I see. I am using clang-3.4 now and got compile error like below, seems the Asan runtime is to old for clang-3.4, where can I get the compatible Asan runtime? external/compile-rt? external/asan_test/asan_memcpy.cpp:5: error: undefined reference to '__asan_stack_malloc_2' external/asan_test/asan_memcpy.cpp:14: error: undefined reference to '__asan_option_detect_stack_use_after_return'
在 2014年8月26日星期二UTC+8下午4时11分23秒,Evgeniy Stepanov写道: > > This problem should be limited to memcpy, memmove, memset. > There is a clang-3.4 toolchain in ndk-r10, it should be fresh enough. > > > On Tue, Aug 26, 2014 at 6:15 AM, ji wang <[email protected] > <javascript:>> wrote: > > Hi,Alexander > > Yes, I am using clang 3.1. > > Two questions: > > One: Where can I get Clang 3.5 for android? Do I need to build it from > the > > source by myself? > > Two:Does all those bionic interceptors have the same problem using Clang > > 3.1? like strcpy, memmove.... > > > > 在 2014年8月22日星期五UTC+8下午6时34分46秒,Alexander Potapenko写道: > >> > >> Oh, looks like you're using Clang 3.1, right? > >> The instrumentation of memcpy/memmove intrinsics has changed since > >> then, also the new runtime library isn't guaranteed to work with an > >> old Clang. > >> Can you try Clang 3.5 or 3.6? > >> > >> On Fri, Aug 22, 2014 at 2:31 PM, Alexander Potapenko <[email protected]> > > >> wrote: > >> > The "without_asan" file is an assembly one, pls add -emit-llvm. > >> > > >> > On Fri, Aug 22, 2014 at 2:09 PM, ji wang <[email protected]> > wrote: > >> >> Hi,Alexander > >> >> I think those is your wanted: > >> >> > >> >> > >> >> 在 2014年8月22日星期五UTC+8下午5时51分05秒,Alexander Potapenko写道: > >> >>> > >> >>> Apparently Clang just lowered your memcpy call into a sequence of > >> >>> assembly instructions, because it knew the arguments and the size. > >> >>> It's strange that it didn't instrument the memcpy intrinsic, > however. > >> >>> Could you please dump the LLVM bitcode for this file (-S > -emit-llvm) > >> >>> with and without ASan? > >> >>> > >> >>> On Fri, Aug 22, 2014 at 1:41 PM, ji wang <[email protected]> > wrote: > >> >>> > Test code, asan_memcpy.cpp: > >> >>> > #include <stdio.h> > >> >>> > #include <stdlib.h> > >> >>> > int main(){ > >> >>> > int *array = (int *)malloc(sizeof(int) * 100); > >> >>> > printf("Now should be an error: memcpy-param-overlap\n"); > >> >>> > memcpy(array, array+1, sizeof(int)*8); > >> >>> > return 0; > >> >>> > } > >> >>> > Android.mk > >> >>> > include $(CLEAR_VARS) > >> >>> > LOCAL_SRC_FILES := asan_memcpy.cpp > >> >>> > LOCAL_MODULE_TAGS := eng > >> >>> > LOCAL_ADDRESS_SANITIZER:=true > >> >>> > LOCAL_MODULE := asan_memcpy > >> >>> > include $(BUILD_EXECUTABLE) > >> >>> > > >> >>> > Run asanwrapper asan_memcpy in adb shell, no error that Asan > >> >>> > detected. > >> >>> > The > >> >>> > disassemable of asan_memcpy as below: > >> >>> > 000006cc <main>: > >> >>> > #include <stdio.h> > >> >>> > #include <stdlib.h> > >> >>> > > >> >>> > int main(){ > >> >>> > 6cc: b5b0 push {r4, r5, r7, lr} > >> >>> > 6ce: af02 add r7, sp, #8 > >> >>> > 6d0: b0c4 sub sp, #272 ; 0x110 > >> >>> > 6d2: 466c mov r4, sp > >> >>> > 6d4: f024 041f bic.w r4, r4, #31 > >> >>> > 6d8: 46a5 mov sp, r4 > >> >>> > 6da: 488a ldr r0, [pc, #552] ; (904 > <main+0x238>) > >> >>> > 6dc: 498a ldr r1, [pc, #552] ; (908 > <main+0x23c>) > >> >>> > 6de: 4479 add r1, pc > >> >>> > 6e0: 5840 ldr r0, [r0, r1] > >> >>> > 6e2: 6800 ldr r0, [r0, #0] > >> >>> > 6e4: 9043 str r0, [sp, #268] ; 0x10c > >> >>> > 6e6: a818 add r0, sp, #96 ; 0x60 > >> >>> > 6e8: f100 0220 add.w r2, r0, #32 > >> >>> > 6ec: 4613 mov r3, r2 > >> >>> > 6ee: f100 0c60 add.w ip, r0, #96 ; 0x60 > >> >>> > 6f2: 4686 mov lr, r0 > >> >>> > 6f4: f648 24b3 movw r4, #35507 ; 0x8ab3 > >> >>> > 6f8: f2c4 14b5 movt r4, #16821 ; 0x41b5 > >> >>> > 6fc: 9418 str r4, [sp, #96] ; 0x60 > >> >>> > 6fe: 4c83 ldr r4, [pc, #524] ; (90c > <main+0x240>) > >> >>> > 700: 440c add r4, r1 > >> >>> > 702: 9419 str r4, [sp, #100] ; 0x64 > >> >>> > 704: 4c82 ldr r4, [pc, #520] ; (910 > <main+0x244>) > >> >>> > 706: 5861 ldr r1, [r4, r1] > >> >>> > 708: 911a str r1, [sp, #104] ; 0x68 > >> >>> > 70a: 08c0 lsrs r0, r0, #3 > >> >>> > 70c: 4601 mov r1, r0 > >> >>> > 70e: f04f 34f1 mov.w r4, #4059165169 ; 0xf1f1f1f1 > >> >>> > 712: 6004 str r4, [r0, #0] > >> >>> > 714: f24f 4404 movw r4, #62468 ; 0xf404 > >> >>> > 718: f2cf 44f4 movt r4, #62708 ; 0xf4f4 > >> >>> > 71c: 6044 str r4, [r0, #4] > >> >>> > 71e: f04f 35f2 mov.w r5, #4076008178 ; 0xf2f2f2f2 > >> >>> > 722: 6085 str r5, [r0, #8] > >> >>> > 724: 60c4 str r4, [r0, #12] > >> >>> > 726: f04f 34f3 mov.w r4, #4092851187 ; 0xf3f3f3f3 > >> >>> > 72a: 6104 str r4, [r0, #16] > >> >>> > 72c: 4610 mov r0, r2 > >> >>> > 72e: 08d2 lsrs r2, r2, #3 > >> >>> > 730: 7812 ldrb r2, [r2, #0] > >> >>> > 732: 2a00 cmp r2, #0 > >> >>> > 734: f8cd e05c str.w lr, [sp, #92] ; 0x5c > >> >>> > 738: f8cd c058 str.w ip, [sp, #88] ; 0x58 > >> >>> > 73c: 9015 str r0, [sp, #84] ; 0x54 > >> >>> > 73e: 9314 