Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

false positive: uninit error reported in ld-linux.so for test loader #1135

Open
derekbruening opened this issue Nov 28, 2014 · 4 comments
Open

false positive: uninit error reported in ld-linux.so for test loader #1135

derekbruening opened this issue Nov 28, 2014 · 4 comments
Labels
Bug-FalsePositive Migrated OpSys-Linux Priority-Low

Comments

@derekbruening
Copy link
Contributor

From zhao...@google.com on February 20, 2013 17:03:28

../bin/drmemory.pl -debug -dr_ops "-msgbox_mask 0x0 -loglevel 0" -verbose 0 -pause_at_error -- ./unload ./libunloadlib.so

Dr.M Dr. Memory version 1.5.1187
Dr.M
Dr.M Error #1: UNINITIALIZED READ: reading register eflags
Dr.M # 0 ld-linux.so.2!? +0x0 (0xf77950c6 <ld-linux.so.2+0x180c6>)
Dr.M # 1 ld-linux.so.2!? +0x0 (0xf77880c3 <ld-linux.so.2+0xb0c3>)
Dr.M # 2 ld-linux.so.2!? +0x0 (0xf7783438 <ld-linux.so.2+0x6438>)
Dr.M # 3 ld-linux.so.2!? +0x0 (0xf77853a0 <ld-linux.so.2+0x83a0>)
Dr.M # 4 ld-linux.so.2!? +0x0 (0xf778fd5d <ld-linux.so.2+0x12d5d>)
Dr.M # 5 ld-linux.so.2!? +0x0 (0xf778bc9e <ld-linux.so.2+0xec9e>)
Dr.M # 6 ld-linux.so.2!? +0x0 (0xf778f7e4 <ld-linux.so.2+0x127e4>)
Dr.M # 7 main [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/unload.c:45]
Dr.M Note: @0:00:00.811 in thread 1535
Dr.M Note: instruction: jnb $0xf77951e2
pausing at error

0xf77950b1: mov (%eax),%ecx
0xf77950b3: mov $0xfefefeff,%ebp
0xf77950b8: mov $0xfefefeff,%edi
0xf77950bd: add %ecx,%ebp
0xf77950bf: xor %ecx,%ebp
0xf77950c1: add %ecx,%edi
0xf77950c3: lea 0x4(%eax),%eax
0xf77950c6: jae 0xf77951e2

(gdb) p/x mc->eax
$4 = 0x9bdc344

(gdb) x/40c 0x9bdc320
0x9bdc320: 121 'y' 47 '/' 98 'b' 117 'u' 105 'i' 108 'l' 100 'd' 115 's'
0x9bdc328: 47 '/' 98 'b' 117 'u' 105 'i' 108 'l' 100 'd' 95 '' 120 'x'
0x9bdc330: 56 '8' 54 '6' 95 '' 100 'd' 98 'b' 103 'g' 46 '.' 115 's'
0x9bdc338: 118 'v' 110 'n' 47 '/' 116 't' 101 'e' 115 's' 116 't' 115 's'
0x9bdc340: 0 '\000' 0 '\000' 0 '\000' 0 '\000' 0 '\000'

it looks like the code is trying to determine the end of string.

We have suppression for strlen in ld-linux.so, but my ld-linux.so does not have the symbol.

Original issue: http://code.google.com/p/drmemory/issues/detail?id=1135
@derekbruening
Copy link
Contributor Author

From bruen...@google.com on February 20, 2013 14:25:56

this is a known issue. as the suppression entry says, the ld.so copy of strlen is not easily replaced, hence the typical optimized-strlen false positives.

like Valgrind, we don't support completely stripped ld.so.

the action item is to perhaps add docs so users complain to their distro packagers if this happens to them.

Owner: zhao...@google.com
Labels: -Type-Enhancement Type-Defect Bug-FalsePositive

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on February 20, 2013 14:28:09

drmemory and valgrind reports different errors, which makes me think they are different problems.

