[Bug sanitizer/111620] New: [RISC-V]fsanitize is not working with cpp

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug sanitizer/111620] New: [RISC-V]fsanitize is not working with cpp
@ 2023-09-28  6:14 akhilesh.k at samsung dot com
  2023-09-28  6:22 ` [Bug sanitizer/111620] [RISC-V]fsanitize is not working with c++ pinskia at gcc dot gnu.org
  2023-10-03 13:01 ` akhilesh.k at samsung dot com
  0 siblings, 2 replies; 3+ messages in thread
From: akhilesh.k at samsung dot com @ 2023-09-28  6:14 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111620

            Bug ID: 111620
           Summary: [RISC-V]fsanitize is not working with cpp
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: akhilesh.k at samsung dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---

Hello 

During ASAN verification I observed most of the ASAN is not working for cpp

sharing logs and sample code. 

user@starfive:~/akhilesh/asan$ g++ print.cpp  -fsanitize=address
 user@starfive:~/akhilesh/asan$ ./a.out 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==17785==ERROR: AddressSanitizer: SEGV on unknown address 0x00081f468e44 (pc
0x002ae2626c74 bp 0x003ffa3472e0 sp 0x003ffa347210 T0)
==17785==The signal is caused by a WRITE memory access.
    #0 0x2ae2626c74 in main (/home/user/akhilesh/asan/a.out+0xc74)
    #1 0x3fbdac4b02 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #2 0x3fbdac4baa in __libc_start_main_impl csu/libc-start.c:381
    #3 0x2ae2626b6e in _start (/home/user/akhilesh/asan/a.out+0xb6e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/user/akhilesh/asan/a.out+0xc74) in main
==17785==ABORTING
user@starfive:~/akhilesh/asan$ cat print.cpp
#include<iostream>
using namespace std;

int main()
{
        int arr[10];
        arr[5]=8;
        cout<<arr[5];
        return 0;
}
user@starfive:~/akhilesh/asan$ 



==========================Sample code=================================
user@starfive:~/akhilesh/asan$ vim use_after_free.cpp 
user@starfive:~/akhilesh/asan$ cat  use_after_free.cpp 
#include<iostream>
using namespace std;
int main()
{
        cout << "Hello";
        return 0;
}

=========================run time logs===================================
ser@starfive:~/akhilesh/asan$ g++ -g use_after_free.cpp -fsanitize=address 
user@starfive:~/akhilesh/asan$ ./a.out 
AddressSanitizer: CHECK failed: asan_poisoning.cpp:36 "((AddrIsInMem(addr))) !=
(0)" (0x0, 0x0) (tid=17449)
    #0 0x3fb771805c in CheckUnwind
../../../../src/libsanitizer/asan/asan_rtl.cpp:67
    #1 0x3fb7730a3a in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:86
    #2 0x3fb7711dca in __asan::PoisonShadow(unsigned long, unsigned long,
unsigned char) ../../../../src/libsanitizer/asan/asan_poisoning.cpp:36
    #3 0x3fb76a2e36 in __asan::AsanMapUnmapCallback::OnMap(unsigned long,
unsigned long) const ../../../../src/libsanitizer/asan/asan_allocator.cpp:246
    #4 0x3fb76a2e36 in
__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>::MapWithCallback(unsigned long, unsigned long, char const*)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:717
    #5 0x3fb76a2e36 in
__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>::MapWithCallback(unsigned long, unsigned long, char const*)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:709
    #6 0x3fb76a2e36 in
__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>::PopulateFreeArray(__sanitizer::AllocatorStats*, unsigned long,
__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>::RegionInfo*, unsigned long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:798
    #7 0x3fb76a3246 in
__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>::GetFromAllocator(__sanitizer::AllocatorStats*, unsigned long, unsigned int*,
unsigned long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:220
    #8 0x3fb76a32bc in
__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>
>::Refill(__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
> >::PerClass*,
__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>*, unsigned long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_local_cache.h:103
    #9 0x3fb76a353c in
__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>
>::Allocate(__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>*, unsigned long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_local_cache.h:39
    #10 0x3fb76a353c in
__sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
>,
__sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate(__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView>
> >*, unsigned long, unsigned long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator_combined.h:69
    #11 0x3fb76a370a in __asan::Allocator::Allocate(unsigned long, unsigned
long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool)
../../../../src/libsanitizer/asan/asan_allocator.cpp:536
    #12 0x3fb76a101a in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*)
../../../../src/libsanitizer/asan/asan_allocator.cpp:964
    #13 0x3fb771002c in __interceptor_malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:70
    #14 0x3fb734a3a8 in __GI__IO_file_doallocate libio/filedoalloc.c:101

