On Fri, Dec 06, 2013 at 04:10:31PM +0100, Ondřej Bílka wrote:
> Currently this code with sanitize=address gets expanded
>
> int foo(char *x, char *y, int i)
> {
> x[i] = y[i];
> }
>
> to
>
> snip
> movq %rsi, %rax
> movq %rsi, %rdx
> shrq $3, %rax
> andl $7, %edx
> movzbl 2147450880(%rax), %eax
> cmpb %dl, %al
> jle .L18
> .L2:
>
> snip
>
> .L18:
> .cfi_restore_state
> testb %al, %al
> je .L2
> movq %rsi, %rdi
> call __asan_report_load1
>
> There is nothing imposible about disabling these checks. You just fill a
> page to make this check pass and use mmap to make entire shadow memory point
> to that page.
I don't think I understand you. __asan_report_* is a fatal error, the
program is terminated there. What is costly on the asan instrumentation is
exactly the >>, memory loads, extra comparisons, in non-buggy programs
you never enter the __asan_report_* calls.
Jakub
