On Tue, Sep 2, 2014 at 7:32 AM, Maxim Ostapenko <m.ostape...@partner.samsung.com> wrote: > Hi, > > At this moment, most of GCC builtin memory functions (for example strcpy, > stpcpy, wcpcpy, strdup, etc) are not instrumented by GCC, however some of > them are rather dangerous. If GCC inlines these builtin functions, we will > miss important checks for arguments, and possible overflow won't be > detected. I know, that Clang ASan team simply disable inlining of builtin > functions in Clang if -fsanitize=address is enabled and rely on > libsanitizer's hooks.
Correct, that's what we do. > > The main benefit of this approach is that we won't miss overflow in > builtins, that can significantly increase target programs safety. Also, some > redundant checks will be removed for builtin functions, that are > instrumented and are not inlined for some reasons. > > The potential disadvantage of this approach is performance decreasing for > sanitized programs. > > Does disabling of builtin functions inlining look sane in this case? If yes, > I can provide performance investigation and prepare the patch. > > What do you think? > > -Maxim
