On Tue, Oct 29, 2013 at 6:52 AM, Jakub Jelinek <ja...@redhat.com> wrote:
> On Tue, Oct 29, 2013 at 06:49:30AM -0700, Konstantin Serebryany wrote:
>> Thanks!
>> (At this time I will be slow with response due to travel)
>
> BTW, don't have compiled clang/llvm pre-3.4 around to look at, for the use
> after return, do you emit always the the __asan_*malloc/free calls for the
> stack vars, or only conditionally based on some compiler flag (and in the
> latter case, is that flag on by default or not)?
The calls are emitted by default, but the __asan_stack_malloc call is
done under a run-time flag
__asan_option_detect_stack_use_after_return.
So, to use the stack-use-after-return feature you should simply
compile with -fsanitize=address and then at run-time
pass ASAN_OPTIONS=detect_stack_use_after_return=1
For small stack frame sizes the call to __asan_stack_free is inlined
(as a performance optimization, not mandatory).
Here is how the IR looks like:
void bar(void*);
void foo() {
char x[10000];
bar(&x);
}
define void @foo() #0 {
entry:
%MyAlloca = alloca [10080 x i8], align 32
%0 = ptrtoint [10080 x i8]* %MyAlloca to i64
%1 = load i32* @__asan_option_detect_stack_use_after_return
%2 = icmp ne i32 %1, 0
br i1 %2, label %3, label %5
; <label>:3 ; preds = %entry
%4 = call i64 @__asan_stack_malloc_8(i64 10080, i64 %0)
br label %5
; <label>:5 ; preds = %entry, %3
%6 = phi i64 [ %0, %entry ], [ %4, %3 ]
...
call void @__asan_stack_free_8(i64 %6, i64 10080, i64 %0)
ret void
}
So, when the UAR is disabled at run-time we pay a very small
additional price for this code
(less than 1% on avg on SPEC).
When it is enabled, we pay more:
https://code.google.com/p/address-sanitizer/wiki/UseAfterReturn#Performance
--kcc
>
> Jakub
