[llvm] 8a34f6d - [ASAN] Do not consider alignment during object size calculations (#109120)

[via llvm-commits]

Author: Pavel Skripkin
Date: 2024-09-19T10:16:28-07:00
New Revision: 8a34f6dba14e49332ff63abfa6a8aa3ca560fc50

URL: https://github.com/llvm/llvm-project/commit/8a34f6dba14e49332ff63abfa6a8aa3ca560fc50
DIFF: https://github.com/llvm/llvm-project/commit/8a34f6dba14e49332ff63abfa6a8aa3ca560fc50.diff

LOG: [ASAN] Do not consider alignment during object size calculations (#109120)

It was found that ASAN logic optimizes away out-of-bound access
instrumentation for over-aligned arrays. See #108287 for complete code
examples.

Fix it by not considering alignment during object size calculation,
since out-of-bounds access for over-aligned object is still UB and
should be reported by ASAN.

Closes: #108287

Added: 
    

Modified: 
    llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
    llvm/test/Instrumentation/AddressSanitizer/instrument_global.ll

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
index e8a95f5dfd435c..8f1e3e0764a7f1 100644
--- a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -3057,9 +3057,7 @@ bool AddressSanitizer::instrumentFunction(Function &F,
                    OperandsToInstrument.size() + IntrinToInstrument.size() >
                        (unsigned)InstrumentationWithCallsThreshold);
   const DataLayout &DL = F.getDataLayout();
-  ObjectSizeOpts ObjSizeOpts;
-  ObjSizeOpts.RoundToAlign = true;
-  ObjectSizeOffsetVisitor ObjSizeVis(DL, TLI, F.getContext(), ObjSizeOpts);
+  ObjectSizeOffsetVisitor ObjSizeVis(DL, TLI, F.getContext());
 
   // Instrument.
   int NumInstrumented = 0;

diff  --git a/llvm/test/Instrumentation/AddressSanitizer/instrument_global.ll b/llvm/test/Instrumentation/AddressSanitizer/instrument_global.ll
index 2f26a7d9f44535..bcaf54deed21cb 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/instrument_global.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/instrument_global.ll
@@ -16,6 +16,7 @@ target triple = "x86_64-unknown-linux-gnu"
 ; indexed with constants in-bounds. But instrument all other cases.
 
 @GlobSt = global [10 x i32] zeroinitializer, align 16  ; static initializer
+ at GlobStAlignInBounds = global [10 x i8] zeroinitializer, align 16  ; static initializer
 @GlobDy = global [10 x i32] zeroinitializer, align 16, sanitize_address_dyninit  ; dynamic initializer
 @GlobEx = external global [10 x i32] , align 16        ; extern initializer
 
@@ -49,6 +50,26 @@ entry:
 ; CHECK: ret i32
 }
 
+; GlobStAlignInBount is accessed with out of bounds index, but in bounds of allocated area (because of alignemnt)
+define i8 @AccessGlobStAlignInBounds_0_11() sanitize_address {
+entry:
+    %0 = load i8, ptr getelementptr inbounds ([10 x i8], ptr @GlobStAlignInBounds, i64 0, i64 11), align 1
+    ret i8 %0
+; CHECK-LABEL: define i8 @AccessGlobStAlignInBounds_0_11
+; CHECK: __asan_report
+; CHECK: ret i8
+}
+
+; GlobStAlignInBount is accessed with in-bound index
+define i8 @AccessGlobStAlignInBounds_0_9() sanitize_address {
+entry:
+    %0 = load i8, ptr getelementptr inbounds ([10 x i8], ptr @GlobStAlignInBounds, i64 0, i64 9), align 1
+    ret i8 %0
+; CHECK-LABEL: define i8 @AccessGlobStAlignInBounds_0_9
+; CHECK-NOT: __asan_report
+; CHECK: ret i8
+}
+
 ; GlobDy is declared with dynamic initializer -- can't optimize.
 define i32 @AccessGlobDy_0_2() sanitize_address {
 entry: