https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61771
Bug ID: 61771
Summary: Regressions in ASan testsuite on ARM Linux
Product: gcc
Version: 4.10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: chefmax at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
y.gribov at samsung dot com
Host: x86_64-pc-linux-gnu
Target: arm-linux-gnueabi
Created attachment 33101
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33101&action=edit
heap-overflow-1 output
I see some regressions (e.g. heap-overflow-1) in Asan testsuite on ARM Linux.
It seems that libsanitizer couldn't unwind stack from __interceptor_malloc()
function by using StackTrace::FastUnwindStack. Same test works fine with Clang
on ARM.
After some investigation, I noticed, that StackTrace::FastUnwindStack reads fp
and lr from wrong stack slot. I suppose this related with different
code producing by GCC and Clang in __interceptor_malloc() prologue.
This is a small reprocase:
extern int func2(int i);
int func(int i) {
return func2(i);
}
Clang builds such code in func prologue:
.save {r11, lr}
push {r11, lr}
.setfp r11, sp
mov r11, sp
GCC builds another one:
.save {fp, lr}
str fp, [sp, #-8]!
str lr, [sp, #4]
.setfp fp, sp, #4
add fp, sp, #4
As we can see, the LLVM code results in the frame pointer pointing to just
after the pushed R11(fp) register on the stack, while the GCC code results in
the frame pointer pointing to just after the pushed LR register on the stack
(related discussion in LLVM is
http://comments.gmane.org/gmane.comp.compilers.llvm.devel/69514).
This is not a bug in libsanitizer but rather an ABI mismatch between GCC and
LLVM. Any ideas how to proceed with this?
-Maxim
