This problem should be limited to memcpy, memmove, memset. There is a clang-3.4 toolchain in ndk-r10, it should be fresh enough.
On Tue, Aug 26, 2014 at 6:15 AM, ji wang <[email protected]> wrote: > Hi,Alexander > Yes, I am using clang 3.1. > Two questions: > One: Where can I get Clang 3.5 for android? Do I need to build it from the > source by myself? > Two:Does all those bionic interceptors have the same problem using Clang > 3.1? like strcpy, memmove.... > > 在 2014年8月22日星期五UTC+8下午6时34分46秒,Alexander Potapenko写道: >> >> Oh, looks like you're using Clang 3.1, right? >> The instrumentation of memcpy/memmove intrinsics has changed since >> then, also the new runtime library isn't guaranteed to work with an >> old Clang. >> Can you try Clang 3.5 or 3.6? >> >> On Fri, Aug 22, 2014 at 2:31 PM, Alexander Potapenko <[email protected]> >> wrote: >> > The "without_asan" file is an assembly one, pls add -emit-llvm. >> > >> > On Fri, Aug 22, 2014 at 2:09 PM, ji wang <[email protected]> wrote: >> >> Hi,Alexander >> >> I think those is your wanted: >> >> >> >> >> >> 在 2014年8月22日星期五UTC+8下午5时51分05秒,Alexander Potapenko写道: >> >>> >> >>> Apparently Clang just lowered your memcpy call into a sequence of >> >>> assembly instructions, because it knew the arguments and the size. >> >>> It's strange that it didn't instrument the memcpy intrinsic, however. >> >>> Could you please dump the LLVM bitcode for this file (-S -emit-llvm) >> >>> with and without ASan? >> >>> >> >>> On Fri, Aug 22, 2014 at 1:41 PM, ji wang <[email protected]> wrote: >> >>> > Test code, asan_memcpy.cpp: >> >>> > #include <stdio.h> >> >>> > #include <stdlib.h> >> >>> > int main(){ >> >>> > int *array = (int *)malloc(sizeof(int) * 100); >> >>> > printf("Now should be an error: memcpy-param-overlap\n"); >> >>> > memcpy(array, array+1, sizeof(int)*8); >> >>> > return 0; >> >>> > } >> >>> > Android.mk >> >>> > include $(CLEAR_VARS) >> >>> > LOCAL_SRC_FILES := asan_memcpy.cpp >> >>> > LOCAL_MODULE_TAGS := eng >> >>> > LOCAL_ADDRESS_SANITIZER:=true >> >>> > LOCAL_MODULE := asan_memcpy >> >>> > include $(BUILD_EXECUTABLE) >> >>> > >> >>> > Run asanwrapper asan_memcpy in adb shell, no error that Asan >> >>> > detected. >> >>> > The >> >>> > disassemable of asan_memcpy as below: >> >>> > 000006cc <main>: >> >>> > #include <stdio.h> >> >>> > #include <stdlib.h> >> >>> > >> >>> > int main(){ >> >>> > 6cc: b5b0 push {r4, r5, r7, lr} >> >>> > 6ce: af02 add r7, sp, #8 >> >>> > 6d0: b0c4 sub sp, #272 ; 0x110 >> >>> > 6d2: 466c mov r4, sp >> >>> > 6d4: f024 041f bic.w r4, r4, #31 >> >>> > 6d8: 46a5 mov sp, r4 >> >>> > 6da: 488a ldr r0, [pc, #552] ; (904 <main+0x238>) >> >>> > 6dc: 498a ldr r1, [pc, #552] ; (908 <main+0x23c>) >> >>> > 6de: 4479 add r1, pc >> >>> > 6e0: 5840 ldr r0, [r0, r1] >> >>> > 6e2: 6800 ldr r0, [r0, #0] >> >>> > 6e4: 9043 str r0, [sp, #268] ; 0x10c >> >>> > 6e6: a818 add r0, sp, #96 ; 0x60 >> >>> > 6e8: f100 0220 add.w r2, r0, #32 >> >>> > 6ec: 4613 mov r3, r2 >> >>> > 6ee: f100 0c60 add.w ip, r0, #96 ; 0x60 >> >>> > 6f2: 4686 mov lr, r0 >> >>> > 6f4: f648 24b3 movw r4, #35507 ; 0x8ab3 >> >>> > 6f8: f2c4 14b5 movt r4, #16821 ; 0x41b5 >> >>> > 6fc: 9418 str r4, [sp, #96] ; 0x60 >> >>> > 6fe: 4c83 ldr r4, [pc, #524] ; (90c <main+0x240>) >> >>> > 700: 440c add r4, r1 >> >>> > 702: 9419 str r4, [sp, #100] ; 0x64 >> >>> > 704: 4c82 ldr r4, [pc, #520] ; (910 <main+0x244>) >> >>> > 706: 5861 ldr r1, [r4, r1] >> >>> > 708: 911a str r1, [sp, #104] ; 0x68 >> >>> > 70a: 08c0 lsrs r0, r0, #3 >> >>> > 70c: 4601 mov r1, r0 >> >>> > 70e: f04f 34f1 mov.w r4, #4059165169 ; 0xf1f1f1f1 >> >>> > 712: 6004 str r4, [r0, #0] >> >>> > 714: f24f 4404 movw r4, #62468 ; 0xf404 >> >>> > 718: f2cf 44f4 movt r4, #62708 ; 0xf4f4 >> >>> > 71c: 6044 str r4, [r0, #4] >> >>> > 71e: f04f 35f2 mov.w r5, #4076008178 ; 0xf2f2f2f2 >> >>> > 722: 6085 str r5, [r0, #8] >> >>> > 724: 60c4 str r4, [r0, #12] >> >>> > 726: f04f 34f3 mov.w r4, #4092851187 ; 0xf3f3f3f3 >> >>> > 72a: 6104 str r4, [r0, #16] >> >>> > 72c: 4610 mov r0, r2 >> >>> > 72e: 08d2 lsrs r2, r2, #3 >> >>> > 730: 7812 ldrb r2, [r2, #0] >> >>> > 732: 2a00 cmp r2, #0 >> >>> > 734: f8cd e05c str.w lr, [sp, #92] ; 0x5c >> >>> > 738: f8cd c058 str.w ip, [sp, #88] ; 0x58 >> >>> > 73c: 9015 str r0, [sp, #84] ; 0x54 >> >>> > 73e: 9314 str r3, [sp, #80] ; 0x50 >> >>> > 740: 9113 str r1, [sp, #76] ; 0x4c >> >>> > 742: 9212 str r2, [sp, #72] ; 0x48 >> >>> > 744: d00c beq.n 760 <main+0x94> >> >>> > 746: e7ff b.n 748 <main+0x7c> >> >>> > 748: 9815 ldr r0, [sp, #84] ; 0x54 >> >>> > 74a: f000 0107 and.w r1, r0, #7 >> >>> > 74e: 3103 adds r1, #3 >> >>> > 750: 9a12 ldr r2, [sp, #72] ; 0x48 >> >>> > 752: b253 sxtb r3, r2 >> >>> > 754: 4299 cmp r1, r3 >> >>> > 756: db03 blt.n 760 <main+0x94> >> >>> > 758: e7ff b.n 75a <main+0x8e> >> >>> > 75a: 9815 ldr r0, [sp, #84] ; 0x54 >> >>> > 75c: f7ff ef20 blx 5a0 <__asan_report_store4@plt> >> >>> > 760: 2000 movs r0, #0 >> >>> > 762: 9914 ldr r1, [sp, #80] ; 0x50 >> >>> > 764: 6008 str r0, [r1, #0] >> >>> > 766: f44f 70c8 mov.w r0, #400 ; 0x190 >> >>> > int *array = (int *)malloc(sizeof(int) * 100); >> >>> > 76a: f7ff ef20 blx 5ac <malloc@plt> >> >>> > 76e: 9916 ldr r1, [sp, #88] ; 0x58 >> >>> > 770: 9a16 ldr r2, [sp, #88] ; 0x58 >> >>> > 772: 08d3 lsrs r3, r2, #3 >> >>> > 774: 781b ldrb r3, [r3, #0] >> >>> > 776: 2b00 cmp r3, #0 >> >>> > 778: 9011 str r0, [sp, #68] ; 0x44 >> >>> > 77a: 9110 str r1, [sp, #64] ; 0x40 >> >>> > 77c: 930f str r3, [sp, #60] ; 0x3c >> >>> > 77e: d00c beq.n 79a <main+0xce> >> >>> > 780: e7ff b.n 782 <main+0xb6> >> >>> > 782: 9810 ldr r0, [sp, #64] ; 0x40 >> >>> > 784: f000 0107 and.w r1, r0, #7 >> >>> > 788: 3103 adds r1, #3 >> >>> > 78a: 9a0f ldr r2, [sp, #60] ; 0x3c >> >>> > 78c: b253 sxtb r3, r2 >> >>> > 78e: 4299 cmp r1, r3 >> >>> > 790: db03 blt.n 79a <main+0xce> >> >>> > 792: e7ff b.n 794 <main+0xc8> >> >>> > 794: 9810 ldr r0, [sp, #64] ; 0x40 >> >>> > 796: f7ff ef04 blx 5a0 <__asan_report_store4@plt> >> >>> > 79a: 9811 ldr r0, [sp, #68] ; 0x44 >> >>> > 79c: 9916 ldr r1, [sp, #88] ; 0x58 >> >>> > 79e: 6008 str r0, [r1, #0] >> >>> > printf("Now should be an error: memcpy-param-overlap\n"); >> >>> > 7a0: 4a5c ldr r2, [pc, #368] ; (914 <main+0x248>) >> >>> > 7a2: 4b5d ldr r3, [pc, #372] ; (918 <main+0x24c>) >> >>> > 7a4: 447b add r3, pc >> >>> > 7a6: 18d0 adds r0, r2, r3 >> >>> > 7a8: f7ff ef06 blx 5b8 <printf@plt> >> >>> > memcpy(array, array+1, sizeof(int)*8); >> >>> > 7ac: 9916 ldr r1, [sp, #88] ; 0x58 >> >>> > 7ae: 9a16 ldr r2, [sp, #88] ; 0x58 >> >>> > 7b0: 08d3 lsrs r3, r2, #3 >> >>> > 7b2: 781b ldrb r3, [r3, #0] >> >>> > 7b4: 2b00 cmp r3, #0 >> >>> > 7b6: 900e str r0, [sp, #56] ; 0x38 >> >>> > 7b8: 910d str r1, [sp, #52] ; 0x34 >> >>> > 7ba: 930c str r3, [sp, #48] ; 0x30 >> >>> > 7bc: d00c beq.n 7d8 <main+0x10c> >> >>> > 7be: e7ff b.n 7c0 <main+0xf4> >> >>> > 7c0: 980d ldr r0, [sp, #52] ; 0x34 >> >>> > 7c2: f000 0107 and.w r1, r0, #7 >> >>> > 7c6: 3103 adds r1, #3 >> >>> > 7c8: 9a0c ldr r2, [sp, #48] ; 0x30 >> >>> > 7ca: b253 sxtb r3, r2 >> >>> > 7cc: 4299 cmp r1, r3 >> >>> > 7ce: db03 blt.n 7d8 <main+0x10c> >> >>> > 7d0: e7ff b.n 7d2 <main+0x106> >> >>> > 7d2: 980d ldr r0, [sp, #52] ; 0x34 >> >>> > 7d4: f7ff eef6 blx 5c4 <__asan_report_load4@plt> >> >>> > 7d8: 9816 ldr r0, [sp, #88] ; 0x58 >> >>> > 7da: 6801 ldr r1, [r0, #0] >> >>> > 7dc: 460a mov r2, r1 >> >>> > 7de: 460b mov r3, r1 >> >>> > 7e0: f101 0c04 add.w ip, r1, #4 >> >>> > 7e4: 46e6 mov lr, ip >> >>> > 7e6: 08cc lsrs r4, r1, #3 >> >>> > 7e8: 7824 ldrb r4, [r4, #0] >> >>> > 7ea: 2c00 cmp r4, #0 >> >>> > 7ec: 910b str r1, [sp, #44] ; 0x2c >> >>> > 7ee: 920a str r2, [sp, #40] ; 0x28 >> >>> > 7f0: 9309 str r3, [sp, #36] ; 0x24 >> >>> > 7f2: f8cd e020 str.w lr, [sp, #32] >> >>> > 7f6: f8cd c01c str.w ip, [sp, #28] >> >>> > 7fa: 9406 str r4, [sp, #24] >> >>> > 7fc: d00c beq.n 818 <main+0x14c> >> >>> > 7fe: e7ff b.n 800 <main+0x134> >> >>> > 800: 980b ldr r0, [sp, #44] ; 0x2c >> >>> > 802: f000 0107 and.w r1, r0, #7 >> >>> > 806: 9a06 ldr r2, [sp, #24] >> >>> > 808: b253 sxtb r3, r2 >> >>> > 80a: 4299 cmp r1, r3 >> >>> > 