llvm dev - Jun 2011 - [LLVMdev] can GlobalAlias point to a middle of a structure?

Hi,

In order to find out-of-bound accesses to global objects with
AddressSanitizer (
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer)
I need to create redzones to the left and to the right of every global
variable.

I tried the following:
Before:
  @Extern = global [10 x i8] zeroinitializer, align 1
After:
  %0 = type { [32 x i8], [10 x i8], [54 x i8] }
  @Extern_asan_redzone = global %0 zeroinitializer, align 1
  @0 = global [10 x i8] zeroinitializer, align 1   << the old variable
  @Extern = alias getelementptr inbounds (%0* @Extern_asan_redzone, i32 0,
i32 1)
I.e. I created a global struct @Extern_asan_redzone of 3 elements and an
alias @Extern that points to the middle element of this struct.

The compilation passes, but the resulting object looks like this:
  000000000060d150 B Extern
  000000000060d150 B Extern_asan_redzone
I.e. @Extern points to the beginning of @Extern_asan_redzone instead of
middle.

Also, the comment in GlobalAlias.h says:
  /// getAliasedGlobal() - Aliasee can be either global or bitcast of


  /// global. This method retrives the global for both aliasee flavours.

So, the question: can I get an alias pointing to the middle of a
GlobalVariable? How?
If not, is there some other way to create a left redzone for a global
variable?

Thanks,

--kcc
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20110617/f42e4591/attachment.html>

Hi Kostya,
> In order to find out-of-bound accesses to global objects with
AddressSanitizer
> (http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer)
> I need to create redzones to the left and to the right of every global
variable.
>
> I tried the following:
> Before:
>    @Extern = global [10 x i8] zeroinitializer, align 1
> After:
>    %0 = type { [32 x i8], [10 x i8], [54 x i8] }
>    @Extern_asan_redzone = global %0 zeroinitializer, align 1
>    @0 = global [10 x i8] zeroinitializer, align 1 << the old variable
>    @Extern = alias getelementptr inbounds (%0* @Extern_asan_redzone, i32 0,
i32 1)
> I.e. I created a global struct @Extern_asan_redzone of 3 elements and an
> alias @Extern that points to the middle element of this struct.
this is not currently possible.  You are not the first person to ask for this.
If targets support it (I don't know if any do) then perhaps it can be added.

Ciao, Duncan.

I'll step forward as the person who told Kostya he could use aliases like
this. :-)

The verifier doesn't forbid it, so I concluded that it was okay. However,
looking back at the history it's clear that was a mistake:
> r70079 | lattner | 2009-04-25 14:23:19 -0700 (Sat, 25 Apr 2009) | 8 lines
>
> Allow aliasee to be a GEP or bitcast instead of just a bitcast.
> The real fix for this whole mess is to require the operand of the
> alias to be a *GlobalValue* (not a general constant, including
> constant exprs) but allow the operand and the alias type to be
> unrelated.
So it seems that making an alias to the middle of something else is not
actually supported. Sorry.

I have a partial fix. You can replace global @foo with a new @foo.safe of a
different type as you do now, then replace all uses of the original
GlobalValue with a GEP constant expression. (Well, all uses except
GlobalAlias uses.) The problem with this technique is that you'll lose the
ability to share those globals by name with external (library) users. That
should only be a real problem for ASAN compiled plugins which get
dlopen()'d.

Nick

On 17 June 2011 09:07, Kostya Serebryany <kcc at google.com> wrote:
> Hi,
>
> In order to find out-of-bound accesses to global objects with
> AddressSanitizer (
> http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer)
> I need to create redzones to the left and to the right of every global
> variable.
>
> I tried the following:
> Before:
>   @Extern = global [10 x i8] zeroinitializer, align 1
> After:
>   %0 = type { [32 x i8], [10 x i8], [54 x i8] }
>   @Extern_asan_redzone = global %0 zeroinitializer, align 1
>   @0 = global [10 x i8] zeroinitializer, align 1   << the old
variable
>   @Extern = alias getelementptr inbounds (%0* @Extern_asan_redzone, i32 0,
> i32 1)
> I.e. I created a global struct @Extern_asan_redzone of 3 elements and an
> alias @Extern that points to the middle element of this struct.
>
> The compilation passes, but the resulting object looks like this:
>   000000000060d150 B Extern
>   000000000060d150 B Extern_asan_redzone
> I.e. @Extern points to the beginning of @Extern_asan_redzone instead of
> middle.
>
> Also, the comment in GlobalAlias.h says:
>   /// getAliasedGlobal() - Aliasee can be either global or bitcast of
>
>
>   /// global. This method retrives the global for both aliasee flavours.
>
> So, the question: can I get an alias pointing to the middle of a
> GlobalVariable? How?
> If not, is there some other way to create a left redzone for a global
> variable?
>
> Thanks,
>
> --kcc
>
>
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20110617/3525e717/attachment.html>

Nick, Duncan,

Thank you for your replies.
I ended up using only right redzone for globals -- this seems to work.
It may miss left out-of-bound accesses (underruns) in rare cases, but I can
live with that.

--kcc


On Fri, Jun 17, 2011 at 10:42 PM, Duncan Sands <baldrick at free.fr>
wrote:
> Hi Kostya,
>
> > In order to find out-of-bound accesses to global objects with
> AddressSanitizer
> > (http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer)
> > I need to create redzones to the left and to the right of every global
> variable.
> >
> > I tried the following:
> > Before:
> >    @Extern = global [10 x i8] zeroinitializer, align 1
> > After:
> >    %0 = type { [32 x i8], [10 x i8], [54 x i8] }
> >    @Extern_asan_redzone = global %0 zeroinitializer, align 1
> >    @0 = global [10 x i8] zeroinitializer, align 1 << the old
variable
> >    @Extern = alias getelementptr inbounds (%0* @Extern_asan_redzone,
i32
> 0, i32 1)
> > I.e. I created a global struct @Extern_asan_redzone of 3 elements and
an
> > alias @Extern that points to the middle element of this struct.
>
> this is not currently possible.  You are not the first person to ask for
> this.
> If targets support it (I don't know if any do) then perhaps it can be
> added.
>
> Ciao, Duncan.
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20110620/6e32d1c6/attachment.html>