Bug 60681 - Libbacktrace library doesn't work with QEMU in application mode
Summary: Libbacktrace library doesn't work with QEMU in application mode
Status: RESOLVED WONTFIX
Alias: None
Product: gcc
Classification: Unclassified
Component: other (show other bugs)
Version: 4.9.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-27 07:54 UTC by Maxim Ostapenko
Modified: 2014-03-28 20:02 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Maxim Ostapenko 2014-03-27 07:54:37 UTC 
The libbacktrace library doesn't work well with QEMU in application mode.

$ arm-linux-gnueabi-gcc -fsanitize=address -g gcc/testsuite/c-c++-common/asan/null-deref-1.c $ qemu-arm -cpu cortex-a15 -L /home/max/install/gcc-upstream-arm/arm-linux-gnueabi/sys-root/ -R 0 -E LD_LIBRARY_PATH=/home/max/install/gcc-upstream-arm/arm-linux-gnueabi/lib/ ./a.out
...
  #0 0x873f (/home/max/build/gcc-upstream-arm/a.out+0x873f)   #1 0x876f (/home/max/build/gcc-upstream-arm/a.out+0x876f)   #2 0x40ddb507 (/lib/libc.so.6+0x18507)

When running the same binary on the target board, libbacktrace works well:

-sh-4.1$ ./a.out
...
  #0 0x873f in NullDeref /home/m.ostapenko/null-deref-1.c:10   #1 0x876f in main /home/m.ostapenko/null-deref-1.c:15   #2 0xb6855507 in __libc_start_main /home/max/build.arm.cortex-a15/sources/glibc/libc/csu/libc-start.c:269

After investigation I discovered that libbacktrace scans /proc/self/exe to init symbolizer and in QEMU case it finds information about qemu-arm binary itself, not a.out.

Is it a real bug or we should leave this as it is now? Perhaps I should report this to QEMU developers?
Comment 1 Ian Lance Taylor 2014-03-28 13:28:50 UTC 
I don't think there is anything useful that the libbacktrace library can do.  When running under an emulator, opening /proc/self/exe should open the program being emulated.  It shouldn't open the emulator itself.

The libbacktrace library does permit the program to provide the name of the executable file.  For the case of GCC in particular, we could modify it so that it passes argv[0] to backtrace_create_state in diagnostic_action_after_output in gcc/diagnostic.c.  I didn't do that already because GCC does not currently record the unmodified argv[0] anywhere, and there are several different places that would need to be modified.  I don't know that it's worth it for such an odd use case.  But I wouldn't block such a patch if someone else writes it.

And, of course, modifying GCC itself would not fix your problem since as far as I can tell you aren't running GCC anyhow.  What program are you running?  Can you arrange for it to pass argv[0] to backtrace_create_state?

On GNU/Linux the libbacktrace library could try to get the executable name from /proc/self/cmdline, but I'm guessing that under QEMU that would give you the wrong answer just as /proc/self/exe does.
Comment 2 Yuri Gribov 2014-03-28 19:37:03 UTC 
(In reply to Maxim Ostapenko from comment #0)
> After investigation I discovered that libbacktrace scans /proc/self/exe to
> init symbolizer and in QEMU case it finds information about qemu-arm binary
> itself, not a.out.

I think this needs to be fixed (or rather implemented) in QEMU. They already intercept accesses to /proc/self/{maps,stat,auxv}.

See https://github.com/qemu/qemu/blob/master/linux-user/syscall.c
Comment 3 Yuri Gribov 2014-03-28 19:50:43 UTC 
(In reply to Yuri Gribov from comment #2)
> I think this needs to be fixed (or rather implemented) in QEMU.

QEMU bug: https://bugs.launchpad.net/qemu/+bug/1299190
Comment 4 Ian Lance Taylor 2014-03-28 20:02:37 UTC 
Thanks for filing the bug against qemu.  Nothing to fix in GCC.