80c: db04 blt.n 818 <main+0x14c> >> >>> > 80e: e7ff b.n 810 <main+0x144> >> >>> > 810: 2120 movs r1, #32 >> >>> > 812: 980b ldr r0, [sp, #44] ; 0x2c >> >>> > 814: f7ff eedc blx 5d0 <__asan_report_store_n@plt> >> >>> > 818: 980a ldr r0, [sp, #40] ; 0x28 >> >>> > 81a: f100 011f add.w r1, r0, #31 >> >>> > 81e: 460a mov r2, r1 >> >>> > 820: 08c9 lsrs r1, r1, #3 >> >>> > 822: 7809 ldrb r1, [r1, #0] >> >>> > 824: 2900 cmp r1, #0 >> >>> > 826: 9205 str r2, [sp, #20] >> >>> > 828: 9104 str r1, [sp, #16] >> >>> > 82a: d00c beq.n 846 <main+0x17a> >> >>> > 82c: e7ff b.n 82e <main+0x162> >> >>> > 82e: 9805 ldr r0, [sp, #20] >> >>> > 830: f000 0107 and.w r1, r0, #7 >> >>> > 834: 9a04 ldr r2, [sp, #16] >> >>> > 836: b253 sxtb r3, r2 >> >>> > 838: 4299 cmp r1, r3 >> >>> > 83a: db04 blt.n 846 <main+0x17a> >> >>> > 83c: e7ff b.n 83e <main+0x172> >> >>> > 83e: 2120 movs r1, #32 >> >>> > 840: 9805 ldr r0, [sp, #20] >> >>> > 842: f7ff eec6 blx 5d0 <__asan_report_store_n@plt> >> >>> > 846: 9808 ldr r0, [sp, #32] >> >>> > 848: 9908 ldr r1, [sp, #32] >> >>> > 84a: 08ca lsrs r2, r1, #3 >> >>> > 84c: 7812 ldrb r2, [r2, #0] >> >>> > 84e: 2a00 cmp r2, #0 >> >>> > 850: 9003 str r0, [sp, #12] >> >>> > 852: 9202 str r2, [sp, #8] >> >>> > 854: d00c beq.n 870 <main+0x1a4> >> >>> > 856: e7ff b.n 858 <main+0x18c> >> >>> > 858: 9803 ldr r0, [sp, #12] >> >>> > 85a: f000 0107 and.w r1, r0, #7 >> >>> > 85e: 9a02 ldr r2, [sp, #8] >> >>> > 860: b253 sxtb r3, r2 >> >>> > 862: 4299 cmp r1, r3 >> >>> > 864: db04 blt.n 870 <main+0x1a4> >> >>> > 866: e7ff b.n 868 <main+0x19c> >> >>> > 868: 2120 movs r1, #32 >> >>> > 86a: 9803 ldr r0, [sp, #12] >> >>> > 86c: f7ff eeb6 blx 5dc <__asan_report_load_n@plt> >> >>> > 870: 9808 ldr r0, [sp, #32] >> >>> > 872: f100 011f add.w r1, r0, #31 >> >>> > 876: 460a mov r2, r1 >> >>> > 878: 08c9 lsrs r1, r1, #3 >> >>> > 87a: 7809 ldrb r1, [r1, #0] >> >>> > 87c: 2900 cmp r1, #0 >> >>> > 87e: 9201 str r2, [sp, #4] >> >>> > 880: 9100 str r1, [sp, #0] >> >>> > 882: d00c beq.n 89e <main+0x1d2> >> >>> > 884: e7ff b.n 886 <main+0x1ba> >> >>> > 886: 9801 ldr r0, [sp, #4] >> >>> > 888: f000 0107 and.w r1, r0, #7 >> >>> > 88c: 9a00 ldr r2, [sp, #0] >> >>> > 88e: b253 sxtb r3, r2 >> >>> > 890: 4299 cmp r1, r3 >> >>> > 892: db04 blt.n 89e <main+0x1d2> >> >>> > 894: e7ff b.n 896 <main+0x1ca> >> >>> > 896: 2120 movs r1, #32 >> >>> > 898: 9801 ldr r0, [sp, #4] >> >>> > 89a: f7ff eea0 blx 5dc <__asan_report_load_n@plt> >> >>> > 89e: 9807 ldr r0, [sp, #28] >> >>> > 8a0: f960 0a8f vld1.32 {d16-d17}, [r0] >> >>> > 8a4: 9909 ldr r1, [sp, #36] ; 0x24 >> >>> > 8a6: f941 0a8f vst1.32 {d16-d17}, [r1] >> >>> > 8aa: f101 0210 add.w r2, r1, #16 >> >>> > 8ae: f100 0310 add.w