Comments (13)
While the problem is caused by a subtle bug in CoreFoundation, this may make
ASan unusable for some applications.
A temporary solution is add a flag to disable replacing the default CFAllocator:
$ ASAN_OPTIONS="replace_cfallocator=0" asan/Release/parseWebKit
I haven't observed such problems with Chromium, thus replace_cfallocator is 1
by default.
Original comment by [email protected]
on 21 Nov 2011 at 9:17
from address-sanitizer.
I've added the flag in r1084.
Original comment by [email protected]
on 21 Nov 2011 at 9:33
- Changed state: Accepted
from address-sanitizer.
Original comment by [email protected]
on 19 Jan 2012 at 7:25
from address-sanitizer.
Braden Thomas supposes that the problem may be caused by CFStringCreateCopy
which normally does not copy constant strings, but does so if the allocator is
replaced:
=================================================
$ cat t.mm
#import <Foundation/Foundation.h>
#include <stdio.h>
int main() {
#ifdef REPLACE
CFAllocatorSetDefault(kCFAllocatorMallocZone);
#endif
CFStringRef str = CFSTR("Hello world!\n");
CFStringRef str2 = CFStringCreateCopy(0, str);
fprintf(stderr, "str: %p\n", str);
fprintf(stderr, "str2: %p\n", str2);
return 0;
}
$ ../../../../build/Release+Asserts/bin/clang++ t.mm -framework Foundation -o
t && ./t
str: 0x100001060
str2: 0x100001060
$ ../../../../build/Release+Asserts/bin/clang++ t.mm -framework Foundation
-DREPLACE -o t && ./t
str: 0x100001070
str2: 0x1001099d8
=================================================
If so, we can try to intercept CFStringCreateCopy and make it leave constant
strings as is
Original comment by [email protected]
on 20 Jan 2012 at 3:35
from address-sanitizer.
At least the initial WebKit example and the program from comment 4 behave
correctly if I wrap CFStringCreateCopy() into a function that checks for the
string constness before comparing the allocators.
Original CFStringCreateCopy() implementation from
http://opensource.apple.com/source/CF/CF-476.19/CFString.c :
===========================================
CFStringRef CFStringCreateWithSubstring(CFAllocatorRef alloc, CFStringRef str,
CFRange range) {
// CF_OBJC_FUNCDISPATCH1(__kCFStringTypeID, CFStringRef , str,
"_createSubstringWithRange:", CFRangeMake(range.location, range.length));
__CFAssertIsString(str);
__CFAssertRangeIsInStringBounds(str, range.location, range.length);
if ((range.location == 0) && (range.length == __CFStrLength(str))) { /* The substring is the whole string... */
return (CFStringRef)CFStringCreateCopy(alloc, str);
} else if (__CFStrIsEightBit(str)) {
const uint8_t *contents = (const uint8_t *)__CFStrContents(str);
return __CFStringCreateImmutableFunnel3(alloc, contents + range.location + __CFStrSkipAnyLengthByte(str), range.length, __CFStringGetEightBitStringEncoding(), false, false, false, false, false, ALLOCATORSFREEFUNC, 0);
} else {
const UniChar *contents = (UniChar *)__CFStrContents(str);
return __CFStringCreateImmutableFunnel3(alloc, contents + range.location, range.length * sizeof(UniChar), kCFStringEncodingUnicode, false, true, false, false, false, ALLOCATORSFREEFUNC, 0);
}
}
===========================================
My wrapper:
545 extern "C"
546 CFStringRef WRAP(CFStringCreateCopy)(CFAllocatorRef alloc, CFStringRef str)
{
547 if (__CFStrIsConstant(str)) {
548 return str;
549 } else {
550 return real_CFStringCreateCopy(alloc, str);
551 }
552 }
Original comment by [email protected]
on 20 Jan 2012 at 4:12
from address-sanitizer.
BookmarkAllTabsControllerTest.BookmarkAllTabs
(http://code.google.com/p/chromium/issues/detail?id=110589) does not fail
anymore with this fix, neither does any of the unit_tests.
Moreover, the problem with blank omnibox in Chromium built with ASan disappears
too.
I'm going to land the wrapper and propose an upstream fix for
CFStringCreateCopy.
Original comment by [email protected]
on 23 Jan 2012 at 8:58
from address-sanitizer.
FTR, this is how omnibox used to behave for me:
> One of the problems I'm facing is that the Omnibox in my build is
> broken: it remains empty while I type in the address (my query appears
> in the drop-down list of suggestions). When I hit enter, the text
> appears, but it is gray instead of black.
Original comment by [email protected]
on 23 Jan 2012 at 9:09
from address-sanitizer.
As of r148696 the problem does not occur anymore.
I'm going to close the bug after I remove the replace_cfallocator flag, which
will happen after the Apple folks confirm everything is correct.
Original comment by [email protected]
on 23 Jan 2012 at 10:51
from address-sanitizer.
can this be closed?
Original comment by [email protected]
on 24 Feb 2012 at 10:57
from address-sanitizer.
I haven't received any feedback from Apple about this, so let's keep it for
some time, ok? We need to remove the flag once we're sure everything is all
right.
Original comment by [email protected]
on 28 Feb 2012 at 11:01
from address-sanitizer.
Original comment by [email protected]
on 22 May 2012 at 8:39
- Added labels: OpSys-OSX
from address-sanitizer.
We've decided to keep this flag for now, since there are problems with
CFAllocator on other OS X versions.
Original comment by [email protected]
on 22 May 2012 at 8:45
from address-sanitizer.
This has been fixed by the recent switch to the dynamic runtime, which does not
replace CFAllocator.
I've removed the replace_cfallocator flag.
Original comment by [email protected]
on 7 Feb 2013 at 4:00
- Changed state: Fixed
from address-sanitizer.
Related Issues (20)
- CHECK fails on linux and program doesn't launch HOT 14
- clang and clang++ behave differently on a small OOB test HOT 4
- Deal with ASLR on Mac OS HOT 8
- can't static link against gflags HOT 13
- Debugging breakpoints needed HOT 2
- Doesn't compile on OSX Lion (10.7) HOT 9
- ASan doesn't instrument the +load methods HOT 12
- ASan incorrectly wraps memmove on OS X Lion HOT 3
- GCD tests are broken on Mac OS 10.6 HOT 4
- ASan allows incorrect reordering of memory accesses HOT 4
- ASan doesn't unpoison stack of subprocesses that share the same memory HOT 3
- crash on programs that link SenTestingKit (Apple's bundled unit testing framework) HOT 19
- Need to check that the shadow memory does not overlap with existing mappings HOT 1
- Use portable macros for printing sizes, offsets, and addresses HOT 13
- debug info problems HOT 12
- __asan_handle_no_return undefined in lib for i386 HOT 4
- ASan requires /MTd linking on Windows HOT 4
- AsanStackTrace::FastUnwindStack reads wild addresses HOT 3
- compilation hangs with -faddress-sanitizer HOT 5
- asan fails to unwind from memcmp HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from address-sanitizer.