PR c/38483

* builtins.c (gimplify_va_arg_expr): Evaluate the va_list expression before any __builtin_trap call. * c-typeck.c (build_function_call): Convert and check function arguments before generating a call to a trap. Evaluate the function arguments before the trap. testsuite: * gcc.c-torture/execute/call-trap-1.c, gcc.c-torture/execute/va-arg-trap-1.c, gcc.dg/call-diag-1.c: New tests. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@144296 138bc75d-0d04-0410-961f-82ee72b054a4
author: jsm28 <jsm28@138bc75d-0d04-0410-961f-82ee72b054a4> 2009-02-19 13:56:00 +0000
committer: jsm28 <jsm28@138bc75d-0d04-0410-961f-82ee72b054a4> 2009-02-19 13:56:00 +0000
commit: ad0e7a06b41765300dd7b733156b28006dc6d6f5 (patch)
tree: 4cadcaa3b993c651af0668a488634c85a19a1b6e
parent: a7a2dd08dfd5511e4dee5472956dd1893c356a94 (diff)
download: gcc-ad0e7a06b41765300dd7b733156b28006dc6d6f5.tar.gz
7 files changed, 105 insertions, 10 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 8ca48493c4d..da214e8deea 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,12 @@
+2009-02-19  Joseph Myers  <joseph@codesourcery.com>
+
+	PR c/38483
+	* builtins.c (gimplify_va_arg_expr): Evaluate the va_list
+	expression before any __builtin_trap call.
+	* c-typeck.c (build_function_call): Convert and check function
+	arguments before generating a call to a trap.  Evaluate the
+	function arguments before the trap.
+
 2009-02-19  Uros Bizjak  <ubizjak@gmail.com>
 
 	PR target/39228
diff --git a/gcc/builtins.c b/gcc/builtins.c
index 57cce08abe5..55639cde728 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -4999,6 +4999,9 @@ gimplify_va_arg_expr (tree *expr_p, gimple_seq *pre_p, gimple_seq *post_p)
 	 Call abort to encourage the user to fix the program.  */
       if (warned)
 	inform (input_location, "if this code is reached, the program will abort");
+      /* Before the abort, allow the evaluation of the va_list
+	 expression to exit or longjmp.  */
+      gimplify_and_add (valist, pre_p);
       t = build_call_expr (implicit_built_in_decls[BUILT_IN_TRAP], 0);
       gimplify_and_add (t, pre_p);
 
diff --git a/gcc/c-typeck.c b/gcc/c-typeck.c
index 9ce60cdc9ca..f1d83f3c20c 100644
--- a/gcc/c-typeck.c
+++ b/gcc/c-typeck.c
@@ -2417,6 +2417,16 @@ build_function_call (tree function, tree params)
   /* fntype now gets the type of function pointed to.  */
   fntype = TREE_TYPE (fntype);
 
+  /* Convert the parameters to the types declared in the
+     function prototype, or apply default promotions.  */
+
+  nargs = list_length (params);
+  argarray = (tree *) alloca (nargs * sizeof (tree));
+  nargs = convert_arguments (nargs, argarray, TYPE_ARG_TYPES (fntype), 
+			     params, function, fundecl);
+  if (nargs < 0)
+    return error_mark_node;
+
   /* Check that the function is called through a compatible prototype.
      If it is not, replace the call by a trap, wrapped up in a compound
      expression if necessary.  This has the nice side-effect to prevent
@@ -2430,6 +2440,7 @@ build_function_call (tree function, tree params)
       tree return_type = TREE_TYPE (fntype);
       tree trap = build_function_call (built_in_decls[BUILT_IN_TRAP],
 				       NULL_TREE);
+      int i;
 
       /* This situation leads to run-time undefined behavior.  We can't,
 	 therefore, simply error unless we can prove that all possible
@@ -2438,6 +2449,10 @@ build_function_call (tree function, tree params)
 	/* We can, however, treat "undefined" any way we please.
 	   Call abort to encourage the user to fix the program.  */
 	inform (input_location, "if this code is reached, the program will abort");
+      /* Before the abort, allow the function arguments to exit or
+	 call longjmp.  */
+      for (i = 0; i < nargs; i++)
+	trap = build2 (COMPOUND_EXPR, void_type_node, argarray[i], trap);
 
       if (VOID_TYPE_P (return_type))
 	return trap;
@@ -2455,16 +2470,6 @@ build_function_call (tree function, tree params)
 	}
     }
 
