[PATCH] asan: do not instrument direct inbounds accesses to stack variables
Nuno Lopes
nunoplopes at sapo.pt
Wed Feb 25 08:40:31 PST 2015
You should use ObjectSizeOffsetVisitor instead of ObjectSizeOffsetEvaluator. The interface is the similar, but it gives up when the object size is not constant, while the later may insert new instructions in the code. ObjectSizeOffsetVisitor is well tested (it's used by alias analysis, for example).
Second, the inbounds check is unsound (it may overflow -- check the prove here: http://rise4fun.com/Z3/PVrF). The correct set of checks are the following 3:
- Offset >= 0 (signed; you have this one)
- Size >= Offset (unsigned)
- Size - Offset >= AccessSize (unsigned)
Finally, you cannot derive the access size from "DL->getTypeStoreSize(OrigTy)". For example, just because an array has elements of size 4, it doesn't mean that all stores must be of size 4. You can have done a bitcast, and stored 8 bytes. Basically you need to get hold of the element stored and check its store size.
After fixing these 3 issues, I think the patch becomes correct and desirable for commit.
http://reviews.llvm.org/D7583
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
More information about the llvm-commits
mailing list