Oh, looks like you're using Clang 3.1, right? The instrumentation of memcpy/memmove intrinsics has changed since then, also the new runtime library isn't guaranteed to work with an old Clang. Can you try Clang 3.5 or 3.6?
On Fri, Aug 22, 2014 at 2:31 PM, Alexander Potapenko <[email protected]> wrote: > The "without_asan" file is an assembly one, pls add -emit-llvm. > > On Fri, Aug 22, 2014 at 2:09 PM, ji wang <[email protected]> wrote: >> Hi,Alexander >> I think those is your wanted: >> >> >> 在 2014年8月22日星期五UTC+8下午5时51分05秒,Alexander Potapenko写道: >>> >>> Apparently Clang just lowered your memcpy call into a sequence of >>> assembly instructions, because it knew the arguments and the size. >>> It's strange that it didn't instrument the memcpy intrinsic, however. >>> Could you please dump the LLVM bitcode for this file (-S -emit-llvm) >>> with and without ASan? >>> >>> On Fri, Aug 22, 2014 at 1:41 PM, ji wang <[email protected]> wrote: >>> > Test code, asan_memcpy.cpp: >>> > #include <stdio.h> >>> > #include <stdlib.h> >>> > int main(){ >>> > int *array = (int *)malloc(sizeof(int) * 100); >>> > printf("Now should be an error: memcpy-param-overlap\n"); >>> > memcpy(array, array+1, sizeof(int)*8); >>> > return 0; >>> > } >>> > Android.mk >>> > include $(CLEAR_VARS) >>> > LOCAL_SRC_FILES := asan_memcpy.cpp >>> > LOCAL_MODULE_TAGS := eng >>> > LOCAL_ADDRESS_SANITIZER:=true >>> > LOCAL_MODULE := asan_memcpy >>> > include $(BUILD_EXECUTABLE) >>> > >>> > Run asanwrapper asan_memcpy in adb shell, no error that Asan detected. >>> > The >>> > disassemable of asan_memcpy as below: >>> > 000006cc <main>: >>> > #include <stdio.h> >>> > #include <stdlib.h> >>> > >>> > int main(){ >>> > 6cc: b5b0 push {r4, r5, r7, lr} >>> > 6ce: af02 add r7, sp, #8 >>> > 6d0: b0c4 sub sp, #272 ; 0x110 >>> > 6d2: 466c mov r4, sp >>> > 6d4: f024 041f bic.w r4, r4, #31 >>> > 6d8: 46a5 mov sp, r4 >>> > 6da: 488a ldr r0, [pc, #552] ; (904 <main+0x238>) >>> > 6dc: 498a ldr r1, [pc, #552] ; (908 <main+0x23c>) >>> > 6de: 4479 add r1, pc >>> > 6e0: 5840 ldr r0, [r0, r1] >>> > 6e2: 6800 ldr r0, [r0, #0] >>> > 6e4: 9043 str r0, [sp, #268] ; 0x10c >>> > 6e6: a818 add r0, sp, #96 ; 0x60 >>> > 6e8: f100 0220 add.w r2, r0, #32 >>> > 6ec: 4613 mov r3, r2 >>> > 6ee: f100 0c60 add.w ip, r0, #96 ; 0x60 >>> > 6f2: 4686 mov lr, r0 >>> > 6f4: f648 24b3 movw r4, #35507 ; 0x8ab3 >>> > 6f8: f2c4 14b5 movt r4, #16821 ; 0x41b5 >>> > 6fc: 9418 str r4, [sp, #96] ; 0x60 >>> > 6fe: 4c83 ldr r4, [pc, #524] ; (90c <main+0x240>) >>> > 700: 440c add r4, r1 >>> > 702: 9419 str r4, [sp, #100] ; 0x64 >>> > 704: 4c82 ldr r4, [pc, #520] ; (910 <main+0x244>) >>> > 706: 5861 ldr r1, [r4, r1] >>> > 708: 911a str r1, [sp, #104] ; 0x68 >>> > 70a: 08c0 lsrs r0, r0, #3 >>> > 70c: 4601 mov r1, r0 >>> > 70e: f04f 34f1 mov.w r4, #4059165169 ; 0xf1f1f1f1 >>> > 712: 6004 str r4, [r0, #0] >>> > 714: f24f 4404 movw r4, #62468 ; 0xf404 >>> > 718: f2cf 44f4 movt r4, #62708 ; 0xf4f4 >>> > 71c: 6044 str r4, [r0, #4] >>> > 71e: f04f 35f2 mov.w r5, #4076008178 ; 0xf2f2f2f2 >>> > 722: 6085 str r5, [r0, #8] >>> > 724: 60c4 str r4, [r0, #12] >>> > 726: f04f 34f3 mov.w r4, #4092851187 ; 0xf3f3f3f3 >>> > 72a: 6104 str r4, [r0, #16] >>> > 72c: 4610 mov r0, r2 >>> > 72e: 08d2 lsrs r2, r2, #3 >>> > 730: 7812 ldrb r2, [r2, #0] >>> > 732: 2a00 cmp r2, #0 >>> > 734: f8cd e05c str.w lr, [sp, #92] ; 0x5c >>> > 738: f8cd c058 str.w ip, [sp, #88] ; 0x58 >>> > 73c: 9015 str r0, [sp, #84] ; 0x54 >>> > 73e: 9314 str r3, [sp, #80] ; 0x50 >>> > 740: 9113 str r1, [sp, #76] ; 0x4c >>> > 742: 9212 str r2, [sp, #72] ; 0x48 >>> > 744: d00c beq.n 760 <main+0x94> >>> > 746: e7ff b.n 748 <main+0x7c> >>> > 748: 9815 ldr r0, [sp, #84] ; 0x54 >>> > 74a: f000 0107 and.w r1, r0, #7 >>> > 74e: 3103 adds r1, #3 >>> > 750: 9a12 ldr r2, [sp, #72] ; 0x48 >>> > 752: b253 sxtb r3, r2 >>> > 754: 4299 cmp r1, r3 >>> > 756: db03 blt.n 760 <main+0x94> >>> > 758: e7ff b.n 75a <main+0x8e> >>> > 75a: 9815 ldr r0, [sp, #84] ; 0x54 >>> > 75c: f7ff ef20 blx 5a0 <__asan_report_store4@plt> >>> > 760: 2000 movs r0, #0 >>> > 762: 9914 ldr r1, [sp, #80] ; 0x50 >>> > 764: 6008 str r0, [r1, #0] >>> > 766: f44f 70c8 mov.w r0, #400 ; 0x190 >>> > int *array = (int *)malloc(sizeof(int) * 100); >>> > 76a: f7ff ef20 blx 5ac <malloc@plt> >>> > 76e: 9916 ldr r1, [sp, #88] ; 0x58 >>> > 770: 9a16 ldr r2, [sp, #88] ; 0x58 >>> > 772: 08d3 lsrs r3, r2, #3 >>> > 774: 781b ldrb r3, [r3, #0] >>> > 776: 2b00 cmp r3, #0 >>> > 778: 9011 str r0, [sp, #68] ; 0x44 >>> > 77a: 9110 str r1, [sp, #64] ; 0x40 >>> > 77c: 930f str r3, [sp, #60] ; 0x3c >>> > 77e: d00c beq.n 79a <main+0xce> >>> > 780: e7ff b.n 782 <main+0xb6> >>> > 782: 9810 ldr r0, [sp, #64] ; 0x40 >>> > 784: f000 0107 