gbMattN wrote:
Documenting this here as its part of the same issue: the following reproducer
can be made (see the pull request above)
```
#include <string.h>
#include <stdlib.h>
struct inner {
struct inner *n;
};
struct outer {
struct inner *i;
};
struct outer* getOuter(){
struct outer *out = malloc(sizeof(struct outer));
struct inner *in = malloc(sizeof(struct inner));
in->n = 0;
out->i = in;
return out;
}
int main(void) {
struct outer* out = getOuter();
while (out->i) {
//out->i = out->i->n;
memcpy(&out->i, &out->i->n, sizeof(out->i));
}
return 0;
}
```
If memcpy is replaced by the commented code, no error is detected. Both code
runs the same checking function, but they are inserted at different places in
the Transformation pass. This implies that the wrong checks are being inserted
for memcpy calls.
The failing check is checking any pointer (in outer at offset 0) against any
pointer (in inner at offset 0), but due to how the outer is set up, its member
is recorded simply as "any pointer", with no reference to inner anymore. The
commented out path doesn't call tysan_check, meaning that their actual TDs
should be an exact match.
https://github.com/llvm/llvm-project/pull/108385
_______________________________________________
llvm-branch-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
