Hi,Alexander I think those is your wanted:
在 2014年8月22日星期五UTC+8下午5时51分05秒,Alexander Potapenko写道: > > Apparently Clang just lowered your memcpy call into a sequence of > assembly instructions, because it knew the arguments and the size. > It's strange that it didn't instrument the memcpy intrinsic, however. > Could you please dump the LLVM bitcode for this file (-S -emit-llvm) > with and without ASan? > > On Fri, Aug 22, 2014 at 1:41 PM, ji wang <[email protected] > <javascript:>> wrote: > > Test code, asan_memcpy.cpp: > > #include <stdio.h> > > #include <stdlib.h> > > int main(){ > > int *array = (int *)malloc(sizeof(int) * 100); > > printf("Now should be an error: memcpy-param-overlap\n"); > > memcpy(array, array+1, sizeof(int)*8); > > return 0; > > } > > Android.mk > > include $(CLEAR_VARS) > > LOCAL_SRC_FILES := asan_memcpy.cpp > > LOCAL_MODULE_TAGS := eng > > LOCAL_ADDRESS_SANITIZER:=true > > LOCAL_MODULE := asan_memcpy > > include $(BUILD_EXECUTABLE) > > > > Run asanwrapper asan_memcpy in adb shell, no error that Asan detected. > The > > disassemable of asan_memcpy as below: > > 000006cc <main>: > > #include <stdio.h> > > #include <stdlib.h> > > > > int main(){ > > 6cc: b5b0 push {r4, r5, r7, lr} > > 6ce: af02 add r7, sp, #8 > > 6d0: b0c4 sub sp, #272 ; 0x110 > > 6d2: 466c mov r4, sp > > 6d4: f024 041f bic.w r4, r4, #31 > > 6d8: 46a5 mov sp, r4 > > 6da: 488a ldr r0, [pc, #552] ; (904 <main+0x238>) > > 6dc: 498a ldr r1, [pc, #552] ; (908 <main+0x23c>) > > 6de: 4479 add r1, pc > > 6e0: 5840 ldr r0, [r0, r1] > > 6e2: 6800 ldr r0, [r0, #0] > > 6e4: 9043 str r0, [sp, #268] ; 0x10c > > 6e6: a818 add r0, sp, #96 ; 0x60 > > 6e8: f100 0220 add.w r2, r0, #32 > > 6ec: 4613 mov r3, r2 > > 6ee: f100 0c60 add.w ip, r0, #96 ; 0x60 > > 6f2: 4686 mov lr, r0 > > 6f4: f648 24b3 movw r4, #35507 ; 0x8ab3 > > 6f8: f2c4 14b5 movt r4, #16821 ; 0x41b5 > > 6fc: 9418 str r4, [sp, #96] ; 0x60 > > 6fe: 4c83 ldr r4, [pc, #524] ; (90c <main+0x240>) > > 700: 440c add r4, r1 > > 702: 9419 str r4, [sp, #100] ; 0x64 > > 704: 4c82 ldr r4, [pc, #520] ; (910 <main+0x244>) > > 706: 5861 ldr r1, [r4, r1] > > 708: 911a str r1, [sp, #104] ; 0x68 > > 70a: 08c0 lsrs r0, r0, #3 > > 70c: 4601 mov r1, r0 > > 70e: f04f 34f1 mov.w r4, #4059165169 ; 0xf1f1f1f1 > > 712: 6004 str r4, [r0, #0] > > 714: f24f 4404 movw r4, #62468 ; 0xf404 > > 718: f2cf 44f4 movt r4, #62708 ; 0xf4f4 > > 71c: 6044 str r4, [r0, #4] > > 71e: f04f 35f2 mov.w r5, #4076008178 ; 0xf2f2f2f2 > > 722: 6085 str r5, [r0, #8] > > 724: 60c4 str r4, [r0, #12] > > 726: f04f 34f3 mov.w r4, #4092851187 ; 0xf3f3f3f3 > > 72a: 6104 str r4, [r0, #16] > > 72c: 4610 mov r0, r2 > > 72e: 08d2 lsrs r2, r2, #3 > > 730: 7812 ldrb r2, [r2, #0] > > 732: 2a00 cmp r2, #0 > > 734: f8cd e05c str.w lr, [sp, #92] ; 0x5c > > 738: f8cd c058 str.w ip, [sp, #88] ; 0x58 > > 73c: 9015 str r0, [sp, #84] ; 0x54 > > 73e: 9314 str r3, [sp, #80] ; 0x50 > > 740: 9113 str r1, [sp, #76] ; 0x4c > > 742: 9212 str r2, [sp, #72] ; 0x48 > > 744: d00c beq.n 760 <main+0x94> > > 746: e7ff b.n 748 <main+0x7c> > > 748: 9815 ldr r0, [sp, #84] ; 0x54 > > 74a: f000 0107 and.w r1, r0, #7 > > 74e: 3103 adds r1, #3 > > 750: 9a12 ldr r2, [sp, #72] ; 0x48 > > 752: b253 sxtb r3, r2 > > 754: 4299 cmp r1, r3 > > 756: db03 blt.n 760 <main+0x94> > > 758: e7ff b.n 75a <main+0x8e> > > 75a: 9815 ldr r0, [sp, #84] ; 0x54 > > 75c: f7ff ef20 blx 5a0 <__asan_report_store4@plt> > > 760: 2000 movs r0, #0 > > 762: 9914 ldr r1, [sp, #80] ; 0x50 > > 764: 6008 str r0, [r1, #0] > > 766: f44f 70c8 mov.w r0, #400 ; 0x190 > > int *array = (int *)malloc(sizeof(int) * 100); > > 76a: f7ff ef20 blx 5ac <malloc@plt> > > 76e: 9916 ldr r1, [sp, #88] ; 0x58 > > 770: 9a16 ldr r2, [sp, #88] ; 0x58 > > 772: 08d3 lsrs r3, r2, #3 > > 774: 781b ldrb r3, [r3, #0] > > 776: 2b00 cmp r3, #0 > > 778: 9011 str r0, [sp, #68] ; 0x44 > > 77a: 9110 str r1, [sp, #64] ; 0x40 > > 77c: 930f str r3, [sp, #60] ; 0x3c > > 77e: d00c beq.n 79a <main+0xce> > > 780: e7ff b.n 782 <main+0xb6> > > 782: 9810 ldr r0, [sp, #64] ; 0x40 > > 784: f000 0107 and.w r1, r0, #7 > > 788: 3103 adds r1, #3 > > 78a: 9a0f ldr r2, [sp, #60] ; 0x3c > > 78c: b253 sxtb r3, r2 > > 78e: 4299 cmp r1, r3 > > 790: db03 blt.n 79a <main+0xce> > > 792: e7ff b.n 794 <main+0xc8> > > 794: 9810 ldr r0, [sp, #64] ; 0x40 > > 796: f7ff ef04 blx 5a0 <__asan_report_store4@plt> > > 79a: 9811 ldr r0, [sp, #68] ; 0x44 > > 79c: 9916 ldr r1, [sp, #88] ; 0x58 > > 79e: 6008 str r0, [r1, #0] > > printf("Now should be an error: memcpy-param-overlap\n"); > > 7a0: 4a5c ldr r2, [pc, #368] ; (914 <main+0x248>) > > 7a2: 4b5d ldr r3, [pc, #372] ; (918 <main+0x24c>) > > 7a4: 447b add r3, pc > > 7a6: 18d0 adds r0, r2, r3 > > 7a8: f7ff ef06 blx 5b8 <printf@plt> > > memcpy(array, array+1, sizeof(int)*8); > > 7ac: 9916 ldr r1, [sp, #88] ; 0x58 > > 7ae: 9a16 ldr r2, [sp, #88] ; 0x58 > > 7b0: 08d3 lsrs r3, r2, #3 > > 7b2: 781b ldrb r3, [r3, #0] > > 7b4: 2b00 cmp r3, #0 > > 7b6: 900e str r0, [sp, #56] ; 0x38 > > 7b8: 910d str r1, [sp, #52] ; 0x34 > > 7ba: 930c str r3, [sp, #48] ; 0x30 > > 7bc: d00c beq.n 7d8 <main+0x10c> > > 7be: e7ff b.n 7c0 <main+0xf4> > > 7c0: 980d ldr r0, [sp, #52] ; 0x34 > > 7c2: f000 0107 and.w r1, r0, #7 > > 7c6: 3103 adds r1, #3 > > 7c8: 9a0c ldr r2, [sp, #48] ; 0x30 > > 7ca: b253 sxtb r3, r2 > > 7cc: 