Hi,Alexander Yes, I am using clang 3.1. Two questions: One: Where can I get Clang 3.5 for android? Do I need to build it from the source by myself? Two:Does all those bionic interceptors have the same problem using Clang 3.1? like strcpy, memmove....
在 2014年8月22日星期五UTC+8下午6时34分46秒,Alexander Potapenko写道: > > Oh, looks like you're using Clang 3.1, right? > The instrumentation of memcpy/memmove intrinsics has changed since > then, also the new runtime library isn't guaranteed to work with an > old Clang. > Can you try Clang 3.5 or 3.6? > > On Fri, Aug 22, 2014 at 2:31 PM, Alexander Potapenko <[email protected] > <javascript:>> wrote: > > The "without_asan" file is an assembly one, pls add -emit-llvm. > > > > On Fri, Aug 22, 2014 at 2:09 PM, ji wang <[email protected] > <javascript:>> wrote: > >> Hi,Alexander > >> I think those is your wanted: > >> > >> > >> 在 2014年8月22日星期五UTC+8下午5时51分05秒,Alexander Potapenko写道: > >>> > >>> Apparently Clang just lowered your memcpy call into a sequence of > >>> assembly instructions, because it knew the arguments and the size. > >>> It's strange that it didn't instrument the memcpy intrinsic, however. > >>> Could you please dump the LLVM bitcode for this file (-S -emit-llvm) > >>> with and without ASan? > >>> > >>> On Fri, Aug 22, 2014 at 1:41 PM, ji wang <[email protected]> wrote: > >>> > Test code, asan_memcpy.cpp: > >>> > #include <stdio.h> > >>> > #include <stdlib.h> > >>> > int main(){ > >>> > int *array = (int *)malloc(sizeof(int) * 100); > >>> > printf("Now should be an error: memcpy-param-overlap\n"); > >>> > memcpy(array, array+1, sizeof(int)*8); > >>> > return 0; > >>> > } > >>> > Android.mk > >>> > include $(CLEAR_VARS) > >>> > LOCAL_SRC_FILES := asan_memcpy.cpp > >>> > LOCAL_MODULE_TAGS := eng > >>> > LOCAL_ADDRESS_SANITIZER:=true > >>> > LOCAL_MODULE := asan_memcpy > >>> > include $(BUILD_EXECUTABLE) > >>> > > >>> > Run asanwrapper asan_memcpy in adb shell, no error that Asan > detected. > >>> > The > >>> > disassemable of asan_memcpy as below: > >>> > 000006cc <main>: > >>> > #include <stdio.h> > >>> > #include <stdlib.h> > >>> > > >>> > int main(){ > >>> > 6cc: b5b0 push {r4, r5, r7, lr} > >>> > 6ce: af02 add r7, sp, #8 > >>> > 6d0: b0c4 sub sp, #272 ; 0x110 > >>> > 6d2: 466c mov r4, sp > >>> > 6d4: f024 041f bic.w r4, r4, #31 > >>> > 6d8: 46a5 mov sp, r4 > >>> > 6da: 488a ldr r0, [pc, #552] ; (904 <main+0x238>) > >>> > 6dc: 498a ldr r1, [pc, #552] ; (908 <main+0x23c>) > >>> > 6de: 4479 add r1, pc > >>> > 6e0: 5840 ldr r0, [r0, r1] > >>> > 6e2: 6800 ldr r0, [r0, #0] > >>> > 6e4: 9043 str