This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: gcc addresssanitizer in MIPS
- From: pinskia at gmail dot com
- To: Jean Lee <xiaoyur347 at gmail dot com>
- Cc: "gcc at gcc dot gnu dot org" <gcc at gcc dot gnu dot org>
- Date: Mon, 28 Oct 2013 07:34:01 -0700
- Subject: Re: gcc addresssanitizer in MIPS
- Authentication-results: sourceware.org; auth=none
- References: <CALuKrvCxtKRC5OxmqZR04_UUOjc-+MN_cbw4BYVUUpqR8n8moQ at mail dot gmail dot com> <24714AE3-9034-43A7-A8F3-2E3933C1DDF5 at gmail dot com> <CALuKrvDKHCijzgG3Jk7cSENWgCTFNqrfbJemRDJMNoudkEe3aA at mail dot gmail dot com>
> On Oct 28, 2013, at 2:58 AM, Jean Lee <xiaoyur347@gmail.com> wrote:
>
> Addresssanitizer was added to GCC since GCC 4.8, and you should
> compile with the flag "-fsanitize=address". Moreover, the
> addresssanitizer support for MIPS is not implemented in offical GCC.
Yes I know that. I saying we back ported asan support and implemented MIPS support in 4.7 and we did not run into this issue. Again are you sure you have the frame growing the direction which asan requires it to grow (it is the same as ssp requires it to grow).
>
> Does someone use addresssanitizer in other platform (i386/x64/arm/ppc)
> suffer this problem?
>
> Thanks,
> Jean Lee
>
>
> 2013/10/28 <pinskia@gmail.com>:
>>
>>> On Oct 28, 2013, at 1:36 AM, Jean Lee <xiaoyur347@gmail.com> wrote:
>>>
>>> My port of addresssanitizer is based on GCC 4.8.1.
>>> I modify "asan_emit_stack_protection" function in gcc/asan.c for the
>>> following reason:
>>> Sometimes, the stack variable size > 32 Bytes, and after asan
>>> generates code to poison the shadow buffer, it does clear some shadow
>>> buffer but not all before function return.
>>> So I use the way of poisoning to recover the shadow.
>>> Does any of you suffer the problem? It works fine for my platform now.
>>
>> I don't have this issue with either n32 or n64 on mips64 implementation that we did here internally (Cavium) based on GCC 4.7. Did you make sure that you make the frame grown down (is it up, I don't have access to the source right now)?
>>
>> Thanks,
>> Andrew Pinski
>>
>>
>>>
>>> about line 1050:
>>> #if 0 // I find some false positive for those code
>>> for (l = length; l; l -= 2)
>>> {
>>> offset = base_offset + ((offsets[l - 1] - base_offset)
>>> & ~(ASAN_RED_ZONE_SIZE - HOST_WIDE_INT_1));
>>> if (last_offset + last_size != offset)
>>> {
>>> shadow_mem = adjust_address (shadow_mem, VOIDmode,
>>> (last_offset - prev_offset)
>>>>> ASAN_SHADOW_SHIFT);
>>> prev_offset = last_offset;
>>> asan_clear_shadow (shadow_mem, last_size >> ASAN_SHADOW_SHIFT);
>>> last_offset = offset;
>>> last_size = 0;
>>> }
>>> last_size += base_offset + ((offsets[l - 2] - base_offset)
>>> & ~(ASAN_RED_ZONE_SIZE - HOST_WIDE_INT_1))
>>> - offset;
>>> }
>>> if (last_size)
>>> {
>>> shadow_mem = adjust_address (shadow_mem, VOIDmode,
>>> (last_offset - prev_offset)
>>>>> ASAN_SHADOW_SHIFT);
>>> asan_clear_shadow (shadow_mem, last_size >> ASAN_SHADOW_SHIFT);
>>> }
>>>
>>> #else
>>> for (l = length; l; l -= 2)
>>> {
>>> if (l == 2)
>>> cur_shadow_byte = ASAN_STACK_MAGIC_RIGHT;
>>> offset = offsets[l - 1];
>>> if ((offset - base_offset) & (ASAN_RED_ZONE_SIZE - 1))
>>> {
>>> HOST_WIDE_INT aoff
>>> = base_offset + ((offset - base_offset)
>>> & ~(ASAN_RED_ZONE_SIZE - HOST_WIDE_INT_1));
>>> shadow_mem = adjust_address (shadow_mem, VOIDmode,
>>> (aoff - prev_offset)
>>>>> ASAN_SHADOW_SHIFT);
>>> prev_offset = aoff;
>>> aoff += (1 << ASAN_SHADOW_SHIFT) << 2;
>>>
>>> asan_clear_shadow (shadow_mem, 4);
>>> offset = aoff;
>>> }
>>> while (offset <= offsets[l - 2] - ASAN_RED_ZONE_SIZE)
>>> {
>>> shadow_mem = adjust_address (shadow_mem, VOIDmode,
>>> (offset - prev_offset)
>>>>> ASAN_SHADOW_SHIFT);
>>> prev_offset = offset;
>>>
>>> asan_clear_shadow (shadow_mem, 4);
>>> offset += ASAN_RED_ZONE_SIZE;
>>> }
>>> }
>>> #endif
> <gcc-asan.diff>