_TREE;
> > + }
> >
> > - char *string = ASTRDUP (TREE_STRING_POINTER (id));
> > - flags |= parse_no_sanitize_attribute (string);
> > + char *string = ASTRDUP (TREE_STRING_POINTER (id));
> > + flags |= parse_no_sanitize_attribute (string);
> > + }
> > }
> >
> > add_no_sanitize_value (*node, flags);
> > diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> > index 53aea5e2e904..342702b05acb 100644
> > --- a/gcc/d/d-attribs.cc
> > +++ b/gcc/d/d-attribs.cc
> > @@ -1424,17 +1424,26 @@ d_handle_no_sanitize_attribute (tree *node, tree name, tree args, int,
> > merge existing flags if no_sanitize was previously handled. */
> > if (tree attr = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (*node)))
> > {
> > - sanitize_code_type old_value =
> > - tree_to_sanitize_code_type (TREE_VALUE (attr));
> > + /* Extract the INTEGER_CST from the TREE_LIST wrapper. */
> > + tree attr_args = TREE_VALUE (attr);
> > + gcc_assert (attr_args && TREE_CODE (attr_args) == TREE_LIST);
> > + sanitize_code_type old_value = tree_to_sanitize_code_type (TREE_VALUE (attr_args));
> > +
> > flags |= old_value;
> >
> > if (flags != old_value)
> > - TREE_VALUE (attr) = build_int_cst (d_ulong_type, flags);
> > + {
> > + tree new_value = build_tree_list (NULL_TREE,
> > + build_int_cst (d_ulong_type, flags));
> > + TREE_VALUE (attr) = new_value;
> > + }
> > }
> > else
> > {
> > + tree attr_value = build_tree_list (NULL_TREE,
> > + build_int_cst (d_ulong_type, flags));
> > DECL_ATTRIBUTES (*node) = tree_cons (get_identifier ("no_sanitize"),
> > - build_int_cst (d_ulong_type, flags),
> > + attr_value,
> > DECL_ATTRIBUTES (*node));
> > }
> >
> > --
> > 2.34.1
> >
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-02-10 2:35 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-04 17:43 [PATCH v4] Fix sanitizer attribute infrastructure to use standard TREE_LIST format [PR113264] Kees Cook
2026-02-06 8:05 ` Andrew Pinski
2026-02-06 18:16 ` Kees Cook
2026-02-09 8:28 ` Andrew Pinski
2026-02-09 11:47 ` 答复: " hanwei (K)
2026-02-10 2:34 ` Andrew Pinski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox