From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19834 invoked by alias); 10 Jan 2013 11:28:08 -0000 Received: (qmail 19825 invoked by uid 22791); 10 Jan 2013 11:28:07 -0000 X-SWARE-Spam-Status: No, hits=-5.3 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,TW_BF,TW_DW,TW_FC,TW_KC,TW_XF X-Spam-Check-By: sourceware.org Received: from mail-vb0-f51.google.com (HELO mail-vb0-f51.google.com) (209.85.212.51) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 10 Jan 2013 11:28:02 +0000 Received: by mail-vb0-f51.google.com with SMTP id fq11so367365vbb.38 for ; Thu, 10 Jan 2013 03:28:01 -0800 (PST) Received: by 10.52.177.103 with SMTP id cp7mr79275465vdc.113.1357817281185; Thu, 10 Jan 2013 03:28:01 -0800 (PST) MIME-Version: 1.0 Received: by 10.52.110.70 with HTTP; Thu, 10 Jan 2013 03:27:41 -0800 (PST) In-Reply-To: <20130110105903.GV7269@tucnak.redhat.com> References: <20130110105903.GV7269@tucnak.redhat.com> From: Konstantin Serebryany Date: Thu, 10 Jan 2013 11:28:00 -0000 Message-ID: Subject: Re: libsanitizer mege from upstream r171973 To: Jakub Jelinek Cc: GCC Patches , Dodji Seketeli , Dmitry Vyukov , Wei Mi Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org X-SW-Source: 2013-01/txt/msg00529.txt.bz2 On Thu, Jan 10, 2013 at 2:59 PM, Jakub Jelinek wrote: > On Thu, Jan 10, 2013 at 11:07:26AM +0400, Konstantin Serebryany wrote: >> >> Our internal LLVM bots (Linux, Mac and Android) are also green, but >> >> since the changes are large something may potentially break on other >> >> platforms. >> >> >> >> Ok to commit? > > Ok, but it would be nice if the prctl stuff in asan_test.cc could be made > more robust. Not all Linux kernels support prctl (PR_SET_NAME, ...) (only > 2.6.9+), and not all prctl.h headers define PR_SET_NAME. > So, I'd guard the prctl call with additional > #ifdef PR_SET_NAME Ok. I'd prefer to guard the whole test with #if defined(__linux__) && defined(PR_SET_NAME). > #endif > guards, and set some bool variable if the prctl failed (or if it wasn't > #called at all), and if that global bool variable was true, used a differ= ent > expected error message (.* in the place of the expected error string). > Or perhaps just have TryToSetThreadName return whether it succeeded or no= t, > also call TryToSetThreadName in ThreadNamesTest directly and just return > it it failed. > > BTW, I had a look at your qsort overflow testcase, and I get: > $ ./xg++ -B ./ -O2 -fsanitize=3Daddress -o overflow-in-qsort overflow-in-= qsort.cc -B ../x86_64-unknown-linux-gnu/libstdc++-v3/src/.libs/ -B ../x86_6= 4-unknown-linux-gnu/libsanitizer/asan/.libs/ -Wl,-rpath,../x86_64-unknown-l= inux-gnu/libsanitizer/asan/.libs/ -fno-omit-frame-pointer -g > $ ASAN_OPTIONS=3Dfast_unwind_on_fatal=3D1 ./overflow-in-qsort 2>&1 | /usr= /src/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D24758=3D=3D ERROR: AddressSanitizer: global-buffer-overflow on addr= ess 0x000000601448 at pc 0x400acf bp 0x7fffb9caee90 sp 0x7fffb9caee88 > WRITE of size 4 at 0x000000601448 thread T0 > #0 0x400ace in QsortCallback /usr/src/gcc/obj2/gcc/overflow-in-qsort.= cc:19 > #1 0x3216c37bb1 in ?? ??:0 > 0x000000601448 is located 0 bytes to the right of global variable 'global= _array (overflow-in-qsort.cc)' (0x601420) of size 40 > ... > while with > $ ASAN_OPTIONS=3Dfast_unwind_on_fatal=3D0 ./overflow-in-qsort 2>&1 | /usr= /src/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D24763=3D=3D ERROR: AddressSanitizer: global-buffer-overflow on addr= ess 0x000000601448 at pc 0x400acf bp 0x7ffff72db050 sp 0x7ffff72db048 > WRITE of size 4 at 0x000000601448 thread T0 > #0 0x400ace in QsortCallback /usr/src/gcc/obj2/gcc/overflow-in-qsort.= cc:19 > #1 0x3216c37bb1 in ?? ??:0 > #2 0x3216c3809b in ?? ??:0 > #3 0x400b1b in MyQsort /usr/src/gcc/obj2/gcc/overflow-in-qsort.cc:26 > #4 0x4008c9 in main /usr/src/gcc/obj2/gcc/overflow-in-qsort.cc:33 > #5 0x3216c21734 in ?? ??:0 > #6 0x400944 in _start ??:0 > 0x000000601448 is located 0 bytes to the right of global variable 'global= _array (overflow-in-qsort.cc)' (0x601420) of size 40 > ... > which is much better (Fedora 17 x86_64). Good! > > Similarly for 32-bit: > > $ ./xg++ -B ./ -O2 -fsanitize=3Daddress -o overflow-in-qsort overflow-in-= qsort.cc -B ../x86_64-unknown-linux-gnu/32/libstdc++-v3/src/.libs/ -B ../x8= 6_64-unknown-linux-gnu/32/libsanitizer/asan/.libs/ -Wl,-rpath,../x86_64-unk= nown-linux-gnu/32/libsanitizer/asan/.libs/ -fno-omit-frame-pointer -g -m32 > $ ASAN_OPTIONS=3Dfast_unwind_on_fatal=3D1 ./overflow-in-qsort 2>&1 | /usr= /src/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D24774=3D=3D ERROR: AddressSanitizer: global-buffer-overflow on addr= ess 0x08049fc8 at pc 0x80488fe bp 0xffd03548 sp 0xffd0353c > WRITE of size 4 at 0x08049fc8 thread T0 > #0 0x80488fd in QsortCallback /usr/src/gcc/obj2/gcc/overflow-in-qsort= .cc:19 > #1 0x4e00fcb2 in ?? ??:0 > addr2line: '': No such file > #2 0x27ffffff in > 0x08049fc8 is located 0 bytes to the right of global variable 'global_arr= ay (overflow-in-qsort.cc)' (0x8049fa0) of size 40 > ... > > vs. > > ASAN_OPTIONS=3Dfast_unwind_on_fatal=3D0 ./overflow-in-qsort 2>&1 | /usr/s= rc/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D24780=3D=3D ERROR: AddressSanitizer: global-buffer-overflow on addr= ess 0x08049fc8 at pc 0x80488fe bp 0xffbfcf88 sp 0xffbfcf7c > WRITE of size 4 at 0x08049fc8 thread T0 > #0 0x80488fd in QsortCallback /usr/src/gcc/obj2/gcc/overflow-in-qsort= .cc:19 > #1 0x4e00fcb2 in ?? ??:0 > #2 0x4e010206 in ?? ??:0 > #3 0x4e0102ee in ?? ??:0 > #4 0x8048955 in MyQsort /usr/src/gcc/obj2/gcc/overflow-in-qsort.cc:26 > #5 0x804870c in main /usr/src/gcc/obj2/gcc/overflow-in-qsort.cc:33 > #6 0x4dff8634 in ?? ??:0 > #7 0x8048794 in _start ??:0 > 0x08049fc8 is located 0 bytes to the right of global variable 'global_arr= ay (overflow-in-qsort.cc)' (0x8049fa0) of size 40 > > Clearly asan_symbolize.py doesn't cope with debug info stripped to separa= te file (I have glibc-debuginfo installed), but AFAIK > iant's libbacktrace doesn't yet either (nor understand dwz DWARF extensio= ns, but Fedora 17 still doesn't use them, only > Fedora 18+ does). Anyway, I've yet to see a testcase where the fast unwi= nder results in better backtrace with default options > (sure, one can compile with -fno-asynchronous-unwind-tables). Yesterday I've compared the two unwinders on chromium and saw no such case (there were few where CFI-based one is better, just like with qsort). It is very likely that I will flip fast_unwind_on_fatal to 0 next week. --kcc > > Jakub