str r3, [sp, #80] ; 0x50 > >> >>> > 740: 9113 str r1, [sp, #76] ; 0x4c > >> >>> > 742: 9212 str r2, [sp, #72] ; 0x48 > >> >>> > 744: d00c beq.n 760 <main+0x94> > >> >>> > 746: e7ff b.n 748 <main+0x7c> > >> >>> > 748: 9815 ldr r0, [sp, #84] ; 0x54 > >> >>> > 74a: f000 0107 and.w r1, r0, #7 > >> >>> > 74e: 3103 adds r1, #3 > >> >>> > 750: 9a12 ldr r2, [sp, #72] ; 0x48 > >> >>> > 752: b253 sxtb r3, r2 > >> >>> > 754: 4299 cmp r1, r3 > >> >>> > 756: db03 blt.n 760 <main+0x94> > >> >>> > 758: e7ff b.n 75a <main+0x8e> > >> >>> > 75a: 9815 ldr r0, [sp, #84] ; 0x54 > >> >>> > 75c: f7ff ef20 blx 5a0 <__asan_report_store4@plt> > >> >>> > 760: 2000 movs r0, #0 > >> >>> > 762: 9914 ldr r1, [sp, #80] ; 0x50 > >> >>> > 764: 6008 str r0, [r1, #0] > >> >>> > 766: f44f 70c8 mov.w r0, #400 ; 0x190 > >> >>> > int *array = (int *)malloc(sizeof(int) * 100); > >> >>> > 76a: f7ff ef20 blx 5ac <malloc@plt> > >> >>> > 76e: 9916 ldr r1, [sp, #88] ; 0x58 > >> >>> > 770: 9a16 ldr r2, [sp, #88] ; 0x58 > >> >>> > 772: 08d3 lsrs r3, r2, #3 > >> >>> > 774: 781b ldrb r3, [r3, #0] > >> >>> > 776: 2b00 cmp r3, #0 > >> >>> > 778: 9011 str r0, [sp, #68] ; 0x44 > >> >>> > 77a: 9110 str r1, [sp, #64] ; 0x40 > >> >>> > 77c: 930f str r3, [sp, #60] ; 0x3c > >> >>> > 77e: d00c beq.n 79a <main+0xce> > >> >>> > 780: e7ff b.n 782 <main+0xb6> > >> >>> > 782: 9810 ldr r0, [sp, #64] ; 0x40 > >> >>> > 784: f000 0107 and.w r1, r0, #7 > >> >>> > 788: 3103 adds r1, #3 > >> >>> > 78a: 9a0f ldr r2, [sp, #60] ; 0x3c > >> >>> > 78c: b253 sxtb r3, r2 > >> >>> > 78e: 4299 cmp r1, r3 > >> >>> > 790: db03 blt.n 79a <main+0xce> > >> >>> > 792: e7ff b.n 794 <main+0xc8> > >> >>> > 794: 9810 ldr r0, [sp, #64] ; 0x40 > >> >>> > 796: f7ff ef04 blx 5a0 <__asan_report_store4@plt> > >> >>> > 79a: 9811 ldr r0, [sp, #68] ; 0x44 > >> >>> > 79c: 9916 ldr r1, [sp, #88] ; 0x58 > >> >>> > 79e: 6008 str r0, [r1, #0] > >> >>> > printf("Now should be an error: memcpy-param-overlap\n"); > >> >>> > 7a0: 4a5c ldr r2, [pc, #368] ; (914 > <main+0x248>) > >> >>> > 7a2: 4b5d ldr r3, [pc, #372] ; (918 > <main+0x24c>) > >> >>> > 7a4: 447b add r3, pc > >> >>> > 7a6: 18d0 adds r0, r2, r3 > >> >>> > 7a8: f7ff ef06 blx 5b8 <printf@plt> > >> >>> > memcpy(array, array+1, sizeof(int)*8); > >> >>> > 7ac: 9916 ldr r1, [sp, #88] ; 0x58 > >> >>> > 7ae: 9a16 ldr r2, [sp, #88] ; 0x58 > >> >>> > 7b0: 08d3 lsrs r3, r2, #3 > >> >>> > 7b2: 781b ldrb r3, [r3, #0] > >> >>> > 7b4: 2b00 cmp r3, #0 > >> >>> > 7b6: 900e str r0, [sp, #56] ; 0x38 > >> >>> > 7b8: 910d str r1, [sp, #52] ; 0x34 > >> >>> > 7ba: 930c str r3, [sp, #48] ; 0x30 > >> >>> > 7bc: d00c beq.n 7d8 <main+0x10c> > >> >>> > 7be: e7ff b.n 7c0 <main+0xf4> > >> >>> > 7c0: 980d ldr r0, [sp, #52] ; 0x34 > >> >>> > 7c2: f000 0107 and.w r1, r0, #7 > >> >>> > 7c6: 3103 adds r1, #3 > >> >>> > 7c8: 9a0c ldr r2, [sp, #48] ; 0x30 > >> >>> > 7ca: b253 sxtb r3, r2 > >> >>> > 7cc: 4299 cmp r1, r3 > >> >>> > 7ce: db03 blt.n 7d8 <main+0x10c> > >> >>> > 7d0: e7ff b.n 7d2 <main+0x106> > >> >>> > 7d2: 980d ldr r0, [sp, #52] ; 0x34 > >> >>> > 7d4: f7ff eef6 blx 5c4 <__asan_report_load4@plt> > >> >>> > 7d8: 9816 ldr r0, [sp, #88] ; 0x58 > >> >>> > 7da: 6801 ldr r1, [r0, #0] > >> >>> > 7dc: 460a mov r2, r1 > >> >>> > 7de: 460b mov r3, r1 > >> >>> > 7e0: f101 0c04 add.w ip, r1, #4 > >> >>> > 7e4: 46e6 mov lr, ip > >> >>> > 7e6: 08cc lsrs r4, r1, #3 > >> >>> > 7e8: 7824 ldrb r4, [r4, #0] > >> >>> > 7ea: 2c00 cmp r4, #0 > >> >>> > 7ec: 910b str r1, [sp, #44] ; 0x2c > >> >>> > 7ee: 920a str r2, [sp, #40] ; 0x28 > >> >>> > 7f0: 9309 str r3, [sp, #36] ; 0x24 > >> >>> > 7f2: f8cd e020 str.w lr, [sp, #32] > >> >>> > 7f6: f8cd c01c str.w ip, [sp, #28] > >> >>> > 7fa: 9406 str r4, [sp, #24] > >> >>> > 7fc: d00c beq.n 818 <main+0x14c> > >> >>> > 7fe: e7ff b.n 800 <main+0x134> > >> >>> > 800: 980b ldr r0, [sp, #44] ; 0x2c > >> >>> > 802: f000 0107 and.w r1, r0, #7 > >> >>> > 806: 9a06 ldr r2, [sp, #24] > >> >>> > 808: b253 sxtb r3, r2 > >> >>> > 80a: 4299 cmp r1, r3 > >> >>> > 80c: db04 blt.n 818 <main+0x14c> > >> >>> > 80e: e7ff b.n 810 <main+0x144> > >> >>> > 810: 2120 movs r1, #32 > >> >>> > 812: 980b ldr r0, [sp, #44] ; 0x2c > >> >>> > 814: f7ff eedc blx 5d0 <__asan_report_store_n@plt> > >> >>> > 818: 980a ldr r0, [sp, #40] ; 0x28 > >> >>> > 81a: f100 011f add.w r1, r0, #31 > >> >>> > 81e: 460a mov r2, r1 > >> >>> > 820: 08c9 lsrs r1, r1, #3 > >> >>> > 822: 7809 ldrb r1, [r1, #0] > >> >>> > 824: 2900 cmp r1, #0 > >> >>> > 826: 9205 str r2, [sp, #20] > >> >>> > 828: 9104 str r1, [sp, #16] > >> >>> > 82a: d00c beq.n 846 <main+0x17a> > >> >>> > 82c: e7ff b.n 82e <main+0x162> > >> >>> > 82e: 9805 ldr r0, [sp, #20] > >> >>> > 830: f000 0107 and.w r1, r0, #7 > >> >>> > 834: 9a04 ldr r2, [sp, #16] > >> >>> > 836: b253 sxtb r3, r2 > >> >>> > 838: 4299 cmp r1, r3 > >> >>> > 83a: db04 blt.n 846 <main+0x17a> > >> >>> > 83c: e7ff b.n 83e <main+0x172> > >> >>> > 83e: 2120 movs r1, #32 > >> >>> > 840: 9805 ldr r0, [sp, #20] > >> >>> > 842: f7ff eec6 blx 5d0 <__asan_report_store_n@plt> > >> >>> > 846: 9808 ldr r0, [sp, #32] > >> >>> > 848: 9908 ldr r1, [sp, #32] > >> >>> > 84a: 08ca lsrs r2, r1, #3 > >> >>> > 84c: 7812 ldrb r2, [r2, #0] > >> >>> > 84e: 2a00 cmp r2, #0 > >> >>> > 850: 9003 str r0, [sp, #12] > >> >>> > 852: 9202 str r2, [sp, #8] > >> >>> > 854: d00c beq.n 870 <main+0x1a4> > >> >>> > 856: e7ff b.n 858 <main+0x18c> > >> >>> > 858: 9803 ldr r0, [sp, #12] > >> >>> > 85a: f000 0107 and.w r1, r0, #7 > >> >>> > 85e: 9a02 ldr r2, [sp, #8] > >> >>> > 860: b253 sxtb r3, r2 > >> >>> > 862: 4299 cmp r1, r3 > >> >>> > 864: db04 blt.n 870 <main+0x1a4> > >> >>> > 866: e7ff b.n 868 <main+0x19c> > >> >>> > 868: 2120 movs r1, #32 > >> >>> > 86a: 9803 ldr r0, [sp, #12] > >> >>> > 86c: f7ff eeb6 blx 5dc <__asan_report_load_n@plt> > >> >>> > 870: 9808 ldr r0, [sp, #32] > >> >>> > 872: f100 011f add.w r1, r0, #31 > >> >>> > 876: 460a mov r2, r1 > >> >>> > 878: 08c9 lsrs r1, r1, #3 > >> >>> > 87a: 7809 ldrb r1, [r1, #0] > >> >>> > 87c: 2900 cmp r1, #0 > >> >>> > 87e: 9201 str r2, [sp, #4] > >> >>> > 880: 9100 str r1, [sp, #0] > >> >>> > 882: d00c beq.n 89e <main+0x1d2> > >> >>> > 884: e7ff b.n 886 <main+0x1ba> > >> >>> > 886: 9801 ldr r0, [sp, #4] > >> >>> > 888: f000 0107 and.w r1, r0, #7 > >> >>> > 88c: 9a00 ldr r2, [sp, #0] > >> >>> > 88e: b253 sxtb r3, r2 > >> >>> > 890: 4299 cmp r1, r3 > >> >>> > 892: db04 blt.n 89e <main+0x1d2> > >> >>> > 894: e7ff b.n 896 <main+0x1ca> > >> >>> > 896: 2120 movs r1, #32 > >> >>> > 898: 9801 ldr r0, [sp, #4] > >> >>> > 89a: f7ff eea0 blx 5dc <__asan_report_load_n@plt> > >> >>> > 89e: 9807 ldr r0, [sp, #28] > >> >>> > 8a0: f960 0a8f vld1.32 {d16-d17}, [r0] > >> >>> > 8a4: 9909 ldr r1, [sp, #36] ; 0x24 > >> >>> > 8a6: f941 0a8f vst1.32 {d16-d17}, [r1] > >> >>> > 8aa: f101 0210 add.w r2, r1, #16 > >> >>> > 8ae: f100 0310 add.w r3, r0, #16 > >> >>> > 8b2: f963 0a8f vld1.32 {d16-d17}, [r3] > >> >>> > 8b6: f942 0a8f vst1.32 {d16-d17}, [r2] > >> >>> > 8ba: f243 620e movw r2, #13838 ; 0x360e > >> >>> > 8be: f2c4 52e0 movt r2, #17888 ; 0x45e0 > >> >>> > return 0; > >> >>> > 8c2: 9b17 ldr r3, [sp, #92] ; 0x5c > >> >>> > 8c4: 601a str r2, [r3, #0] > >> >>> > 8c6: efc0 0050 vmov.i32 q8, #0 ; 0x00000000 > >> >>> > 8ca: 9a13 ldr r2, [sp, #76] ; 0x4c > >> >>> > 8cc: f942 0a8f vst1.32 {d16-d17}, [r2] > >> >>> > 8d0: f04f 0c00 mov.w ip, #0 > >> >>> > 8d4: f8c2 c010 str.w ip, [r2, #16] > >> >>> > 8d8: f8df c028 ldr.w ip, [pc, #40] ; 904 > <main+0x238> > >> >>> > 8dc: f8df e03c ldr.w lr, [pc, #60] ; 91c > <main+0x250> > >> >>> > 8e0: 44fe add lr, pc > >> >>> > 8e2: f85c c00e ldr.w ip, [ip, lr] > >> >>> > 8e6: f8dc c000 ldr.w ip, [ip] > >> >>> > 8ea: f8dd e10c ldr.w lr, [sp, #268] ; 0x10c > >> >>> > 8ee: 45f4 cmp ip, lr > >> >>> > 8f0: d105 bne.n 8fe <main+0x232> > >> >>> > 8f2: e7ff b.n 8f4 <main+0x228> > >> >>> > 8f4: 2000 movs r0, #0 > >> >>> > 8f6: f1a7 0408 sub.w r4, r7, #8 > >> >>> > 8fa: 46a5 mov sp, r4 > >> >>> > 8fc: bdb0 pop {r4, r5, r7, pc} > >> >>> > 8fe: f7ff ee74 blx 5e8 <__stack_chk_fail@plt> > >> >>> > 902: bf00 nop > >> >>> > 904: fff4 ffff ; <UNDEFINED> > instruction: > >> >>> > 0xfff4ffff > >> >>> > 908: 18e2 adds r2, r4, r3 > >> >>> > 90a: 0000 movs r0, r0 > >> >>> > 90c: ea84 ffff ; <UNDEFINED> > instruction: > >> >>> > 0xea84ffff > >> >>> > 910: fff0 ffff ; <UNDEFINED> > instruction: > >> >>> > 0xfff0ffff > >> >>> > 914: ea1c ffff ; <UNDEFINED> > instruction: > >> >>> > 0xea1cffff > >> >>> > 918: 181c adds r4, r3, r0 > >> >>> > 91a: 0000 movs r0, r0 > >> >>> > 91c: 16e0 asrs r0, r4, #27 > >> >>> > > >> >>> > I thought memcpy disassemable should have "blx 32c > <memcpy@plt>" > >> >>> > line, > >> >>> > so it can call the interceptors in libasan_preload.so, but now > seems > >> >>> > we > >> >>> > got > >> >>> > some buildin functions in Clang? The same happened at memmove, > that > >> >>> > the > >> >>> > interceptors not working now. > >> >>> > > >> >>> > -- > >> >>> > You received this message because you are subscribed to the > Google > >> >>> > Groups > >> >>> > "address-sanitizer" group. > >> >>> > To unsubscribe from this group and stop receiving emails from it, > >> >>> > send > >> >>> > an > >> >>> > email to [email protected]. > >> >>> > For more options, visit https://groups.google.com/d/optout. > >> >>> > >> >>> > >> >>> > >> >>> -- > >> >>> Alexander Potapenko > >> >>> Software Engineer > >> >>> Google Moscow > >> >> > >> >> -- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "address-sanitizer" group. > >> >> To unsubscribe from this group and stop receiving emails from it, > send > >> >> an > >> >> email to [email protected]. > >> >> For more options, visit https://groups.google.com/d/optout. > >> > > >> > > >> > > >> > -- > >> > Alexander Potapenko > >> > Software Engineer > >> > Google Moscow > >> > >> > >> > >> -- > >> Alexander Potapenko > >> Software Engineer > >> Google Moscow > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "address-sanitizer" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
