[llvm-dev] BoundsChecking Pass
Pierre Gagelin via llvm-dev
llvm-dev at lists.llvm.org
Fri May 20 03:16:47 PDT 2016
Hi,
I am a final year French student doing an internship at the University of
Portsmouth. As I was taking hands on AddressSanitizer I took a look at
BoundsChecking (both are in the lib/Transforms/Instrumentation folder).
I found nothing on it except for the LLVM Documentation and references to
BaggyBoundsCheck (which is not the same project. As far as I understood it
is part of the SAFECode project). Does anyone knows about it
(BoundsChecking)? I have some inquiries I will try to explain just below...
I modified a bit the registration process of the Pass (the BoundsChecking
one) to get the .so generated file once llvm rebuild. I then ran the LLVM
opt with loading the .so for a C program that did both a stack and heap
overflow:
- clang -emit-llvm overflow.c -c -o overflow.bc
- opt -load path-to-so/LLVMBoundsChecking.so -options < overflow.bc >
overflow_instrumented.bc
I then ran llc and gcc to get an executable:
- llc -filetype=obj overflow_instrumented.bc (generates a .o file with
same name)
- gcc overflow_instrumented.o -o overflow_instrumented
Once launched, the executable detects the stack access and crash the
program (you can see the checks on the assembly code which are followed by
a conditional jump on a UD2 instruction that basically crash a program) but
nothing is instrumented for the heap access. On the BoundsChecking file it
is said that run-time checks are maid but I don't see them. So my questions
are:
- are there any heap checking made?
- if yes, where are they?
I am interested in this because I think I am going to try to do the same
work made on the stack to the heap.
Thank you for your help, any information or advice is welcome :)
Pierre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160520/797a0f5b/attachment.html>
More information about the llvm-dev
mailing list