Re: [PATCH 01/10] Initial import of asan from the Google branch into trunk

[Tobias Burnus <burnus@net-b.de>]

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

Dodji Seketeli wrote:
> This patch imports the initial state of asan as it was in the
> Google branch.
>
> It provides basic infrastructure for asan to instrument memory
> accesses on the heap, at -O3.  Note that it supports neither stack nor
> global variable protection.

I tried the 01/10 to 10/10 patch series but it doesn't trigger for the 
following test case:

#include <stdlib.h>
#include <stdio.h>

int
main() {
   int *i;
   i = malloc(10*sizeof(*i));
   free(i);  /* <<< Free memory. */
   i[10] = 5;  /* <<< out of boundary even if not freed. */
   printf("%d\n", i[11]);  /* <<< out of boundary even if not freed. */
   return 0;
}

(All of them are reported by Clang.) If I look at the dump (or 
assembler), I see the call to __asan_init, __asan_report_store4 and 
__asan_report_load4. However, when running the program ltrace only shows 
the calls to: __libc_start_main, __asan_init, malloc, free and printf. I 
haven't debugged why the condition is false [see attachment for the dump].


Other issues:

* libasan does not seem to be a multilib, at least I only find the 64bit 
version on x86-64-gnu-linux such that "-m32" compilation fails.

* -fno-address-sanitizer doesn't work (it does in Clang); it is 
explicitly disabled via RejectNegative in gcc/common.opt

* Probably fixed on the branch: gcc/gcc.c still has "fasan" instead of 
"faddress-sanitizer" for the spec:
+    %{fasan:-lasan}

Tobias

[-- Attachment #2: hjf.c --]
[-- Type: text/x-csrc, Size: 271 bytes --]

#include <stdlib.h>
#include <stdio.h>

int
main() {
  int *i;
  i = malloc(10*sizeof(*i));
  free(i);  /* <<< Free memory. */
  i[10] = 5;  /* <<< out of boundary even if not freed. */
  printf("%d\n", i[11]);  /* <<< out of boundary even if not freed. */
  return 0;
}

[-- Attachment #3: hjf.c.156t.asan0 --]
[-- Type: text/plain, Size: 1649 bytes --]


;; Function main (main, funcdef_no=2, decl_uid=2680, cgraph_uid=2)

main ()
{
  int * i;
  int D.2687;
  int D.2686;
  int * D.2685;
  int * D.2684;
  int * _2;
  int * _3;
  int _4;
  int _5;
  unsigned long _6;
  unsigned long _7;
  unsigned long _8;
  unsigned char * _9;
  unsigned char _10;
  _Bool _11;
  unsigned long _12;
  unsigned char _13;
  unsigned char _14;
  _Bool _15;
  _Bool _16;
  unsigned long _17;
  unsigned long _18;
  unsigned long _19;
  unsigned char * _20;
  unsigned char _21;
  _Bool _22;
  unsigned long _23;
  unsigned char _24;
  unsigned char _25;
  _Bool _26;
  _Bool _27;

  <bb 2>:
  i_1 = malloc (40);
  free (i_1);
  _2 = i_1 + 40;
  _6 = (unsigned long) _2;
  _7 = _6 >> 3;
  _8 = _7 + 17592186044416;
  _9 = (unsigned char *) _8;
  _10 = *_9;
  _11 = _10 != 0;
  _12 = _6 & 7;
  _13 = (unsigned char) _12;
  _14 = _13 + 3;
  _15 = _14 >= _10;
  _16 = _11 & _15;
  if (_16 != 0)
    goto <bb 5>;
  else
    goto <bb 4>;

  <bb 5>:
  __asan_report_store4 (_6);

  <bb 4>:
  *_2 = 5;
  _3 = i_1 + 44;
  _17 = (unsigned long) _3;
  _18 = _17 >> 3;
  _19 = _18 + 17592186044416;
  _20 = (unsigned char *) _19;
  _21 = *_20;
  _22 = _21 != 0;
  _23 = _17 & 7;
  _24 = (unsigned char) _23;
  _25 = _24 + 3;
  _26 = _25 >= _21;
  _27 = _22 & _26;
  if (_27 != 0)
    goto <bb 7>;
  else
    goto <bb 6>;

  <bb 7>:
  __asan_report_load4 (_17);

  <bb 6>:
  _4 = *_3;
  printf ("%d\n", _4);
  _5 = 0;

<L0>:
  return _5;

}



;; Function _GLOBAL__sub_I_00099_0_main (_GLOBAL__sub_I_00099_0_main, funcdef_no=3, decl_uid=2700, cgraph_uid=0)

_GLOBAL__sub_I_00099_0_main ()
{
  <bb 2>:
  __asan_init ();
  return;

}