Nathan Schagen via llvm-dev
2016-Apr-04 09:30 UTC
[llvm-dev] Memory Sanitizer crashes after it calls mmap
Hi there, I'm trying to use the memory sanitizer of LLVM 3.3. It's crashing during MSan initialization (__msan::InitShadow). Here's the strace output. mmap(0x400000000000, 35184372088831, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x400000000000 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x55edf4b36720} --- +++ killed by SIGSEGV (core dumped) +++ Because of the -fsanitize=memory option, clang maps all segments in the 0x5555555????? range which is zero'ed out by this mmap. According to the Memory Sanitizer paper, the application is expected between 0x600000000000 and 0x7fffffffffff. Why aren't the application segments mapped there? Can anyone shed some light on this? I would like to stick with 3.3 if that's possible. Thanks alot, Nathan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160404/222addf7/attachment.html>
Reid Kleckner via llvm-dev
2016-Apr-04 17:19 UTC
[llvm-dev] Memory Sanitizer crashes after it calls mmap
If your application is mapped at 0x55555...., then that means you are running a PIE binary with ASLR disabled. This can happen if you're running under gdb, which disables ASLR. This particular choice of address space layout conflicted with MSan's shadow memory. This problem has been addressed in more recent versions of LLVM: https://github.com/google/sanitizers/issues/579 On Mon, Apr 4, 2016 at 2:30 AM, Nathan Schagen via llvm-dev < llvm-dev at lists.llvm.org> wrote:> Hi there, > > I'm trying to use the memory sanitizer of LLVM 3.3. It's crashing during > MSan initialization (__msan::InitShadow). Here's the strace output. > > mmap(0x400000000000, 35184372088831, PROT_NONE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x400000000000 > --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, > si_addr=0x55edf4b36720} --- > +++ killed by SIGSEGV (core dumped) +++ > > Because of the -fsanitize=memory option, clang maps all segments in > the 0x5555555????? range which is zero'ed out by this mmap. According to > the Memory Sanitizer paper, the application is expected between > 0x600000000000 and 0x7fffffffffff. Why aren't the application segments > mapped there? > > Can anyone shed some light on this? > > I would like to stick with 3.3 if that's possible. > > Thanks alot, > Nathan > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160404/fb046c25/attachment.html>
Nathan Schagen via llvm-dev
2016-Apr-10 22:23 UTC
[llvm-dev] Memory Sanitizer crashes after it calls mmap
Thanks for your response. I resolved my issue by backporting the changes in 24975 to 3.3. Needed to update the MSan allocator base addres and to rewrite some macros and InitShadow() in compiler-rt as well as a few simple changes to the MemorySanitizer llvm pass. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160411/30794144/attachment.html>