similar to: [RFC] Design of a TBAA sanitizer

On 04/10/2017 09:55 AM, Andrey Bokhanko wrote: > Hi Hal, > > I wonder how your solution will handle the following? > > struct { > int s1_f1; > float s1_f2; > int s1_f3; > float s1_f4; > } S1; > > struct { > int s2_f1; > float s2_f2; > int *s2_f3; // to add some interest, suppose that sizeof(int) == > sizeof(int *) > float s2_f4;

On 04/11/2017 03:46 AM, Andrey Bokhanko wrote: > Hal, > > To clarify, my example meant to illustrate that for memory references > to structures' fields you have to keep a user-defined type, even for > one byte accesses. C++ allows references to "initial member sequence" > using pointers to structures of different types. And yes, there are > programs in the

Hi, On April 11, 2017 at 11:55:12 AM, Kostya Serebryany via llvm-dev (llvm-dev at lists.llvm.org) wrote: > Evgeniy and I recently discussed something similar for detecting bad casts > (code named: TypeSanitizer). > The approach with the shadow memory looked attractive at the first glance, > but then we've drowned in details. > > Specifically for TBAA, I had another idea, not

Hi Kostya, On April 11, 2017 at 1:30:10 PM, Kostya Serebryany (kcc at google.com) wrote: > of course, but accesses are done via pointers, and if TBAA queries > MayAlias(AccessViaP1, AccessViaP2) > there should (??) be a point in the IR where both P1 and P2 exist together > and can be compared. That may not be possible (though I'm second guessing what exactly you have in mind so

On 04/07/2017 09:26 AM, Stephen Kell wrote: >> At EuroLLVM, Chandler and I chatted about the design for a potential >> TBAA sanitizer. Here's my attempt to summarize: >> >> C/C++ have type-based aliasing rules, and LLVM's optimizer can exploit >> these given TBAA metadata added by Clang. Roughly, a pointer of given >> type cannot be used to access an

On Tue, Apr 11, 2017 at 1:40 PM, Sanjoy Das <sanjoy at playingwithpointers.com> wrote: > Hi, > > On April 11, 2017 at 1:37:20 PM, Sanjoy Das > (sanjoy at playingwithpointers.com) wrote: > > Hi Kostya, > > > > On April 11, 2017 at 1:30:10 PM, Kostya Serebryany (kcc at google.com) > wrote: > > > > > of course, but accesses are done via pointers,

C 6.3.2.3p7 (N1548) says: A pointer to an object type may be converted to a pointer to a different object type. If the resulting pointer is not correctly aligned) for the referenced type, the behavior is undefined. C++ [expr.reinterpret.cast]p7 (N4527) defines pointer conversions in terms of conversions from void*: An object pointer can be explicitly converted to an object pointer of a

On Aug 27, 2012, at 12:58 PM, Hal Finkel <hfinkel at anl.gov> wrote: > On Mon, 27 Aug 2012 11:41:47 -0700 > Dan Gohman <gohman at apple.com> wrote: >> On Aug 24, 2012, at 10:50 PM, Hal Finkel <hfinkel at anl.gov> wrote: >> >>> On Wed, 22 Aug 2012 13:15:30 -0700 >>> Dan Gohman <gohman at apple.com> wrote: >>> >>>>

Hello, Persuant to feedback, http://lists.cs.uiuc.edu/pipermail/llvmdev/2012-August/052927.html here is a new proposal for detailed struct assignment information. Here's the example showing the basic problem: struct bar { char x; float y; double z; }; void copy_bar(struct bar *a, struct bar *b) { *a = *b; } The solution I now propose here is to have front-ends describe the copy using

On Thu, Sep 6, 2012 at 4:24 PM, Dan Gohman <gohman at apple.com> wrote: > Hello, > > Persuant to feedback, > > http://lists.cs.uiuc.edu/pipermail/llvmdev/2012-August/052927.html > > here is a new proposal for detailed struct assignment information. > > Here's the example showing the basic problem: > > struct bar { > char x; > float y; >

