Hi,

In order to find out-of-bound accesses to global objects with AddressSanitizer (http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer)
I need to create redzones to the left and to the right of every global variable.

I tried the following:
Before:

@Extern = global [10 x i8] zeroinitializer, align 1

After:

%0 = type { [32 x i8], [10 x i8], [54 x i8] }

@Extern_asan_redzone = global %0 zeroinitializer, align 1

@0 = global [10 x i8] zeroinitializer, align 1 << the old variable
@Extern = alias getelementptr inbounds (%0* @Extern_asan_redzone, i32 0, i32 1)

I.e. I created a global struct @Extern_asan_redzone of 3 elements and an alias @Extern that points to the middle element of this struct.

The compilation passes, but the resulting object looks like this:

000000000060d150 B Extern
000000000060d150 B Extern_asan_redzone

I.e. @Extern points to the beginning of @Extern_asan_redzone instead of middle.

Also, the comment in GlobalAlias.h says:

/// getAliasedGlobal() - Aliasee can be either global or bitcast of
/// global. This method retrives the global for both aliasee flavours.

So, the question: can I get an alias pointing to the middle of a GlobalVariable? How?
If not, is there some other way to create a left redzone for a global variable?

Thanks,

–kcc

Hi Kostya,

In order to find out-of-bound accesses to global objects with AddressSanitizer
(http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer)
I need to create redzones to the left and to the right of every global variable.

I tried the following:
Before:
   @Extern = global [10 x i8] zeroinitializer, align 1
After:
   %0 = type { [32 x i8], [10 x i8], [54 x i8] }
   @Extern_asan_redzone = global %0 zeroinitializer, align 1
   @0 = global [10 x i8] zeroinitializer, align 1 << the old variable
   @Extern = alias getelementptr inbounds (%0* @Extern_asan_redzone, i32 0, i32 1)
I.e. I created a global struct @Extern_asan_redzone of 3 elements and an
alias @Extern that points to the middle element of this struct.

this is not currently possible. You are not the first person to ask for this.
If targets support it (I don't know if any do) then perhaps it can be added.

Ciao, Duncan.

I’ll step forward as the person who told Kostya he could use aliases like this.

The verifier doesn’t forbid it, so I concluded that it was okay. However, looking back at the history it’s clear that was a mistake:

r70079 | lattner | 2009-04-25 14:23:19 -0700 (Sat, 25 Apr 2009) | 8 lines

Allow aliasee to be a GEP or bitcast instead of just a bitcast.
The real fix for this whole mess is to require the operand of the
alias to be a GlobalValue (not a general constant, including
constant exprs) but allow the operand and the alias type to be

unrelated.

So it seems that making an alias to the middle of something else is not actually supported. Sorry.

I have a partial fix. You can replace global @foo with a new @foo.safe of a different type as you do now, then replace all uses of the original GlobalValue with a GEP constant expression. (Well, all uses except GlobalAlias uses.) The problem with this technique is that you’ll lose the ability to share those globals by name with external (library) users. That should only be a real problem for ASAN compiled plugins which get dlopen()'d.

Nick

Nick, Duncan,

Thank you for your replies.
I ended up using only right redzone for globals – this seems to work.
It may miss left out-of-bound accesses (underruns) in rare cases, but I can live with that.

–kcc