[llvm-dev] Should analyses be able to hold AssertingVH to IR? (related to PR28400)
Sanjoy Das via llvm-dev
llvm-dev at lists.llvm.org
Tue Jul 12 00:48:58 PDT 2016
Hi Sean,
Sean Silva wrote:
>
> ASan's reuses it less often, but keeps it poisoned so that dangling pointers get caught. This makes it less likely that
> re-use will cause invalid analysis results. BUT it makes it more likely that when we access a dangling pointer, it falls
> into a poisoned heap area. So the net result is that it catches dangling pointers better.
>
> Or to put it another way, the "heap slot reuse causes invalid analysis results" situation is actually a subset of "we
> access a dangling pointer"
I'm not sure about this -- is manipulating a pointer as an integer
(without loading or storing through it) included in "access"? IOW,
will asan catch this bug at all:
DenseMap M;
M[BB] = 5;
delete BB;
BB = new BasicBlock()
return M[BB];
?
It seems to be fine with
int main(int, char **) {
int *f = new int[5];
delete[]f;
return f == (int*) 100;
}
> which is what we really want to catch (I mean "dangling" in a sense that a pointer stays
> "dangling" even if its heap slot is reused). By avoiding reuse of heap slots, the dangling pointer is more likely to be
> in a heap slot that ASan is keeping poisoned and not reusing (hence it can detect the error).
>
> -- Sean Silva
>
>
> (Or did I just re-state what you were saying?)
>
> -- Sanjoy
>
>
More information about the llvm-dev
mailing list