OSDN Git Service

(root) / android-x86 / external-llvm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c55ef47) | patch
[HWASan] Do not retag allocas before return from the function.
authorAlex Shlyapnikov <alekseys@google.com>
Fri, 29 Jun 2018 20:20:17 +0000 (20:20 +0000)
committerAlex Shlyapnikov <alekseys@google.com>
Fri, 29 Jun 2018 20:20:17 +0000 (20:20 +0000)
commit1c3bbb466428323f250a35638aa39d51c892b264
tree229f57a1b1dac15c15a78d69fe3aacd44c7d40a9tree | snapshot
parentc55ef4741ac75872f0e692c87eac70745b3ce167commit | diff
[HWASan] Do not retag allocas before return from the function.

Summary:
Retagging allocas before returning from the function might help
detecting use after return bugs, but it does not work at all in real
life, when instrumented and non-instrumented code is intermixed.
Consider the following code:

F_non_instrumented() {
  T x;
  F1_instrumented(&x);
  ...
}

{
  F_instrumented();
  F_non_instrumented();
}

- F_instrumented call leaves the stack below the current sp tagged
  randomly for UAR detection
- F_non_instrumented allocates its own vars on that tagged stack,
  not generating any tags, that is the address of x has tag 0, but the
  shadow memory still contains tags left behind by F_instrumented on the
  previous step
- F1_instrumented verifies &x before using it and traps on tag mismatch,
  0 vs whatever tag was set by F_instrumented

Reviewers: eugenis

Subscribers: srhines, llvm-commits

Differential Revision: https://reviews.llvm.org/D48664

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@336011 91177308-0d34-0410-b5e6-96231b3b80d8
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp diff | blob | history
test/Instrumentation/HWAddressSanitizer/alloca-with-calls.ll [new file with mode: 0644] blob
test/Instrumentation/HWAddressSanitizer/alloca.ll diff | blob | history
external/llvm
About OSDN
Find Software
Develop Software
Help