From: Jakub Jelinek <jakub@redhat.com>
To: Tobias Burnus <burnus@net-b.de>
Cc: Dodji Seketeli <dodji@seketeli.org>,
gcc-patches@gcc.gnu.org, dnovillo@google.com,
wmi@google.com, davidxl@google.com,
konstantin.s.serebryany@gmail.com
Subject: Re: [PATCH 01/10] Initial import of asan from the Google branch into trunk
Date: Fri, 09 Nov 2012 13:58:00 -0000 [thread overview]
Message-ID: <20121109135816.GB1886@tucnak.redhat.com> (raw)
In-Reply-To: <509D019C.7020505@net-b.de>
On Fri, Nov 09, 2012 at 02:14:04PM +0100, Tobias Burnus wrote:
> Dodji Seketeli wrote:
> >This patch imports the initial state of asan as it was in the
> >Google branch.
> >
> >It provides basic infrastructure for asan to instrument memory
> >accesses on the heap, at -O3. Note that it supports neither stack nor
> >global variable protection.
>
> I tried the 01/10 to 10/10 patch series but it doesn't trigger for
> the following test case:
>
> #include <stdlib.h>
> #include <stdio.h>
>
> int
> main() {
> int *i;
> i = malloc(10*sizeof(*i));
> free(i); /* <<< Free memory. */
> i[10] = 5; /* <<< out of boundary even if not freed. */
> printf("%d\n", i[11]); /* <<< out of boundary even if not freed. */
> return 0;
> }
>
> (All of them are reported by Clang.) If I look at the dump (or
> assembler), I see the call to __asan_init, __asan_report_store4 and
> __asan_report_load4. However, when running the program ltrace only
> shows the calls to: __libc_start_main, __asan_init, malloc, free and
> printf. I haven't debugged why the condition is false [see
> attachment for the dump].
Can't reproduce that (admittedly with asan SVN branch rather than the
patchset):
./xgcc -B ./ -O2 -fasan -o a a.c -Wl,-rpath,/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/ \
-L /usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/
./a
=================================================================
==20614== ERROR: AddressSanitizer heap-use-after-free on address
0x7f7d8245afec at pc 0x4006f8 bp 0x7fff9beda4c0 sp 0x7fff9beda4b8
READ of size 4 at 0x7f7d8245afec thread T0
#0 0x4006f7 (/usr/src/gcc-asan/obj/gcc/a+0x4006f7)
0x7f7d8245afec is located 4 bytes to the right of 40-byte region
[0x7f7d8245afc0,0x7f7d8245afe8)
freed by thread T0 here:
#0 0x7f7d82796585
#(/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/libasan.so.0.0.0+0xf585)
#1 0x4006b5 (/usr/src/gcc-asan/obj/gcc/a+0x4006b5)
previously allocated by thread T0 here:
#0 0x7f7d82796645
#(/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/libasan.so.0.0.0+0xf645)
#1 0x4006aa (/usr/src/gcc-asan/obj/gcc/a+0x4006aa)
Shadow byte and word:
0x1fefb048b5fd: fd
0x1fefb048b5f8: fd fd fd fd fd fd fd fd
More shadow bytes:
0x1fefb048b5d8: fa fa fa fa fa fa fa fa
0x1fefb048b5e0: fa fa fa fa fa fa fa fa
0x1fefb048b5e8: fa fa fa fa fa fa fa fa
0x1fefb048b5f0: fa fa fa fa fa fa fa fa
=>0x1fefb048b5f8: fd fd fd fd fd fd fd fd
0x1fefb048b600: fa fa fa fa fa fa fa fa
0x1fefb048b608: fa fa fa fa fa fa fa fa
0x1fefb048b610: fa fa fa fa fa fa fa fa
0x1fefb048b618: fa fa fa fa fa fa fa fa
Stats: 0M malloced (0M for red zones) by 1 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 1 calls
Stats: 0M really freed by 0 calls
Stats: 0M (128 full pages) mmaped in 1 calls
mmaps by size class: 7:4095;
mallocs by size class: 7:1;
frees by size class: 7:1;
rfrees by size class:
Stats: malloc large: 0 small slow: 1
==20614== ABORTING
Jakub
next prev parent reply other threads:[~2012-11-09 13:58 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-01 19:53 [PATCH 00/13] Request to merge Address Sanitizer in dodji
2012-11-01 19:53 ` [PATCH 05/13] Allow asan at -O0 dodji
2012-11-01 19:53 ` [PATCH 09/13] Don't forget to protect 32 bytes aligned global variables dodji
2012-11-01 19:53 ` [PATCH 12/13] Instrument built-in memory access function calls dodji
2012-11-01 19:53 ` [PATCH 11/13] Factorize condition insertion code out of build_check_stmt dodji
2012-11-01 19:53 ` [PATCH 07/13] Implement protection of global variables dodji
2012-11-01 19:53 ` [PATCH 06/13] Implement protection of stack variables dodji
[not found] ` <CAGQ9bdweH8Pn=8vLTNa8FSzAh92OYrWScxK78n9znCodADJUvw@mail.gmail.com>
2012-11-02 4:35 ` Xinliang David Li
2012-11-02 15:25 ` Dodji Seketeli
2012-11-02 14:44 ` Dodji Seketeli
[not found] ` <CAGQ9bdxQG3i=BrSYmaN-ssdv4omW6F5VTg50viskKNcYrF-8BQ@mail.gmail.com>
2012-11-02 16:02 ` Dodji Seketeli
2012-11-01 19:53 ` [PATCH 10/13] Make build_check_stmt accept an SSA_NAME for its base dodji
2012-11-01 19:53 ` [PATCH 02/13] Rename tree-asan.[ch] to asan.[ch] dodji
2012-11-01 21:54 ` Joseph S. Myers
2012-11-02 22:44 ` Dodji Seketeli
2012-11-01 19:53 ` [PATCH 08/13] Fix a couple of ICEs dodji
2012-11-01 19:53 ` [PATCH 03/13] Initial asan cleanups dodji
2012-11-01 19:53 ` [PATCH 01/13] Initial import of asan from the Google branch dodji
2012-11-01 19:54 ` [PATCH 04/13] Emit GIMPLE directly instead of gimplifying GENERIC dodji
2012-11-02 22:53 ` [PATCH 00/13] Request to merge Address Sanitizer in Dodji Seketeli
2012-11-02 22:56 ` [PATCH 01/10] Initial import of asan from the Google branch into trunk Dodji Seketeli
2012-11-06 17:04 ` Diego Novillo
2012-11-09 13:14 ` Tobias Burnus
2012-11-09 13:58 ` Jakub Jelinek [this message]
2012-11-09 16:53 ` Xinliang David Li
2012-11-09 17:13 ` Tobias Burnus
2012-11-09 17:18 ` Wei Mi
2012-11-12 11:09 ` [PATCH 03/11] Emit GIMPLE directly instead of gimplifying GENERIC Dodji Seketeli
2012-11-12 11:20 ` [PATCH 01/10] Initial import of asan from the Google branch into trunk Dodji Seketeli
2012-11-02 22:57 ` [PATCH 02/10] Initial asan cleanups Dodji Seketeli
2012-11-06 17:04 ` Diego Novillo
2012-11-12 11:12 ` Dodji Seketeli
2012-11-02 22:58 ` [PATCH 03/10] Emit GIMPLE directly instead of gimplifying GENERIC Dodji Seketeli
2012-11-06 17:08 ` Diego Novillo
2012-11-02 22:59 ` [PATCH 04/10] Allow asan at -O0 Dodji Seketeli
2012-11-06 17:12 ` Diego Novillo
2012-11-02 23:00 ` [PATCH 05/10] Implement protection of stack variables Dodji Seketeli
2012-11-06 17:22 ` Diego Novillo
2012-11-12 11:31 ` Dodji Seketeli
2012-11-12 11:51 ` Jakub Jelinek
2012-11-12 16:08 ` Dodji Seketeli
2012-11-02 23:01 ` [PATCH 06/10] Implement protection of global variables Dodji Seketeli
2012-11-06 17:27 ` Diego Novillo
2012-11-12 11:32 ` Dodji Seketeli
2012-11-02 23:02 ` [PATCH 07/10] Make build_check_stmt accept an SSA_NAME for its base Dodji Seketeli
2012-11-06 17:28 ` Diego Novillo
2012-11-02 23:03 ` [PATCH 08/10] Factorize condition insertion code out of build_check_stmt Dodji Seketeli
2012-11-05 15:50 ` Jakub Jelinek
2012-11-05 20:25 ` Dodji Seketeli
2012-11-06 17:30 ` Diego Novillo
2012-11-02 23:05 ` [PATCH 09/10] Instrument built-in memory access function calls Dodji Seketeli
2012-11-06 17:37 ` Diego Novillo
2012-11-12 11:40 ` Dodji Seketeli
2012-11-03 8:22 ` [PATCH 10/10] Import the asan runtime library into GCC tree Dodji Seketeli
[not found] ` <87fw4r7g8w.fsf_-_@redhat.com>
2012-11-06 17:41 ` Diego Novillo
2012-11-12 11:47 ` Dodji Seketeli
2012-11-12 18:59 ` H.J. Lu
2012-11-14 11:11 ` H.J. Lu
2012-11-14 11:42 ` H.J. Lu
2012-11-12 16:07 ` [PATCH 00/13] Request to merge Address Sanitizer in Dodji Seketeli
2012-11-12 16:21 ` Jakub Jelinek
2012-11-12 16:45 ` Tobias Burnus
2012-11-12 16:51 ` Konstantin Serebryany
2012-11-12 17:20 ` Jack Howarth
2012-11-12 17:34 ` Jack Howarth
2012-11-12 17:37 ` Tobias Burnus
2012-11-12 17:57 ` Jack Howarth
2012-11-12 17:55 ` Dodji Seketeli
2012-11-12 18:40 ` Jack Howarth
2012-11-12 20:39 ` H.J. Lu
2012-11-12 22:15 ` Ian Lance Taylor
2012-11-15 19:42 ` Jack Howarth
2012-11-15 23:42 ` Konstantin Serebryany
2012-11-16 8:27 ` Dodji Seketeli
2012-11-16 14:03 ` Jack Howarth
2012-11-16 15:57 ` Jack Howarth
2012-11-16 16:02 ` Jakub Jelinek
2012-11-16 16:47 ` Jack Howarth
2012-11-16 16:56 ` Alexander Potapenko
2012-11-16 17:06 ` Jack Howarth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121109135816.GB1886@tucnak.redhat.com \
--to=jakub@redhat.com \
--cc=burnus@net-b.de \
--cc=davidxl@google.com \
--cc=dnovillo@google.com \
--cc=dodji@seketeli.org \
--cc=gcc-patches@gcc.gnu.org \
--cc=konstantin.s.serebryany@gmail.com \
--cc=wmi@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).