Dodji Seketeli wrote:
This patch imports the initial state of asan as it was in the
Google branch.
It provides basic infrastructure for asan to instrument memory
accesses on the heap, at -O3. Note that it supports neither stack nor
global variable protection.
I tried the 01/10 to 10/10 patch series but it doesn't trigger for the
following test case:
#include <stdlib.h>
#include <stdio.h>
int
main() {
int *i;
i = malloc(10*sizeof(*i));
free(i); /* <<< Free memory. */
i[10] = 5; /* <<< out of boundary even if not freed. */
printf("%d\n", i[11]); /* <<< out of boundary even if not freed. */
return 0;
}
(All of them are reported by Clang.) If I look at the dump (or
assembler), I see the call to __asan_init, __asan_report_store4 and
__asan_report_load4. However, when running the program ltrace only shows
the calls to: __libc_start_main, __asan_init, malloc, free and printf. I
haven't debugged why the condition is false [see attachment for the dump].
Other issues:
* libasan does not seem to be a multilib, at least I only find the 64bit
version on x86-64-gnu-linux such that "-m32" compilation fails.
* -fno-address-sanitizer doesn't work (it does in Clang); it is
explicitly disabled via RejectNegative in gcc/common.opt
* Probably fixed on the branch: gcc/gcc.c still has "fasan" instead of
"faddress-sanitizer" for the spec:
+ %{fasan:-lasan}
Tobias
#include <stdlib.h>
#include <stdio.h>
int
main() {
int *i;
i = malloc(10*sizeof(*i));
free(i); /* <<< Free memory. */
i[10] = 5; /* <<< out of boundary even if not freed. */
printf("%d\n", i[11]); /* <<< out of boundary even if not freed. */
return 0;
}
;; Function main (main, funcdef_no=2, decl_uid=2680, cgraph_uid=2)
main ()
{
int * i;
int D.2687;
int D.2686;
int * D.2685;
int * D.2684;
int * _2;
int * _3;
int _4;
int _5;
unsigned long _6;
unsigned long _7;
unsigned long _8;
unsigned char * _9;
unsigned char _10;
_Bool _11;
unsigned long _12;
unsigned char _13;
unsigned char _14;
_Bool _15;
_Bool _16;
unsigned long _17;
unsigned long _18;
unsigned long _19;
unsigned char * _20;
unsigned char _21;
_Bool _22;
unsigned long _23;
unsigned char _24;
unsigned char _25;
_Bool _26;
_Bool _27;
<bb 2>:
i_1 = malloc (40);
free (i_1);
_2 = i_1 + 40;
_6 = (unsigned long) _2;
_7 = _6 >> 3;
_8 = _7 + 17592186044416;
_9 = (unsigned char *) _8;
_10 = *_9;
_11 = _10 != 0;
_12 = _6 & 7;
_13 = (unsigned char) _12;
_14 = _13 + 3;
_15 = _14 >= _10;
_16 = _11 & _15;
if (_16 != 0)
goto <bb 5>;
else
goto <bb 4>;
<bb 5>:
__asan_report_store4 (_6);
<bb 4>:
*_2 = 5;
_3 = i_1 + 44;
_17 = (unsigned long) _3;
_18 = _17 >> 3;
_19 = _18 + 17592186044416;
_20 = (unsigned char *) _19;
_21 = *_20;
_22 = _21 != 0;
_23 = _17 & 7;
_24 = (unsigned char) _23;
_25 = _24 + 3;
_26 = _25 >= _21;
_27 = _22 & _26;
if (_27 != 0)
goto <bb 7>;
else
goto <bb 6>;
<bb 7>:
__asan_report_load4 (_17);
<bb 6>:
_4 = *_3;
printf ("%d\n", _4);
_5 = 0;
<L0>:
return _5;
}
;; Function _GLOBAL__sub_I_00099_0_main (_GLOBAL__sub_I_00099_0_main,
funcdef_no=3, decl_uid=2700, cgraph_uid=0)
_GLOBAL__sub_I_00099_0_main ()
{
<bb 2>:
__asan_init ();
return;
}
