RFC Asan instrumentation control

Ondřej Bílka neleai@seznam.cz
Fri Dec 6 15:10:00 GMT 2013 

On Fri, Dec 06, 2013 at 01:34:43PM +0100, Jakub Jelinek wrote:
> On Fri, Dec 06, 2013 at 01:32:42PM +0100, Ondřej Bílka wrote:
> > On second though besides of decreasing of code size there is no reason
> > to complicate compilation for these features. A more flexible way is add
> > environment variable that will disable these at runtime.
> 
> That is not possible, the instrumentation is inserted inline by the
> compiler.
> 
> 	Jakub

Currently this code with sanitize=address gets expanded

int foo(char *x, char *y, int i)
{
  x[i] = y[i];
}

to 

snip
	movq    %rsi, %rax
        movq    %rsi, %rdx
        shrq    $3, %rax
        andl    $7, %edx
        movzbl  2147450880(%rax), %eax
        cmpb    %dl, %al
        jle     .L18
.L2:

snip 

.L18:
        .cfi_restore_state
        testb   %al, %al
        je      .L2
        movq    %rsi, %rdi
        call    __asan_report_load1

There is nothing imposible about disabling these checks. You just fill a
page to make this check pass and use mmap to make entire shadow memory point
to that page.

More information about the Gcc-patches mailing list