Dataflow Sanitizer ClCombinePointerLabelsOnStore option

Dear list,

Can someone help me understand how dfsan’s combine labels on store semantics (ClCombinePointerLabelsOnStore option) work?

For discussion, here’s an example (p is a pointer):

p = v1;

p = v2;

Assume label(p)=LP, label(v1)=L1, and label(v2)=L2. Then, if my understanding is correct, this is how labels propagate:

Default semantics:

p = v1; // p* is labeled with L1

p = v2; // p* is labeled with L2

Combine semantics (ClCombinePointerLabelsOnStore is set):

p = v1; // p* is labeled with L1 + LP

p = v2; // p* is labeled with L2 + LP

Is this the correct behavior?

Thanks a lot!

Fred

Dear list,

Can someone help me understand how dfsan's combine labels on store semantics
(ClCombinePointerLabelsOnStore option) work?

For discussion, here's an example (p is a pointer):

p = v1;
p = v2;

Did you mean:

*p = v1;
*p = v2;

i.e. storing through the pointer p? Simply assigning to a pointer variable
propagates the label in the same way as for any other type of variable.

Assume label(p)=LP, label(v1)=L1, and label(v2)=L2. Then, if my
understanding is correct, this is how labels propagate:

Default semantics:

p = v1; // p* is labeled with L1
p = v2; // p* is labeled with L2

Combine semantics (ClCombinePointerLabelsOnStore is set):

p = v1; // p* is labeled with L1 + LP
p = v2; // p* is labeled with L2 + LP

Is this the correct behavior?

That is correct, assuming you meant *p instead of p.

Thanks,