r0, [sp, #268] ; 0x10c > >>> > 6e6: a818 add r0, sp, #96 ; 0x60 > >>> > 6e8: f100 0220 add.w r2, r0, #32 > >>> > 6ec: 4613 mov r3, r2 > >>> > 6ee: f100 0c60 add.w ip, r0, #96 ; 0x60 > >>> > 6f2: 4686 mov lr, r0 > >>> > 6f4: f648 24b3 movw r4, #35507 ; 0x8ab3 > >>> > 6f8: f2c4 14b5 movt r4, #16821 ; 0x41b5 > >>> > 6fc: 9418 str r4, [sp, #96] ; 0x60 > >>> > 6fe: 4c83 ldr r4, [pc, #524] ; (90c <main+0x240>) > >>> > 700: 440c add r4, r1 > >>> > 702: 9419 str r4, [sp, #100] ; 0x64 > >>> > 704: 4c82 ldr r4, [pc, #520] ; (910 <main+0x244>) > >>> > 706: 5861 ldr r1, [r4, r1] > >>> > 708: 911a str r1, [sp, #104] ; 0x68 > >>> > 70a: 08c0 lsrs r0, r0, #3 > >>> > 70c: 4601 mov r1, r0 > >>> > 70e: f04f 34f1 mov.w r4, #4059165169 ; 0xf1f1f1f1 > >>> > 712: 6004 str r4, [r0, #0] > >>> > 714: f24f 4404 movw r4, #62468 ; 0xf404 > >>> > 718: f2cf 44f4 movt r4, #62708 ; 0xf4f4 > >>> > 71c: 6044 str r4, [r0, #4] > >>> > 71e: f04f 35f2 mov.w r5, #4076008178 ; 0xf2f2f2f2 > >>> > 722: 6085 str r5, [r0, #8] > >>> > 724: 60c4 str r4, [r0, #12] > >>> > 726: f04f 34f3 mov.w r4, #4092851187 ; 0xf3f3f3f3 > >>> > 72a: 6104 str r4, [r0, #16] > >>> > 72c: 4610 mov r0, r2 > >>> > 72e: 08d2 lsrs r2, r2, #3 > >>> > 730: 7812 ldrb r2, [r2, #0] > >>> > 732: 2a00 cmp r2, #0 > >>> > 734: f8cd e05c str.w lr, [sp, #92] ; 0x5c > >>> > 738: f8cd c058 str.w ip, [sp, #88] ; 0x58 > >>> > 73c: 9015 str r0, [sp, #84] ; 0x54 > >>> > 73e: 9314 str r3, [sp, #80] ; 0x50 > >>> > 740: 9113 str r1, [sp, #76] ; 0x4c > >>> > 742: 9212 str r2, [sp, #72] ; 0x48 > >>> > 744: d00c beq.n 760 <main+0x94> > >>> > 746: e7ff b.n 748 <main+0x7c> > >>> > 748: 9815 ldr r0, [sp, #84] ; 0x54 > >>> > 74a: f000 0107 and.w r1, r0, #7 > >>> > 74e: 3103 adds r1, #3 > >>> > 750: 9a12 ldr r2, [sp, #72] ; 0x48 > >>> > 752: b253 sxtb r3, r2 > >>> > 754: 4299 cmp r1, r3 > >>> > 756: db03 blt.n 760 <main+0x94> > >>> > 758: e7ff b.n 75a <main+0x8e> > >>> > 75a: 9815 ldr r0, [sp, #84] ; 0x54 > >>> > 75c: f7ff ef20 blx 5a0 <__asan_report_store4@plt> > >>> > 760: 2000 movs r0, #0 > >>> > 762: 9914 ldr r1, [sp, #80] ; 0x50 > >>> > 764: 6008 str r0, [r1, #0] > >>> > 766: f44f 70c8 mov.w r0, #400 ; 0x190 > >>> > int *array = (int *)malloc(sizeof(int) * 100); > >>> > 76a: f7ff ef20 blx 5ac <malloc@plt> > >>> > 76e: 9916 ldr r1, [sp, #88] ; 0x58 > >>> > 770: 9a16 ldr r2, [sp, #88] ; 0x58 > >>> > 772: 08d3 lsrs r3, r2, #3 > >>> > 774: 781b ldrb r3, [r3, #0] > >>> > 776: 2b00 cmp r3, #0 > >>> > 778: 9011 str r0, [sp, #68] ; 0x44 > >>> > 77a: 9110 str r1, [sp, #64] ; 0x40 > >>> > 77c: 930f str r3, [sp, #60] ; 0x3c > >>> > 77e: