This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[GCC, ARM] armv8 linux toolchain asan testcase fail due to stl missing conditional code

From: Shiva Chen <shiva0217 at gmail dot com>
To: GCC Patches <gcc-patches at gcc dot gnu dot org>, nickc at redhat dot com, richard dot earnshaw at arm dot com, ramana dot radhakrishnan at arm dot com
Date: Wed, 3 Jun 2015 12:12:33 +0800
Subject: [GCC, ARM] armv8 linux toolchain asan testcase fail due to stl missing conditional code
Authentication-results: sourceware.org; auth=none

Hi,

I noticed that armv8(32 bit target) linux toolchain

run asan testcase would get the following message:


FAIL: c-c++-common/asan/heap-overflow-1.c -O0 output pattern test, is
Executing on host:
/home/gccbuilder-x86/test/mgcc5.0/testsuite/../tools/x86_64/install/bin/qemu-arm
-E LD_LIBRARY_PATH=/home/gccbuilder-x86/test/mgcc5.0/Release/install/armv8-marvell-linux-gnueabihf-hard-5.1.1_x86_64/bin/../arm-linux-gnueabihf/libc/lib/arm-linux-gnueabihf:/home/gccbuilder-x86/test/mgcc5.0/Release/install/armv8-marvell-linux-gnueabihf-hard-5.1.1_x86_64/bin/../arm-linux-gnueabihf/libc/usr/lib/arm-linux-gnueabihf
-L /home/gccbuilder-x86/test/mgcc5.0/Release/install/armv8-marvell-linux-gnueabihf-hard-5.1.1_x86_64/bin/../arm-linux-gnueabihf/libc
./heap-overflow-1.exe
=================================================================
==2182==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xf4a007fa at pc 0x000108a0 bp 0xf6ffc264 sp 0xf6ffc25c
READ of size 1 at 0xf4a007fa thread T0
ASAN:SIGSEGV


sanitizer library use the source in gcc-src/libbacktrace to allocate memory.

The error cause by null pointer reference in libbacktrace/mmap.c


void
backtrace_free (struct backtrace_state *state, void *addr, size_t size,
                backtrace_error_callback error_callback ATTRIBUTE_UNUSED,
                void *data ATTRIBUTE_UNUSED)
...
  if (locked)
    {
      backtrace_free_locked (state, addr, size);

      if (state->threaded) <= line 201
        __sync_lock_release (&state->lock_alloc); <= line 202
    }
}

.loc 1 201 0
cmp r3, #0 <= r3 contain the value of state->threaded
.loc 1 202 0
addne r3, r5, #32
movne r2, #0
stl r2, [r3] <= should be conditional execution

when r3 is 0, line 202 should not execute.

It seems that stl should generate as stlne.

Otherwise, slt will get null reference when r3 is 0.


To fix the issue, add %? when output stl assembly pattern in sync.md.

Is this patch ok for trunk?

Thanks,
Shiva

Attachment: Fix_slt_lda_missing_conditional_code.diff
Description: Text document

Attachment: ChangeLog.fix_slt_lda_missing_conditional_code
Description: Binary data

Follow-Ups:
- Re: [GCC, ARM] armv8 linux toolchain asan testcase fail due to stl missing conditional code
  - From: Ramana Radhakrishnan
- Re: [GCC, ARM] armv8 linux toolchain asan testcase fail due to stl missing conditional code
  - From: Kyrill Tkachov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]