[PATCH] D32199: [TBAASan] A TBAA Sanitizer (Clang)
Hal Finkel via cfe-commits
cfe-commits at lists.llvm.org
Mon May 1 13:45:23 PDT 2017
On 05/01/2017 02:31 PM, Daniel Berlin wrote:
>
>
>
>
> So you believe that you can index into an object randomly by
> pointer arithmetic and pull out a different field?
>
> For starters, this is illegal because you don't know where the
> padding bytes are.
> You cannot assume that X.a + 1 == X.b
> "Implementation alignment requirements might cause two adjacent
> members not to be allocated immediately after each other;"
>
> See 9.2.14
>
>
> IE at best you'd have to add
>
> &(struct X*(0))->b - &(struct X*(0))->a
I don't think that helps because the structure offsets are an observable
part of the model. The code could easily be:
if (offsetof(X, b) == sizeof(int)) {
// thing we're talking about
} else {
// something safer
}
>
>
> I don't believe this is legal either.
>
> Let me try to dredge up the long discussions we had about these cases
> on the gcc mailing lists.
> The conclusion was, i believe:
>
> "if you want to go marching through an object as a char *, that's
> fine, if you expect to be able to get at fields by playing pointer
> arithmetic games, from other fields, that is not)
> I feel like every couple years, a different compiler has the same
> aliasing discussions :)
I'm sure that's true :-)
-Hal
--
Hal Finkel
Lead, Compiler Technology and Programming Languages
Leadership Computing Facility
Argonne National Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170501/6f162ab0/attachment-0001.html>
More information about the cfe-commits
mailing list