[PATCH] D13905: Disabling speculative loads under asan.

Ivan Krasin via llvm-commits llvm-commits at lists.llvm.org
Tue Oct 20 10:34:23 PDT 2015 

krasin created this revision.
krasin added a reviewer: aizatsky.
krasin added subscribers: llvm-commits, kcc.

While instrumenting std::string with asan I discovered that speculative load might load data from poisoned region. Disabling all speculative loads for asan-annotated functions.

The test follows the std::string implementation.

Corresponding CL in llvm: http://reviews.llvm.org/D13264
Patch by Mike Aizatsky, the review page for the CL is http://reviews.llvm.org/D13265

http://reviews.llvm.org/D13905

Files:
  test/asan/TestCases/speculative_load.cc

Index: test/asan/TestCases/speculative_load.cc
===================================================================
--- /dev/null
+++ test/asan/TestCases/speculative_load.cc
@@ -0,0 +1,50 @@
+// Verifies that speculative loads from unions do not happen under asan.
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1
+// RUN: %clangxx_asan -O2 %s -o %t && %run %t 2>&1
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1
+
+#include <sanitizer/asan_interface.h>
+
+struct S {
+  struct _long {
+      void* _pad;
+      const char* _ptr;
+  };
+
+  struct _short {
+    unsigned char _size;
+    char _ch[23];
+  };
+
+  union {
+    _short _s;
+    _long _l;
+  } _data;
+
+  S() {
+    _data._s._size = 0;
+    __asan_poison_memory_region(_data._s._ch, 23);
+  }
+
+  bool is_long() const {
+    return _data._s._size & 1;
+  }
+
+  const char* get_pointer() const {
+    return is_long() ? _data._l._ptr : _data._s._ch;
+  }
+};
+
+
+inline void side_effect(const void *arg) {
+  __asm__ __volatile__("" : : "r" (arg) : "memory");
+}
+
+int main(int argc, char **argv) {
+  S s;
+  side_effect(&s); // optimizer is too smart otherwise
+  const char *ptr = s.get_pointer();
+  side_effect(ptr); // force use ptr
+  return 0;
+}


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D13905.37895.patch
Type: text/x-patch
Size: 1281 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20151020/673a04cd/attachment.bin>

More information about the llvm-commits mailing list