[llvm-bugs] [Bug 27844] New: SafeStack: unsafe alloca pointers are live throughout the function
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon May 23 11:38:10 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=27844
Bug ID: 27844
Summary: SafeStack: unsafe alloca pointers are live throughout
the function
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Common Code Generator Code
Assignee: unassignedbugs at nondot.org
Reporter: eugeni.stepanov at gmail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
In the following example, the address of each local variable is calculated in
advance and kept live in a register, and even spilled as necessary. It would be
enough to keep the base address of the unsafe stack frame (%r15 in this case)
in a register and calculate the addresses of variables when they are needed.
$ cat 1.cc
void capture(int *);
void f() {
int x0; capture(&x0);
int x1; capture(&x1);
int x2; capture(&x2);
int x3; capture(&x3);
int x4; capture(&x4);
int x5; capture(&x5);
int x6; capture(&x6);
int x7; capture(&x7);
int x8; capture(&x8);
int x9; capture(&x9);
}
$ clang++ 1.cc -O3 -c -fsanitize=safe-stack && objdump -drl 1.o
0000000000000000 <_Z1fv>:
_Z1fv():
0: 55 push %rbp
1: 41 57 push %r15
3: 41 56 push %r14
5: 41 55 push %r13
7: 41 54 push %r12
9: 53 push %rbx
a: 48 83 ec 28 sub $0x28,%rsp
e: 48 8b 0d 00 00 00 00 mov 0x0(%rip),%rcx # 15
<_Z1fv+0x15>
11: R_X86_64_GOTTPOFF __safestack_unsafe_stack_ptr-0x4
15: 64 4c 8b 39 mov %fs:(%rcx),%r15
19: 49 8d 47 d0 lea -0x30(%r15),%rax
1d: 64 48 89 01 mov %rax,%fs:(%rcx)
21: 49 8d 7f fc lea -0x4(%r15),%rdi
25: 49 8d 5f f8 lea -0x8(%r15),%rbx
29: 4d 8d 67 f4 lea -0xc(%r15),%r12
2d: 4d 8d 6f f0 lea -0x10(%r15),%r13
31: 49 8d 6f ec lea -0x14(%r15),%rbp
35: 4d 8d 77 e8 lea -0x18(%r15),%r14
39: 49 8d 47 e4 lea -0x1c(%r15),%rax
3d: 48 89 44 24 08 mov %rax,0x8(%rsp)
42: 49 8d 47 e0 lea -0x20(%r15),%rax
46: 48 89 44 24 10 mov %rax,0x10(%rsp)
4b: 49 8d 47 dc lea -0x24(%r15),%rax
4f: 48 89 44 24 18 mov %rax,0x18(%rsp)
54: 49 8d 47 d8 lea -0x28(%r15),%rax
58: 48 89 44 24 20 mov %rax,0x20(%rsp)
5d: e8 00 00 00 00 callq 62 <_Z1fv+0x62>
5e: R_X86_64_PC32 _Z7capturePi-0x4
62: 48 89 df mov %rbx,%rdi
65: e8 00 00 00 00 callq 6a <_Z1fv+0x6a>
66: R_X86_64_PC32 _Z7capturePi-0x4
6a: 4c 89 e7 mov %r12,%rdi
6d: e8 00 00 00 00 callq 72 <_Z1fv+0x72>
6e: R_X86_64_PC32 _Z7capturePi-0x4
72: 4c 89 ef mov %r13,%rdi
75: e8 00 00 00 00 callq 7a <_Z1fv+0x7a>
76: R_X86_64_PC32 _Z7capturePi-0x4
7a: 48 89 ef mov %rbp,%rdi
7d: e8 00 00 00 00 callq 82 <_Z1fv+0x82>
7e: R_X86_64_PC32 _Z7capturePi-0x4
82: 4c 89 f7 mov %r14,%rdi
85: e8 00 00 00 00 callq 8a <_Z1fv+0x8a>
86: R_X86_64_PC32 _Z7capturePi-0x4
8a: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi
8f: e8 00 00 00 00 callq 94 <_Z1fv+0x94>
90: R_X86_64_PC32 _Z7capturePi-0x4
94: 48 8b 7c 24 10 mov 0x10(%rsp),%rdi
99: e8 00 00 00 00 callq 9e <_Z1fv+0x9e>
9a: R_X86_64_PC32 _Z7capturePi-0x4
9e: 48 8b 7c 24 18 mov 0x18(%rsp),%rdi
a3: e8 00 00 00 00 callq a8 <_Z1fv+0xa8>
a4: R_X86_64_PC32 _Z7capturePi-0x4
a8: 48 8b 7c 24 20 mov 0x20(%rsp),%rdi
ad: e8 00 00 00 00 callq b2 <_Z1fv+0xb2>
ae: R_X86_64_PC32 _Z7capturePi-0x4
b2: 48 8b 05 00 00 00 00 mov 0x0(%rip),%rax # b9
<_Z1fv+0xb9>
b5: R_X86_64_GOTTPOFF __safestack_unsafe_stack_ptr-0x4
b9: 64 4c 89 38 mov %r15,%fs:(%rax)
bd: 48 83 c4 28 add $0x28,%rsp
c1: 5b pop %rbx
c2: 41 5c pop %r12
c4: 41 5d pop %r13
c6: 41 5e pop %r14
c8: 41 5f pop %r15
ca: 5d pop %rbp
cb: c3 retq
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160523/4bc87721/attachment-0001.html>
More information about the llvm-bugs
mailing list