Hi,
At this moment, most of GCC builtin memory functions (for example
strcpy, stpcpy, wcpcpy, strdup, etc) are not instrumented by GCC,
however some of them are rather dangerous. If GCC inlines these builtin
functions, we will miss important checks for arguments, and possible
overflow won't be detected. I know, that Clang ASan team simply disable
inlining of builtin functions in Clang if -fsanitize=address is enabled
and rely on libsanitizer's hooks.
The main benefit of this approach is that we won't miss overflow in
builtins, that can significantly increase target programs safety. Also,
some redundant checks will be removed for builtin functions, that are
instrumented and are not inlined for some reasons.
The potential disadvantage of this approach is performance decreasing
for sanitized programs.
Does disabling of builtin functions inlining look sane in this case? If
yes, I can provide performance investigation and prepare the patch.
What do you think?
-Maxim
