Comments (13)
So, what is the problem?
The code is buggy and asan detects the bug.
No?
Original comment by [email protected]
on 10 Aug 2011 at 10:16
from address-sanitizer.
The problem is with mops that "split 2 shadow bytes". Since we don't analyse
the second byte, we don't catch the error. The minimal test is:
TEST(AddressSanitizer, DISABLED_StrangeMemIntrinsicBehaviorTest2){
int const size = 4096;
char* s = (char*)malloc(size);
EXPECT_DEATH(memcpy(s+size-1, s, 2), TO_THE_RIGHT(0));
free(s);
}
If 4096 is replaced with 4095, the test passes (that is, the program crashes).
Original comment by [email protected]
on 10 Aug 2011 at 10:32
from address-sanitizer.
ah!
This is
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm#Unalig
ned_accesses
Not sure if we want to do anything with this right now...
Original comment by [email protected]
on 10 Aug 2011 at 10:36
from address-sanitizer.
I think it's worth moving to KnownBugs, because it's where I looked first.
Original comment by [email protected]
on 10 Aug 2011 at 10:41
from address-sanitizer.
>> I think it's worth moving to KnownBugs,
Agree. Give a link there.
Original comment by [email protected]
on 10 Aug 2011 at 10:53
from address-sanitizer.
Done:
http://code.google.com/p/address-sanitizer/wiki/KnownBugs
Original comment by [email protected]
on 10 Aug 2011 at 11:04
from address-sanitizer.
Can we instrument arguments of memintrinsic functions _before_ these functions
are modified by compiler and lead to unaligned access? Or we should just leave
everything as is now?
Original comment by [email protected]
on 10 Aug 2011 at 11:19
from address-sanitizer.
I don't know for sure (need to investigate when does memset lowering happen),
but probably not. asan instrumentation should happen at the later stages, when
the majority of other optimizations already happened.
I'd leave it as is for now.
Long term we'll need to implement checking for unaligned accesses (as an option)
Original comment by [email protected]
on 10 Aug 2011 at 11:31
from address-sanitizer.
> Can we instrument arguments of memintrinsic functions _before_ these
functions are modified by compiler and lead to unaligned access?
There should a compiler option that prevents inlining of intrinsic functions.
Original comment by [email protected]
on 10 Aug 2011 at 11:58
from address-sanitizer.
> There should a compiler option that prevents inlining of intrinsic functions
When I compile the following test with -fno-builtin
TEST(AddressSanitizer, DISABLED_StrangeMemIntrinsicBehaviorTest2){
char * s = (char*)malloc(4096);
memcpy(s+4096-1, s, 2);
}
it does not insert any instrumentation at all:
0808fb00
<AddressSanitizer_DISABLED_StrangeMemIntrinsicBehaviorTest2_Test::TestBody()>:
808fb00: 55 push %ebp
808fb01: 89 e5 mov %esp,%ebp
808fb03: 83 ec 18 sub $0x18,%esp
808fb06: c7 04 24 00 10 00 00 movl $0x1000,(%esp)
808fb0d: e8 8e ea 09 00 call 812e5a0 <malloc>
808fb12: 89 44 24 04 mov %eax,0x4(%esp)
808fb16: 05 ff 0f 00 00 add $0xfff,%eax
808fb1b: 89 04 24 mov %eax,(%esp)
808fb1e: c7 44 24 08 02 00 00 movl $0x2,0x8(%esp)
808fb25: 00
808fb26: e8 2d ea fe ff call 807e558 <memcpy@plt>
808fb2b: 83 c4 18 add $0x18,%esp
808fb2e: 5d pop %ebp
808fb2f: c3 ret
ouch!
Original comment by [email protected]
on 10 Aug 2011 at 1:01
from address-sanitizer.
perhaps because it does not treat memset as an intrinsic
Original comment by [email protected]
on 10 Aug 2011 at 1:02
from address-sanitizer.
Yeah, but it should treat memcpy as a, well, memcpy.
Original comment by [email protected]
on 10 Aug 2011 at 1:14
from address-sanitizer.
since http://llvm.org/viewvc/llvm-project?rev=206746&view=rev
asan does not instrument memset/memmove/memcpy calls, instead it replaces the
calls
with calls to __asan_memset/etc.
I think this allows us to close this bug.
Original comment by [email protected]
on 14 May 2014 at 1:44
- Changed state: Fixed
from address-sanitizer.
Related Issues (20)
- ASan instrumentation should work with -O0 HOT 6
- need to instrument thread-local globals HOT 1
- Clang+ASan incorrectly handles exceptions. HOT 3
- warn on missing blacklist, better errmsg HOT 2
- [deleted issue]
- symbolize stack traces using code from lldb HOT 17
- Blacklist regexp errors silently lead to blacklist not working HOT 1
- double-free / invalid-free errors should use Report instead of Printf HOT 2
- asan false positives caused by dlcose HOT 1
- Issue with -faddress-sanitizer in combination with -Os/-O2 HOT 6
- ASan unittest (32-bit) fail to link with fresh googletest HOT 4
- mach_override may conflict with that in the client programs HOT 1
- _Unwind_Backtrace cannot unwind past wrap___cxa_throw on Mac HOT 3
- slow asan start-up on Mac 64-bit HOT 23
- Add -C option to addr2line to de-mangle names HOT 1
- get rid of sysinfo/sysinfo.cc HOT 2
- CHECK fails on linux and program doesn't launch HOT 14
- clang and clang++ behave differently on a small OOB test HOT 4
- Deal with ASLR on Mac OS HOT 8
- can't static link against gflags HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from address-sanitizer.