d00c beq.n 79a <main+0xce> > >>> > 780: e7ff b.n 782 <main+0xb6> > >>> > 782: 9810 ldr r0, [sp, #64] ; 0x40 > >>> > 784: f000 0107 and.w r1, r0, #7 > >>> > 788: 3103 adds r1, #3 > >>> > 78a: 9a0f ldr r2, [sp, #60] ; 0x3c > >>> > 78c: b253 sxtb r3, r2 > >>> > 78e: 4299 cmp r1, r3 > >>> > 790: db03 blt.n 79a <main+0xce> > >>> > 792: e7ff b.n 794 <main+0xc8> > >>> > 794: 9810 ldr r0, [sp, #64] ; 0x40 > >>> > 796: f7ff ef04 blx 5a0 <__asan_report_store4@plt> > >>> > 79a: 9811 ldr r0, [sp, #68] ; 0x44 > >>> > 79c: 9916 ldr r1, [sp, #88] ; 0x58 > >>> > 79e: 6008 str r0, [r1, #0] > >>> > printf("Now should be an error: memcpy-param-overlap\n"); > >>> > 7a0: 4a5c ldr r2, [pc, #368] ; (914 <main+0x248>) > >>> > 7a2: 4b5d ldr r3, [pc, #372] ; (918 <main+0x24c>) > >>> > 7a4: 447b add r3, pc > >>> > 7a6: 18d0 adds r0, r2, r3 > >>> > 7a8: f7ff ef06 blx 5b8 <printf@plt> > >>> > memcpy(array, array+1, sizeof(int)*8); > >>> > 7ac: 9916 ldr r1, [sp, #88] ; 0x58 > >>> > 7ae: 9a16 ldr r2, [sp, #88] ; 0x58 > >>> > 7b0: 08d3 lsrs r3, r2, #3 > >>> > 7b2: 781b ldrb r3, [r3, #0] > >>> > 7b4: 2b00 cmp r3, #0 > >>> > 7b6: 900e str r0, [sp, #56] ; 0x38 > >>> > 7b8: 910d str r1, [sp, #52] ; 0x34 > >>> > 7ba: 930c str r3, [sp, #48] ; 0x30 > >>> > 7bc: d00c beq.n 7d8 <main+0x10c> > >>> > 7be: e7ff b.n 7c0 <main+0xf4> > >>> > 7c0: 980d ldr r0, [sp, #52] ; 0x34 > >>> > 7c2: f000 0107 and.w r1, r0, #7 > >>> > 7c6: 3103 adds r1, #3 > >>> > 7c8: 9a0c ldr r2, [sp, #48] ; 0x30 > >>> > 7ca: b253 sxtb r3, r2 > >>> > 7cc: 4299 cmp r1, r3 > >>> > 7ce: db03 blt.n 7d8 <main+0x10c> > >>> > 7d0: e7ff b.n 7d2 <main+0x106> > >>> > 7d2: 980d ldr r0, [sp, #52] ; 0x34 > >>> > 7d4: f7ff eef6 blx 5c4 <__asan_report_load4@plt> > >>> > 7d8: 9816 ldr r0, [sp, #88] ; 0x58 > >>> > 7da: 6801 ldr r1, [r0, #0] > >>> > 7dc: 460a mov r2, r1 > >>> > 7de: 460b mov r3, r1 > >>> > 7e0: f101 0c04 add.w ip, r1, #4 > >>> > 7e4: 46e6 mov lr, ip > >>> > 7e6: 08cc lsrs r4, r1, #3 > >>> > 7e8: 7824 ldrb r4, [r4, #0] > >>> > 7ea: 2c00 cmp r4, #0 > >>> > 7ec: 910b str r1, [sp, #44] ; 0x2c > >>> > 7ee: 920a str r2, [sp, #40] ; 0x28 > >>> > 7f0: 9309 str r3, [sp, #36] ; 0x24 > >>> > 7f2: f8cd e020 str.w lr, [sp, #32] > >>> > 7f6: f8cd c01c str.w ip, [sp, #28] > >>> > 7fa: 9406 str r4, [sp, #24] > >>> > 7fc: d00c beq.n 818 <main+0x14c> > >>> > 7fe: e7ff b.n 800 <main+0x134> > >>> > 800: 980b ldr r0, [sp, #44] ; 0x2c > >>> > 802: f000 0107 and.w r1, r0, #7 > >>> > 806: 9a06 ldr r2, [sp, #24] > >>> > 808: b253 sxtb r3, r2 > >>> > 80a: 4299 cmp r1, r3 > >>> > 80c: db04 blt.n 818 <main+0x14c> > >>> > 80e: e7ff b.n 