Hello,
I am writing to inquire the procedure (or any tutorial) to write plugins
for the `sanopt` pass. Basically I am doing some analysis of ASan/UBSan
checks. I use the following command to dump all passes in IR format:
gcc -fdump-tree-all -fsanitize=address test.c
To me, I think the following two outputs:
test.c.228t.asan0
test.c.230t.sanopt
Seems both useful. I am relatively familiar with GIMPLE plugins; however, I
note that in the GIMPLE code (e.g., test.c.005t.gimple), I just cannot
find the corresponding ASAN check function calls, like .ASAN_CHECK.
Therefore, it seems that I cannot do GIMPLE-level plugin, although that
seems easy for my tasks.
Basically I will need to pinpoint either (in test.c.228t.asan0):
<bb 2> :
.ASAN_MARK (UNPOISON, &stack_array, 400);
_10 = &stack_array[1];
* .ASAN_CHECK (7, _10, 4, 4); <--------------*
stack_array[1] = 100;
_1 = argc_5(D) + 12;
_11 = &stack_array[_1];
* .ASAN_CHECK (6, _11, 4, 4); <--------------*
c_6 = stack_array[_1];
Or (in test.c.230t.sanopt):
_20 = _14 & 7;
_21 = (signed char) _20;
_22 = _21 + 3;
_23 = _22 >= _18;
_24 = _19 & _23;
if (_24 != 0)
goto <bb 5>; [0.05%]
else
goto <bb 4>; [99.95%]
<bb 5> :
* __builtin___asan_report_store4 (_14); <-----------------*
Could anyone shed some lights on how to write analysis passes/plugins for
the outputs of either `sanopt` or `asan0`; I would prefer `sanopt` but any
suggestion would be appreciated. Thank you very much.
Best,
Shuai
