Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

-faddress-sanitizer doesn't work when used on ninja #105

Closed
ramosian-glider opened this issue Aug 31, 2015 · 11 comments
Closed

-faddress-sanitizer doesn't work when used on ninja #105

ramosian-glider opened this issue Aug 31, 2015 · 11 comments
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Invalid Type-Defect

Comments

@ramosian-glider
Copy link
Member

Originally reported on Google Code with ID 105

What steps will reproduce the problem?
1. git clone https://github.com/martine/ninja.git
2. cd ninja
3. CXX=/path/to/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang++ ./configure.py
    # Currently at r161757
4. ninja  # use ninja from depot_tools to build new ninja
5. ./ninja

What is the expected output? What do you see instead?

I'd expect either asan reports or a working ninja binary.

Instead:


Nicos-MacBook-Pro:ninja thakis$ ./ninja 
mach_override: some instructions unknown! Need to update mach_override.c
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:302
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:315
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:321
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:334
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:339
mach_override: some instructions unknown! Need to update mach_override.c
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:302
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:315
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:321
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:334
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:339
==60014== AddressSanitizer CHECK failed: /Users/thakis/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:687
"((::__interception::OverrideFunction((void*)index, (void*)wrap_strchr, (void**)&__interception::real_index)))
!= (0)" (0, 0)
    #0 0x10c7c578f (/Users/thakis/src/ninja/./ninja+0x4b78f)
Stats: 0M malloced (0M for red zones) by 0 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 0 calls
Stats: 0M really freed by 0 calls
Stats: 0M (0 full pages) mmaped in 0 calls
  mmaps   by size class: 
  mallocs by size class: 
  frees   by size class: 
  rfrees  by size class: 
Stats: malloc large: 0 small slow: 0

Reported by thakis@chromium.org on 2012-09-01 05:27:08
@ramosian-glider
Copy link
Member Author 

Sorry, this is missing step 2.5: apply this patch:


diff --git a/configure.py b/configure.py
index bd50e67..969844e 100755
--- a/configure.py
+++ b/configure.py
@@ -147,6 +147,9 @@ else:
     ldflags = ['-L$builddir']
 libs = []

+cflags += ['-faddress-sanitizer']
+ldflags += ['-faddress-sanitizer']
+
 if platform == 'mingw':
     cflags.remove('-fvisibility=hidden');
     ldflags.append('-static')



If I also add '-arch', 'i386' to cflags and ldflags, it seems to work. So it's a 64
bit problem.

Reported by thakis@chromium.org on 2012-09-01 05:30:10

@ramosian-glider
Copy link
Member Author 

Can you please post the output of gobjdump -d for the prologue of index() on your machine?
(it must be in /usr/lib/libSystem.B.dylib)
The error happens because mach_override isn't aware of some of the instructions and
thus can't intercept index(). You can try to patch it yourself (see http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/interception/mach_override/mach_override.c?revision=161577&view=markup)
or wait till I land the appropriate patch.

Another option that I hope is easier is to use the .dylib runtime library. Refer to
http://code.google.com/p/address-sanitizer/wiki/HowToBuild to build Clang and ASan
using CMake, then build the additional clang_rt.asan_osx_dynamic target in projects/compiler-rt/lib/asan.
In this case ldflags should contain -lclang_rt.asan_osx_dynamic.dylib instead of -faddress-sanitizer.
I'm sorry that this isn't fully supported yet, but this might be better than patching
mach_override.

You can also take https://codereview.appspot.com/6483051 which adds -faddress-sanitizer-dynamic-runtime
flag. With that you can set ldflags += ['-faddress-sanitizer', '-faddress-sanitizer-dynamic-runtime']

Reported by ramosian.glider on 2012-09-01 07:44:16

  • Labels added: OpSys-OSX

@ramosian-glider
Copy link
Member Author 

index() isn't defined in libSystem.B.dylib, see `nm /usr/lib/libSystem.B.dylib | grep
index`. `otool -l /usr/lib/libSystem.B.dylib` will show you that libSystem reexports
several dylibs however, one of them being  /usr/lib/system/libsystem_c.dylib, which
does contain index().

