Comments (13)
So, what is the problem?
The code is buggy and asan detects the bug.
No?
Original comment by [email protected]
on 10 Aug 2011 at 10:16
from address-sanitizer.
The problem is with mops that "split 2 shadow bytes". Since we don't analyse
the second byte, we don't catch the error. The minimal test is:
TEST(AddressSanitizer, DISABLED_StrangeMemIntrinsicBehaviorTest2){
int const size = 4096;
char* s = (char*)malloc(size);
EXPECT_DEATH(memcpy(s+size-1, s, 2), TO_THE_RIGHT(0));
free(s);
}
If 4096 is replaced with 4095, the test passes (that is, the program crashes).
Original comment by [email protected]
on 10 Aug 2011 at 10:32
from address-sanitizer.
ah!
This is
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm#Unalig
ned_accesses
Not sure if we want to do anything with this right now...
Original comment by [email protected]
on 10 Aug 2011 at 10:36
from address-sanitizer.
I think it's worth moving to KnownBugs, because it's where I looked first.
Original comment by [email protected]
on 10 Aug 2011 at 10:41
from address-sanitizer.
>> I think it's worth moving to KnownBugs,
Agree. Give a link there.
Original comment by [email protected]
on 10 Aug 2011 at 10:53
from address-sanitizer.
Done:
http://code.google.com/p/address-sanitizer/wiki/KnownBugs
Original comment by [email protected]
on 10 Aug 2011 at 11:04
from address-sanitizer.
Can we instrument arguments of memintrinsic functions _before_ these functions
are modified by compiler and lead to unaligned access? Or we should just leave
everything as is now?
Original comment by [email protected]
on 10 Aug 2011 at 11:19
from address-sanitizer.
I don't know for sure (need to investigate when does memset lowering happen),
but probably not. asan instrumentation should happen at the later stages, when
the majority of other optimizations already happened.
I'd leave it as is for now.
Long term we'll need to implement checking for unaligned accesses (as an option)
Original comment by [email protected]
on 10 Aug 2011 at 11:31
from address-sanitizer.
> Can we instrument arguments of memintrinsic functions _before_ these
functions are modified by compiler and lead to unaligned access?
There should a compiler option that prevents inlining of intrinsic functions.
Original comment by [email protected]
on 10 Aug 2011 at 11:58
from address-sanitizer.
> There should a compiler option that prevents inlining of intrinsic functions
When I compile the following test with -fno-builtin
TEST(AddressSanitizer, DISABLED_StrangeMemIntrinsicBehaviorTest2){
char * s = (char*)malloc(4096);
memcpy(s+4096-1, s, 2);
}
it does not insert any instrumentation at all:
0808fb00
<AddressSanitizer_DISABLED_StrangeMemIntrinsicBehaviorTest2_Test::TestBody()>:
808fb00: 55 push %ebp
808fb01: 89 e5 mov %esp,%ebp
808fb03: 83 ec 18 sub $0x18,%esp
808fb06: c7 04 24 00 10 00 00 movl $0x1000,(%esp)
808fb0d: e8 8e ea 09 00 call 812e5a0 <malloc>
808fb12: 89 44 24 04 mov %eax,0x4(%esp)
808fb16: 05 ff 0f 00 00 add $0xfff,%eax
808fb1b: 89 04 24 mov %eax,(%esp)
808fb1e: c7 44 24 08 02 00 00 movl $0x2,0x8(%esp)
808fb25: 00
808fb26: e8 2d ea fe ff call 807e558 <memcpy@plt>
808fb2b: 83 c4 18 add $0x18,%esp
808fb2e: 5d pop %ebp
808fb2f: c3 ret
ouch!
Original comment by [email protected]
on 10 Aug 2011 at 1:01
from address-sanitizer.
perhaps because it does not treat memset as an intrinsic
Original comment by [email protected]
on 10 Aug 2011 at 1:02
from address-sanitizer.
Yeah, but it should treat memcpy as a, well, memcpy.
Original comment by [email protected]
on 10 Aug 2011 at 1:14
from address-sanitizer.
since http://llvm.org/viewvc/llvm-project?rev=206746&view=rev
asan does not instrument memset/memmove/memcpy calls, instead it replaces the
calls
with calls to __asan_memset/etc.
I think this allows us to close this bug.
Original comment by [email protected]
on 14 May 2014 at 1:44
- Changed state: Fixed
from address-sanitizer.
Related Issues (20)
- CHECK fails on linux and program doesn't launch HOT 14
- clang and clang++ behave differently on a small OOB test HOT 4
- Deal with ASLR on Mac OS HOT 8
- can't static link against gflags HOT 13
- Debugging breakpoints needed HOT 2
- Doesn't compile on OSX Lion (10.7) HOT 9
- ASan doesn't instrument the +load methods HOT 12
- ASan incorrectly wraps memmove on OS X Lion HOT 3
- GCD tests are broken on Mac OS 10.6 HOT 4
- ASan allows incorrect reordering of memory accesses HOT 4
- ASan doesn't unpoison stack of subprocesses that share the same memory HOT 3
- crash on programs that link SenTestingKit (Apple's bundled unit testing framework) HOT 19
- Need to check that the shadow memory does not overlap with existing mappings HOT 1
- Use portable macros for printing sizes, offsets, and addresses HOT 13
- debug info problems HOT 12
- __asan_handle_no_return undefined in lib for i386 HOT 4
- ASan requires /MTd linking on Windows HOT 4
- AsanStackTrace::FastUnwindStack reads wild addresses HOT 3
- compilation hangs with -faddress-sanitizer HOT 5
- asan fails to unwind from memcmp HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from address-sanitizer.