[llvm-dev] how to monitor read operation to special memory blocks?
慕冬亮 via llvm-dev
llvm-dev at lists.llvm.org
Mon Oct 19 01:04:53 PDT 2015
2015-10-14 0:20 GMT+08:00 Tim Northover <t.p.northover at gmail.com>:
> On 13 October 2015 at 01:28, 慕冬亮 via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>> In LLVM, is there any way to monitor read operation to some special blocks?
>> For example, I have a memory block from A1 to A2 to protect. Any read
>> operation to the address between A1 and A2 will be caught.
>
> You could write a pass that instruments any LLVM IR to check the
> address of any operation that's going to load and change the behaviour
> (much like Clang's sanitizers, but on existing IR rather than when
> creating it). E.g. rewrite
I will see source code of Clang's sanitizers.
>
> %val = load i32* %addr
>
> to
>
> %val = call i32 @checked_load_i32(i32* %addr)
>
> where you write an appropriate "checked_load_i32" function to do what
> you want. You'll obviously have to handle other types (maybe by always
> loading to an iN and then bitcasting the result), and intrinsics like
> @llvm.memcpy.
Is there any possibility that this method may be bypassed without
injecting other code?
>
> But if you also want to check library calls, you'll have to recompile
> those libraries with this pass too, which may or may not be easy.
> You'd also miss inline assembly, and loads inserted by the compiler
> (possibly to materialize constants, or virtually anything that
> implicitly happens to the stack like
> spills/function-prologues/epilogues).
>
> To get 100% coverage, either a VM (possibly like valgrind) or a
> friendly OS-kernel is probably the only option.
Yes, this is the final method, but the overhead is too high.
I can't sacrifice my protections for a memory block with such a high overhead.
>
> Cheers.
>
> Tim.
More information about the llvm-dev
mailing list