I don't have a gobjdump binary on my system, but `otool -tV` can show the prologue
too:

_index:
000000000004e186    pushq   %rbp
000000000004e187    movq    %rsp,%rbp
000000000004e18a    movsbl  %dh,%ecx
000000000004e18e    xorl    %eax,%eax
000000000004e190    jmp 0x0004e199
000000000004e192    testb   %dl,%dl

000000000004e180 1c 01 00 00 5d c3 55 48 89 e5 40 0f be ce 31 c0 
000000000004e190 eb 07 84 d2 74 0d 48 ff c7 0f be 17 39 ca 75 f2 

So it looks like it starts with "55 48 89 e5 40 0f be ce 31 c0"


And in 32 bit (`-arch i386`, which works):

_index:
00042584    pushl   %ebp
00042585    movl    %esp,%ebp
00042587    pushl   %ebx
00042588    movsbl  0x0c(%ebp),%edx
0004258c    movl    0x08(%ebp),%ecx
0004258f    xorl    %eax,%eax

00042580 5f 5b 5d c3 55 89 e5 53 0f be 55 0c 8b 4d 08 31 

This starts with "55 89 e5 53 0f be 55 0c 8b 4d 08 31"

This is on 10.8

Reported by thakis@chromium.org on 2012-09-04 14:32:59

@ramosian-glider
Copy link
Member Author 

I haven't managed to reproduce it on a 10.8 machine (Darwin Kernel Version 12.0.0: Sun
Jun 24 23:00:16 PDT 2012; root:xnu-2050.7.9~1/RELEASE_X86_64), but I've added movsbl
and testb to the list of instructions understandable by mach_override.
Can you please try Clang r163301?

Reported by ramosian.glider on 2012-09-06 09:42:13

@ramosian-glider
Copy link
Member Author 

Please reopen if the problem occurs again.

Reported by ramosian.glider on 2012-09-10 10:37:07

  • Status changed: Fixed

@ramosian-glider
Copy link
Member Author 

Sorry, I missed comment 4.

I updated to llvm head, and now i386 is broken:

mach_override: some instructions unknown! Need to update mach_override.c
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:302
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:315
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:321
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:334
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:339
mach_override: some instructions unknown! Need to update mach_override.c
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:302
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:315
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:321
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:334
err = f8000001 /Users/thakis/src/llvm/projects/compiler-rt/lib/interception/mach_override/mach_override.c:339
==61391== AddressSanitizer CHECK failed: /Users/thakis/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:687
"((::__interception::OverrideFunction((void*)index, (void*)wrap_strchr, (void**)&__interception::real_index)))
!= (0)" (0, 0)
    #0 0x116155 (/Users/thakis/src/ninja/./ninja+0x5a155)


(wouldn't it be useful if mach_override printed the instruction bytes it doesn't understand
in this error message?)

Reported by thakis@chromium.org on 2012-09-10 11:33:27

@ramosian-glider
Copy link
Member Author 

(x86_64 doesn't work either)

Reported by thakis@chromium.org on 2012-09-10 11:35:54

@ramosian-glider
Copy link
Member Author

Reported by ramosian.glider on 2012-09-10 11:41:45

  • Status changed: Started

@ramosian-glider
Copy link
Member Author 

The issue was that I had a very old revision of compiler_rt in my checkout. After updating
this, things work in both 32 and 64 bit. (It's been fixed fairly recently though; the
clang revision that was in chromium last week -- r161757 -- had this issue too. The
clang that's in chromium today -- r163126 -- works fine. So r163301 doesn't seem necessary
for ninja)

Reported by thakis@chromium.org on 2012-09-12 01:36:25

@ramosian-glider
Copy link
Member Author

Reported by ramosian.glider on 2012-09-12 17:03:39

  • Status changed: Invalid

@ramosian-glider
Copy link
Member Author 

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:59

  • Labels added: ProjectAddressSanitizer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Invalid Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ramosian-glider