This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: libsanitizer merge from upstream r208536
- From: Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>
- To: Ramana Radhakrishnan <ramana dot radhakrishnan at arm dot com>
- Cc: Yury Gribov <y dot gribov at samsung dot com>, Jakub Jelinek <jakub at redhat dot com>, Andrew Pinski <pinskia at gmail dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Dodji Seketeli <dodji at redhat dot com>, Dmitry Vyukov <dvyukov at google dot com>, Marek Polacek <polacek at redhat dot com>, "H.J. Lu" <hjl dot tools at gmail dot com>, Yuri Gribov <tetra2005 at gmail dot com>
- Date: Fri, 23 May 2014 12:06:33 +0400
- Subject: Re: libsanitizer merge from upstream r208536
- Authentication-results: sourceware.org; auth=none
- References: <CAGQ9bdxH9rh0Cz8LBYZsuHKEFpkVosNkX2qrX10RGwK5hFEEqg at mail dot gmail dot com> <CA+=Sn1m56D1L6mfAcBWya+Pus2py=r0U8GC08MY6RrDhBJvWKw at mail dot gmail dot com> <CAGQ9bdyTjtxbdH9Ey-tyvce1B7eNQmSrvnRv9uTCw8y8L5y-Qw at mail dot gmail dot com> <53745088 dot 2060603 at samsung dot com> <CAGQ9bdzAYvegO+YA_RNOGjiO6NBwkgwCwjko7Pt+k-aNuDJW+Q at mail dot gmail dot com> <537478B6 dot 60101 at samsung dot com> <20140515083945 dot GK10386 at tucnak dot redhat dot com> <CAGQ9bdwjCH611ByxwDqZcsr1b+9kc_S7-Yp1fotfhu58=QsM2A at mail dot gmail dot com> <20140521194327 dot GX10386 at tucnak dot redhat dot com> <CAGQ9bdyyRYJ=_MjjrKf+nek3Ni4AAtic_m-NkOFdBhQyeEyzvA at mail dot gmail dot com> <CAJA7tRYuFWwHuq0QiuVYKSrrQQ2H4SMUJYJ+uhghW3vqfvh0jQ at mail dot gmail dot com> <537EFDC5 dot 5060300 at samsung dot com> <537EFF42 dot 7000700 at arm dot com>
On Fri, May 23, 2014 at 11:56 AM, Ramana Radhakrishnan
<ramana.radhakrishnan@arm.com> wrote:
> On 05/23/14 08:50, Yury Gribov wrote:
>>
>> > On ARM the asan tests have always been a random generator of PASS /
>> > FAIL on qemu despite efforts to "nobble" qemu for /proc/self/maps
>> > outputs.
>>
>> This should improve once upstream Asan sets up an ARM build bot. This
>> has been discussed recently but noone has yet volunteered to do the
>> server installation and setup.
>>
>> > After the merge I see these new failures instead
>>
>> A pity that gcc-testresults does not report mismatched lines.
>>
>> My guess is this is caused by some unwinding failures when reporting
>> heap allocations:
>>
>
> Ok, so we need to fix that if there is a bug.
Yep.
>
>
>> $ grep -R 'allocated by thread' ./gcc/testsuite/c-c++-common/asan -l
>> ./gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
>> ./gcc/testsuite/c-c++-common/asan/heap-overflow-1.c
>> ./gcc/testsuite/c-c++-common/asan/use-after-free-1.c
>>
>
> This is what I see from the log and all failures look identical.
>
> ==14627==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x41a007fa
> at pc 0x88c4 bp 0xbebd0084 sp 0xbebd007c
> READ of size 1 at 0x41a007fa thread T0
> #0 0x88c3 in main
> /work/gcc/gcc/testsuite/c-c++-common/asan/heap-overflow-1.c:21
> #1 0x40626631 in __libc_start_main
> (/lib/arm-linux-gnueabihf/libc.so.6+0x17631)
>
> 0x41a007fa is located 0 bytes to the right of 10-byte region
> [0x41a007f0,0x41a007fa)
> allocated by thread T0 here:
> #0 0x400cd587 in __interceptor_malloc
> /work/gcc/libsanitizer/asan/asan_malloc_linux.cc:73
Looks indeed like wrong unwind, similar to what has been recently
discussed here:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140519/218239.html
>
> SUMMARY: AddressSanitizer: heap-buffer-overflow
> /work/gcc/gcc/testsuite/c-c++-common/asan/heap-overflow-1.c:21 main
> Shadow bytes around the buggy address:
> 0x283400a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x283400b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x283400c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x283400d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x283400e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> =>0x283400f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00[02]
> 0x28340100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x28340110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x28340120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x28340130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x28340140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Heap right redzone: fb
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack partial redzone: f4
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> ASan internal: fe
> ==14627==ABORTING
>
>
>
>
>> -Y
>>
>