From: Jakub Jelinek <jakub@redhat.com>
To: Konstantin Serebryany <konstantin.s.serebryany@gmail.com>
Cc: Dodji Seketeli <dodji@redhat.com>, Wei Mi <wmi@google.com>,
Mike Stump <mikestump@comcast.net>,
GCC Patches <gcc-patches@gcc.gnu.org>,
David Li <davidxl@google.com>,
Diego Novillo <dnovillo@google.com>,
Kostya Serebryany <kcc@google.com>,
Dodji Seketeli <dseketel@redhat.com>,
Alexander Potapenko <glider@google.com>,
Evgeniy Stepanov <eugenis@google.com>,
Alexey Samsonov <samsonov@google.com>,
Dmitry Vyukov <dvyukov@google.com>
Subject: Re: [PATCH] asan unit tests from llvm lit-test incremental changes
Date: Thu, 13 Dec 2012 08:37:00 -0000 [thread overview]
Message-ID: <20121213083653.GL2315@tucnak.redhat.com> (raw)
In-Reply-To: <CAGQ9bdzDncOHruvnAk14LCRjfXa2s4=d5nnXHX2+aenuYB0i+Q@mail.gmail.com>
On Thu, Dec 13, 2012 at 11:44:12AM +0400, Konstantin Serebryany wrote:
> We are discussing it from time to time.
> Sometimes, if e.g. an error happens inside a qsort callback,
> the fp-based unwinder fails to unwind through libc, while _Unwind would work.
>
> I was opposed to this sometime ago because _Unwind often produced
> buggy stack traces on Ubuntu Lucid (the version we cared about).
Weird, must be some distro modifications, we've been using _Unwind based
backtraces everywhere for many years successfully, glibc backtrace uses it
too, pthread_cancel as well.
> >> and perhaps for
> >> > these malloc wrappers like ::operator new, ::operator new[] and their
> >> > const std::nothrow_t& variants libasan could intercept them, call
> >> > malloc and if that returns NULL, call the original corresponding function
> >> > so that it deals with exceptions, new handler etc.
>
> Hmm.. Why's that?
> Calling libc's malloc or libstdc++'s operator new in asan run-time is
> really a bad idea.
I didn't mean calling libc malloc, I meant calling libstdc++'s operator new,
which then calls malloc (== any, thus asan version), but does some
additional bookkeeping for failures.
The thing is that libstdc++'s operator new:
_GLIBCXX_WEAK_DEFINITION void *
operator new (std::size_t sz) _GLIBCXX_THROW (std::bad_alloc)
{
void *p;
/* malloc (0) is unpredictable; avoid it. */
if (sz == 0)
sz = 1;
p = (void *) malloc (sz);
while (p == 0)
{
new_handler handler = __new_handler;
if (! handler)
_GLIBCXX_THROW_OR_ABORT(bad_alloc());
handler ();
p = (void *) malloc (sz);
}
return p;
}
_GLIBCXX_WEAK_DEFINITION void*
operator new[] (std::size_t sz) _GLIBCXX_THROW (std::bad_alloc)
{
return ::operator new(sz);
}
etc. aren't built with frame pointers, therefore ebp/rbp may be used for
anything, therefore non-unwind based backtrace will stop on that or get
confused. What I meant was have
void *
operator new (std::size_t sz) throw (std::bad_alloc)
{
void *p = malloc (sz);
if (__builtin_expect (p == NULL, 0))
call_original_operator_new (sz);
return p;
}
and similarly for operator new[] etc. in libasan, forcefully built with
-fno-omit-frame-pointer, so that in the likely case that malloc doesn't
return NULL the non-_Unwind based backtrace in malloc would unwind well
through operator new as well as operator new[]. Or if libasan malloc really
never returns NULL and you don't plan to ever change that (why?), you could
just make operator new/operator new[] etc. in libasan aliases to malloc.
> asan's allocator should never return 0 anyway, it should simply crash.
> I don't think we want to support new handler at all.
Does it? Then it will abort perfectly valid programs.
Jakub
next prev parent reply other threads:[~2012-12-13 8:37 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-28 9:15 [PATCH] asan unit tests from llvm lit-test Wei Mi
2012-11-28 10:10 ` Konstantin Serebryany
2012-11-28 10:25 ` Jakub Jelinek
2012-11-28 10:41 ` Konstantin Serebryany
2012-11-28 11:03 ` Jakub Jelinek
2012-11-28 11:14 ` Konstantin Serebryany
2012-11-29 20:59 ` [PATCH] asan_test.cc from llvm Jakub Jelinek
2012-11-30 9:35 ` Konstantin Serebryany
2012-11-30 10:22 ` Jakub Jelinek
2012-11-30 10:55 ` Konstantin Serebryany
2012-11-30 14:52 ` Jakub Jelinek
2012-11-30 16:06 ` Jakub Jelinek
[not found] ` <CAKOQZ8y70goUL91pQJt_S=8W+Dn5VTZ5oRphvGuFwMMh41mkLg@mail.gmail.com>
2012-11-30 16:34 ` Jakub Jelinek
2012-12-03 7:07 ` Konstantin Serebryany
2012-12-03 9:18 ` Jakub Jelinek
2012-12-03 9:52 ` Konstantin Serebryany
2012-12-03 11:05 ` Jakub Jelinek
2012-12-03 11:42 ` Konstantin Serebryany
2012-11-28 11:25 ` [PATCH] asan unit tests from llvm lit-test Jakub Jelinek
2012-11-28 11:39 ` Konstantin Serebryany
2012-11-28 10:14 ` Jakub Jelinek
2012-11-30 21:05 ` Wei Mi
2012-12-03 7:16 ` Konstantin Serebryany
2012-12-03 11:01 ` Jakub Jelinek
2012-12-03 18:33 ` Wei Mi
2012-12-03 18:49 ` Konstantin Serebryany
2012-12-03 19:44 ` Jakub Jelinek
2012-12-03 19:09 ` Mike Stump
2012-12-03 19:37 ` Jakub Jelinek
2012-12-03 19:50 ` Mike Stump
[not found] ` <CAN=P9pgjjq66KS2DVkuOSeH2ejQPDcyKhwz5MdKyE3RB64E=xw@mail.gmail.com>
2012-12-04 7:34 ` Jakub Jelinek
2012-12-04 18:01 ` Wei Mi
2012-12-05 12:29 ` [PATCH] asan unit tests from llvm lit-test incremental changes Jakub Jelinek
2012-12-12 21:32 ` Dodji Seketeli
2012-12-12 21:31 ` Jakub Jelinek
2012-12-13 7:44 ` Konstantin Serebryany
2012-12-13 8:37 ` Jakub Jelinek [this message]
2012-12-13 10:23 ` Konstantin Serebryany
2012-12-13 15:22 ` Jakub Jelinek
2012-12-05 23:29 ` [asan] Fix up dg-set-target-env-var Jakub Jelinek
2012-12-06 0:23 ` Mike Stump
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121213083653.GL2315@tucnak.redhat.com \
--to=jakub@redhat.com \
--cc=davidxl@google.com \
--cc=dnovillo@google.com \
--cc=dodji@redhat.com \
--cc=dseketel@redhat.com \
--cc=dvyukov@google.com \
--cc=eugenis@google.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=glider@google.com \
--cc=kcc@google.com \
--cc=konstantin.s.serebryany@gmail.com \
--cc=mikestump@comcast.net \
--cc=samsonov@google.com \
--cc=wmi@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).