Comments (3)
More investigation:
$ cat exception_test.cc
#include <stdio.h>
void TouchR15AndThrow(const char& arg) {
volatile int n __attribute__((aligned(32))) = 0;
asm volatile ("nop" : : : "r15"); // force to save r15 on stack
throw arg;
}
int main() {
register int *a asm ("r15");
fprintf(stderr, "before throw: %p\n", a);
try {
TouchR15AndThrow('c');
} catch (const char&) { }
fprintf(stderr, "after catch: %p\n", a);
return 0;
}
$ ../my_clang++ -O2 exception_test.cc
$ ./a.out
before throw: 0x7fff7a68fa18
after catch: 0xffffffffffffff70
When 32-byte alignment is required for stack variables (ASan does this),
compiler adds instruction that aligns stack pointer before the registers are
saved on a stack. This change is not captured by DWARF. Later, when exception
is raised and we restore the context (and value in registers), we try to read
registers from wrong location in the memory. See also:
$ ../my_clang++ -O2 exception_test.cc -o exception_test.o
$ objdump -d exception_test.o
<...>
0000000000400870 <_Z16TouchR15AndThrowRKc>:
400870: 55 push %rbp
400871: 48 89 e5 mov %rsp,%rbp
400874: 48 81 e4 e0 ff ff ff and $0xffffffffffffffe0,%rsp #align rsp
40087b: 41 57 push %r15 #save r15
<...>
$ readelf --debug-dump=frames exception_test.o
<...>
00000018 0000001c 0000001c FDE cie=00000000 pc=00400870..004008aa
DW_CFA_advance_loc: 1 to 00400871
DW_CFA_def_cfa_offset: 16
DW_CFA_offset: r6 (rbp) at cfa-16
DW_CFA_advance_loc: 3 to 00400874
DW_CFA_def_cfa_register: r6 (rbp)
DW_CFA_advance_loc: 14 to 00400882
DW_CFA_offset: r3 (rbx) at cfa-32
DW_CFA_offset: r15 (r15) at cfa-24 # r15 is supposed to be after r6(rbp).
$ ../my_clang++ -O2 exception_test.cc -S -o -
<...>
_Z16TouchR15AndThrowRKc: # @_Z16TouchR15AndThrowRKc
.Ltmp3:
.cfi_startproc
# BB#0: # %entry
pushq %rbp
.Ltmp4:
.cfi_def_cfa_offset 16
.Ltmp5:
.cfi_offset %rbp, -16
movq %rsp, %rbp
.Ltmp6:
.cfi_def_cfa_register %rbp
andq $-32, %rsp <-- this is not used when calculating cfi_offset for %r15
pushq %r15
pushq %rbx
subq $48, %rsp
.Ltmp7:
.cfi_offset %rbx, -32
.Ltmp8:
.cfi_offset %r15, -24
Original comment by [email protected]
on 2 Dec 2011 at 1:43
from address-sanitizer.
Filed upstream: http://llvm.org/bugs/show_bug.cgi?id=11468
Original comment by [email protected]
on 2 Dec 2011 at 7:36
from address-sanitizer.
This is likely fixed in r160248.
Original comment by [email protected]
on 30 Jul 2012 at 8:57
- Changed state: Fixed
from address-sanitizer.
Related Issues (20)
- ASan instrumentation should work with -O0 HOT 6
- need to instrument thread-local globals HOT 1
- warn on missing blacklist, better errmsg HOT 2
- [deleted issue]
- symbolize stack traces using code from lldb HOT 17
- Blacklist regexp errors silently lead to blacklist not working HOT 1
- double-free / invalid-free errors should use Report instead of Printf HOT 2
- asan false positives caused by dlcose HOT 1
- Issue with -faddress-sanitizer in combination with -Os/-O2 HOT 6
- ASan unittest (32-bit) fail to link with fresh googletest HOT 4
- mach_override may conflict with that in the client programs HOT 1
- _Unwind_Backtrace cannot unwind past wrap___cxa_throw on Mac HOT 3
- slow asan start-up on Mac 64-bit HOT 23
- Add -C option to addr2line to de-mangle names HOT 1
- get rid of sysinfo/sysinfo.cc HOT 2
- CHECK fails on linux and program doesn't launch HOT 14
- clang and clang++ behave differently on a small OOB test HOT 4
- Deal with ASLR on Mac OS HOT 8
- can't static link against gflags HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from address-sanitizer.