This is the mail archive of the
mailing list for the GCC project.
Re: [RFC] Using function clones for Pointer Bounds Checker
- From: Richard Biener <richard dot guenther at gmail dot com>
- To: Ilya Enkovich <enkovich dot gnu at gmail dot com>
- Cc: "H.J. Lu" <hjl dot tools at gmail dot com>, Jeff Law <law at redhat dot com>, gcc-patches <gcc-patches at gcc dot gnu dot org>, "Zamyatin, Igor" <igor dot zamyatin at intel dot com>
- Date: Thu, 15 May 2014 13:27:36 +0200
- Subject: Re: [RFC] Using function clones for Pointer Bounds Checker
- Authentication-results: sourceware.org; auth=none
- References: <CAMbmDYaxC0tZim+AysTLrqak=nX6RmEZQr1QDPU+NG6BYfoE-g at mail dot gmail dot com> <53713B09 dot 9080501 at redhat dot com> <CAMbmDYYjBaafnjym9pQ6y5aErN+TWxvKqBH66LbV6QUFOc8w+A at mail dot gmail dot com> <537270B6 dot 1080103 at redhat dot com> <CAMbmDYZr+q90-rWJriRzm8+Rjygp8H=biudWZthaYkUciRmH=Q at mail dot gmail dot com> <CAMe9rOp-wefKDeM_=o_=9X9g+sqpO85jkRKT8PgmKLG=WmaD8g at mail dot gmail dot com> <CAMbmDYaYd3wN5sbKCWorO0CDHjpXtVDpKWV=u3dZKRwjjkHJsw at mail dot gmail dot com>
On Thu, May 15, 2014 at 1:07 PM, Ilya Enkovich <email@example.com> wrote:
> 2014-05-14 19:09 GMT+04:00 H.J. Lu <firstname.lastname@example.org>:
>> On Wed, May 14, 2014 at 1:18 AM, Ilya Enkovich <email@example.com> wrote:
>>> 2014-05-13 23:21 GMT+04:00 Jeff Law <firstname.lastname@example.org>:
>>>> On 05/13/14 02:38, Ilya Enkovich wrote:
>>>>>>> propagate constant bounds value and remove checks in called function).
>>>>>> So from a linking standpoint, presumably you have to mangle the
>>>>>> caller/callee in some manner. Right? Or are you dynamically dispatching
>>>>> Originally the idea was o have instrumented clone to have the same
>>>>> assembler name as the original function. Since instrumented code is
>>>>> fully compatible with not instrumented code, we always emit only one
>>>>> version. Usage of the same assembler name allows instrumented and not
>>>>> instrumented calls to look similar in assembler. It worked fine until
>>>>> I tried it with LTO where assembler name is used as a unique
>>>>> identifier. With linker resolutions files it became even more harder
>>>>> to use such approach. To resolve these issues I started to use new
>>>>> assembler name with postfix, but linked with the original name using
>>>>> IDENTIFIER_TRANSPARENT_ALIAS. It gives different assembler names for
>>>>> clones and originals during compilation, but both clone and original
>>>>> functions have similar name in output assembler.
>>>> OK. So if I read that correctly, it implies that the existence of bounds
>>>> information does not change the signature of the callee. This is obviously
>>>> important for C++.
>>>> Sounds like I need to sit down with the branch and see how this works in the
>>>> new scheme.
>>> Both mpx branch and Wiki
>>> page are up-to-date now and may be tried out either in NOP mode or
>>> with simulator. Let me know if you have any troubles with using it.
>> I built it. But "-fcheck-pointer-bounds -mmpx" doesn't generate
>> MPX enabled executable which runs on both MPX-enabled and
>> non MPX-enabled hardwares. I didn't see any MPX run-time library.
> Just checked out the branch and checked generated code.
> #cat test.c
> test (int *p, int i)
> return p[i];
> #gcc -fcheck-pointer-bounds -mmpx test.c -S -O2
> #cat test.s
> .file "test.c"
> .section .text.unlikely,"ax",@progbits
> .p2align 4,,15
> .globl test
> .type test, @function
> movslq %esi, %rsi
> leaq (%rdi,%rsi,4), %rax
> bndcl (%rax), %bnd0
> bndcu 3(%rax), %bnd0
> movl (%rax), %eax
> bnd ret
> Checks are here. What do you see in your test?
Wow, that's quite an overhead compared to the non-instrumented variant
movslq %esi, %rsi
movl (%rdi,%rsi,4), %eax
I thought bounds-checking was done with some clever prefixes thus
movslq %esi, %rsi
bndmovl (%rdi,%rsi,4), %eax, %bnd0
would be possible (well, replace with valid ISA).