similar to: [LLVMdev] The difference between BoundsChecking.c annd Address Sanitizer

Hi Pierre, I'm the author of the BoundsChecking pass. It's true there's little documentation about it (only mentioned in: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#availablle-checks). You can run it with 'clang -fsanitize=bounds' or 'opt -bounds-checking'. The BoundsChecking pass, AddressSanitizer and BaggyBoundsCheck are all different code bases,

Hi, I am a final year French student doing an internship at the University of Portsmouth. As I was taking hands on AddressSanitizer I took a look at BoundsChecking (both are in the lib/Transforms/Instrumentation folder). I found nothing on it except for the LLVM Documentation and references to BaggyBoundsCheck (which is not the same project. As far as I understood it is part of the SAFECode

Hi Nuno, On 22 May 2016 at 22:33, Nuno Lopes <nunoplopes at sapo.pt> wrote: > Hi Pierre, > > I'm the author of the BoundsChecking pass. > Wow, I am happily surprised to have an answer from you directly! > It's true there's little documentation about it (only mentioned in: > http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#availablle-checks). >

Hi Kevin, Thanks for your interest and for your deep analysis. Unfortunately, your approach doesn't catch all bugs and is vulnerable to an attack. Consider the following case: ...................... | ----- obj --- | | end ^ ptr ^ ^ end-of-memory The scenario is as follows: - an object is allocated in the last page of the address space - obj is byte

I am investigating changing BoundsChecking to use address-based rather than size- & offset-based tests. To explain, here is a short code sample cribbed from one of the tests: %mem = tail call i8* @calloc(i64 1, i64 %elements) %memobj = bitcast i8* %mem to i64* %ptr = getelementptr inbounds i64* %memobj, i64 %index %4 = load i64* %ptr, align 8 Currently, the IR for bounds checking

Nuno, Inspired by this email thread, I spent a bit of time today looking through the implementation of BoundsChecking::instrument(..). Based on my reading of prior work, it should be possible to do these checks in two comparisons, or possibly even one if the right assumptions could be made. Could you provide a bit of background of the expected domains of Size and Offset? In particular,

Hi everyone, I am having troubles but this shouldn't be hard to solve for many people here. I am beginning a runtime feature for the BoundsChecking pass and I want to replace the libc malloc&free. I followed the design of AddressSanitizer (Asan) and tried to use the INTERCEPTOR macro from the interception.h file of compiler-rt library. Here is the problem. The file I modify

> On May 25, 2016, at 6:05 AM, Pierre Gagelin via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Hi everyone, > > I am having troubles but this shouldn't be hard to solve for many people here. I am beginning a runtime feature for the BoundsChecking pass and I want to replace the libc malloc&free. I followed the design of AddressSanitizer (Asan) and tried to use the

Dear Pierre, Stepping up a level, what is your goal in replacing calls to malloc() and free()? Is it any different than what SAFECode, SoftBound, or ASan do? Regards, John Criswell On 5/25/16 8:05 AM, Pierre Gagelin via llvm-dev wrote: > Hi everyone, > > I am having troubles but this shouldn't be hard to solve for many > people here. I am beginning a runtime feature for the

I've heard that Total Annihilation (a fantastic game) runs in wine, (frankscorner.org and som other people on various malinglists). I've applied the 3.1 patch (ta1x-31c.exe) and tried to run the game under wine-20050628 in Fedora Core 4 with 2.6.11 kernel, it starts and I press "single", no problem, but when I try to press "new campagne" or "skirmish" I

Hi John, On 25 May 2016 at 16:11, John Criswell <jtcriswel at gmail.com> wrote: > Dear Pierre, > > Stepping up a level, what is your goal in replacing calls to malloc() and > free()? Is it any different than what SAFECode, SoftBound, or ASan do? > That's a good question. I didn't knew about SoftBound until now, so thank you for the name =). Anyway here is what I

Hi everyone, After spending 2 months on LLVM generally speaking and more specifically on security passes (ASan, SAFECode, BoundsChecking) I wanted to know if there were an available implementation of strictly fat-pointer based approach to enforce bounds? If not, I wanted to implement one. I think it is interessant to have such a tool available even if there are better designs (SoftBound does

Hi, > Could you provide a bit of background of the expected domains of Size and > Offset? In particular, are they signed or unsigned integers? A > non-negative size doesn't seem to make much sense in this context, but > depending on how it's calculated I could see it arising. Is a zero Size > something that might arise here? I'm assuming the Offset comes from an

On Tuesday 26 June 2007 14:05, Reid Spencer wrote: > I think you mis-interpreted something. That's not surprising. :) > If you build with -disable-assertions you are telling whatever build > mode (Debug or Release) to not include assertions. Consequently you get > either Release-Asserts (Release minus asserts) or Debug-Asserts (Debug > minus Asserts). I was wondering if

On Wed, 30 May 2012 10:04:50 -0700 Andrew Trick <atrick at apple.com> wrote: > Originally on llvm-commits. > > On May 30, 2012, at 8:48 AM, Nuno Lopes <nunoplopes at sapo.pt> wrote: > >> This is probably fine for now. It's a relatively safe use of > >> SCEVExpander and the least effort approach, but generally I would > >> like to encourage

Hi Nuno, I noticed your commits related to -fbounds-checking and have some questions. The functionality of this new phase seems to (partially?) overlap with AddressSanitizer and SAFECode, so I am curious how would you compare the two existing tools with the new one. Earlier you wrote: >> So the main idea of this new flag is not for debugging, but rather for production. >> This means

Originally on llvm-commits. On May 30, 2012, at 8:48 AM, Nuno Lopes <nunoplopes at sapo.pt> wrote: >> This is probably fine for now. It's a relatively safe use of SCEVExpander and the least effort approach, but generally I would like to encourage people to solve local rewrite problems with IRBuilder, not SCEVExpander, and build useful utilities for that purpose. Just because you

You need llvm-symbolizer in PATH. On Apr 11, 2014 3:16 AM, "Diego Novillo" <dnovillo at google.com> wrote: > OK, so now I've gotten a build but the output from asan is less than > helpful: > > $ llvm/x/llvm_build_asan/./bin/opt llvm/x/llvm/test/Other/optimization-remarks-inline.ll > -inline -pass-remarks=inline -S >

Hi, I previously posted about using 32-bit X86 segmentation to harden SafeStack: http://lists.llvm.org/pipermail/llvm-dev/2016-May/100346.html That involves lowering the limits of the DS and ES segments that are used for ordinary data accesses while leaving the limit for SS, the stack segment, set to its maximum value. The safe stacks were clustered above the limits of DS and ES. Thus, by

On 5/24/12 4:43 AM, Kostya Serebryany wrote: > Hi Nuno, > > I noticed your commits related to -fbounds-checking and have some > questions. > The functionality of this new phase seems to (partially?) overlap with > AddressSanitizer and SAFECode, > so I am curious how would you compare the two existing tools with the > new one. Nuno's original goal (described in our