<html>

    <head>

      <base href="http://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - asan should not instrument loads generated by ubsan"

   href="http://llvm.org/bugs/show_bug.cgi?id=20085">20085</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>asan should not instrument loads generated by ubsan

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>samsonov@google.com

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>kcc@google.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>glider@google.com, llvmbugs@cs.uiuc.edu, nlewycky@google.com, richard-llvm@metafoo.co.uk

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>% cat vptr.cc 

struct A {  virtual void f(); };

void Bar(A *a) { a->f(); }

% clang -S -O -fsanitize=vptr -o -  vptr.cc| grep

'call.*\(__ubsan\|__asan_report\)'

        callq   __ubsan_handle_dynamic_type_cache_miss

% clang -S -O -fsanitize=address -o -  vptr.cc| grep

'call.*\(__ubsan\|__asan_report\)'

        callq   __asan_report_load8

        callq   __asan_report_load8

% clang -S -O -fsanitize=address,vptr -o -  vptr.cc| grep

'call.*\(__ubsan\|__asan_report\)'

        callq   __asan_report_load8

        callq   __asan_report_load8

        callq   __asan_report_load8

        callq   __ubsan_handle_dynamic_type_cache_miss

% 

As you can see, asan instruments one load generated by ubsan.

This is redundant. 

One way to avoid this extra instrumentation is to attach some kind of metadata

to the load and honor it in asan instrumentation pass.

We do something similar in tsan to treat vptr loads in a special way: 

clang -S -O -fsanitize=thread -emit-llvm  -o -  vptr.cc

  %vtable = load void (%struct.A*)*** %0, !tbaa !1

!1 = metadata !{metadata !2, metadata !2, i64 0}

!2 = metadata !{metadata !"vtable pointer", metadata !3, i64 0}</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>