[PATCH] D48664: [HWASan] Do not retag allocas before return from the function.
Aleksey Shlyapnikov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Jun 27 11:13:22 PDT 2018
alekseyshl created this revision.
alekseyshl added a reviewer: eugenis.
Herald added a subscriber: srhines.
Retagging allocas before returning from the function might help
detecting use after return bugs, but it does not work at all in real
life, when instrumented and non-instrumented code is intermixed.
Consider the following code:
F_non_instrumented() {
T x;
F1_instrumented(&x);
...
}
{
F_instrumented();
F_non_instrumented();
}
- F_instrumented call leaves the stack below the current sp tagged randomly for UAR detection
- F_non_instrumented allocates its own vars on that tagged stack, not generating any tags, that is the address of x has tag 0, but the shadow memory still contains tags left behind by F_instrumented on the previous step
- F1_instrumented verifies &x before using it and traps on tag mismatch, 0 vs whatever tag was set by F_instrumented
Repository:
rL LLVM
https://reviews.llvm.org/D48664
Files:
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
test/Instrumentation/HWAddressSanitizer/alloca-with-calls.ll
test/Instrumentation/HWAddressSanitizer/alloca.ll
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D48664.153133.patch
Type: text/x-patch
Size: 4757 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180627/60f1d130/attachment.bin>
More information about the llvm-commits
mailing list