On 11/02/2016 03:51 PM, Jakub Jelinek wrote:
> On Wed, Nov 02, 2016 at 03:38:25PM +0100, Martin Liška wrote:
>> it converts:
>> foo ()
>> {
>> char a;
>> char * p;
>> char _1;
>> int _2;
>> int _8;
>> int _9;
>>
>> <bb 2>:
>> ASAN_MARK (2, &a, 1);
>> a = 0;
>> p_6 = &a;
>> ASAN_MARK (1, &a, 1);
>> _1 = *p_6;
>
> You shouldn't convert if a is addressable (when ignoring &a in ASAN_MARK
> calls). Only if there is &a just in ASAN_MARK and MEM_REF, you can convert.
>
>> to:
>>
>> foo ()
>> {
>> char a;
>> char * p;
>> char _1;
>> int _2;
>>
>> <bb 2>:
>> a_10 = 0;
>> a_12 = ASAN_POISON ();
>> _1 = a_12;
>> if (_1 != 0)
>> goto <bb 4>;
>> else
>> goto <bb 3>;
>>
>> <bb 3>:
>>
>> <bb 4>:
>> # _2 = PHI <1(2), 0(3)>
>> return _2;
>>
>> }
>>
>> and probably the last goal is to convert the newly added internal fn to a
>> runtime call.
>> Hope sanopt pass is the right place where to it?
>
> If ASAN_POISON is ECF_CONST and has any uses during sanopt, perhaps best
> would be to add an artificial variable you give the same name as the
> underlying var of the SSA_NAME (and alignment, locus etc.) and poison it
> right away (keep unpoisoning only to the function epilogue) and then
> ASAN_CHECK replace all uses of that SSA_NAME with ASAN_CHECK + use of
> (D) SSA_NAME.
>
> Jakub
>
Hi.
I'm having a semi-working patch that comes up with the ASAN_POISON built-in.
Well, to be honest,
I still have a feeling that doing the magic with the parallel variable is bit
overkill. Maybe
a new runtime call would make it easier for us.
However, I still don't fully understand why we want to support just
is_gimple_reg variables.
Let's consider following test-case:
void foo()
{
char *ptr;
{
char my_char[9];
ptr = &my_char[0];
}
}
Where I would expect to optimize out:
<bb 2>:
_5 = (unsigned long) 9;
_4 = (unsigned long) &my_char;
__builtin___asan_unpoison_stack_memory (_4, _5);
_7 = (unsigned long) 9;
_6 = (unsigned long) &my_char;
__builtin___asan_poison_stack_memory (_6, _7);
return;
where address of my_char is taken in the original source code, while not during
tree-ssa
optimization, where the address is used only by ASAN_MARK calls.
Doing such transformation can rapidly decrease number of
__builtin___asan_{un}poison_stack_memory
in tramp3d: from ~36K to ~22K.
Thanks for clarification.
Martin
