[Bug sanitizer/55309] gcc's address-sanitizer 66% slower than clang's

Fri, 22 Feb 2013 05:52:46 -0800 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55309



--- Comment #47 from Kostya Serebryany <kcc at gcc dot gnu.org> 2013-02-22 
13:52:12 UTC ---

(In reply to comment #46)

> (In reply to comment #43)

> > 400.perlbench fails with a global-buffer-overflow which clang does not 
> > detect.

> > I did not investigate why. It could be a gcc false positive or clang false

> > negative.

> 

> On which file/function the global-buffer-overflow was?  Can you send me the

> asan diagnostics?



Interestingly, the symbolization/debuginfo seems to be completely broken :( 



% g++ -g -fsanitize=address ./use-after-free.cc -static-libasan ; ./a.out  2>&1

| grep '#0'

    #0 0x4179c2 (/home/kcc/tmp/a.out+0x4179c2)

    #0 0x40f18a (/home/kcc/tmp/a.out+0x40f18a)

    #0 0x40f26a (/home/kcc/tmp/a.out+0x40f26a)

% addr2line -f -e ./a.out 0x4179c2 0x40f18a 0x40f26a 

main

??:0

free

??:0

malloc

??:0

% 



==580== ERROR: AddressSanitizer: global-buffer-overflow on address

0x00000078e2a5 at pc 0x4e47d7 bp 0x7fffa2fbc7b0 sp 0x7fffa2fbc7a8

READ of size 1 at 0x00000078e2a5 thread T0

    #0 0x4e47d6 in PerlIO_find_layer

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e47d6)

    #1 0x4e63e6 in PerlIO_default_buffer

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e63e6)

    #2 0x4e678e in PerlIO_default_layers

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e678e)

    #3 0x4e7a41 in PerlIO_resolve_layers

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e7a41)

    #4 0x4e8145 in PerlIO_openn

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e8145)

    #5 0x4f5d32 in PerlIO_open

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4f5d32)

    #6 0x4dd808 in S_open_script

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4dd808)

    #7 0x4d3be6 in S_parse_body

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4d3be6)

    #8 0x4d2a4b in perl_parse

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4d2a4b)

    #9 0x4f6ee8 in main

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4f6ee8)

    #10 0x7fd3a245376c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)

    #11 0x4037d8

(benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4037d8)

0x00000078e2a5 is located 0 bytes to the right of global variable '*.LC50

(perlio.c)' (0x78e2a0) of size 5

  '*.LC50 (perlio.c)' is ascii string 'unix'

SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 PerlIO_find_layer









> 

> > 464.h264ref is VERY slow, I did not look why.

> 

> And it didn't fail on that:

>     for (dd=d[k=0]; k<16; dd=d[++k])

>     {

>       satd += (dd < 0 ? -dd : dd);

>     }

> or have you fixed that up in your SPEC sources?



Interestingly, no. I haven't touched SPEC sources here. 

Maybe gcc does full unroll thus eliminating the buggy read (I did not check).

Reply via email to