-  /* Convert the parameters to the types declared in the
-     function prototype, or apply default promotions.  */
-
-  nargs = list_length (params);
-  argarray = (tree *) alloca (nargs * sizeof (tree));
-  nargs = convert_arguments (nargs, argarray, TYPE_ARG_TYPES (fntype), 
-			     params, function, fundecl);
-  if (nargs < 0)
-    return error_mark_node;
-
   /* Check that arguments to builtin functions match the expectations.  */
   if (fundecl
       && DECL_BUILT_IN (fundecl)
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index a01fa1fd018..2a4bad1693e 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,10 @@
+2009-02-19  Joseph Myers  <joseph@codesourcery.com>
+
+	PR c/38483
+	* gcc.c-torture/execute/call-trap-1.c,
+	gcc.c-torture/execute/va-arg-trap-1.c, gcc.dg/call-diag-1.c: New
+	tests.
+
 2009-02-19  Uros Bizjak  <ubizjak@gmail.com>
 
 	PR target/39228
diff --git a/gcc/testsuite/gcc.c-torture/execute/call-trap-1.c b/gcc/testsuite/gcc.c-torture/execute/call-trap-1.c
new file mode 100644
index 00000000000..aa226e745d6
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/execute/call-trap-1.c
@@ -0,0 +1,26 @@
+/* Undefined behavior from a call to a function cast to a different
+   type does not appear until after the function designator and
+   arguments have been evaluated.  PR 38483.  */
+/* Origin: Joseph Myers <joseph@codesourcery.com> */
+
+extern void exit (int);
+extern void abort (void);
+
+int
+foo (void)
+{
+  exit (0);
+  return 0;
+}
+
+void
+bar (void)
+{
+}
+
+int
+main (void)
+{
+  ((long (*)(int))bar) (foo ());
+  abort ();
+}
diff --git a/gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c b/gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c
new file mode 100644
index 00000000000..1e1dae8e8aa
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c
@@ -0,0 +1,36 @@
+/* Undefined behavior from a call to va_arg with a type other than
+   that of the argument passed (in particular, with a type such as
+   "float" that can never be the type of an argument passed through
+   "...") does not appear until after the va_list expression is
+   evaluated.  PR 38483.  */
+/* Origin: Joseph Myers <joseph@codesourcery.com> */
+
+#include <stdarg.h>
+
+extern void exit (int);
+extern void abort (void);
+
+va_list ap;
+float f;
+
+va_list *
+foo (void)
+{
+  exit (0);
+  return &ap;
+}
+
+void
+bar (int i, ...)
+{
+  va_start (ap, i);
+  f = va_arg (*foo (), float);
+  va_end (ap);
+}
+
+int
+main (void)
+{
+  bar (1, 0);
+  abort ();
+}
diff --git a/gcc/testsuite/gcc.dg/call-diag-1.c b/gcc/testsuite/gcc.dg/call-diag-1.c
new file mode 100644
index 00000000000..884baa0d437
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/call-diag-1.c
@@ -0,0 +1,9 @@
+/* The warning for calling through a non-compatible type must not
+   disable the normal diagnostics from comparing the argument list
+   against the type of the called expression.  */
+/* Origin: Joseph Myers <joseph@codesourcery.com> */
+/* { dg-do compile } */
+/* { dg-options "" } */
+
+void foo (void);
+void bar (void) { ((long (*)(int))foo) (); } /* { dg-error "too few arguments to function" } */
author	jsm28 <jsm28@138bc75d-0d04-0410-961f-82ee72b054a4>	2009-02-19 13:56:00 +0000
committer	jsm28 <jsm28@138bc75d-0d04-0410-961f-82ee72b054a4>	2009-02-19 13:56:00 +0000
commit	ad0e7a06b41765300dd7b733156b28006dc6d6f5 (patch)
tree	4cadcaa3b993c651af0668a488634c85a19a1b6e
parent	a7a2dd08dfd5511e4dee5472956dd1893c356a94 (diff)
download	gcc-ad0e7a06b41765300dd7b733156b28006dc6d6f5.tar.gz