Comments (13)
While the problem is caused by a subtle bug in CoreFoundation, this may make
ASan unusable for some applications.
A temporary solution is add a flag to disable replacing the default CFAllocator:
$ ASAN_OPTIONS="replace_cfallocator=0" asan/Release/parseWebKit
I haven't observed such problems with Chromium, thus replace_cfallocator is 1
by default.
Original comment by [email protected]
on 21 Nov 2011 at 9:17
from address-sanitizer.
I've added the flag in r1084.
Original comment by [email protected]
on 21 Nov 2011 at 9:33
- Changed state: Accepted
from address-sanitizer.
Original comment by [email protected]
on 19 Jan 2012 at 7:25
from address-sanitizer.
Braden Thomas supposes that the problem may be caused by CFStringCreateCopy
which normally does not copy constant strings, but does so if the allocator is
replaced:
=================================================
$ cat t.mm
#import <Foundation/Foundation.h>
#include <stdio.h>
int main() {
#ifdef REPLACE
CFAllocatorSetDefault(kCFAllocatorMallocZone);
#endif
CFStringRef str = CFSTR("Hello world!\n");
CFStringRef str2 = CFStringCreateCopy(0, str);
fprintf(stderr, "str: %p\n", str);
fprintf(stderr, "str2: %p\n", str2);
return 0;
}
$ ../../../../build/Release+Asserts/bin/clang++ t.mm -framework Foundation -o
t && ./t
str: 0x100001060
str2: 0x100001060
$ ../../../../build/Release+Asserts/bin/clang++ t.mm -framework Foundation
-DREPLACE -o t && ./t
str: 0x100001070
str2: 0x1001099d8
=================================================
If so, we can try to intercept CFStringCreateCopy and make it leave constant
strings as is
Original comment by [email protected]
on 20 Jan 2012 at 3:35
from address-sanitizer.
At least the initial WebKit example and the program from comment 4 behave
correctly if I wrap CFStringCreateCopy() into a function that checks for the
string constness before comparing the allocators.
Original CFStringCreateCopy() implementation from
http://opensource.apple.com/source/CF/CF-476.19/CFString.c :
===========================================
CFStringRef CFStringCreateWithSubstring(CFAllocatorRef alloc, CFStringRef str,
CFRange range) {
// CF_OBJC_FUNCDISPATCH1(__kCFStringTypeID, CFStringRef , str,
"_createSubstringWithRange:", CFRangeMake(range.location, range.length));
__CFAssertIsString(str);
__CFAssertRangeIsInStringBounds(str, range.location, range.length);
if ((range.location == 0) && (range.length == __CFStrLength(str))) { /* The substring is the whole string... */
return (CFStringRef)CFStringCreateCopy(alloc, str);
} else if (__CFStrIsEightBit(str)) {
const uint8_t *contents = (const uint8_t *)__CFStrContents(str);
return __CFStringCreateImmutableFunnel3(alloc, contents + range.location + __CFStrSkipAnyLengthByte(str), range.length, __CFStringGetEightBitStringEncoding(), false, false, false, false, false, ALLOCATORSFREEFUNC, 0);
} else {
const UniChar *contents = (UniChar *)__CFStrContents(str);
return __CFStringCreateImmutableFunnel3(alloc, contents + range.location, range.length * sizeof(UniChar), kCFStringEncodingUnicode, false, true, false, false, false, ALLOCATORSFREEFUNC, 0);
}
}
===========================================
My wrapper:
545 extern "C"
546 CFStringRef WRAP(CFStringCreateCopy)(CFAllocatorRef alloc, CFStringRef str)
{
547 if (__CFStrIsConstant(str)) {
548 return str;
549 } else {
550 return real_CFStringCreateCopy(alloc, str);
551 }
552 }
Original comment by [email protected]
on 20 Jan 2012 at 4:12
from address-sanitizer.
BookmarkAllTabsControllerTest.BookmarkAllTabs
(http://code.google.com/p/chromium/issues/detail?id=110589) does not fail
anymore with this fix, neither does any of the unit_tests.
Moreover, the problem with blank omnibox in Chromium built with ASan disappears
too.
I'm going to land the wrapper and propose an upstream fix for
CFStringCreateCopy.
Original comment by [email protected]
on 23 Jan 2012 at 8:58
from address-sanitizer.
FTR, this is how omnibox used to behave for me:
> One of the problems I'm facing is that the Omnibox in my build is
> broken: it remains empty while I type in the address (my query appears
> in the drop-down list of suggestions). When I hit enter, the text
> appears, but it is gray instead of black.
Original comment by [email protected]
on 23 Jan 2012 at 9:09
from address-sanitizer.
As of r148696 the problem does not occur anymore.
I'm going to close the bug after I remove the replace_cfallocator flag, which
will happen after the Apple folks confirm everything is correct.
Original comment by [email protected]
on 23 Jan 2012 at 10:51
from address-sanitizer.
can this be closed?
Original comment by [email protected]
on 24 Feb 2012 at 10:57
from address-sanitizer.
I haven't received any feedback from Apple about this, so let's keep it for
some time, ok? We need to remove the flag once we're sure everything is all
right.
Original comment by [email protected]
on 28 Feb 2012 at 11:01
from address-sanitizer.
Original comment by [email protected]
on 22 May 2012 at 8:39
- Added labels: OpSys-OSX
from address-sanitizer.
We've decided to keep this flag for now, since there are problems with
CFAllocator on other OS X versions.
Original comment by [email protected]
on 22 May 2012 at 8:45
from address-sanitizer.
This has been fixed by the recent switch to the dynamic runtime, which does not
replace CFAllocator.
I've removed the replace_cfallocator flag.
Original comment by [email protected]
on 7 Feb 2013 at 4:00
- Changed state: Fixed
from address-sanitizer.
Related Issues (20)
- ASan instrumentation should work with -O0 HOT 6
- need to instrument thread-local globals HOT 1
- Clang+ASan incorrectly handles exceptions. HOT 3
- warn on missing blacklist, better errmsg HOT 2
- [deleted issue]
- symbolize stack traces using code from lldb HOT 17
- Blacklist regexp errors silently lead to blacklist not working HOT 1
- double-free / invalid-free errors should use Report instead of Printf HOT 2
- asan false positives caused by dlcose HOT 1
- Issue with -faddress-sanitizer in combination with -Os/-O2 HOT 6
- ASan unittest (32-bit) fail to link with fresh googletest HOT 4
- mach_override may conflict with that in the client programs HOT 1
- _Unwind_Backtrace cannot unwind past wrap___cxa_throw on Mac HOT 3
- slow asan start-up on Mac 64-bit HOT 23
- Add -C option to addr2line to de-mangle names HOT 1
- get rid of sysinfo/sysinfo.cc HOT 2
- CHECK fails on linux and program doesn't launch HOT 14
- clang and clang++ behave differently on a small OOB test HOT 4
- Deal with ASLR on Mac OS HOT 8
- can't static link against gflags HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from address-sanitizer.