sslab-gatech / unisan Goto Github PK

How to use clang to complie linux kernel into LLVM IR?

If the original allocation is dynamically sized, then UniSan only detects it as unsafe if it is used directly as argument to a sink function. The conservative code-paths (storing pointer to heap, inline assembly, etc.) do not trigger for dynamically sized allocations.

Calls to unmodelled functions without bodies should be considered sinks in a conservative analysis. The current code actually implements this conservative behavior, but circumvents it with a continue statement. As such, these functions are considered always safe by the analysis.

https://github.com/sslab-gatech/unisan/blob/master/analysis/src/lib/SafeAllocation.cc#L791

The different Modules loaded by UniSan use different LLVM contexts. In LLVM the basic types are only guaranteed to be unique within a given context. As such char* between two modules will have a different Type instance. See http://llvm.org/docs/doxygen/html/Type_8cpp_source.html#l00182 and http://llvm.org/docs/doxygen/html/LLVMContextImpl_8h_source.html#l00975 for an example.

Furthermore struct types are only deduplicated in the linker phase as far as I am aware of. Even if you use the same the context, you will get different type instances for the same struct declaration (see https://groups.google.com/forum/#!topic/llvm-dev/3Eud9pfFUr).

The test should be simple with an indirect call to a function defined in another bytecode file, which takes both primitive arguments (char, short) as well as a struct or stuct pointers.

As always, please provide updated coverage numbers after every fix (including issue 1). If the coverage does not change at all, then it is great and still important to see, since you have confirmation that the issue did not affect the security offered by UniSan.

Hi:
/root/unisan-master/analysis/src/lib/SAStructs.cc:342:9: error: invalid operands to binary expression ('BasicBlock::iterator'
(aka 'ilist_iteratorllvm::Instruction') and 'llvm::Value *')
if (I == UN->U) {

/root/unisan-master/analysis/src/lib/SAStructs.cc:358:14: error: invalid operands to binary expression ('BasicBlock::iterator'
(aka 'ilist_iteratorllvm::Instruction') and 'llvm::Value *')
else if (I == (*it)->U) {

2 errors generated.