On Wed, Nov 02, 2016 at 03:38:25PM +0100, Martin Liška wrote:
> it converts:
> foo ()
> {
> char a;
> char * p;
> char _1;
> int _2;
> int _8;
> int _9;
>
> <bb 2>:
> ASAN_MARK (2, &a, 1);
> a = 0;
> p_6 = &a;
> ASAN_MARK (1, &a, 1);
> _1 = *p_6;
You shouldn't convert if a is addressable (when ignoring &a in ASAN_MARK
calls). Only if there is &a just in ASAN_MARK and MEM_REF, you can convert.
> to:
>
> foo ()
> {
> char a;
> char * p;
> char _1;
> int _2;
>
> <bb 2>:
> a_10 = 0;
> a_12 = ASAN_POISON ();
> _1 = a_12;
> if (_1 != 0)
> goto <bb 4>;
> else
> goto <bb 3>;
>
> <bb 3>:
>
> <bb 4>:
> # _2 = PHI <1(2), 0(3)>
> return _2;
>
> }
>
> and probably the last goal is to convert the newly added internal fn to a
> runtime call.
> Hope sanopt pass is the right place where to it?
If ASAN_POISON is ECF_CONST and has any uses during sanopt, perhaps best
would be to add an artificial variable you give the same name as the
underlying var of the SSA_NAME (and alignment, locus etc.) and poison it
right away (keep unpoisoning only to the function epilogue) and then
ASAN_CHECK replace all uses of that SSA_NAME with ASAN_CHECK + use of
(D) SSA_NAME.
Jakub
