[Bug sanitizer/107752] New: Lack of offset information in AddressSanitizer reports

[Bug sanitizer/107752] New: Lack of offset information in AddressSanitizer reports

[shaohua.li at inf dot ethz.ch]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107752

            Bug ID: 107752
           Summary: Lack of offset information in AddressSanitizer reports
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: shaohua.li at inf dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---

Hi,

I found that GCC's ASAN reports do not include offset information, while
Clang's ASAN does. Both GCC's UBSan and Clang'UBSan include offset information.

For example, for the following code,

% cat a.c
int main() {
  int a[1] = {0};
  return a[1];
}
%

GCC's ASAN report only includes the line numbers of the stack trace (a.c:3):
```
=================================================================
==1842608==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff7181ea14 at pc 0x55f5214542e2 bp 0x7fff7181e9e0 sp 0x7fff7181e9d0
READ of size 4 at 0x7fff7181ea14 thread T0
    #0 0x55f5214542e1 in main /home/shaoli/tmp/a.c:3
...
```

Clang's ASAN report includes both the line numbers and offsets of the stack
trace (a.c:3:10):
```
=================================================================
==1910102==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffd53e4fa64 at pc 0x55a977f71884 bp 0x7ffd53e4fa30 sp 0x7ffd53e4fa28
READ of size 4 at 0x7ffd53e4fa64 thread T0
    #0 0x55a977f71883 in main /home/shaoli/tmp/a.c:3:10
```

Both GCC's and Clang's UBsans include all information:
```
a.c:3:11: runtime error: index 1 out of bounds for type 'int [1]'
a.c:3:11: runtime error: load of address 0x7ffd420a6538 with insufficient space
for an object of type 'int'
```

I believe it would be nice to include the offset information as it is very
useful for users to quickly locate bugs in their code.

[Bug sanitizer/107752] Lack of offset information in AddressSanitizer reports

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107752

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Do you mean the column information rather than offset?

[Bug sanitizer/107752] Lack of column information in AddressSanitizer reports

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107752

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Lack of offset information  |Lack of column information
                   |in AddressSanitizer reports |in AddressSanitizer reports

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
libbacktrace does not pass the column information:
static int SymbolizeCodePCInfoCallback(void *vdata, uintptr_t addr,
                                       const char *filename, int lineno,
                                       const char *function) {

[Bug sanitizer/107752] Lack of column information in AddressSanitizer reports

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107752

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement
           Keywords|                            |diagnostic

[Bug sanitizer/107752] Lack of column information in AddressSanitizer reports

[shaohua.li at inf dot ethz.ch]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107752

--- Comment #3 from Li Shaohua <shaohua.li at inf dot ethz.ch> ---
(In reply to Andrew Pinski from comment #1)
> Do you mean the column information rather than offset?

Yes, I meant the column information.

I don’t know the implementation details of ASAN. But as UBsan can include the
column information, I presume it’s also doable in ASAN?

[Bug sanitizer/107752] Lack of column information in AddressSanitizer reports

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107752

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2022-11-18
             Status|UNCONFIRMED                 |NEW

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Li Shaohua from comment #3)
> (In reply to Andrew Pinski from comment #1)
> > Do you mean the column information rather than offset?
> 
> Yes, I meant the column information.
> 
> I don’t know the implementation details of ASAN. But as UBsan can include
> the column information, I presume it’s also doable in ASAN?

UBSAN column information is passed directly from the compiler to the library
while ASAN (inside GCC) uses libbacktrace to find the full backtrace.

CLang/LLVM does not use libbacktrace do the backtrace, they have their own
library to do it and that provides which is why it is there for them.

I looked into libbacktrace somewhat to see what needs to be done but it seems
to be a lot (though I could be wrong).