From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25347 invoked by alias); 22 Feb 2013 13:52:41 -0000 Received: (qmail 25229 invoked by uid 48); 22 Feb 2013 13:52:16 -0000 From: "kcc at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/55309] gcc's address-sanitizer 66% slower than clang's Date: Fri, 22 Feb 2013 13:52:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: kcc at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2013-02/txt/msg02224.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55309 --- Comment #47 from Kostya Serebryany 2013-02-22 13:52:12 UTC --- (In reply to comment #46) > (In reply to comment #43) > > 400.perlbench fails with a global-buffer-overflow which clang does not detect. > > I did not investigate why. It could be a gcc false positive or clang false > > negative. > > On which file/function the global-buffer-overflow was? Can you send me the > asan diagnostics? Interestingly, the symbolization/debuginfo seems to be completely broken :( % g++ -g -fsanitize=address ./use-after-free.cc -static-libasan ; ./a.out 2>&1 | grep '#0' #0 0x4179c2 (/home/kcc/tmp/a.out+0x4179c2) #0 0x40f18a (/home/kcc/tmp/a.out+0x40f18a) #0 0x40f26a (/home/kcc/tmp/a.out+0x40f26a) % addr2line -f -e ./a.out 0x4179c2 0x40f18a 0x40f26a main ??:0 free ??:0 malloc ??:0 % ==580== ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000078e2a5 at pc 0x4e47d7 bp 0x7fffa2fbc7b0 sp 0x7fffa2fbc7a8 READ of size 1 at 0x00000078e2a5 thread T0 #0 0x4e47d6 in PerlIO_find_layer (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e47d6) #1 0x4e63e6 in PerlIO_default_buffer (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e63e6) #2 0x4e678e in PerlIO_default_layers (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e678e) #3 0x4e7a41 in PerlIO_resolve_layers (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e7a41) #4 0x4e8145 in PerlIO_openn (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e8145) #5 0x4f5d32 in PerlIO_open (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4f5d32) #6 0x4dd808 in S_open_script (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4dd808) #7 0x4d3be6 in S_parse_body (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4d3be6) #8 0x4d2a4b in perl_parse (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4d2a4b) #9 0x4f6ee8 in main (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4f6ee8) #10 0x7fd3a245376c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c) #11 0x4037d8 (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4037d8) 0x00000078e2a5 is located 0 bytes to the right of global variable '*.LC50 (perlio.c)' (0x78e2a0) of size 5 '*.LC50 (perlio.c)' is ascii string 'unix' SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 PerlIO_find_layer > > > 464.h264ref is VERY slow, I did not look why. > > And it didn't fail on that: > for (dd=d[k=0]; k<16; dd=d[++k]) > { > satd += (dd < 0 ? -dd : dd); > } > or have you fixed that up in your SPEC sources? Interestingly, no. I haven't touched SPEC sources here. Maybe gcc does full unroll thus eliminating the buggy read (I did not check).