[llvm-commits] [llvm] r157261 - in /llvm/trunk: include/llvm/InitializePasses.h include/llvm/LinkAllPasses.h include/llvm/Transforms/Scalar.h include/llvm/Transforms/Utils/Local.h lib/Transforms/InstCombine/InstCombine.h lib/Transforms/InstCombin
Nuno Lopes
nunoplopes at sapo.pt
Wed May 23 16:05:24 PDT 2012
>>> Of course that with this approach we will miss some bugs, namely those
>>> that incur in undefined behavior that is exploited by the compiler.
>>> But as far as security is concerned, this is fine.
>
> This is fine???????!!!!!! Isn't undefined behaviour due to (eg) integer
> arithmetic overflow one of the major causes of buffer overflow?!
>
>> That isn't how undef works... it's possible (but probably rare) we'll
>> eliminate the bounds check, but not the load.
>
> Yeah. In my opinion if you are going to do bounds checking it should try
> hard to be robust in the face of uninitialized variables (undef) and things
> like signed integer overflow (trap value).
I discussed a bit with Eli about this problem.
The llvm.identity intrinsic could in fact help, although I need to
think more about it.
Another point is that we are doing this instrumentation quite late,
and therefore the more aggressive optimizations were already done. So
we might get away with that more or less safely.
That said, I will test real code and overflow examples and I'll see if
any further action is needed.
Thanks,
Nuno
More information about the llvm-commits
mailing list