This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: RFC Asan instrumentation control
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Jakub Jelinek <jakub at redhat dot com>
- Cc: Yury Gribov <y dot gribov at samsung dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Viacheslav Garbuzov <v dot garbuzov at samsung dot com>, Max Ostapenko <m dot ostapenko at partner dot samsung dot com>
- Date: Fri, 6 Dec 2013 16:47:45 +0100
- Subject: Re: RFC Asan instrumentation control
- Authentication-results: sourceware.org; auth=none
- References: <52A1B4F2 dot 8040105 at samsung dot com> <20131206120929 dot GJ892 at tucnak dot redhat dot com> <20131206123242 dot GA22156 at domone dot podge> <20131206123443 dot GK892 at tucnak dot redhat dot com> <20131206151031 dot GA23303 at domone dot podge> <20131206151604 dot GP892 at tucnak dot redhat dot com>
On Fri, Dec 06, 2013 at 04:16:04PM +0100, Jakub Jelinek wrote:
> On Fri, Dec 06, 2013 at 04:10:31PM +0100, OndÅej BÃlka wrote:
> > Currently this code with sanitize=address gets expanded
> >
> > int foo(char *x, char *y, int i)
> > {
> > x[i] = y[i];
> > }
> >
> > to
> >
> > snip
> > movq %rsi, %rax
> > movq %rsi, %rdx
> > shrq $3, %rax
> > andl $7, %edx
> > movzbl 2147450880(%rax), %eax
> > cmpb %dl, %al
> > jle .L18
> > .L2:
> >
> > snip
> >
> > .L18:
> > .cfi_restore_state
> > testb %al, %al
> > je .L2
> > movq %rsi, %rdi
> > call __asan_report_load1
> >
> > There is nothing imposible about disabling these checks. You just fill a
> > page to make this check pass and use mmap to make entire shadow memory point
> > to that page.
>
> I don't think I understand you. __asan_report_* is a fatal error, the
> program is terminated there. What is costly on the asan instrumentation is
> exactly the >>, memory loads, extra comparisons, in non-buggy programs
> you never enter the __asan_report_* calls.
>
This thread started on disabling features to decrease memory
consumption. This makes checks always pass because they read always read
from shared page that is set to do it. It should also be bit faster due
of better cache locality that causes .L18 path never be reached.
Also as you mentioned that __asan_report_load1 do not return if this is
dropped you could implement runtime equivalent of blacklists by
LD_PRELOADing a interceptor like this one
void *blacklisted[] = {foo, bar, baz, NULL};
void
__asan_report_load1 ()
{
void *bt[2];
backtrace (&bt, 1);
for (i = 0; i < blacklisted[i]; i++)
if (bt[0] != blacklisted[i])
dlsym(RTLD_NEXT, "__asan_report_load1") ();
return;
}