and.w r1, r0, #7 >>> > 788: 3103 adds r1, #3 >>> > 78a: 9a0f ldr r2, [sp, #60] ; 0x3c >>> > 78c: b253 sxtb r3, r2 >>> > 78e: 4299 cmp r1, r3 >>> > 790: db03 blt.n 79a <main+0xce> >>> > 792: e7ff b.n 794 <main+0xc8> >>> > 794: 9810 ldr r0, [sp, #64] ; 0x40 >>> > 796: f7ff ef04 blx 5a0 <__asan_report_store4@plt> >>> > 79a: 9811 ldr r0, [sp, #68] ; 0x44 >>> > 79c: 9916 ldr r1, [sp, #88] ; 0x58 >>> > 79e: 6008 str r0, [r1, #0] >>> > printf("Now should be an error: memcpy-param-overlap\n"); >>> > 7a0: 4a5c ldr r2, [pc, #368] ; (914 <main+0x248>) >>> > 7a2: 4b5d ldr r3, [pc, #372] ; (918 <main+0x24c>) >>> > 7a4: 447b add r3, pc >>> > 7a6: 18d0 adds r0, r2, r3 >>> > 7a8: f7ff ef06 blx 5b8 <printf@plt> >>> > memcpy(array, array+1, sizeof(int)*8); >>> > 7ac: 9916 ldr r1, [sp, #88] ; 0x58 >>> > 7ae: 9a16 ldr r2, [sp, #88] ; 0x58 >>> > 7b0: 08d3 lsrs r3, r2, #3 >>> > 7b2: 781b ldrb r3, [r3, #0] >>> > 7b4: 2b00 cmp r3, #0 >>> > 7b6: 900e str r0, [sp, #56] ; 0x38 >>> > 7b8: 910d str r1, [sp, #52] ; 0x34 >>> > 7ba: 930c str r3, [sp, #48] ; 0x30 >>> > 7bc: d00c beq.n 7d8 <main+0x10c> >>> > 7be: e7ff b.n 7c0 <main+0xf4> >>> > 7c0: 980d ldr r0, [sp, #52] ; 0x34 >>> > 7c2: f000 0107 and.w r1, r0, #7 >>> > 7c6: 3103 adds r1, #3 >>> > 7c8: 9a0c ldr r2, [sp, #48] ; 0x30 >>> > 7ca: b253 sxtb r3, r2 >>> > 7cc: 4299 cmp r1, r3 >>> > 7ce: db03 blt.n 7d8 <main+0x10c> >>> > 7d0: e7ff b.n 7d2 <main+0x106> >>> > 7d2: 980d ldr r0, [sp, #52] ; 0x34 >>> > 7d4: f7ff eef6 blx 5c4 <__asan_report_load4@plt> >>> > 7d8: 9816 ldr r0, [sp, #88] ; 0x58 >>> > 7da: 6801 ldr r1, [r0, #0] >>> > 7dc: 460a mov r2, r1 >>> > 7de: 460b mov r3, r1 >>> > 7e0: f101 0c04 add.w ip, r1, #4 >>> > 7e4: 46e6 mov lr, ip >>> > 7e6: 08cc lsrs r4, r1, #3 >>> > 7e8: 7824 ldrb r4, [r4, #0] >>> > 7ea: 2c00 cmp r4, #0 >>> > 7ec: 910b str r1, [sp, #44] ; 0x2c >>> > 7ee: 920a str r2, [sp, #40] ; 0x28 >>> > 7f0: 9309 str r3, [sp, #36] ; 0x24 >>> > 7f2: f8cd e020 str.w lr, [sp, #32] >>> > 7f6: f8cd c01c str.w ip, [sp, #28] >>> > 7fa: 9406 str r4, [sp, #24] >>> > 7fc: d00c beq.n 818 <main+0x14c> >>> > 7fe: e7ff b.n 800 <main+0x134> >>> > 800: 980b ldr r0, [sp, #44] ; 0x2c >>> > 802: f000 0107 and.w r1, r0, #7 >>> > 806: 9a06 ldr r2, [sp, #24] >>> > 808: b253 sxtb r3, r2 >>> > 80a: 4299 cmp r1, r3 >>> > 80c: db04 blt.n 818 <main+0x14c> >>> > 80e: e7ff b.n 810 <main+0x144> >>> > 810: 