810 <main+0x144> > >>> > 810: 2120 movs r1, #32 > >>> > 812: 980b ldr r0, [sp, #44] ; 0x2c > >>> > 814: f7ff eedc blx 5d0 <__asan_report_store_n@plt> > >>> > 818: 980a ldr r0, [sp, #40] ; 0x28 > >>> > 81a: f100 011f add.w r1, r0, #31 > >>> > 81e: 460a mov r2, r1 > >>> > 820: 08c9 lsrs r1, r1, #3 > >>> > 822: 7809 ldrb r1, [r1, #0] > >>> > 824: 2900 cmp r1, #0 > >>> > 826: 9205 str r2, [sp, #20] > >>> > 828: 9104 str r1, [sp, #16] > >>> > 82a: d00c beq.n 846 <main+0x17a> > >>> > 82c: e7ff b.n 82e <main+0x162> > >>> > 82e: 9805 ldr r0, [sp, #20] > >>> > 830: f000 0107 and.w r1, r0, #7 > >>> > 834: 9a04 ldr r2, [sp, #16] > >>> > 836: b253 sxtb r3, r2 > >>> > 838: 4299 cmp r1, r3 > >>> > 83a: db04 blt.n 846 <main+0x17a> > >>> > 83c: e7ff b.n 83e <main+0x172> > >>> > 83e: 2120 movs r1, #32 > >>> > 840: 9805 ldr r0, [sp, #20] > >>> > 842: f7ff eec6 blx 5d0 <__asan_report_store_n@plt> > >>> > 846: 9808 ldr r0, [sp, #32] > >>> > 848: 9908 ldr r1, [sp, #32] > >>> > 84a: 08ca lsrs r2, r1, #3 > >>> > 84c: 7812 ldrb r2, [r2, #0] > >>> > 84e: 2a00 cmp r2, #0 > >>> > 850: 9003 str r0, [sp, #12] > >>> > 852: 9202 str r2, [sp, #8] > >>> > 854: d00c beq.n 870 <main+0x1a4> > >>> > 856: e7ff b.n 858 <main+0x18c> > >>> > 858: 9803 ldr r0, [sp, #12] > >>> > 85a: f000 0107 and.w r1, r0, #7 > >>> > 85e: 9a02 ldr r2, [sp, #8] > >>> > 860: b253 sxtb r3, r2 > >>> > 862: 4299 cmp r1, r3 > >>> > 864: db04 blt.n 870 <main+0x1a4> > >>> > 866: e7ff b.n 868 <main+0x19c> > >>> > 868: 2120 movs r1, #32 > >>> > 86a: 9803 ldr r0, [sp, #12] > >>> > 86c: f7ff eeb6 blx 5dc <__asan_report_load_n@plt> > >>> > 870: 9808 ldr r0, [sp, #32] > >>> > 872: f100 011f add.w r1, r0, #31 > >>> > 876: 460a mov r2, r1 > >>> > 878: 08c9 lsrs r1, r1, #3 > >>> > 87a: 7809 ldrb r1, [r1, #0] > >>> > 87c: 2900 cmp r1, #0 > >>> > 87e: 9201 str r2, [sp, #4] > >>> > 880: 9100 str r1, [sp, #0] > >>> > 882: d00c beq.n 89e <main+0x1d2> > >>> > 884: e7ff b.n 886 <main+0x1ba> > >>> > 886: 9801 ldr r0, [sp, #4] > >>> > 888: f000 0107 and.w r1, r0, #7 > >>> > 88c: 9a00 ldr r2, [sp, #0] > >>> > 88e: b253 sxtb r3, r2 > >>> > 890: 4299 cmp r1, r3 > >>> > 892: db04 blt.n 89e <main+0x1d2> > >>> > 894: e7ff b.n 896 <main+0x1ca> > >>> > 896: 2120 movs r1, #32 > >>> > 898: 9801 ldr r0, [sp, #4] > >>> > 89a: f7ff eea0 blx 5dc <__asan_report_load_n@plt> > >>> > 89e: 9807 ldr r0, [sp, #28] > >>> > 8a0: f960 0a8f vld1.32 {d16-d17}, [r0] > >>> > 8a4: 9909 ldr r1, [sp, #36] ; 0x24 > >>> > 8a6: f941 0a8f vst1.32 {d16-d17}, [r1] > >>> > 8aa: f101 0210 add.w r2, r1, #16 > >>> > 8ae: f100 0310 add.w r3, r0, #16 > >>> > 