I started review process in libsanitizer: https://reviews.llvm.org/D26965
And I have a question that was asked in the review: can we distinguish between
load and store
in case of having usage of ASAN_POISON?
Load looks as follows:
int
main (int argc, char **argv)
{
char *ptr;
if (argc != 12312)
{
char my_char;
ptr = &my_char;
}
return *ptr;
}
main (int argc, char * * argv)
{
char my_char;
int _5;
<bb 2>:
if (argc_1(D) != 12312)
goto <bb 3>;
else
goto <bb 5>;
<bb 5>:
goto <bb 4>;
<bb 3>:
my_char_8 = ASAN_POISON ();
<bb 4>:
# my_char_6 = PHI <my_char_7(D)(5), my_char_8(3)>
_5 = (int) my_char_6;
return _5;
}
however doing a store:
int
main (int argc, char **argv)
{
char *ptr;
if (argc != 12312)
{
char my_char;
ptr = &my_char;
}
*ptr = 0;
return 0;
}
main (int argc, char * * argv)
{
<bb 2>:
if (argc_1(D) != 12312)
goto <bb 3>;
else
goto <bb 5>;
<bb 5>:
goto <bb 4>;
<bb 3>:
ASAN_POISON ();
<bb 4>:
return 0;
}
leads to a situation, where LHS of ASAN_POISON assignment is identified as
overwritten and eventually
we see just ASAN_POISON call. This is currently removed in sanopt pass, but I'm
wondering whether it's
valid optimization or not in this context?
Thanks,
Martin
