From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26682 invoked by alias); 9 Nov 2012 16:53:26 -0000 Received: (qmail 26672 invoked by uid 22791); 9 Nov 2012 16:53:25 -0000 X-SWARE-Spam-Status: No, hits=-6.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mail-la0-f47.google.com (HELO mail-la0-f47.google.com) (209.85.215.47) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 09 Nov 2012 16:53:20 +0000 Received: by mail-la0-f47.google.com with SMTP id u2so1094132lag.20 for ; Fri, 09 Nov 2012 08:53:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=sxT78r9wRVmT3uvIufyTegsNKdU75y8VFbHqpeTq6f8=; b=W/MTS9Uly0zdtns+luSDE8An+d5ShgeXSpgksFQPrhS6bwMY8p82xQrUWxXyYCVBZL gQglK9XamIvSPCP6sJLuUFVFCJpnnNC/ri5oQDZEdju9eq96jw1YAS4B0UAPjnDu/fGC Jd/NzXKTxjyZmni43LOQfjZpvrgbXsTSP0QioohVXDWxtyzeR15gqXPnI5OKjGatQ4Mw TnhVIw53Y+EhokkS5excmbRGK5CuyRuUxXP8RElg5MivZ9PKRGkhQ7YFiSHf2344CGvA p3dW21JkgKSdZE33IVBQsQnVo+rpTaYxhQjT6b7hUxC4NmT1QssEnZbsSp7Xmk7A3eR0 PCfA== MIME-Version: 1.0 Received: by 10.152.106.162 with SMTP id gv2mr10957405lab.14.1352479998411; Fri, 09 Nov 2012 08:53:18 -0800 (PST) Received: by 10.152.23.1 with HTTP; Fri, 9 Nov 2012 08:53:18 -0800 (PST) In-Reply-To: <20121109135816.GB1886@tucnak.redhat.com> References: <1351799566-31447-1-git-send-email-dodji@redhat.com> <87pq3v8vmi.fsf@redhat.com> <87ip9n8vi2.fsf_-_@redhat.com> <509D019C.7020505@net-b.de> <20121109135816.GB1886@tucnak.redhat.com> Date: Fri, 09 Nov 2012 16:53:00 -0000 Message-ID: Subject: Re: [PATCH 01/10] Initial import of asan from the Google branch into trunk From: Xinliang David Li To: Jakub Jelinek Cc: Tobias Burnus , Dodji Seketeli , GCC Patches , Diego Novillo , Wei Mi , Konstantin Serebryany Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQkVHCsQiCYP1q9UUTZvcK/Vys4cSe/8/97mn2ugP6LEJS0q+QFjv131vDODD5NF5kosYiAp90EOM9N7O1LFH/5N5YqysMHIW0noECkCAqVtbC+oPS7sNYzsTOg40aiTZtu2B4V3HHlZGaY0zoLB8jT4uSOIGBErqWqXXm9A9q/AG2hRbX6UhlSGahGTjxay5L0bte6A X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org X-SW-Source: 2012-11/txt/msg00761.txt.bz2 It seems that my one line fix in asan branch (r192605) is not included in Dodji's patch set. David On Fri, Nov 9, 2012 at 5:58 AM, Jakub Jelinek wrote: > On Fri, Nov 09, 2012 at 02:14:04PM +0100, Tobias Burnus wrote: >> Dodji Seketeli wrote: >> >This patch imports the initial state of asan as it was in the >> >Google branch. >> > >> >It provides basic infrastructure for asan to instrument memory >> >accesses on the heap, at -O3. Note that it supports neither stack nor >> >global variable protection. >> >> I tried the 01/10 to 10/10 patch series but it doesn't trigger for >> the following test case: >> >> #include >> #include >> >> int >> main() { >> int *i; >> i = malloc(10*sizeof(*i)); >> free(i); /* <<< Free memory. */ >> i[10] = 5; /* <<< out of boundary even if not freed. */ >> printf("%d\n", i[11]); /* <<< out of boundary even if not freed. */ >> return 0; >> } >> >> (All of them are reported by Clang.) If I look at the dump (or >> assembler), I see the call to __asan_init, __asan_report_store4 and >> __asan_report_load4. However, when running the program ltrace only >> shows the calls to: __libc_start_main, __asan_init, malloc, free and >> printf. I haven't debugged why the condition is false [see >> attachment for the dump]. > > Can't reproduce that (admittedly with asan SVN branch rather than the > patchset): > > ./xgcc -B ./ -O2 -fasan -o a a.c -Wl,-rpath,/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/ \ > -L /usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/ > ./a > ================================================================= > ==20614== ERROR: AddressSanitizer heap-use-after-free on address > 0x7f7d8245afec at pc 0x4006f8 bp 0x7fff9beda4c0 sp 0x7fff9beda4b8 > READ of size 4 at 0x7f7d8245afec thread T0 > #0 0x4006f7 (/usr/src/gcc-asan/obj/gcc/a+0x4006f7) > 0x7f7d8245afec is located 4 bytes to the right of 40-byte region > [0x7f7d8245afc0,0x7f7d8245afe8) > freed by thread T0 here: > #0 0x7f7d82796585 > #(/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/libasan.so.0.0.0+0xf585) > #1 0x4006b5 (/usr/src/gcc-asan/obj/gcc/a+0x4006b5) > previously allocated by thread T0 here: > #0 0x7f7d82796645 > #(/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/libasan.so.0.0.0+0xf645) > #1 0x4006aa (/usr/src/gcc-asan/obj/gcc/a+0x4006aa) > Shadow byte and word: > 0x1fefb048b5fd: fd > 0x1fefb048b5f8: fd fd fd fd fd fd fd fd > More shadow bytes: > 0x1fefb048b5d8: fa fa fa fa fa fa fa fa > 0x1fefb048b5e0: fa fa fa fa fa fa fa fa > 0x1fefb048b5e8: fa fa fa fa fa fa fa fa > 0x1fefb048b5f0: fa fa fa fa fa fa fa fa > =>0x1fefb048b5f8: fd fd fd fd fd fd fd fd > 0x1fefb048b600: fa fa fa fa fa fa fa fa > 0x1fefb048b608: fa fa fa fa fa fa fa fa > 0x1fefb048b610: fa fa fa fa fa fa fa fa > 0x1fefb048b618: fa fa fa fa fa fa fa fa > Stats: 0M malloced (0M for red zones) by 1 calls > Stats: 0M realloced by 0 calls > Stats: 0M freed by 1 calls > Stats: 0M really freed by 0 calls > Stats: 0M (128 full pages) mmaped in 1 calls > mmaps by size class: 7:4095; > mallocs by size class: 7:1; > frees by size class: 7:1; > rfrees by size class: > Stats: malloc large: 0 small slow: 1 > ==20614== ABORTING > > Jakub