The libbacktrace library doesn't work well with QEMU in application mode. $ arm-linux-gnueabi-gcc -fsanitize=address -g gcc/testsuite/c-c++-common/asan/null-deref-1.c $ qemu-arm -cpu cortex-a15 -L /home/max/install/gcc-upstream-arm/arm-linux-gnueabi/sys-root/ -R 0 -E LD_LIBRARY_PATH=/home/max/install/gcc-upstream-arm/arm-linux-gnueabi/lib/ ./a.out ... #0 0x873f (/home/max/build/gcc-upstream-arm/a.out+0x873f) #1 0x876f (/home/max/build/gcc-upstream-arm/a.out+0x876f) #2 0x40ddb507 (/lib/libc.so.6+0x18507) When running the same binary on the target board, libbacktrace works well: -sh-4.1$ ./a.out ... #0 0x873f in NullDeref /home/m.ostapenko/null-deref-1.c:10 #1 0x876f in main /home/m.ostapenko/null-deref-1.c:15 #2 0xb6855507 in __libc_start_main /home/max/build.arm.cortex-a15/sources/glibc/libc/csu/libc-start.c:269 After investigation I discovered that libbacktrace scans /proc/self/exe to init symbolizer and in QEMU case it finds information about qemu-arm binary itself, not a.out. Is it a real bug or we should leave this as it is now? Perhaps I should report this to QEMU developers?
I don't think there is anything useful that the libbacktrace library can do. When running under an emulator, opening /proc/self/exe should open the program being emulated. It shouldn't open the emulator itself. The libbacktrace library does permit the program to provide the name of the executable file. For the case of GCC in particular, we could modify it so that it passes argv[0] to backtrace_create_state in diagnostic_action_after_output in gcc/diagnostic.c. I didn't do that already because GCC does not currently record the unmodified argv[0] anywhere, and there are several different places that would need to be modified. I don't know that it's worth it for such an odd use case. But I wouldn't block such a patch if someone else writes it. And, of course, modifying GCC itself would not fix your problem since as far as I can tell you aren't running GCC anyhow. What program are you running? Can you arrange for it to pass argv[0] to backtrace_create_state? On GNU/Linux the libbacktrace library could try to get the executable name from /proc/self/cmdline, but I'm guessing that under QEMU that would give you the wrong answer just as /proc/self/exe does.
(In reply to Maxim Ostapenko from comment #0) > After investigation I discovered that libbacktrace scans /proc/self/exe to > init symbolizer and in QEMU case it finds information about qemu-arm binary > itself, not a.out. I think this needs to be fixed (or rather implemented) in QEMU. They already intercept accesses to /proc/self/{maps,stat,auxv}. See https://github.com/qemu/qemu/blob/master/linux-user/syscall.c
(In reply to Yuri Gribov from comment #2) > I think this needs to be fixed (or rather implemented) in QEMU. QEMU bug: https://bugs.launchpad.net/qemu/+bug/1299190
Thanks for filing the bug against qemu. Nothing to fix in GCC.