2120 movs r1, #32 >>> > 812: 980b ldr r0, [sp, #44] ; 0x2c >>> > 814: f7ff eedc blx 5d0 <__asan_report_store_n@plt> >>> > 818: 980a ldr r0, [sp, #40] ; 0x28 >>> > 81a: f100 011f add.w r1, r0, #31 >>> > 81e: 460a mov r2, r1 >>> > 820: 08c9 lsrs r1, r1, #3 >>> > 822: 7809 ldrb r1, [r1, #0] >>> > 824: 2900 cmp r1, #0 >>> > 826: 9205 str r2, [sp, #20] >>> > 828: 9104 str r1, [sp, #16] >>> > 82a: d00c beq.n 846 <main+0x17a> >>> > 82c: e7ff b.n 82e <main+0x162> >>> > 82e: 9805 ldr r0, [sp, #20] >>> > 830: f000 0107 and.w r1, r0, #7 >>> > 834: 9a04 ldr r2, [sp, #16] >>> > 836: b253 sxtb r3, r2 >>> > 838: 4299 cmp r1, r3 >>> > 83a: db04 blt.n 846 <main+0x17a> >>> > 83c: e7ff b.n 83e <main+0x172> >>> > 83e: 2120 movs r1, #32 >>> > 840: 9805 ldr r0, [sp, #20] >>> > 842: f7ff eec6 blx 5d0 <__asan_report_store_n@plt> >>> > 846: 9808 ldr r0, [sp, #32] >>> > 848: 9908 ldr r1, [sp, #32] >>> > 84a: 08ca lsrs r2, r1, #3 >>> > 84c: 7812 ldrb r2, [r2, #0] >>> > 84e: 2a00 cmp r2, #0 >>> > 850: 9003 str r0, [sp, #12] >>> > 852: 9202 str r2, [sp, #8] >>> > 854: d00c beq.n 870 <main+0x1a4> >>> > 856: e7ff b.n 858 <main+0x18c> >>> > 858: 9803 ldr r0, [sp, #12] >>> > 85a: f000 0107 and.w r1, r0, #7 >>> > 85e: 9a02 ldr r2, [sp, #8] >>> > 860: b253 sxtb r3, r2 >>> > 862: 4299 cmp r1, r3 >>> > 864: db04 blt.n 870 <main+0x1a4> >>> > 866: e7ff b.n 868 <main+0x19c> >>> > 868: 2120 movs r1, #32 >>> > 86a: 9803 ldr r0, [sp, #12] >>> > 86c: f7ff eeb6 blx 5dc <__asan_report_load_n@plt> >>> > 870: 9808 ldr r0, [sp, #32] >>> > 872: f100 011f add.w r1, r0, #31 >>> > 876: 460a mov r2, r1 >>> > 878: 08c9 lsrs r1, r1, #3 >>> > 87a: 7809 ldrb r1, [r1, #0] >>> > 87c: 2900 cmp r1, #0 >>> > 87e: 9201 str r2, [sp, #4] >>> > 880: 9100 str r1, [sp, #0] >>> > 882: d00c beq.n 89e <main+0x1d2> >>> > 884: e7ff b.n 886 <main+0x1ba> >>> > 886: 9801 ldr r0, [sp, #4] >>> > 888: f000 0107 and.w r1, r0, #7 >>> > 88c: 9a00 ldr r2, [sp, #0] >>> > 88e: b253 sxtb r3, r2 >>> > 890: 4299 cmp r1, r3 >>> > 892: db04 blt.n 89e <main+0x1d2> >>> > 894: e7ff b.n 896 <main+0x1ca> >>> > 896: 2120 movs r1, #32 >>> > 898: 9801 ldr r0, [sp, #4] >>> > 89a: f7ff eea0 blx 5dc <__asan_report_load_n@plt> >>> > 89e: 9807 ldr r0, [sp, #28] >>> > 8a0: f960 0a8f vld1.32 {d16-d17}, [r0] >>> > 8a4: 9909 ldr r1, [sp, #36] ; 0x24 >>> > 8a6: f941 0a8f vst1.32 {d16-d17}, [r1] >>> > 8aa: f101 0210 