[compiler-rt] r250837 - Disabling speculative loads under asan.

Ivan Krasin via llvm-commits llvm-commits at lists.llvm.org
Tue Oct 20 10:34:48 PDT 2015 

Author: krasin
Date: Tue Oct 20 12:34:47 2015
New Revision: 250837

URL: http://llvm.org/viewvc/llvm-project?rev=250837&view=rev
Log:
Disabling speculative loads under asan.

Summary:
While instrumenting std::string with asan I discovered that speculative load might load data from poisoned region. Disabling all speculative loads for asan-annotated functions.

The test follows the std::string implementation.

Corresponding CL in llvm: http://reviews.llvm.org/D13264
Patch by Mike Aizatsky, the review page for the CL is http://reviews.llvm.org/D13265

Reviewers: aizatsky

Subscribers: kcc, llvm-commits

Differential Revision: http://reviews.llvm.org/D13905

Added:
    compiler-rt/trunk/test/asan/TestCases/speculative_load.cc

Added: compiler-rt/trunk/test/asan/TestCases/speculative_load.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/speculative_load.cc?rev=250837&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/speculative_load.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/speculative_load.cc Tue Oct 20 12:34:47 2015
@@ -0,0 +1,50 @@
+// Verifies that speculative loads from unions do not happen under asan.
+// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1
+// RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1
+// RUN: %clangxx_asan -O2 %s -o %t && %run %t 2>&1
+// RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1
+
+#include <sanitizer/asan_interface.h>
+
+struct S {
+  struct _long {
+      void* _pad;
+      const char* _ptr;
+  };
+
+  struct _short {
+    unsigned char _size;
+    char _ch[23];
+  };
+
+  union {
+    _short _s;
+    _long _l;
+  } _data;
+
+  S() {
+    _data._s._size = 0;
+    __asan_poison_memory_region(_data._s._ch, 23);
+  }
+
+  bool is_long() const {
+    return _data._s._size & 1;
+  }
+
+  const char* get_pointer() const {
+    return is_long() ? _data._l._ptr : _data._s._ch;
+  }
+};
+
+
+inline void side_effect(const void *arg) {
+  __asm__ __volatile__("" : : "r" (arg) : "memory");
+}
+
+int main(int argc, char **argv) {
+  S s;
+  side_effect(&s); // optimizer is too smart otherwise
+  const char *ptr = s.get_pointer();
+  side_effect(ptr); // force use ptr
+  return 0;
+}

More information about the llvm-commits mailing list