Improving compile-time computation of object size

The compiler intrinsic __builtin_object_size and the LLVM intrinsic llvm.objectsize are used to compute the amount of memory allocated given an address. They play an important role in several security-related passes. This talk describes their behavior, where they are used within LLVM and the recent improvements made to their evaluation.

Actually both _FORTIFY_SOURCE, -fsanitize=undefined and -fsanitize=address rely at some point on an efficient implementation of llvm.objectsize and how it is folded by the compiler. I once wrote a small testbed[0] to compare gcc and clang wrt. the folding of __builtin_object_size and they were mostly on par, until something changed and clang started to stop folding some expressions. Using that story as an Ariadne's thread, we'll dive into the folding of this intrinsic, how it's used by various sanitizer and how it has been improved over the past few months.

[0] https://github.com/serge-sans-paille/builtin_object_size-test-suite