add.w r2, r1, #16 >>> > 8ae: f100 0310 add.w r3, r0, #16 >>> > 8b2: f963 0a8f vld1.32 {d16-d17}, [r3] >>> > 8b6: f942 0a8f vst1.32 {d16-d17}, [r2] >>> > 8ba: f243 620e movw r2, #13838 ; 0x360e >>> > 8be: f2c4 52e0 movt r2, #17888 ; 0x45e0 >>> > return 0; >>> > 8c2: 9b17 ldr r3, [sp, #92] ; 0x5c >>> > 8c4: 601a str r2, [r3, #0] >>> > 8c6: efc0 0050 vmov.i32 q8, #0 ; 0x00000000 >>> > 8ca: 9a13 ldr r2, [sp, #76] ; 0x4c >>> > 8cc: f942 0a8f vst1.32 {d16-d17}, [r2] >>> > 8d0: f04f 0c00 mov.w ip, #0 >>> > 8d4: f8c2 c010 str.w ip, [r2, #16] >>> > 8d8: f8df c028 ldr.w ip, [pc, #40] ; 904 <main+0x238> >>> > 8dc: f8df e03c ldr.w lr, [pc, #60] ; 91c <main+0x250> >>> > 8e0: 44fe add lr, pc >>> > 8e2: f85c c00e ldr.w ip, [ip, lr] >>> > 8e6: f8dc c000 ldr.w ip, [ip] >>> > 8ea: f8dd e10c ldr.w lr, [sp, #268] ; 0x10c >>> > 8ee: 45f4 cmp ip, lr >>> > 8f0: d105 bne.n 8fe <main+0x232> >>> > 8f2: e7ff b.n 8f4 <main+0x228> >>> > 8f4: 2000 movs r0, #0 >>> > 8f6: f1a7 0408 sub.w r4, r7, #8 >>> > 8fa: 46a5 mov sp, r4 >>> > 8fc: bdb0 pop {r4, r5, r7, pc} >>> > 8fe: f7ff ee74 blx 5e8 <__stack_chk_fail@plt> >>> > 902: bf00 nop >>> > 904: fff4 ffff ; <UNDEFINED> instruction: >>> > 0xfff4ffff >>> > 908: 18e2 adds r2, r4, r3 >>> > 90a: 0000 movs r0, r0 >>> > 90c: ea84 ffff ; <UNDEFINED> instruction: >>> > 0xea84ffff >>> > 910: fff0 ffff ; <UNDEFINED> instruction: >>> > 0xfff0ffff >>> > 914: ea1c ffff ; <UNDEFINED> instruction: >>> > 0xea1cffff >>> > 918: 181c adds r4, r3, r0 >>> > 91a: 0000 movs r0, r0 >>> > 91c: 16e0 asrs r0, r4, #27 >>> > >>> > I thought memcpy disassemable should have "blx 32c <memcpy@plt>" >>> > line, >>> > so it can call the interceptors in libasan_preload.so, but now seems we >>> > got >>> > some buildin functions in Clang? The same happened at memmove, that the >>> > interceptors not working now. >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "address-sanitizer" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> Alexander Potapenko >>> Software Engineer >>> Google Moscow >> >> -- >> You received this message because you are subscribed to the Google Groups >> "address-sanitizer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > > > -- > Alexander Potapenko > Software Engineer > Google Moscow -- Alexander Potapenko Software Engineer Google Moscow -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
