diff options
| author | Jianzhou Zhao <jianzhouzh@google.com> | 2021-02-23 16:48:26 +0000 |
|---|---|---|
| committer | Jianzhou Zhao <jianzhouzh@google.com> | 2021-02-25 23:34:58 +0000 |
| commit | c88fedef2a5d3f4c69cc668984bb93c8889890c2 (patch) | |
| tree | f7597b7090411858c5641616d2475bff63662d18 /clang/lib/Frontend/CompilerInvocation.cpp | |
| parent | 41751b637317bd9c97b0506ba77075694cd2d9cf (diff) | |
| download | llvm-c88fedef2a5d3f4c69cc668984bb93c8889890c2.zip llvm-c88fedef2a5d3f4c69cc668984bb93c8889890c2.tar.gz llvm-c88fedef2a5d3f4c69cc668984bb93c8889890c2.tar.bz2 | |
[dfsan] Conservative solution to atomic load/store
DFSan at store does store shadow data; store app data; and at load does
load shadow data; load app data.
When an application data is atomic, one overtainting case is
thread A: load shadow
thread B: store shadow
thread B: store app
thread A: load app
If the application address had been used by other flows, thread A reads
previous shadow, causing overtainting.
The change is similar to MSan's solution.
1) enforce ordering of app load/store
2) load shadow after load app; store shadow before shadow app
3) do not track atomic store by reseting its shadow to be 0.
The last one is to address a case like this.
Thread A: load app
Thread B: store shadow
Thread A: load shadow
Thread B: store app
This approach eliminates overtainting as a trade-off between undertainting
flows via shadow data race.
Note that this change addresses only native atomic instructions, but
does not support builtin libcalls yet.
https://llvm.org/docs/Atomics.html#libcalls-atomic
Reviewed-by: morehouse
Differential Revision: https://reviews.llvm.org/D97310
Diffstat (limited to 'clang/lib/Frontend/CompilerInvocation.cpp')
0 files changed, 0 insertions, 0 deletions