[Bug sanitizer/86755] New: [ASAN] Libasan failed to be build for arm with -mthumb and -fno-omit-frame-pointer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86755
Bug ID: 86755
Summary: [ASAN] Libasan failed to be build for arm with -mthumb
and -fno-omit-frame-pointer
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: d.khalikov at partner dot samsung.com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Created attachment 44471
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=44471=edit
Reduced test case
GCC fails to build libasan with -mthumb and -fno-omit-frame-pointer
../../../../libsanitizer/sanitizer_common/sanitizer_linux.cc: In function
'__sanitizer::uptr __sanitizer::internal_clone(int (*)(void*), void*, int,
void*, int*, void*, int*)':
../../../../libsanitizer/sanitizer_common/sanitizer_linux.cc:1540:1: error: r7
cannot be used in asm here
}
The problem is inside internal_clone function defined for arm.
Reduced test case:
$cat clone.cc
#define __NR_clone 120
#define __NR_exit 1
using uptr = unsigned int;
unsigned int EINVAL = 1;
uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
int *parent_tidptr, void *newtls, int *child_tidptr) {
unsigned int res;
if (!fn || !child_stack)
return -EINVAL;
child_stack = (char *)child_stack - 2 * sizeof(unsigned int);
((unsigned int *)child_stack)[0] = (uptr)fn;
((unsigned int *)child_stack)[1] = (uptr)arg;
register int r0 __asm__("r0") = flags;
register void *r1 __asm__("r1") = child_stack;
register int *r2 __asm__("r2") = parent_tidptr;
register void *r3 __asm__("r3") = newtls;
register int *r4 __asm__("r4") = child_tidptr;
register int r7 __asm__("r7") = __NR_clone;
#if __ARM_ARCH > 4 || defined (__ARM_ARCH_4T__)
# define ARCH_HAS_BX
#endif
#if __ARM_ARCH > 4
# define ARCH_HAS_BLX
#endif
#ifdef ARCH_HAS_BX
# ifdef ARCH_HAS_BLX
# define BLX(R) "blx " #R "\n"
# else
# define BLX(R) "mov lr, pc; bx " #R "\n"
# endif
#else
# define BLX(R) "mov lr, pc; mov pc," #R "\n"
#endif
__asm__ __volatile__(
/* %r0 = syscall(%r7 = SYSCALL(clone),
* %r0 = flags,
* %r1 = child_stack,
* %r2 = parent_tidptr,
* %r3 = new_tls,
* %r4 = child_tidptr)
*/
/* Do the system call */
"swi 0x0\n"
/* if (%r0 != 0)
* return %r0;
*/
"cmp r0, #0\n"
"bne 1f\n"
/* In the child, now. Call "fn(arg)". */
"ldr r0, [sp, #4]\n"
"ldr ip, [sp], #8\n"
BLX(ip)
/* Call _exit(%r0). */
"mov r7, %7\n"
"swi 0x0\n"
"1:\n"
"mov %0, r0\n"
: "=r"(res)
: "r"(r0), "r"(r1), "r"(r2), "r"(r3), "r"(r4), "r"(r7),
"i"(__NR_exit)
: "memory");
return res;
}
$armv7l-linux-gnueabi-g++ -o clone.s clone.cc -fno-omit-frame-pointer -mthumb
-S
clone.cc: In function ‘uptr internal_clone(int (*)(void*), void*, int, void*,
int*, void*, int*)’:
clone.cc:70:1: error: r7 cannot be used in asm here
Regarding to arm ABI, r7 register is using for syscall number, r0 for return
value, and r1 - r6 for syscall arguments, by the way r7 for arm with THUMB2
mode is using as frame pointer and it looks like we have a conflict in this
case. As far as I understood, GCC has a special check inside IRA
if (!TEST_HARD_REG_BIT (crtl->asm_clobbers, HARD_FRAME_POINTER_REGNUM)), which
does not allow to have frame pointer register as clobber register.
In other way, there is no issue with clang:
clang++ -target armv7l -S -o clone.s clone.cc -mthumb -fno-omit-frame-pointer
So, looks like we can save syscall number in r8 register, move it to r7 before
we the interruption, and restore the value in the parent task.
register int r8 __asm__("r8") = __NR_clone;
__asm__ __volatile__(
/* %r0 = syscall(%r7 = SYSCALL(clone),
[Bug other/86198] Libbacktrace does not properly work with ".note.gnu.build-id" section
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86198 Denis Khalikov changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #5 from Denis Khalikov --- Fixed on trunk.
[Bug other/86198] Libbacktrace does not properly work with ".note.gnu.build-id" section
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86198
--- Comment #2 from Denis Khalikov ---
Looks like that feature was implemented by this patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff;f=bfd/opncls.c;h=b4d4dcf64643145e71e70dba29cd8208c945ddec;hp=10684d2682da7623f4b2f3426eaa2d2ba0cd85b0;hb=2425a30e406a0523020b7e70abb864a06a45bb97;hpb=620214f742f7816e2844e1bb7f78a7a684431927
As I understood that code right, it takes "error" branch if size of the section
less than 0x24.
if (size < 0x24)
{
bfd_set_error (bfd_error_invalid_operation);
return NULL;
}
The libbacktrace instead verifies the section to be less than 0x24, should we
change it
from:
2871 && shdr->sh_size < 12 + ((note->namesz + 3) & ~ 3) +
note->descsz)
to:
2871 && shdr->sh_size == 12 + ((note->namesz + 3) & ~ 3) +
note->descsz)
?
[Bug other/86198] New: Libbacktrace does not properly work with ".note.gnu.build-id" section
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86198
Bug ID: 86198
Summary: Libbacktrace does not properly work with
".note.gnu.build-id" section
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: d.khalikov at partner dot samsung.com
Target Milestone: ---
An error happens when libbacktrace is reading ".note.gnu.build-id" section and
effects the feature which allows to read stripped debuginfo with build-id.
Steps to reproduce:
(I will use libasan in my test case, because it's easy and libbacktrace is a
default symbolizer for libasan in GCC).
1.$cat a.cc
int main () {
int *ptr = new int[1];
return ptr[1];
}
2.$g++ -o a a.cc -fsanitize=address -g
-Wl,--build-id=0x0123456789abcdef0123456789abcdef01234567
3.$objcopy --only-keep-debug a a.debug
4.$strip a
5. In this step we need a superuser rights:
#mkdir /usr/lib/debug/.build-id/01
#ln -s `pwd`/a.debug
/usr/lib/debug/.build-id/01/23456789abcdef0123456789abcdef01234567.debug
6. ./a
output:
...
#0 0x4007cf (/path/to/exe/a+0x4007cf)
...
The problem at the libbacktrace/elf.c line 2871
2866 buildid_view_valid = 1;
2867 note = (const b_elf_note *) buildid_view.data;
2868 if (note->type == NT_GNU_BUILD_ID
2869 && note->namesz == 4
2870 && strncmp (note->name, "GNU", 4) == 0
2871 && shdr->sh_size < 12 + ((note->namesz + 3) & ~ 3) +
note->descsz)
2872 {
2873 buildid_data = >name[0] + ((note->namesz + 3) & ~ 3);
2874 buildid_size = note->descsz;
2875 }
2876 }
The size for the ".note.gnu.build-id" section by default is 36 bytes (12 + 4 +
20)
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/developer_guide/compiling-build-id
So, the cmp on line 2871 should be changed from less to less or equal
2871 && shdr->sh_size <= 12 + ((note->namesz + 3) & ~ 3) +
note->descsz)
[Bug sanitizer/80414] [UBSAN] segfault with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80414 Denis Khalikov changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #2 from Denis Khalikov --- Fixed.
[Bug sanitizer/86090] [ASAN] ASAN does not properly configure libbacktrace.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86090 Denis Khalikov changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #4 from Denis Khalikov --- Fixed on trunk.
[Bug sanitizer/86090] New: [ASAN] ASAN does not properly configure libbacktrace.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86090
Bug ID: 86090
Summary: [ASAN] ASAN does not properly configure libbacktrace.
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: d.khalikov at partner dot samsung.com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Created attachment 44252
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=44252=edit
libsanitizer.patch
Since sanitizers build libbacktrace from source, sanitizer's configure should
check for lstat and readlink function directly, because by default libbacktrace
uses dummy versions which return -1 and therefore could not symbolize stripped
debuginfo with gnu-debuglink.
Steps to reproduce:
$g++ --version
output:
g++ (GCC) 9.0.0 20180606 (experimental)
$cat test.cc
int main () { int *ptr = new int[1]; return ptr[1]; }
$g++ -o test test.cc -fsanitize=address -g
$objcopy --only-keep-debug test test.debug
$strip -g test
$objcopy --add-gnu-debuglink=test.debug test
./test
output:
...
#0 0x4007af in main (/path/to/exe/test+0x4007af)
...
The backtrace is not symbolized.
Possible patch is attached.
[Bug sanitizer/81923] [ASAN] gcc emites wrong odr asan instrumentation for glibc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81923 --- Comment #8 from Denis Khalikov --- Works for me. Thanks.
[Bug sanitizer/81923] [ASAN] gcc emites wrong odr asan instrumentation for glibc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81923 --- Comment #3 from Denis Khalikov --- Created attachment 42064 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42064=edit temp.S
[Bug sanitizer/81923] [ASAN] gcc emites wrong odr asan instrumentation for glibc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81923 --- Comment #2 from Denis Khalikov --- confgiure flags: configure_flags="--prefix=/usr --without-cvs --without-selinux --enable-stackguard-randomization --enable-obsolete-rpc --disable-sanity-checks" cc1 invocation: /home/denis/gcc-build-trunk/libexec/gcc/x86_64-linux-gnu/8.0.0/cc1 -quiet -v -I programs -I ../include -I /home/denis/glibc-2.24-build/build/locale -I /home/denis/glibc-2.24-build/build -I ../sysdeps/unix/sysv/linux/x86_64/64 -I ../sysdeps/unix/sysv/linux/x86_64 -I ../sysdeps/unix/sysv/linux/x86 -I ../sysdeps/unix/sysv/linux/wordsize-64 -I ../sysdeps/x86_64/nptl -I ../sysdeps/unix/sysv/linux/include -I ../sysdeps/unix/sysv/linux -I ../sysdeps/nptl -I ../sysdeps/pthread -I ../sysdeps/gnu -I ../sysdeps/unix/inet -I ../sysdeps/unix/sysv -I ../sysdeps/unix/x86_64 -I ../sysdeps/unix -I ../sysdeps/posix -I ../sysdeps/x86_64/64 -I ../sysdeps/x86_64/fpu/multiarch -I ../sysdeps/x86_64/fpu -I ../sysdeps/x86/fpu/include -I ../sysdeps/x86/fpu -I ../sysdeps/x86_64/multiarch -I ../sysdeps/x86_64 -I ../sysdeps/x86 -I ../sysdeps/ieee754/ldbl-96 -I ../sysdeps/ieee754/dbl-64/wordsize-64 -I ../sysdeps/ieee754/dbl-64 -I ../sysdeps/ieee754/flt-32 -I ../sysdeps/wordsize-64 -I ../sysdeps/ieee754 -I ../sysdeps/generic -I .. -I ../libio -I . -imultiarch x86_64-linux-gnu -MD /home/denis/glibc-2.24-build/build/locale/SYS_libc.d -MF /home/denis/glibc-2.24-build/build/locale/SYS_libc.os.dt -MP -MT /home/denis/glibc-2.24-build/build/locale/SYS_libc.os -D COMPLOCALEDIR="/usr/lib/locale" -D LOCALE_ALIAS_PATH="/usr/share/locale" -D _LIBC_REENTRANT -D MODULE_NAME=libc -D PIC -D SHARED -include /home/denis/glibc-2.24-build/build/libc-modules.h -include ../include/libc-symbols.h SYS_libc.c -quiet -dumpbase SYS_libc.c -mtune=generic -march=x86-64 -auxbase-strip /home/denis/glibc-2.24-build/build/locale/SYS_libc.os -g -O2 -Wall -Wundef -Wwrite-strings -Wstrict-prototypes -Wold-style-definition -Wno-error -std=gnu11 -version -fgnu89-inline -fmerge-all-constants -frounding-math -fPIC -ftls-model=initial-exec -fsanitize=address -fno-omit-frame-pointer --param asan-use-after-return=0 -o temp.s as invocation: as -o temp.o temp.S I also attached file after cc1 stage.
[Bug sanitizer/81923] New: [ASAN] gcc emites wrong odr asan instrumentation for glibc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81923
Bug ID: 81923
Summary: [ASAN] gcc emites wrong odr asan instrumentation for
glibc
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: d.khalikov at partner dot samsung.com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Hello,
I'm currently working on enabling the build of glibc with ASan instrumentation
and facing this type of error:
/tmp/ccKWa1tS.s: Assembler messages:
/tmp/ccKWa1tS.s:20: Error: junk at end of line, first unrecognized character is
`*'
/tmp/ccKWa1tS.s:21: Error: junk at end of line, first unrecognized character is
`*'
/tmp/ccKWa1tS.s:23: Error: unrecognized symbol type ""
/tmp/ccKWa1tS.s:23: Error: junk at end of line, first unrecognized character is
`*'
/tmp/ccKWa1tS.s:24: Error: expected comma after name `__odr_asan.' in .size
directive
/tmp/ccKWa1tS.s:25: Error: invalid character '*' in mnemonic
/tmp/ccKWa1tS.s:53: Error: invalid operands (*UND* and .rodata sections) for
`*'
As far as I understood, the KASAN disables this type of instrumentation:
2567 static bool
2568 asan_needs_odr_indicator_p (tree decl)
2569 {
2570 /* Don't emit ODR indicators for kernel because:
2571 a) Kernel is written in C thus doesn't need ODR indicators.
2572 b) Some kernel code may have assumptions about symbols containing
specific
2573 patterns in their names. Since ODR indicators contain original
names
2574 of symbols they are emitted for, these assumptions would be broken
for
2575 ODR indicator symbols. */
2576 return (!(flag_sanitize & SANITIZE_KERNEL_ADDRESS)
2577 && !DECL_ARTIFICIAL (decl)
2578 && !DECL_WEAK (decl)
2579 && TREE_PUBLIC (decl));
2580 }
Could it be some solution for glibc ? Or may be "compile time" flag.
Thanks.
[Bug sanitizer/81081] [ASAN] ASAN is not properly calling libbacktrace to symbolize program written on assembler
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81081 --- Comment #9 from Denis Khalikov --- I've added patch for review https://reviews.llvm.org/D34149
[Bug sanitizer/77631] no symbols in backtrace shown by ASan when debug info is split
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77631 Denis Khalikov changed: What|Removed |Added Attachment #41478|0 |1 is obsolete|| --- Comment #10 from Denis Khalikov --- Created attachment 41574 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41574=edit patch for PR sanitizer/77631
[Bug sanitizer/81081] [ASAN] ASAN is not properly calling libbacktrace to symbolize program written on assembler
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81081 --- Comment #7 from Denis Khalikov --- Thanks, I was mistaken, fix should be in the libbacktrace.
[Bug sanitizer/81081] [ASAN] ASAN is not properly calling libbacktrace to symbolize program written on assembler
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81081
--- Comment #5 from Denis Khalikov ---
As I understood libbacktrace has two main calls to symbolize pc.
1. backtrace_pcinfo
/* Given a PC, find the file name, line number, and function name. */
164
165 int
166 backtrace_pcinfo (struct backtrace_state *state, uintptr_t pc,
167 backtrace_full_callback callback,
168 backtrace_error_callback error_callback, void *data)
169 {
which initializing data with filename, line number and function name from
debuginfo sections
817 if (!backtrace_dwarf_add (state, base_address,
818 sections[DEBUG_INFO].data,
819 sections[DEBUG_INFO].size,
820 sections[DEBUG_LINE].data,
821 sections[DEBUG_LINE].size,
822 sections[DEBUG_ABBREV].data,
823 sections[DEBUG_ABBREV].size,
824 sections[DEBUG_RANGES].data,
825 sections[DEBUG_RANGES].size,
826 sections[DEBUG_STR].data,
827 sections[DEBUG_STR].size,
828 ehdr.e_ident[EI_DATA] == ELFDATA2MSB,
829 error_callback, data, fileline_fn))
830 goto fail;
831
832 *found_dwarf = 1;
179 /* Given a PC, find the symbol for it, and its value. */
2. backtrace_syminfo
int
182 backtrace_syminfo (struct backtrace_state *state, uintptr_t pc,
183backtrace_syminfo_callback callback,
184backtrace_error_callback error_callback, void *data)
185 {
Which is using only symbol table to intialize specific data. No debug info
needed.
748 if (!elf_initialize_syminfo (state, base_address,
749symtab_view.data, symtab_shdr->sh_size,
750strtab_view.data, strtab_shdr->sh_size,
751error_callback, data, sdata))
Those two calls using in function
156 bool LibbacktraceSymbolizer::SymbolizePC(uptr addr, SymbolizedStack *stack)
{
157 SymbolizeCodeCallbackArg data;
158 data.first = stack;
159 data.last = stack;
160 data.frames_symbolized = 0;
161 backtrace_pcinfo((backtrace_state *)state_, addr,
SymbolizeCodePCInfoCallback,
162ErrorCallback, );
163 if (data.frames_symbolized > 0)
164 return true;
165 backtrace_syminfo((backtrace_state *)state_, addr, SymbolizeCodeCallback,
166 ErrorCallback, );
167 return (data.frames_symbolized > 0);
168 }
with two callback:
1.
106 extern "C" {
107 static int SymbolizeCodePCInfoCallback(void *vdata, uintptr_t addr,
108const char *filename, int lineno,
109const char *function) {
110 SymbolizeCodeCallbackArg *cdata = (SymbolizeCodeCallbackArg *)vdata;
111 if (function) {
112 AddressInfo *info = cdata->get_new_frame(addr);
113 info->function = DemangleAlloc(function, /*always_alloc*/ true);
114 if (filename)
115 info->file = internal_strdup(filename);
116 info->line = lineno;
117 cdata->frames_symbolized++;
118 }
119 return 0;
120 }
2.122 static void SymbolizeCodeCallback(void *vdata, uintptr_t addr,
123 const char *symname, uintptr_t,
uintptr_t) {
124 SymbolizeCodeCallbackArg *cdata = (SymbolizeCodeCallbackArg *)vdata;
125 if (symname) {
126 AddressInfo *info = cdata->get_new_frame(addr);
127 info->function = DemangleAlloc(symname, /*always_alloc*/ true);
128 cdata->frames_symbolized++;
129 }
130 }
In my case we have partially valid data with line number, filename but we don't
have valid function name because debuginfo doesn't provide
DW_TAG_subprogram and libbacktrace can not find valid symbol for specific
address,
but this symbol was read from symbol table and have valid data.
My point is to read all data we have from first callback and if we don't have
valid function name we assume that pc is not properly symbolized and we go
to bactrace_syminfo which will read symbol data and increment
cdata->frames_symbolized++;
In case those two functions using completely different data to generate
backtrace.
Thanks.
[Bug sanitizer/81081] [ASAN] ASAN is not properly calling libbacktrace to symbolize program written on assembler
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81081
--- Comment #3 from Denis Khalikov ---
This fix
111 AddressInfo *info = cdata->get_new_frame(addr);
112 if (filename)
113 info->file = internal_strdup(filename);
114 info->line = lineno;
115 if (function) {
116 info->function = DemangleAlloc(function, /*always_alloc*/ true);
117 cdata->frames_symbolized++;
118 }
119 return 0;
120 }
solve my problem.
As far as I understood this chages should be made in llvm asan/
Should I send the patch Phabricator for review.
[Bug sanitizer/81081] New: [ASAN] ASAN is not properly calling libbacktrace to symbolize program written on assembler
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81081
Bug ID: 81081
Summary: [ASAN] ASAN is not properly calling libbacktrace to
symbolize program written on assembler
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: d.khalikov at partner dot samsung.com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Hello everyone,
I've faced a situation with ASan and program which were written on assembler
with debug info generated by "as".
In this case asan can't properly render symbolic info for that kind of program.
Steps to reproduce:
1.For test purpose we can generate assembler code by gcc from c code.
$cat test.c
int main() {
int ptr = 0x01;
int value = *(int *) ptr;
return 0;
}
/gcc-build-trunk/libexec/gcc/x86_64-linux-gnu/7.1.1/cc1 -quiet -v -imultiarch
x86_64-linux-gnu test.c -quiet -dumpbase test.c -mtune=generic -march=x86-64
-auxbase test -version -o test.S
2. Assemble the code and generate debug info.
as -v --64 -o test.o test.S -gdwarf-2
3.Link the program.
/gcc-build-trunk/libexec/gcc/x86_64-linux-gnu/7.1.1/collect2 -plugin
/gcc-build-trunk/libexec/gcc/x86_64-linux-gnu/7.1.1/liblto_plugin.so
-plugin-opt=/gcc-build-trunk/libexec/gcc/x86_64-linux-gnu/7.1.1/lto-wrapper
-plugin-opt=-fresolution=/tmp/ccuSSiyf.res -plugin-opt=-pass-through=-lgcc
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc
-plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s
--eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o
test /usr/lib/x86_64-linux-gnu/crt1.o /usr/lib/x86_64-linux-gnu/crti.o
/gcc-build-trunk/lib/gcc/x86_64-linux-gnu/7.1.1/crtbegin.o
-L/gcc-build-trunk/lib/gcc/x86_64-linux-gnu/7.1.1
-L/gcc-build-trunk/lib/gcc/x86_64-linux-gnu/7.1.1/../../../../lib64
-L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu
-L/gcc-build-trunk/lib/gcc/x86_64-linux-gnu/7.1.1/../../.. test.o -lgcc
--as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed
/gcc-build-trunk/lib/gcc/x86_64-linux-gnu/7.1.1/crtend.o
/usr/lib/x86_64-linux-gnu/crtn.o
4.Set LD_PRELOAD to look for segfault.
$export LD_PRELOAD=/lib64/libasan.so
$./test
#0 0x4004dd in main (test+0x4004dd)
As we can see symbolizer does not render the line number and filename, but
.debug_info section inside the file.
Looks like this happens because "as" can not generate dwarf tag
(DW_TAG_subprogram)
which consist address and name of the function.
In this case libbacktrace can't find function for specific address and call
callback with last param == NULL, which represents the name of the function:
return callback (data, pc, ln->filename, ln->lineno, NULL);
but filename and line number have a valid data.
The callback for backtrace_pcinfo check function and in case value is NULL
assumes that other data is not valid.
111 if (function) {
112 AddressInfo *info = cdata->get_new_frame(addr);
113 info->function = DemangleAlloc(function, /*always_alloc*/ true);
114 if (filename)
115 info->file = internal_strdup(filename);
116 info->line = lineno;
117 cdata->frames_symbolized++;
118 }
119 return 0;
LibbacktraceSymbolizer::SymbolizePC function
skips execution to backtrace_syminfo and this function can symbolize address by
data from symbol table in elf file without debuginfo section.
So, should the callback be like this:
111 AddressInfo *info = cdata->get_new_frame(addr);
112 if (filename)
113 info->file = internal_strdup(filename);
114 info->line = lineno;
115 if (function) {
116 info->function = DemangleAlloc(function, /*always_alloc*/ true);
117 cdata->frames_symbolized++;
118 }
119 return 0;
120 }
Thanks.
[Bug sanitizer/77631] no symbols in backtrace shown by ASan when debug info is split
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77631 Denis Khalikov changed: What|Removed |Added Attachment #40963|0 |1 is obsolete|| --- Comment #9 from Denis Khalikov --- Created attachment 41478 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41478=edit patch for PR sanitizer/77631 Hello everyone, I updated the patch. List of implemented functionality: 1. Reading .note.gnu.build-id section. a. Parsing section data. 2. Reading.gnu_debuglink section. a. Parsing section data. b. Verifying crc32 sum. 3. Searching for separate debug info file. a. /usr/lib/debug/.build-id b. /path/to/executable c. /path/to/executable/.debug d. /usr/lib/debug/path/to/executable This patch works for me. Anyway still waiting for review: https://gcc.gnu.org/ml/gcc-patches/2017-05/msg01462.html
[Bug sanitizer/80414] New: [UBSAN] segfault with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80414
Bug ID: 80414
Summary: [UBSAN] segfault with -fsanitize=undefined
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: d.khalikov at partner dot samsung.com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 41191
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41191=edit
patch
Hello everyone.
I got segfault on 32 bit host with -fsanitize=undefined
My test case:
# cat test.c
int main()
{
long long offset = 10;
char array[10];
char c = array[offset];
return 0;
}
# gcc -o test test.c -fsanitize=undefined -static-libubsan
# ./test
That happens while checking for bounds-strict option on 32 bit host.
As i can see gcc push value of the index to the stack before call
__ubsan_handle_out_of_bounds
67 subl$44, %esp
68 movl$10, -32(%ebp)
69 movl$0, -28(%ebp)
70 movl-32(%ebp), %ebx
71 movl-28(%ebp), %esi
72 movl%ebx, %eax
73 cmpl$9, %eax
74 jbe .L2
75 subl$8, %esp
76 pushl %eax
77 pushl $.Lubsan_data0
78 call__ubsan_handle_out_of_bounds
instead clang push address of that index
15 movl$10, -32(%ebp)
16 movl-28(%ebp), %eax
17 movl-32(%ebp), %ecx
18 movl%ecx, %edx
19 cmpl$10, %edx
20 movl%eax, -44(%ebp) # 4-byte Spill
21 movl%ecx, -48(%ebp) # 4-byte Spill
22 jb .LBB0_2
23 # BB#1:
24 leal.L__unnamed_1, %eax
25 leal-40(%ebp), %ecx
26 movl-48(%ebp), %edx # 4-byte Reload
27 movl%edx, -40(%ebp)
28 movl-44(%ebp), %esi # 4-byte Reload
29 movl%esi, -36(%ebp)
30 movl%eax, (%esp)
31 movl%ecx, 4(%esp)
32 calll __ubsan_handle_out_of_bounds
In this case fix should be in IR generation for
__ubsan_handle_out_of_bounds.
Looks like tree val should be generated from original tree
index and not from tree index which
were converted to bound type.
diff --git a/gcc/ubsan.c b/gcc/ubsan.c
index 17965ef..c56f376 100644
--- a/gcc/ubsan.c
+++ b/gcc/ubsan.c
@@ -672,7 +672,8 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
/* Pick up the arguments of the UBSAN_BOUNDS call. */
tree type = TREE_TYPE (TREE_TYPE (gimple_call_arg (stmt, 0)));
- tree index = gimple_call_arg (stmt, 1);
+ tree index, orig_index;
+ index = orig_index = gimple_call_arg (stmt, 1);
tree orig_index_type = TREE_TYPE (index);
tree bound = gimple_call_arg (stmt, 2);
@@ -708,9 +709,9 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
: BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
tree fn = builtin_decl_explicit (bcode);
- tree val = force_gimple_operand_gsi (gsi, ubsan_encode_value (index),
- true, NULL_TREE, true,
- GSI_SAME_STMT);
+ tree val
+ = force_gimple_operand_gsi (gsi, ubsan_encode_value (orig_index), true,
+ NULL_TREE, true, GSI_SAME_STMT);
g = gimple_build_call (fn, 2, data, val);
}
gimple_set_location (g, loc);
I attached patch.
Tests with make check RUNTESTFLAGS="ubsan.exp" passed for x86 32bit
and 64 bit host.
[Bug sanitizer/77631] no symbols in backtrace shown by ASan when debug info is split
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77631 --- Comment #7 from Denis Khalikov --- Thomas, before verifying i should fix issues from the list, https://gcc.gnu.org/ml/gcc-patches/2017-03/msg00735.html
[Bug sanitizer/77631] no symbols in backtrace shown by ASan when debug info is split
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77631 Denis Khalikov changed: What|Removed |Added CC||d.khalikov at partner dot samsung. ||com --- Comment #5 from Denis Khalikov --- Yes,i sent to gcc-patc...@gcc.gnu.org. https://gcc.gnu.org/ml/gcc-patches/2017-03/msg00660.html
[Bug sanitizer/77631] no symbols in backtrace shown by ASan when debug info is split
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77631 --- Comment #3 from Denis Khalikov --- Created attachment 40963 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=40963=edit patch for PR sanitizer/77631 Hello everyone, i have a patch for this issue. (see attachment PR_sanitizer_77631) List of implemented functionality: 1.Reading .gnu_debuglink section from ELF file: a. Reading name of debug info file. b. Verifying crc32 sum. 2. Searching for separate debug info file from paths: a. /usr/lib/debug/path/to/executable b. /path/to/executable c. /path/to/executable/.debug Assumed that debug info file generated by objcopy from binutils. objcopy --only-keep-debug foo foo.debug strip -g foo objcopy --add-gnu-debuglink=foo.debug foo
