[llvm] r273888 - [asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, LLVM part
Kuba Brecka via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 27 08:57:08 PDT 2016
Author: kuba.brecka
Date: Mon Jun 27 10:57:08 2016
New Revision: 273888
URL: http://llvm.org/viewvc/llvm-project?rev=273888&view=rev
Log:
[asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, LLVM part
See the bug report at https://github.com/google/sanitizers/issues/691. When a dynamic alloca has a constant size, ASan instrumentation will treat it as a regular dynamic alloca (insert calls to poison and unpoison), but the backend will turn it into a regular stack variable. The poisoning/unpoisoning is then broken. This patch will treat such allocas as static.
Differential Revision: http://reviews.llvm.org/D21509
Modified:
llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
Modified: llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp?rev=273888&r1=273887&r2=273888&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp (original)
+++ llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp Mon Jun 27 10:57:08 2016
@@ -454,19 +454,20 @@ struct AddressSanitizer : public Functio
AU.addRequired<TargetLibraryInfoWrapperPass>();
}
uint64_t getAllocaSizeInBytes(AllocaInst *AI) const {
+ uint64_t ArraySize = 1;
+ if (AI->isArrayAllocation()) {
+ ConstantInt *CI = dyn_cast<ConstantInt>(AI->getArraySize());
+ assert(CI && "non-constant array size");
+ ArraySize = CI->getZExtValue();
+ }
Type *Ty = AI->getAllocatedType();
uint64_t SizeInBytes =
AI->getModule()->getDataLayout().getTypeAllocSize(Ty);
- return SizeInBytes;
+ return SizeInBytes * ArraySize;
}
/// Check if we want (and can) handle this alloca.
bool isInterestingAlloca(AllocaInst &AI);
- // Check if we have dynamic alloca.
- bool isDynamicAlloca(AllocaInst &AI) const {
- return AI.isArrayAllocation() || !AI.isStaticAlloca();
- }
-
/// If it is an interesting memory access, return the PointerOperand
/// and set IsWrite/Alignment. Otherwise return nullptr.
Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite,
@@ -721,7 +722,7 @@ struct FunctionStackPoisoner : public In
}
StackAlignment = std::max(StackAlignment, AI.getAlignment());
- if (ASan.isDynamicAlloca(AI))
+ if (!AI.isStaticAlloca())
DynamicAllocaVec.push_back(&AI);
else
AllocaVec.push_back(&AI);
@@ -912,7 +913,7 @@ bool AddressSanitizer::isInterestingAllo
bool IsInteresting =
(AI.getAllocatedType()->isSized() &&
// alloca() may be called with 0 size, ignore it.
- getAllocaSizeInBytes(&AI) > 0 &&
+ ((!AI.isStaticAlloca()) || getAllocaSizeInBytes(&AI) > 0) &&
// We are only interested in allocas not promotable to registers.
// Promotable allocas are common under -O0.
(!ClSkipPromotableAllocas || !isAllocaPromotable(&AI)) &&
@@ -2013,7 +2014,7 @@ void FunctionStackPoisoner::poisonStack(
assert(APC.InsBefore);
assert(APC.AI);
assert(ASan.isInterestingAlloca(*APC.AI));
- bool IsDynamicAlloca = ASan.isDynamicAlloca(*APC.AI);
+ bool IsDynamicAlloca = !(*APC.AI).isStaticAlloca();
if (!ClInstrumentAllocas && IsDynamicAlloca)
continue;
More information about the llvm-commits
mailing list