On Wed, Dec 18, 2013 at 03:35:35PM +0400, Maxim Ostapenko wrote:
> 2013-12-18 Max Ostapenko <m.ostape...@partner.samsung.com>
>
> * gcc/asan.c (asan_emit_stack_protection): Optionally disable stack
> protection.
> (instrument_derefs): Optionally disable memory access instrumentation.
> (instrument_mem_region_access): Likewise.
> (instrument_strlen_call): Likewise.
> (asan_finish_file): Optionally disable global variables protection.
> * gcc/doc/invoke.texi: Added doc for new options.
> * gcc/params.def: Added new options.
> * gcc/params.h: Likewise.
No gcc/ prefixes in ChangeLog entries.
> 2013-12-18 Max Ostapenko <m.ostape...@partner.samsung.com>
> * c-c++-common/asan/global-overflow-2.c: New test.
> * c-c++-common/asan/memcmp-3.c: Likewise.
> * c-c++-common/asan/no-instrument-reads.c: Likewise.
> * c-c++-common/asan/no-instrument-writes.c: Likewise.
>
> --- a/gcc/asan.c
> +++ b/gcc/asan.c
> @@ -53,6 +53,7 @@ along with GCC; see the file COPYING3. If not see
> #include "gimple-builder.h"
> #include "ubsan.h"
> #include "predict.h"
> +#include "params.h"
>
> /* AddressSanitizer finds out-of-bounds and use-after-free bugs
> with <2x slowdown on average.
> @@ -963,6 +964,9 @@ rtx
> asan_emit_stack_protection (rtx base, rtx pbase, unsigned int alignb,
> HOST_WIDE_INT *offsets, tree *decls, int length)
> {
> + if (!ASAN_STACK)
> + return NULL_RTX;
This is a wrong spot to do this. Instead put it into the
if ((flag_sanitize & SANITIZE_ADDRESS) && pred)
condition in cfgexpand.c (and maybe also
if ((flag_sanitize & SANITIZE_ADDRESS) && isize != jsize ...)
too, maybe all four flag_sanitize & SANITIZE_ADDRESS occurrences in
cfgexpand.c.
> @@ -2396,7 +2413,7 @@ asan_finish_file (void)
> ++gcount;
> htab_t const_desc_htab = constant_pool_htab ();
> htab_traverse (const_desc_htab, count_string_csts, &gcount);
> - if (gcount)
> + if (gcount && ASAN_GLOBALS)
> {
> tree type = asan_global_struct (), var, ctor;
> tree dtor_statements = NULL_TREE;
I'd say this isn't sufficient, for !ASAN_GLOBALS you should also make sure
asan_protect_global always returns false, so that no extra padding is emitted
around the global vars.
> +@item asan-stack
> +Enable overflow/underflow detection for stack objects. This kind of
> protection
> +is enabled by default if you are using @option{-fsanitize=address} option.
> +To disable stack protection use @option{--param asan-stack=0} option.
Talking about this, perhaps there should be also
--param asan-use-after-return=0
knob to disallow the support for use-after-return checking (in 4.8 this
didn't exist, in 4.9 there is some extra runtime code emitted, but still one
needs to enable it manually through environment variable). With that param
we would emit pretty much what 4.8 did, i.e. assume that use-after-return
will not be enabled in the runtime.
Jakub
