On 11/02/2016 03:51 PM, Jakub Jelinek wrote:
> On Wed, Nov 02, 2016 at 03:38:25PM +0100, Martin Liška wrote:
>> it converts:
>> foo ()
>> {
>> char a;
>> char * p;
>> char _1;
>> int _2;
>> int _8;
>> int _9;
>>
>> <bb 2>:
>> ASAN_MARK (2, &a, 1);
>> a = 0;
>> p_6 = &a;
>> ASAN_MARK (1, &a, 1);
>> _1 = *p_6;
>
> You shouldn't convert if a is addressable (when ignoring &a in ASAN_MARK
> calls). Only if there is &a just in ASAN_MARK and MEM_REF, you can convert.
Sure, which should be done in execute_update_addresses_taken via
gimple_ior_addresses_taken.
>
>> to:
>>
>> foo ()
>> {
>> char a;
>> char * p;
>> char _1;
>> int _2;
>>
>> <bb 2>:
>> a_10 = 0;
>> a_12 = ASAN_POISON ();
>> _1 = a_12;
>> if (_1 != 0)
>> goto <bb 4>;
>> else
>> goto <bb 3>;
>>
>> <bb 3>:
>>
>> <bb 4>:
>> # _2 = PHI <1(2), 0(3)>
>> return _2;
>>
>> }
>>
>> and probably the last goal is to convert the newly added internal fn to a
>> runtime call.
>> Hope sanopt pass is the right place where to it?
>
> If ASAN_POISON is ECF_CONST and has any uses during sanopt, perhaps best
> would be to add an artificial variable you give the same name as the
> underlying var of the SSA_NAME (and alignment, locus etc.) and poison it
> right away (keep unpoisoning only to the function epilogue) and then
> ASAN_CHECK replace all uses of that SSA_NAME with ASAN_CHECK + use of
> (D) SSA_NAME.
When I create an ASAN_POISON call in execute_update_addresses_taken, there
would not
be any ASAN_CHECK generated as it's going to be rewritten to SSA form (like the
previous
sample I sent).
I like the idea of having a parallel variable, which can be poisoned at the
very beginning of
a function. Whenever we have a use of the SSA_NAME (like a_12 = ASAN_POISON
()), we can simply
insert BUILT_IN_ASAN_REPORT_LOADx(¶llel_variable) statement. No change
would be necessary
for ASAN runtime in such case.
Will it work?
Thanks,
Martin
>
> Jakub
>