On Aug 27, 2012, at 10:15 PM, Chris Lattner <clattner at apple.com> wrote: > On Aug 27, 2012, at 12:58 PM, Hal Finkel <hfinkel at anl.gov> wrote: >> On Mon, 27 Aug 2012 11:41:47 -0700 >> Dan Gohman <gohman at apple.com> wrote: >>> On Aug 24, 2012, at 10:50 PM, Hal Finkel <hfinkel at anl.gov> wrote: >>> >>>> On Wed, 22 Aug 2012

> On Jan 14, 2016, at 4:49 PM, Richard Smith <richard at metafoo.co.uk> wrote: > On Thu, Jan 14, 2016 at 12:56 PM, John McCall via cfe-dev <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>> wrote: > C 6.3.2.3p7 (N1548) says: > A pointer to an object type may be converted to a pointer to a > different object type. If the resulting pointer is not

On Fri, Jun 28, 2019 at 9:29 AM JF Bastien <jfbastien at apple.com> wrote: > > I think I now understand some of the disconnect you and I are having, and I think some of the pushback you’re getting from the community is the same. You’re talking about where you want to start with an LLVM libc. Many in the community (myself included) want to understand where we’ll get with this libc. At

On Sep 10, 2012, at 11:29 AM, Chandler Carruth <chandlerc at google.com> wrote: > > Hey Dan, I've talked with you about this in person and on IRC, but I've not yet laid out my thoughts on a single place, so I'll put them here. > > TL;DR: I really like the idea of using metadata to tag each member of a struct with TBAA, and re-using the TBAA metadata nodes we already

Note that I've set the SA_NODEFER flag for the SEGV handler in the ASan runtime only a couple of days ago. Not sure that could've affected this test though; without that flag the second SEGV would've simply crashed the program. But you can try removing the flag from compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix_libcdep.cc and see if that makes any difference. HTH, Alex On

Hi all, I've included an RFC for a heap profiler design I've been working on in conjunction with David Li. Please send any questions or feedback. For sanitizer folks, one area of feedback is on refactoring some of the *ASAN shadow setup code (see the Shadow Memory section). Thanks, Teresa RFC: Sanitizer-based Heap Profiler Summary This document provides an overview of an LLVM

Hi Chandler I also brainstormed a little with Dan on this and one idea we had was to add a new LLVM type for the hole/padding. This would be a type for which it is legal to load/store/move around as part of a larger move operation, but is otherwise unusable in LLVM. Dan named it x32 for a 32-bit type for example. I think this would fit well within what you are proposing as then it is easy to

On Mon, Sep 8, 2014 at 7:00 PM, Samuel F Antao <sfantao at us.ibm.com> wrote: > Alexey, Alexander, > > Thanks for the suggestions. I tried removing the flag SA_NODEFER but it > didn't do any good... I have been digging into the problem with the > null_deref test today but I was unable to clearly identify the problem. I > suspect that it was either a bug with the

On Mon, Dec 5, 2011 at 11:01 PM, Dan Gohman <gohman at apple.com> wrote: > On Dec 5, 2011, at 6:04 PM, Daniel Berlin wrote: >> >> Yet, aa-eval still says otherwise. > > The problem is with aa-eval. It collects all the pointer values in a > function, and then just makes a bunch of raw pointer queries, rather than > considering dereferences. TBAA tags are only

On Wed, Jul 8, 2020 at 6:30 PM Kostya Serebryany <kcc at google.com> wrote: > > > On Wed, Jun 24, 2020 at 4:58 PM Teresa Johnson <tejohnson at google.com> > wrote: > >> Hi all, >> >> I've included an RFC for a heap profiler design I've been working on in >> conjunction with David Li. Please send any questions or feedback. For >>