Re: Does LLVM Asan with -fsanitize=kernel-address support check glabal and stack buffer issues?

Wed, 02 Nov 2016 07:04:34 -0700 

On Wed, Nov 2, 2016 at 12:51 AM, steven shi <[email protected]> wrote:
> Hello,
>
> I like to use the -fsanitize=kernel-address option, and I believe it better
> fit my firmware scenario rather than -fsanitize=address. I but after take a
> look at the current LLVM Asan implementation, I have some concerns that
> kernel-address might disable the global and stack instrumentations by
> default as below code. Does LLVM Asan really support
> -fsanitize=kernel-address to check glabal and stack buffer issues?
>
>
>
> http://llvm.org/svn/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
>
> line 1723:
>
>   // TODO(glider): temporarily disabled globals instrumentation for KASan.
>
>   if (ClGlobals && !CompileKernel) {
>
>     Function *CtorFunc = M.getFunction(kAsanModuleCtorName);
>
>     assert(CtorFunc);
>
>     IRBuilder<> IRB(CtorFunc->getEntryBlock().getTerminator());
>
>     Changed |= InstrumentGlobals(IRB, M);
>
>   }
>
>
>
> Line2287:
>
>   bool DoStackMalloc = ClUseAfterReturn && !ASan.CompileKernel &&
>
>                        LocalStackSize <= kMaxStackMallocSize;
>
>
> The original and complete background is in below email thread:
> http://lists.llvm.org/pipermail/llvm-dev/2016-November/106746.html


Hi Steven,

We need to remove "!CompileKernel" from this condition as the TODO
says. It was just a temporary workaround:

  // TODO(glider): temporarily disabled globals instrumentation for KASan.
  if (ClGlobals && !CompileKernel) {
    Function *CtorFunc = M.getFunction(kAsanModuleCtorName);
    assert(CtorFunc);
    IRBuilder<> IRB(CtorFunc->getEntryBlock().getTerminator());
    Changed |= InstrumentGlobals(IRB, M);
  }

However, we also need to remove "CompileKernel" from this condition:

  bool UseCalls =
      CompileKernel ||
      (ClInstrumentationWithCallsThreshold >= 0 &&
       ToInstrument.size() > (unsigned)ClInstrumentationWithCallsThreshold);

Then  -fsanitize=kernel-address will not give you calls by default,
only if you add the threshold flag. But you can also get calls with
-fsanitize=address and the threshold flag, and it will also give you
stack and globals today without any changes in llvm.

-- 
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to