4299 cmp r1, r3 > > 7ce: db03 blt.n 7d8 <main+0x10c> > > 7d0: e7ff b.n 7d2 <main+0x106> > > 7d2: 980d ldr r0, [sp, #52] ; 0x34 > > 7d4: f7ff eef6 blx 5c4 <__asan_report_load4@plt> > > 7d8: 9816 ldr r0, [sp, #88] ; 0x58 > > 7da: 6801 ldr r1, [r0, #0] > > 7dc: 460a mov r2, r1 > > 7de: 460b mov r3, r1 > > 7e0: f101 0c04 add.w ip, r1, #4 > > 7e4: 46e6 mov lr, ip > > 7e6: 08cc lsrs r4, r1, #3 > > 7e8: 7824 ldrb r4, [r4, #0] > > 7ea: 2c00 cmp r4, #0 > > 7ec: 910b str r1, [sp, #44] ; 0x2c > > 7ee: 920a str r2, [sp, #40] ; 0x28 > > 7f0: 9309 str r3, [sp, #36] ; 0x24 > > 7f2: f8cd e020 str.w lr, [sp, #32] > > 7f6: f8cd c01c str.w ip, [sp, #28] > > 7fa: 9406 str r4, [sp, #24] > > 7fc: d00c beq.n 818 <main+0x14c> > > 7fe: e7ff b.n 800 <main+0x134> > > 800: 980b ldr r0, [sp, #44] ; 0x2c > > 802: f000 0107 and.w r1, r0, #7 > > 806: 9a06 ldr r2, [sp, #24] > > 808: b253 sxtb r3, r2 > > 80a: 4299 cmp r1, r3 > > 80c: db04 blt.n 818 <main+0x14c> > > 80e: e7ff b.n 810 <main+0x144> > > 810: 2120 movs r1, #32 > > 812: 980b ldr r0, [sp, #44] ; 0x2c > > 814: f7ff eedc blx 5d0 <__asan_report_store_n@plt> > > 818: 980a ldr r0, [sp, #40] ; 0x28 > > 81a: f100 011f add.w r1, r0, #31 > > 81e: 460a mov r2, r1 > > 820: 08c9 lsrs r1, r1, #3 > > 822: 7809 ldrb r1, [r1, #0] > > 824: 2900 cmp r1, #0 > > 826: 9205 str r2, [sp, #20] > > 828: 9104 str r1, [sp, #16] > > 82a: d00c beq.n 846 <main+0x17a> > > 82c: e7ff b.n 82e <main+0x162> > > 82e: 9805 ldr r0, [sp, #20] > > 830: f000 0107 and.w r1, r0, #7 > > 834: 9a04 ldr r2, [sp, #16] > > 836: b253 sxtb r3, r2 > > 838: 4299 cmp r1, r3 > > 83a: db04 blt.n 846 <main+0x17a> > > 83c: e7ff b.n 83e <main+0x172> > > 83e: 2120 movs r1, #32 > > 840: 9805 ldr r0, [sp, #20] > > 842: f7ff eec6 blx 5d0 <__asan_report_store_n@plt> > > 846: 9808 ldr r0, [sp, #32] > > 848: 9908 ldr r1, [sp, #32] > > 84a: 08ca lsrs r2, r1, #3 > > 84c: 7812 ldrb r2, [r2, #0] > > 84e: 2a00 cmp r2, #0 > > 850: 9003 str r0, [sp, #12] > > 852: 9202 str r2, [sp, #8] > > 854: d00c beq.n 870 <main+0x1a4> > > 856: e7ff b.n 858 <main+0x18c> > > 858: 9803 ldr r0, [sp, #12] > > 85a: f000 0107 and.w r1, r0, #7 > > 85e: 9a02 ldr r2, [sp, #8] > > 860: b253 sxtb r3, r2 > > 862: 4299 cmp r1, r3 > > 864: db04 blt.n 870 <main+0x1a4> > > 866: e7ff b.n 868 <main+0x19c> > > 868: 2120 movs r1, #32 > > 86a: 9803 ldr r0, [sp, #12] > > 86c: f7ff eeb6 blx 5dc <__asan_report_load_n@plt> > > 870: 9808 ldr r0, [sp, #32] > > 872: f100 011f add.w r1, r0, #31 > > 876: 460a mov r2, r1 > > 878: 08c9 lsrs r1, r1, #3 > > 87a: 7809 ldrb r1, [r1, #0] > > 87c: 2900 cmp r1, #0 > > 87e: 9201 str r2, [sp, #4] > > 880: 9100 str r1, [sp, #0] > > 882: d00c beq.n 