[LLVMdev] Disabling special treatment of "malloc" function

Chris Smowton chris at smowton.net
Sun Sep 8 07:36:46 PDT 2013


I'm using uclibc built with dragonegg-3.2 / gcc-4.6, and ran into a 
problem in which:

* uclibc's realloc malloc()'s some memory
* realloc then uses (malloc'd pointer) - some offset to find the true 
size allocated.
* MemoryDependenceAnalysis (MDA) regards load from (malloc() call + any 
offset) to be undefined, and replaces the size read with 0.
* All manner of chaos results when that value is used.

Obviously the problem is MDA assumes that load from malloc without 
intervening store is undefined, but that assumption is unreasonable when 
you're building parts of the allocator itself. It looks like LLVM makes 
a little effort to spot that situation (it won't enforce malloc's 
contract if the malloc function has a definition), but from the point of 
view of building the realloc call malloc is an external declaration just 
like for a program using libc.

For now I've added a flag to MDA such that malloc clobbers rather than 
resolving to undef; however I was wondering if there is a "proper" way 
to do this with any compiler targeting LLVM?

If it's actually not solved already, I'd suggest that instead of 
assuming "derived from malloc -> undef" it could be better to leave such 
loads alone unless they are provably within the bounds of the allocation 
- so malloc(n) yields n bytes of undef, but clobbers out of bounds 
pointers derived from the same malloc.


More information about the llvm-dev mailing list