[Bug sanitizer/108834] LTO: ltrans temporary file is used as module name in ASAN

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "marxin at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/108834] LTO: ltrans temporary file is used as module name in ASAN
Date: Mon, 20 Feb 2023 13:59:45 +0000	[thread overview]
Message-ID: <bug-108834-4-TJfuqzDRNI@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-108834-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108834

--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
> so I wonder if emitting the locations isn't just wasted .rodata if libasan
> considers it being a windows_padding.  In GCC 12 libsanitizer it was still
> location:

You are correct, we lost the ability to print line number and column since
gcc-12:

$ gcc-12 jhead.i -fsanitize=address && ./a.out 2>&1 | grep "is located"
0x000000404104 is located 0 bytes after global variable 'myglobal' defined in
'jhead.i' (0x404100) of size 4

$ gcc-11 jhead.i -fsanitize=address && ./a.out 2>&1 | grep "is located"
0x000000404104 is located 0 bytes to the right of global variable 'myglobal'
defined in 'jhead.i:1:5' (0x404100) of size 4

It's a pity we don't have a test-case for it and we didn't notice :(

> --- gcc-12/libsanitizer/asan/asan_interface_internal.h  2022-04-28
> 15:56:17.730640966 +0200
> +++ gcc/libsanitizer/asan/asan_interface_internal.h     2022-11-15
> 22:57:18.450207911 +0100
> @@ -53,8 +53,9 @@ extern "C" {
>      const char *module_name; // Module name as a C string. This pointer is a
>                               // unique identifier of a module.
>      uptr has_dynamic_init;   // Non-zero if the global has dynamic
> initializer.
> -    __asan_global_source_location *location;  // Source location of a
> global,
> -                                              // or NULL if it is unknown.
> +    uptr windows_padding;    // TODO: Figure out how to remove this padding
> +                             // that's simply here to make the MSVC
> incremental
> +                             // linker happy...
>      uptr odr_indicator;      // The address of the ODR indicator symbol.
>    };
>  
> So I wonder what kind of mess upstream introduced again.

Ok, so they newly support the DWARF symbolizer in LLVM:

$ clang jhead.i -fsanitize=address && ./a.out 2>&1 | grep "is located"
0x555555fc34e4 is located 28 bytes to the left of global variable 'myptr'
defined in 'jhead.i' (0x555555fc3500) of size 8

And this is with the debuginfo:

$ clang jhead.i -fsanitize=address -g && ./a.out 2>&1 | grep "is located"
0x555555fc34e4 is located 28 bytes to the left of global variable 'myptr'
defined in '/home/marxin/Programming/testcases/fiasco/jhead.i:2'
(0x555555fc3500) of size 8

When we build with -g option, I debugged the run-time and the symbolizer can
find a module:

#0  __sanitizer::Symbolizer::SymbolizeData (this=0x7ffff7f95018, addr=2112608,
info=0x7fffffffbaa0) at
/home/marxin/Programming/gcc/libsanitizer/sanitizer_common/sanitizer_symbolizer_libcdep.cpp:116
#1  0x00007ffff787c850 in __asan::PrintGlobalLocation (str=0x7fffffffbb30,
g=...) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_globals.cpp:282
#2  0x00007ffff786fe7e in __asan::DescribeAddressRelativeToGlobal
(addr=2112612, access_size=4, g=...) at
/home/marxin/Programming/gcc/libsanitizer/asan/asan_descriptions.cpp:296
#3  0x00007ffff786ff76 in __asan::GlobalAddressDescription::Print
(this=0x7ffff79840f8 <__asan::ScopedInErrorReport::current_error_+1048>,
bug_type=0x7ffff785dc6a "global-buffer-overflow") at
/home/marxin/Programming/gcc/libsanitizer/asan/asan_descriptions.cpp:329
#4  0x00007ffff7874185 in __asan::AddressDescription::Print
(bug_descr=<optimized out>, this=<optimized out>) at
/home/marxin/Programming/gcc/libsanitizer/asan/asan_descriptions.h:246
#5  __asan::ErrorGeneric::Print (this=0x7ffff7983ce8
<__asan::ScopedInErrorReport::current_error_+8>) at
/home/marxin/Programming/gcc/libsanitizer/asan/asan_errors.cpp:593
#6  0x00007ffff7922360 in __asan::ScopedInErrorReport::~ScopedInErrorReport
(this=0x7fffffffc4a6, __in_chrg=<optimized out>) at
/home/marxin/Programming/gcc/libsanitizer/asan/asan_report.cpp:143
#7  0x00007ffff79218f3 in __asan::ReportGenericError (pc=2103431,
bp=140737488343312, sp=sp@entry=140737488343304, addr=2112612,
is_write=is_write@entry=true, access_size=4, fatal=true, exp=<optimized out>)
at /home/marxin/Programming/gcc/libsanitizer/asan/asan_report.cpp:485
#8  0x00007ffff7921a6e in __asan::ReportGenericError (pc=<optimized out>,
bp=bp@entry=140737488343312, sp=sp@entry=140737488343304, addr=<optimized out>,
is_write=is_write@entry=true, access_size=access_size@entry=4, exp=<optimized
out>, fatal=true) at
/home/marxin/Programming/gcc/libsanitizer/asan/asan_report.cpp:485
#9  0x00007ffff7922d1f in __asan::__asan_report_store4 (addr=<optimized out>)
at /home/marxin/Programming/gcc/libsanitizer/asan/asan_rtl.cpp:126
#10 0x0000000000201887 in main ()

(gdb) p *info
$3 = {
  module = 0x7ffff4f01230 "/home/marxin/Programming/testcases/fiasco/a.out",
  module_offset = 2112608,
  module_arch = __sanitizer::kModuleArchUnknown,
  file = 0x0,
  line = 0,
  name = 0x0,
  start = 0,
  size = 0
}

but libbacktrace can't find a line/number info. I'm going to continue with
debugging..

next prev parent reply	other threads:[~2023-02-20 13:59 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-17 11:23 [Bug sanitizer/108834] New: " marxin at gcc dot gnu.org
2023-02-17 11:24 ` [Bug sanitizer/108834] " marxin at gcc dot gnu.org
2023-02-17 11:48 ` rguenth at gcc dot gnu.org
2023-02-17 13:32 ` marxin at gcc dot gnu.org
2023-02-17 14:39 ` jakub at gcc dot gnu.org
2023-02-17 14:43 ` jakub at gcc dot gnu.org
2023-02-17 14:59 ` marxin at gcc dot gnu.org
2023-02-20 13:59 ` marxin at gcc dot gnu.org [this message]
2023-02-20 15:40 ` marxin at gcc dot gnu.org
2023-02-20 15:44 ` jakub at gcc dot gnu.org
2023-02-20 16:03 ` marxin at gcc dot gnu.org
2023-02-20 20:10 ` marxin at gcc dot gnu.org
2023-02-24 15:23 ` cvs-commit at gcc dot gnu.org
2023-02-24 15:24 ` marxin at gcc dot gnu.org
2023-02-27  8:32 ` marxin at gcc dot gnu.org
2023-02-27  8:32 ` cvs-commit at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-108834-4-TJfuqzDRNI@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).