user@starfive:~/akhilesh/asan$ 

=============================gcc ============================================
user@starfive:~/akhilesh/asan$ gcc -v 
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/riscv64-linux-gnu/12/lto-wrapper
Target: riscv64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 12.2.0-10'
--with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-12
--program-prefix=riscv64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new
--enable-gnu-unique-object --disable-libitm --disable-libquadmath
--disable-libquadmath-support --enable-plugin --enable-default-pie
--with-system-zlib --enable-libphobos-checking=release
--with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch
--disable-werror --disable-multilib --with-arch=rv64gc --with-abi=lp64d
--enable-checking=release --build=riscv64-linux-gnu --host=riscv64-linux-gnu
--target=riscv64-linux-gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.2.0 (Debian 12.2.0-10) 
user@starfive:~/akhilesh/asan$

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug sanitizer/111620] [RISC-V]fsanitize is not working with c++
  2023-09-28  6:14 [Bug sanitizer/111620] New: [RISC-V]fsanitize is not working with cpp akhilesh.k at samsung dot com
@ 2023-09-28  6:22 ` pinskia at gcc dot gnu.org
  2023-10-03 13:01 ` akhilesh.k at samsung dot com
  1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-09-28  6:22 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111620

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is fixed for GCC 12.4.0 and GCC 13.2.0.

Dup of bug 110036.

*** This bug has been marked as a duplicate of bug 110036 ***

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug sanitizer/111620] [RISC-V]fsanitize is not working with c++
  2023-09-28  6:14 [Bug sanitizer/111620] New: [RISC-V]fsanitize is not working with cpp akhilesh.k at samsung dot com
  2023-09-28  6:22 ` [Bug sanitizer/111620] [RISC-V]fsanitize is not working with c++ pinskia at gcc dot gnu.org
@ 2023-10-03 13:01 ` akhilesh.k at samsung dot com
  1 sibling, 0 replies; 3+ messages in thread
From: akhilesh.k at samsung dot com @ 2023-10-03 13:01 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111620

--- Comment #2 from Akhilesh Kumar <akhilesh.k at samsung dot com> ---
with 110036 (CHECK failed) issue is fixed, but Even after patch ASAN unable to
detect corruption  like "Use_after_free(heap)","Heap buffer overflow","Stack
buffer overflow" and "Use after scope" 

some features like "Double Free" and "Memory leaks" are working after 110036

In all corruption scenarios I am getting "DEADLYSIGNAL" 
Seems program jumped to some wild address, which is unknown to AddressSanitizer 



#include<iostream>
using namespace std;
int main()
{
        int *p=new int;
        delete p;
        cout<<*p<<endl;
        return 0;
}


//on x86 Asan able to detect 



user@starfive:/tmp$ ./use_afterfree 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==70151==ERROR: AddressSanitizer: SEGV on unknown address 0x0008173400f6 (pc
0x0000000e3ed8 bp 0x003ff061b2d0 sp 0x003ff061b2b0 T0)
==70151==The signal is caused by a READ memory access.
    #0 0xe3eda in main (/tmp/use_afterfree+0xe3eda) (BuildId:
216039089892b63c94091aadca49752b51f4fa78)
    #1 0x3fbd152b02 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #2 0x3fbd152baa in __libc_start_main_impl csu/libc-start.c:381
    #3 0x25282 in _start (/tmp/use_afterfree+0x25282) (BuildId:
216039089892b63c94091aadca49752b51f4fa78)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/tmp/use_afterfree+0xe3eda) (BuildId:
216039089892b63c94091aadca49752b51f4fa78) in main
==70151==ABORTING
user@starfive:/tmp$

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-10-03 13:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-28  6:14 [Bug sanitizer/111620] New: [RISC-V]fsanitize is not working with cpp akhilesh.k at samsung dot com
2023-09-28  6:22 ` [Bug sanitizer/111620] [RISC-V]fsanitize is not working with c++ pinskia at gcc dot gnu.org
2023-10-03 13:01 ` akhilesh.k at samsung dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).