89e <main+0x1d2> > > 884: e7ff b.n 886 <main+0x1ba> > > 886: 9801 ldr r0, [sp, #4] > > 888: f000 0107 and.w r1, r0, #7 > > 88c: 9a00 ldr r2, [sp, #0] > > 88e: b253 sxtb r3, r2 > > 890: 4299 cmp r1, r3 > > 892: db04 blt.n 89e <main+0x1d2> > > 894: e7ff b.n 896 <main+0x1ca> > > 896: 2120 movs r1, #32 > > 898: 9801 ldr r0, [sp, #4] > > 89a: f7ff eea0 blx 5dc <__asan_report_load_n@plt> > > 89e: 9807 ldr r0, [sp, #28] > > 8a0: f960 0a8f vld1.32 {d16-d17}, [r0] > > 8a4: 9909 ldr r1, [sp, #36] ; 0x24 > > 8a6: f941 0a8f vst1.32 {d16-d17}, [r1] > > 8aa: f101 0210 add.w r2, r1, #16 > > 8ae: f100 0310 add.w r3, r0, #16 > > 8b2: f963 0a8f vld1.32 {d16-d17}, [r3] > > 8b6: f942 0a8f vst1.32 {d16-d17}, [r2] > > 8ba: f243 620e movw r2, #13838 ; 0x360e > > 8be: f2c4 52e0 movt r2, #17888 ; 0x45e0 > > return 0; > > 8c2: 9b17 ldr r3, [sp, #92] ; 0x5c > > 8c4: 601a str r2, [r3, #0] > > 8c6: efc0 0050 vmov.i32 q8, #0 ; 0x00000000 > > 8ca: 9a13 ldr r2, [sp, #76] ; 0x4c > > 8cc: f942 0a8f vst1.32 {d16-d17}, [r2] > > 8d0: f04f 0c00 mov.w ip, #0 > > 8d4: f8c2 c010 str.w ip, [r2, #16] > > 8d8: f8df c028 ldr.w ip, [pc, #40] ; 904 <main+0x238> > > 8dc: f8df e03c ldr.w lr, [pc, #60] ; 91c <main+0x250> > > 8e0: 44fe add lr, pc > > 8e2: f85c c00e ldr.w ip, [ip, lr] > > 8e6: f8dc c000 ldr.w ip, [ip] > > 8ea: f8dd e10c ldr.w lr, [sp, #268] ; 0x10c > > 8ee: 45f4 cmp ip, lr > > 8f0: d105 bne.n 8fe <main+0x232> > > 8f2: e7ff b.n 8f4 <main+0x228> > > 8f4: 2000 movs r0, #0 > > 8f6: f1a7 0408 sub.w r4, r7, #8 > > 8fa: 46a5 mov sp, r4 > > 8fc: bdb0 pop {r4, r5, r7, pc} > > 8fe: f7ff ee74 blx 5e8 <__stack_chk_fail@plt> > > 902: bf00 nop > > 904: fff4 ffff ; <UNDEFINED> instruction: > > 0xfff4ffff > > 908: 18e2 adds r2, r4, r3 > > 90a: 0000 movs r0, r0 > > 90c: ea84 ffff ; <UNDEFINED> instruction: > > 0xea84ffff > > 910: fff0 ffff ; <UNDEFINED> instruction: > > 0xfff0ffff > > 914: ea1c ffff ; <UNDEFINED> instruction: > > 0xea1cffff > > 918: 181c adds r4, r3, r0 > > 91a: 0000 movs r0, r0 > > 91c: 16e0 asrs r0, r4, #27 > > > > I thought memcpy disassemable should have "blx 32c <memcpy@plt>" > line, > > so it can call the interceptors in libasan_preload.so, but now seems we > got > > some buildin functions in Clang? The same happened at memmove, that the > > interceptors not working now. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "address-sanitizer" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Alexander Potapenko > Software Engineer > Google Moscow > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
asan_memmove_with_asan.o
Description: application/object
asan_memmove_without_asan.o
Description: application/object
