[Bug sanitizer/90414] [Feature] Implementing HWASAN (and eventually MTE)

Mon May 13 10:36:00 GMT 2019

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90414

--- Comment #4 from Matthew Malcomson <matmal01 at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #3)
> (In reply to Matthew Malcomson from comment #0)
> > 2) Can we always find the base object that's being referenced from the gimple
> >    statement where memory is accessed or a pointer is created?
> >    If not, when is it problematic?
> >    Finding the base object is pretty fundamental to getting the tag for a
> >    pointer.
> >    It seems like this should be possible based on a reading of the
> > documentation
> >    and looking at the TREE_CODEs that the current ASAN `instrument_derefs`
> >    function works on.
> > 
> >    (ARRAY_REF     -> first operand is the array
> >     MEM_REF       -> first operand is the base
> >     COMPONENT_REF -> first operand is the object
> >     INDIRECT_REF  -> first operand is the pointer which should reference
> > object
> >     VAR_DECL      -> this is the object
> >     BIT_FIELD_REF -> first operand is the object)
> 
> There would be cases where a base is known and for these you could probably
> instrument checks with a constant known tag. For other situation, you'll
> probably
> need to extract the tag from the pointer. Right?
> 

Yes, I'll need to extract the tag from the pointer in cases that don't match
one
of these patterns.

That actually leads into something I forgot to mention when I wrote the comment
above -- I'll need to instrument ADDR_EXPR statements to make sure any pointers
in the program will already have their tag assigned.

To do that I think I need to add another instrumentation site for when the
address of something is taken to handle for any statements taking the address
of
something.

This may be by adding another if statement in `transform_statements` to make
this transformation before the one instrumenting the actual access, or it may
be
in a separate iteration before the one inserting the current checks since
statements like the below would need to be split to instrument the ADDR_EXPR
and
MEM_REF expressions seperately.

  MEM[(int *)&stack_object] = direction_8(D);

> > 
> > Thanks,
> > MM
> 
> In general, I'm interested in implementation of the feature, but I'll
> probably not
> find a time to do it. However, I can help you with that.

Great! I'll appreciate any help and/or advice you can give.