r3, r0, #16 >> >>> > 8b2: f963 0a8f vld1.32 {d16-d17}, [r3] >> >>> > 8b6: f942 0a8f vst1.32 {d16-d17}, [r2] >> >>> > 8ba: f243 620e movw r2, #13838 ; 0x360e >> >>> > 8be: f2c4 52e0 movt r2, #17888 ; 0x45e0 >> >>> > return 0; >> >>> > 8c2: 9b17 ldr r3, [sp, #92] ; 0x5c >> >>> > 8c4: 601a str r2, [r3, #0] >> >>> > 8c6: efc0 0050 vmov.i32 q8, #0 ; 0x00000000 >> >>> > 8ca: 9a13 ldr r2, [sp, #76] ; 0x4c >> >>> > 8cc: f942 0a8f vst1.32 {d16-d17}, [r2] >> >>> > 8d0: f04f 0c00 mov.w ip, #0 >> >>> > 8d4: f8c2 c010 str.w ip, [r2, #16] >> >>> > 8d8: f8df c028 ldr.w ip, [pc, #40] ; 904 <main+0x238> >> >>> > 8dc: f8df e03c ldr.w lr, [pc, #60] ; 91c <main+0x250> >> >>> > 8e0: 44fe add lr, pc >> >>> > 8e2: f85c c00e ldr.w ip, [ip, lr] >> >>> > 8e6: f8dc c000 ldr.w ip, [ip] >> >>> > 8ea: f8dd e10c ldr.w lr, [sp, #268] ; 0x10c >> >>> > 8ee: 45f4 cmp ip, lr >> >>> > 8f0: d105 bne.n 8fe <main+0x232> >> >>> > 8f2: e7ff b.n 8f4 <main+0x228> >> >>> > 8f4: 2000 movs r0, #0 >> >>> > 8f6: f1a7 0408 sub.w r4, r7, #8 >> >>> > 8fa: 46a5 mov sp, r4 >> >>> > 8fc: bdb0 pop {r4, r5, r7, pc} >> >>> > 8fe: f7ff ee74 blx 5e8 <__stack_chk_fail@plt> >> >>> > 902: bf00 nop >> >>> > 904: fff4 ffff ; <UNDEFINED> instruction: >> >>> > 0xfff4ffff >> >>> > 908: 18e2 adds r2, r4, r3 >> >>> > 90a: 0000 movs r0, r0 >> >>> > 90c: ea84 ffff ; <UNDEFINED> instruction: >> >>> > 0xea84ffff >> >>> > 910: fff0 ffff ; <UNDEFINED> instruction: >> >>> > 0xfff0ffff >> >>> > 914: ea1c ffff ; <UNDEFINED> instruction: >> >>> > 0xea1cffff >> >>> > 918: 181c adds r4, r3, r0 >> >>> > 91a: 0000 movs r0, r0 >> >>> > 91c: 16e0 asrs r0, r4, #27 >> >>> > >> >>> > I thought memcpy disassemable should have "blx 32c <memcpy@plt>" >> >>> > line, >> >>> > so it can call the interceptors in libasan_preload.so, but now seems >> >>> > we >> >>> > got >> >>> > some buildin functions in Clang? The same happened at memmove, that >> >>> > the >> >>> > interceptors not working now. >> >>> > >> >>> > -- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups >> >>> > "address-sanitizer" group. >> >>> > To unsubscribe from this group and stop receiving emails from it, >> >>> > send >> >>> > an >> >>> > email to [email protected]. >> >>> > For more options, visit https://groups.google.com/d/optout. >> >>> >> >>> >> >>> >> >>> -- >> >>> Alexander Potapenko >> >>> Software Engineer >> >>> Google Moscow >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "address-sanitizer" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > >> > -- >> > Alexander Potapenko >> > Software Engineer >> > Google Moscow >> >> >> >> -- >> Alexander Potapenko >> Software Engineer >> Google Moscow > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
