[Bug sanitizer/115461] New: lsan doesn't work on s390x

[Bug sanitizer/115461] New: lsan doesn't work on s390x

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

            Bug ID: 115461
           Summary: lsan doesn't work on s390x
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: mpolacek at gcc dot gnu.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

It appears that -fsanitize=leak has no effect on s390x; it doesn't detect even
the simplest leaks:

```
#include <stdlib.h>
#include <stdio.h>

int main() {
    void* ptr = malloc(123);
    printf("%x\n", ptr);
    return 0;
}
```

On x86_64, I get:

=================================================================
==69068==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 123 byte(s) in 1 object(s) allocated from:
    #0 0x7fd39ce13de5 in malloc (/lib64/liblsan.so.0+0x13de5) (BuildId:
bd0edcefa09c842881bff411016cb80201b5bdd9)
    #1 0x401147 in main (/home/mpolacek/x/trunk/gcc/a.out+0x401147) (BuildId:
f29bbf6d55a2764be0623cb24526521a08243448)
    #2 0x7fd39cc46149 in __libc_start_call_main (/lib64/libc.so.6+0x28149)
(BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
    #3 0x7fd39cc4620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a)
(BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
    #4 0x401074 in _start (/home/mpolacek/x/trunk/gcc/a.out+0x401074) (BuildId:
f29bbf6d55a2764be0623cb24526521a08243448)

SUMMARY: LeakSanitizer: 123 byte(s) leaked in 1 allocation(s).


Incidentally, we have *no* -fsanitize=leak tests whatsoever.

[Bug sanitizer/115461] lsan doesn't work on s390x

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
LSan and TSan are enabled on s390x since r12-2560:

commit ea22954e7c580d1e54da4ac58301f65d5cf5f76a
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date:   Thu Jul 22 15:51:56 2021 +0200

    IBM Z: Enable LSan and TSan

    libsanitizer/ChangeLog:

            * configure.tgt (s390*-*-linux*): Enable LSan and TSan for
            s390x.

diff --git a/libsanitizer/configure.tgt b/libsanitizer/configure.tgt
index 0ca5d9fd924..f635e412bdc 100644
--- a/libsanitizer/configure.tgt
+++ b/libsanitizer/configure.tgt
@@ -41,6 +41,11 @@ case "${target}" in
   sparc*-*-linux*)
    ;;
   s390*-*-linux*)
+   if test x$ac_cv_sizeof_void_p = x8; then
+       TSAN_SUPPORTED=yes
+       LSAN_SUPPORTED=yes
+       TSAN_TARGET_DEPENDENT_OBJECTS=tsan_rtl_s390x.lo
+   fi
    ;;
   sparc*-*-solaris2.11*)
    ;;

[Bug sanitizer/115461] lsan doesn't work on s390x

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Does it work with upstream (LLVM)?

[Bug sanitizer/115461] lsan doesn't work on s390x

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

--- Comment #3 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #2)
> Does it work with upstream (LLVM)?

I don't think so; I've tried Fedora 40 clang:

$ clang k.c -fsanitize=leak; ./a.out

and it also didn't report anything.  So probably we need an LLVM bug as well?

[Bug sanitizer/115461] lsan doesn't work on s390x

[iii at linux dot ibm.com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

Ilya Leoshkevich <iii at linux dot ibm.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |iii at linux dot ibm.com

--- Comment #4 from Ilya Leoshkevich <iii at linux dot ibm.com> ---
It doesn't work for me anymore either.  I will take a look at both GCC and LLVM
issues.

[Bug sanitizer/115461] lsan doesn't work on s390x

[iii at linux dot ibm.com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

--- Comment #5 from Ilya Leoshkevich <iii at linux dot ibm.com> ---
The LLVM testsuite still passes.

Looking a bit deeper:

$ LSAN_OPTIONS=verbosity=1,log_pointers=1 ./a.out
[...]
0x508000000000
==1522380==LeakSanitizer: checking for leaks
[...]
==1522381==Scanning STACK range 0x03ffffffa3d8-0x03ffffffb000.
==1522381==0x03ffffffa820: found 0x508000000000 pointing into chunk
0x508000000000-0x50800000007b of size 123.

So something spilled the pointer value on stack, and LSan thinks that it's
still referenced. And indeed, turning stack scanning off resolves the issue:

$ LSAN_OPTIONS=use_stacks=0 ./a.out
0x508000000000

=================================================================
==1522412==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 123 byte(s) in 1 object(s) allocated from:
    #0 0x2aa00045bbd in malloc
[...]/llvm-project/compiler-rt/lib/lsan/lsan_interceptors.cpp:75:3
    #1 0x2aa0004779d in main ([...]/llvm-project/build/a.out+0x4779d)

SUMMARY: LeakSanitizer: 123 byte(s) leaked in 1 allocation(s).

[Bug sanitizer/115461] lsan doesn't work on s390x

[iii at linux dot ibm.com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115461

--- Comment #6 from Ilya Leoshkevich <iii at linux dot ibm.com> ---
Forgot to add: since the runtime is shared, this observation applies to both
GCC and LLVM.

$ gcc k.c -fsanitize=leak; ./a.out
0x508000000000
$ LSAN_OPTIONS=use_stacks=0 ./a.out
0x508000000000

=================================================================
==948446==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 123 byte(s) in 1 object(s) allocated from:
    #0 0x3fff7a16caf in malloc (/lib64/liblsan.so.0+0x16caf) (BuildId:
58eab4a667c0b1f8c0ff7fe7ac931e0eaa86cd5e)
    #1 0x1001219 in main (/tmp/a.out+0x1001219) (BuildId:
277d8d1498d2a3f76a547ae04af127173f8a2c76)

SUMMARY: LeakSanitizer: 123 byte(s) leaked in 1 allocation(s).