You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stack safety does not take into account that we can partially poison alloca.
This may remove mem access instrumentation and not detect bugs detectable with -asan-use-stack-safety=0.
Many compiler optimizations, even some in Asan, assume that size of
the object on the stack is fixed. Compiler takes into account the lifetime
of the stack object, but it does not expect that size of the object can
change.
This assumption allow to accesses when ever object is alive.
However, this assumption does not work well with custom poisoning
of objects by sanitizers. `Cord` may poison parts of the object
to improve a precision of the bug detection. But compiler still may
load from poisoned parts of the object, assuming it's alive.
So without the patch we can have `false-positive`, because
compiler reordered load from poisoned local before size-check.
llvm/llvm-project#100639
Alternative is to make compiler optimization to know about
possibility of local object resize, but it's not worth of effort,
as it's needed only for sanitizers so far.
Another minor issue fixed with this patch is `false-negative`.
llvm/llvm-project#100640
Asan drops instrumentation of memory accesses proven to be inbound
of local variable. However if we if we take into account `custom
poisoning` we will have to pessimize too often: any random function
call can potentially `resize` a variable by `poisoning`.
We are already using similar `poisoning` workaround in libc++:
https://github.com/llvm/llvm-project/pull/79536/files#diff-534bc2907ddb3b074ded1353d18fd7d578daf1707943b3039bab4ed975aba3b3R772
PiperOrigin-RevId: 656129711
Change-Id: I6d78997da6d31c7ab979a00b84dc9b3b7cffc26f
Stack safety does not take into account that we can partially poison alloca.
This may remove mem access instrumentation and not detect bugs detectable with -asan-use-stack-safety=0.
https://godbolt.org/z/ndzbEadM8
The text was updated successfully, but these errors were encountered: