Hello, I am building sanitizers for our different platforms and trying to use it in an example program, but while it seems like ASAN is running it's init functions (see stdout below with ASAN_OPTIONS=verbosity=1) it never catches anything in the program. This is LLVM 8.0.1 btw. I was using this small test case: int main(int argc, char** argv) { int *array = new int[100]; delete [] array; return array[argc]; // BOOM } I am compiling with: clang++ -resource-dir <path to sanitizers> -fsanitize=address -shared-libasan -fno-omit-frame-pointer -Os -g -Wl,-rpath,<path to sanitizers> -o hello hello.cpp This is the output from setting verbosity=1 - how can I debug this issue? ==3401806==AddressSanitizer: libc interceptors initialized || `[0x10007fff8000, 0x7fffffffffff]` || HighMem || || `[0x02008fff7000, 0x10007fff7fff]` || HighShadow || || `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap || || `[0x00007fff8000, 0x00008fff6fff]` || LowShadow || || `[0x000000000000, 0x00007fff7fff]` || LowMem || MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 0x02008fff6fff redzone=16 max_redzone=2048 quarantine_size_mb=256M thread_local_quarantine_size_kb=1024K malloc_context_size=30 SHADOW_SCALE: 3 SHADOW_GRANULARITY: 8 SHADOW_OFFSET: 0x7fff8000 ==3401806==Installed the sigaction for signal 11 ==3401806==Installed the sigaction for signal 7 ==3401806==Installed the sigaction for signal 8 ==3401806==T0: stack [0x7fff3bf5c000,0x7fff3c75c000) size 0x800000; local=0x7fff3c759244 ==3401806==AddressSanitizer Init done ➜ readelf -d hello Dynamic section at offset 0xe18 contains 25 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libclang_rt.asan-x86_64.so] 0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6] 0x0000000000000001 (NEEDED) Shared library: [libm.so.6] 0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x400570 0x000000000000000d (FINI) 0x4007b8 0x0000000000000004 (HASH) 0x400278 0x0000000000000005 (STRTAB) 0x400318 0x0000000000000006 (SYMTAB) 0x4002a0 0x000000000000000a (STRSZ) 462 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x601000 0x0000000000000002 (PLTRELSZ) 72 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400528 0x0000000000000007 (RELA) 0x400510 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x4004f0 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x4004e6 0x0000000000000000 (NULL) 0x0
Alex Brachet-Mialot via llvm-dev
2020-Feb-03 16:29 UTC
[llvm-dev] ASAN not finding any bugs?
I haven’t looked at the code gen yet because I’m not on my computer right now but I suspect that at -Os the compiler is optimizing this away because it knows it to be undefined behavior. Try with -O0. On Mon, Feb 3, 2020 at 10:53 AM Tobias Hieta via llvm-dev < llvm-dev at lists.llvm.org> wrote:> Hello, > > I am building sanitizers for our different platforms and trying to use > it in an example program, but while it seems like ASAN is running it's > init functions (see stdout below with ASAN_OPTIONS=verbosity=1) it > never catches anything in the program. This is LLVM 8.0.1 btw. > > I was using this small test case: > > int main(int argc, char** argv) { > int *array = new int[100]; > delete [] array; > return array[argc]; // BOOM > } > > I am compiling with: > > > clang++ -resource-dir <path to sanitizers> -fsanitize=address > -shared-libasan -fno-omit-frame-pointer -Os -g -Wl,-rpath,<path to > sanitizers> -o hello hello.cpp > > This is the output from setting verbosity=1 - how can I debug this issue? > > ==3401806==AddressSanitizer: libc interceptors initialized > || `[0x10007fff8000, 0x7fffffffffff]` || HighMem || > || `[0x02008fff7000, 0x10007fff7fff]` || HighShadow || > || `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap || > || `[0x00007fff8000, 0x00008fff6fff]` || LowShadow || > || `[0x000000000000, 0x00007fff7fff]` || LowMem || > MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 > 0x02008fff6fff > redzone=16 > max_redzone=2048 > quarantine_size_mb=256M > thread_local_quarantine_size_kb=1024K > malloc_context_size=30 > SHADOW_SCALE: 3 > SHADOW_GRANULARITY: 8 > SHADOW_OFFSET: 0x7fff8000 > ==3401806==Installed the sigaction for signal 11 > ==3401806==Installed the sigaction for signal 7 > ==3401806==Installed the sigaction for signal 8 > ==3401806==T0: stack [0x7fff3bf5c000,0x7fff3c75c000) size 0x800000; > local=0x7fff3c759244 > ==3401806==AddressSanitizer Init done > > ➜ readelf -d hello > > Dynamic section at offset 0xe18 contains 25 entries: > Tag Type Name/Value > 0x0000000000000001 (NEEDED) Shared library: [libclang_rt.asan-x86_64.so] > 0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6] > 0x0000000000000001 (NEEDED) Shared library: [libm.so.6] > 0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1] > 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] > 0x000000000000000c (INIT) 0x400570 > 0x000000000000000d (FINI) 0x4007b8 > 0x0000000000000004 (HASH) 0x400278 > 0x0000000000000005 (STRTAB) 0x400318 > 0x0000000000000006 (SYMTAB) 0x4002a0 > 0x000000000000000a (STRSZ) 462 (bytes) > 0x000000000000000b (SYMENT) 24 (bytes) > 0x0000000000000015 (DEBUG) 0x0 > 0x0000000000000003 (PLTGOT) 0x601000 > 0x0000000000000002 (PLTRELSZ) 72 (bytes) > 0x0000000000000014 (PLTREL) RELA > 0x0000000000000017 (JMPREL) 0x400528 > 0x0000000000000007 (RELA) 0x400510 > 0x0000000000000008 (RELASZ) 24 (bytes) > 0x0000000000000009 (RELAENT) 24 (bytes) > 0x000000006ffffffe (VERNEED) 0x4004f0 > 0x000000006fffffff (VERNEEDNUM) 1 > 0x000000006ffffff0 (VERSYM) 0x4004e6 > 0x0000000000000000 (NULL) 0x0 > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200203/363782e7/attachment.html>
Hello Alex, Thanks for the hint. It was actually not the -O flag that created the problem. But it pointed me in the right direction, when I passed -fno-experimental-new-pass-manager it started to show the error. My guess is that the new pass manager is more aggressive in removing UB? Thanks, Tobias On Mon, Feb 3, 2020 at 5:29 PM Alex Brachet-Mialot <alexbrachetmialot at gmail.com> wrote:> > I haven’t looked at the code gen yet because I’m not on my computer right now but I suspect that at -Os the compiler is optimizing this away because it knows it to be undefined behavior. Try with -O0. > > On Mon, Feb 3, 2020 at 10:53 AM Tobias Hieta via llvm-dev <llvm-dev at lists.llvm.org> wrote: >> >> Hello, >> >> I am building sanitizers for our different platforms and trying to use >> it in an example program, but while it seems like ASAN is running it's >> init functions (see stdout below with ASAN_OPTIONS=verbosity=1) it >> never catches anything in the program. This is LLVM 8.0.1 btw. >> >> I was using this small test case: >> >> int main(int argc, char** argv) { >> int *array = new int[100]; >> delete [] array; >> return array[argc]; // BOOM >> } >> >> I am compiling with: >> >> >> clang++ -resource-dir <path to sanitizers> -fsanitize=address >> -shared-libasan -fno-omit-frame-pointer -Os -g -Wl,-rpath,<path to >> sanitizers> -o hello hello.cpp >> >> This is the output from setting verbosity=1 - how can I debug this issue? >> >> ==3401806==AddressSanitizer: libc interceptors initialized >> || `[0x10007fff8000, 0x7fffffffffff]` || HighMem || >> || `[0x02008fff7000, 0x10007fff7fff]` || HighShadow || >> || `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap || >> || `[0x00007fff8000, 0x00008fff6fff]` || LowShadow || >> || `[0x000000000000, 0x00007fff7fff]` || LowMem || >> MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 0x02008fff6fff >> redzone=16 >> max_redzone=2048 >> quarantine_size_mb=256M >> thread_local_quarantine_size_kb=1024K >> malloc_context_size=30 >> SHADOW_SCALE: 3 >> SHADOW_GRANULARITY: 8 >> SHADOW_OFFSET: 0x7fff8000 >> ==3401806==Installed the sigaction for signal 11 >> ==3401806==Installed the sigaction for signal 7 >> ==3401806==Installed the sigaction for signal 8 >> ==3401806==T0: stack [0x7fff3bf5c000,0x7fff3c75c000) size 0x800000; >> local=0x7fff3c759244 >> ==3401806==AddressSanitizer Init done >> >> ➜ readelf -d hello >> >> Dynamic section at offset 0xe18 contains 25 entries: >> Tag Type Name/Value >> 0x0000000000000001 (NEEDED) Shared library: [libclang_rt.asan-x86_64.so] >> 0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6] >> 0x0000000000000001 (NEEDED) Shared library: [libm.so.6] >> 0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1] >> 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] >> 0x000000000000000c (INIT) 0x400570 >> 0x000000000000000d (FINI) 0x4007b8 >> 0x0000000000000004 (HASH) 0x400278 >> 0x0000000000000005 (STRTAB) 0x400318 >> 0x0000000000000006 (SYMTAB) 0x4002a0 >> 0x000000000000000a (STRSZ) 462 (bytes) >> 0x000000000000000b (SYMENT) 24 (bytes) >> 0x0000000000000015 (DEBUG) 0x0 >> 0x0000000000000003 (PLTGOT) 0x601000 >> 0x0000000000000002 (PLTRELSZ) 72 (bytes) >> 0x0000000000000014 (PLTREL) RELA >> 0x0000000000000017 (JMPREL) 0x400528 >> 0x0000000000000007 (RELA) 0x400510 >> 0x0000000000000008 (RELASZ) 24 (bytes) >> 0x0000000000000009 (RELAENT) 24 (bytes) >> 0x000000006ffffffe (VERNEED) 0x4004f0 >> 0x000000006fffffff (VERNEEDNUM) 1 >> 0x000000006ffffff0 (VERSYM) 0x4004e6 >> 0x0000000000000000 (NULL) 0x0 >> _______________________________________________ >> LLVM Developers mailing list >> llvm-dev at lists.llvm.org >> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev