Open sadrabt opened 13 hours ago
indirect overlapping accesses are also an issue:
R0 = G + 8 // where G is base address for the heap
R1 = G + 12 // two consecutive globals
R2 = Malloc()
*R2 = R0 // 64 bit write
R3 = *R2 // 64 bit read
R4 = *R3 // 128 bit read
DSA should be able to recognize and overlapping access. (ie if two addresses are read into 128 bit register, stored in memory and then accessed separately). https://github.com/UQ-PAC/BASIL/pull/222#issuecomment-2337117908
R31 + 0x10 refers to a stack element node with two cells. One at offset 0 (R31 + 0x10) and one at offset 8(R31 + 0x18). The issue here is that the analysis doesn't merge the cell for add_six with the second cell in of R31 + 0x10 node since it can't yet tell the 128 bit reads add_six as well as add_two.
Each global is represented using separate node. the analysis currently merges add_two's node with the node of the stack position.
On possibility would be to represent globals that have overlapping accesses as one node. similar to the stack. ( i think this is only safe if we we can find all the accesses to the globals to soundly do this) however unlike the stack we can't find all accesses locally (even indirect stack references can't be found without a pointer analysis). Alternatively we can group consecutive globals into one node.