From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 8487F3858C30; Mon, 20 Feb 2023 13:59:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8487F3858C30 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1676901587; bh=hLLlDNV6zudr5z500MnAUJs64h9lxlnLvSo2z9NxgKI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=OcVF7a9Qf0GChcMNSv7MKXjAYqdC/OAbBY5dW33UD2lVV9GfB1EaEHVW/yc3GRwR2 B6NGec/1Q04vKxNm8RYEEeJklX+gK8B070B28yl8hsL/tWv1dxU7742eofvYcqZ/is LKemS6Ym+VU+9juyjGspXu+Ph8Q3dcVPr71rRtk4= From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108834] LTO: ltrans temporary file is used as module name in ASAN Date: Mon, 20 Feb 2023 13:59:45 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: marxin at gcc dot gnu.org X-Bugzilla-Target-Milestone: 13.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108834 --- Comment #6 from Martin Li=C5=A1ka --- > so I wonder if emitting the locations isn't just wasted .rodata if libasan > considers it being a windows_padding. In GCC 12 libsanitizer it was still > location: You are correct, we lost the ability to print line number and column since gcc-12: $ gcc-12 jhead.i -fsanitize=3Daddress && ./a.out 2>&1 | grep "is located" 0x000000404104 is located 0 bytes after global variable 'myglobal' defined = in 'jhead.i' (0x404100) of size 4 $ gcc-11 jhead.i -fsanitize=3Daddress && ./a.out 2>&1 | grep "is located" 0x000000404104 is located 0 bytes to the right of global variable 'myglobal' defined in 'jhead.i:1:5' (0x404100) of size 4 It's a pity we don't have a test-case for it and we didn't notice :( > --- gcc-12/libsanitizer/asan/asan_interface_internal.h 2022-04-28 > 15:56:17.730640966 +0200 > +++ gcc/libsanitizer/asan/asan_interface_internal.h 2022-11-15 > 22:57:18.450207911 +0100 > @@ -53,8 +53,9 @@ extern "C" { > const char *module_name; // Module name as a C string. This pointer = is a > // unique identifier of a module. > uptr has_dynamic_init; // Non-zero if the global has dynamic > initializer. > - __asan_global_source_location *location; // Source location of a > global, > - // or NULL if it is unknow= n. > + uptr windows_padding; // TODO: Figure out how to remove this padd= ing > + // that's simply here to make the MSVC > incremental > + // linker happy... > uptr odr_indicator; // The address of the ODR indicator symbol. > }; >=20=20 > So I wonder what kind of mess upstream introduced again. Ok, so they newly support the DWARF symbolizer in LLVM: $ clang jhead.i -fsanitize=3Daddress && ./a.out 2>&1 | grep "is located" 0x555555fc34e4 is located 28 bytes to the left of global variable 'myptr' defined in 'jhead.i' (0x555555fc3500) of size 8 And this is with the debuginfo: $ clang jhead.i -fsanitize=3Daddress -g && ./a.out 2>&1 | grep "is located" 0x555555fc34e4 is located 28 bytes to the left of global variable 'myptr' defined in '/home/marxin/Programming/testcases/fiasco/jhead.i:2' (0x555555fc3500) of size 8 When we build with -g option, I debugged the run-time and the symbolizer can find a module: #0 __sanitizer::Symbolizer::SymbolizeData (this=3D0x7ffff7f95018, addr=3D2= 112608, info=3D0x7fffffffbaa0) at /home/marxin/Programming/gcc/libsanitizer/sanitizer_common/sanitizer_symbol= izer_libcdep.cpp:116 #1 0x00007ffff787c850 in __asan::PrintGlobalLocation (str=3D0x7fffffffbb30, g=3D...) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_globals.cpp= :282 #2 0x00007ffff786fe7e in __asan::DescribeAddressRelativeToGlobal (addr=3D2112612, access_size=3D4, g=3D...) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_descriptions.cpp:296 #3 0x00007ffff786ff76 in __asan::GlobalAddressDescription::Print (this=3D0x7ffff79840f8 <__asan::ScopedInErrorReport::current_error_+1048>, bug_type=3D0x7ffff785dc6a "global-buffer-overflow") at /home/marxin/Programming/gcc/libsanitizer/asan/asan_descriptions.cpp:329 #4 0x00007ffff7874185 in __asan::AddressDescription::Print (bug_descr=3D, this=3D) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_descriptions.h:246 #5 __asan::ErrorGeneric::Print (this=3D0x7ffff7983ce8 <__asan::ScopedInErrorReport::current_error_+8>) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_errors.cpp:593 #6 0x00007ffff7922360 in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=3D0x7fffffffc4a6, __in_chrg=3D) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_report.cpp:143 #7 0x00007ffff79218f3 in __asan::ReportGenericError (pc=3D2103431, bp=3D140737488343312, sp=3Dsp@entry=3D140737488343304, addr=3D2112612, is_write=3Dis_write@entry=3Dtrue, access_size=3D4, fatal=3Dtrue, exp=3D) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_report.cpp:485 #8 0x00007ffff7921a6e in __asan::ReportGenericError (pc=3D, bp=3Dbp@entry=3D140737488343312, sp=3Dsp@entry=3D140737488343304, addr=3D, is_write=3Dis_write@entry=3Dtrue, access_size=3Daccess_size@entry=3D4, exp= =3D, fatal=3Dtrue) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_report.cpp:485 #9 0x00007ffff7922d1f in __asan::__asan_report_store4 (addr=3D) at /home/marxin/Programming/gcc/libsanitizer/asan/asan_rtl.cpp:126 #10 0x0000000000201887 in main () (gdb) p *info $3 =3D { module =3D 0x7ffff4f01230 "/home/marxin/Programming/testcases/fiasco/a.ou= t", module_offset =3D 2112608, module_arch =3D __sanitizer::kModuleArchUnknown, file =3D 0x0, line =3D 0, name =3D 0x0, start =3D 0, size =3D 0 } but libbacktrace can't find a line/number info. I'm going to continue with debugging..=