8b2: f963 0a8f vld1.32 {d16-d17}, [r3] > >>> > 8b6: f942 0a8f vst1.32 {d16-d17}, [r2] > >>> > 8ba: f243 620e movw r2, #13838 ; 0x360e > >>> > 8be: f2c4 52e0 movt r2, #17888 ; 0x45e0 > >>> > return 0; > >>> > 8c2: 9b17 ldr r3, [sp, #92] ; 0x5c > >>> > 8c4: 601a str r2, [r3, #0] > >>> > 8c6: efc0 0050 vmov.i32 q8, #0 ; 0x00000000 > >>> > 8ca: 9a13 ldr r2, [sp, #76] ; 0x4c > >>> > 8cc: f942 0a8f vst1.32 {d16-d17}, [r2] > >>> > 8d0: f04f 0c00 mov.w ip, #0 > >>> > 8d4: f8c2 c010 str.w ip, [r2, #16] > >>> > 8d8: f8df c028 ldr.w ip, [pc, #40] ; 904 <main+0x238> > >>> > 8dc: f8df e03c ldr.w lr, [pc, #60] ; 91c <main+0x250> > >>> > 8e0: 44fe add lr, pc > >>> > 8e2: f85c c00e ldr.w ip, [ip, lr] > >>> > 8e6: f8dc c000 ldr.w ip, [ip] > >>> > 8ea: f8dd e10c ldr.w lr, [sp, #268] ; 0x10c > >>> > 8ee: 45f4 cmp ip, lr > >>> > 8f0: d105 bne.n 8fe <main+0x232> > >>> > 8f2: e7ff b.n 8f4 <main+0x228> > >>> > 8f4: 2000 movs r0, #0 > >>> > 8f6: f1a7 0408 sub.w r4, r7, #8 > >>> > 8fa: 46a5 mov sp, r4 > >>> > 8fc: bdb0 pop {r4, r5, r7, pc} > >>> > 8fe: f7ff ee74 blx 5e8 <__stack_chk_fail@plt> > >>> > 902: bf00 nop > >>> > 904: fff4 ffff ; <UNDEFINED> instruction: > >>> > 0xfff4ffff > >>> > 908: 18e2 adds r2, r4, r3 > >>> > 90a: 0000 movs r0, r0 > >>> > 90c: ea84 ffff ; <UNDEFINED> instruction: > >>> > 0xea84ffff > >>> > 910: fff0 ffff ; <UNDEFINED> instruction: > >>> > 0xfff0ffff > >>> > 914: ea1c ffff ; <UNDEFINED> instruction: > >>> > 0xea1cffff > >>> > 918: 181c adds r4, r3, r0 > >>> > 91a: 0000 movs r0, r0 > >>> > 91c: 16e0 asrs r0, r4, #27 > >>> > > >>> > I thought memcpy disassemable should have "blx 32c <memcpy@plt>" > >>> > line, > >>> > so it can call the interceptors in libasan_preload.so, but now seems > we > >>> > got > >>> > some buildin functions in Clang? The same happened at memmove, that > the > >>> > interceptors not working now. > >>> > > >>> > -- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "address-sanitizer" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to [email protected]. > >>> > For more options, visit https://groups.google.com/d/optout. > >>> > >>> > >>> > >>> -- > >>> Alexander Potapenko > >>> Software Engineer > >>> Google Moscow > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "address-sanitizer" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected] <javascript:>. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > > > -- > > Alexander Potapenko > > Software Engineer > > Google Moscow > > > > -- > Alexander Potapenko > Software Engineer > Google Moscow > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