drm:
Dr.M Dr. Memory version 1.5.1187
dlopen success
dlsym my_export success
dlopen libm.so.6 success
dlsym cos success
dlopen libgcc_s.so.1 success
dlsym __gcc_personality_v0 success
Dr.M
Dr.M Error #1: UNINITIALIZED READ: reading register eflags
Dr.M # 0 ld-linux.so.2!? +0x0 (0xf77370c6 <ld-linux.so.2+0x180c6>)
Dr.M # 1 ld-linux.so.2!? +0x0 (0xf772a0c3 <ld-linux.so.2+0xb0c3>)
Dr.M # 2 ld-linux.so.2!? +0x0 (0xf7725438 <ld-linux.so.2+0x6438>)
Dr.M # 3 ld-linux.so.2!? +0x0 (0xf77273a0 <ld-linux.so.2+0x83a0>)
Dr.M # 4 ld-linux.so.2!? +0x0 (0xf7731d5d <ld-linux.so.2+0x12d5d>)
Dr.M # 5 ld-linux.so.2!? +0x0 (0xf772dc9e <ld-linux.so.2+0xec9e>)
Dr.M # 6 ld-linux.so.2!? +0x0 (0xf77317e4 <ld-linux.so.2+0x127e4>)
Dr.M # 7 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 8 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 9 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M #10 ld-linux.so.2!? +0x0 (0xf772dc9e <ld-linux.so.2+0xec9e>)
Dr.M #11 libdl.so.2!? +0x0 (0xf76e833a <libdl.so.2+0x133a>)
Dr.M Note: @0:00:01.689 in thread 17130
Dr.M Note: instruction: jnb $0xf77371e2
Dr.M
Dr.M Error #2: UNINITIALIZED READ: reading register eflags
Dr.M # 0 ld-linux.so.2!? +0x0 (0xf773730f <ld-linux.so.2+0x1830f>)
Dr.M # 1 ld-linux.so.2!? +0x0 (0xf772da2e <ld-linux.so.2+0xea2e>)
Dr.M # 2 ld-linux.so.2!? +0x0 (0xf77319ac <ld-linux.so.2+0x129ac>)
Dr.M # 3 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 4 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 5 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 6 ld-linux.so.2!? +0x0 (0xf772dc9e <ld-linux.so.2+0xec9e>)
Dr.M # 7 libdl.so.2!? +0x0 (0xf76e833a <libdl.so.2+0x133a>)
Dr.M # 8 libdl.so.2!dlopen +0x46 (0xf76e7c97 <libdl.so.2+0xc97>)
Dr.M # 9 main [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:68]
Dr.M Note: @0:00:01.805 in thread 17130
Dr.M Note: instruction: jnb $0xf7737369
Dr.M
Dr.M Error #3: UNINITIALIZED READ: reading register eflags
Dr.M # 0 ld-linux.so.2!? +0x0 (0xf7737319 <ld-linux.so.2+0x18319>)
Dr.M # 1 ld-linux.so.2!? +0x0 (0xf772da2e <ld-linux.so.2+0xea2e>)
Dr.M # 2 ld-linux.so.2!? +0x0 (0xf77319ac <ld-linux.so.2+0x129ac>)
Dr.M # 3 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 4 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 5 load_and_sym [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:36]
Dr.M # 6 ld-linux.so.2!? +0x0 (0xf772dc9e <ld-linux.so.2+0xec9e>)
Dr.M # 7 libdl.so.2!? +0x0 (0xf76e833a <libdl.so.2+0x133a>)
Dr.M # 8 libdl.so.2!dlopen +0x46 (0xf76e7c97 <libdl.so.2+0xc97>)
Dr.M # 9 main [/home/zhaoqin/Workspace/DrMemory/drmemory.svn/tests/loader.c:68]
Dr.M Note: @0:00:01.806 in thread 17130
Dr.M Note: instruction: jnz $0xf7737369
dlopen ./libloaderlib.so failure
dlerror loading ./libloaderlib.so: ./libloaderlib.so: undefined symbol: import_does_not_exit

valgrind:

./valgrind -- ~/Workspace/DrMemory/builds/build_x86_dbg.svn/tests/loader ~/Workspace/DrMemory/builds/build_x86_dbg.svn/tests/libloaderlib.so
==17093== Memcheck, a memory error detector
==17093== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==17093== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==17093== Command: /home/zhaoqin/Workspace/DrMemory/builds/build_x86_dbg.svn/tests/loader /home/zhaoqin/Workspace/DrMemory/builds/build_x86_dbg.svn/tests/libloaderlib.so
==17093==
dlopen success
dlsym my_export success
==17093== Invalid read of size 4
==17093== at 0x441834F: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440AF41: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4406437: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440839F: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4412D5C: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4B48BE8: ??? (in /lib/i386-linux-gnu/libdl-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x1: ???
==17093== Address 0x70d4044 is 28 bytes inside a block of size 30 alloc'd
==17093== at 0x4B18444: malloc (vg_replace_malloc.c:263)
==17093== by 0x440541E: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x44085D3: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4412D5C: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4B48BE8: ??? (in /lib/i386-linux-gnu/libdl-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x1: ???
==17093==
dlopen libm.so.6 success
dlsym cos success
==17093== Invalid read of size 4
==17093== at 0x4418301: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440AF41: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4406437: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440839F: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4412D5C: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4B48BE8: ??? (in /lib/i386-linux-gnu/libdl-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== Address 0x70d44c0 is 32 bytes inside a block of size 34 alloc'd
==17093== at 0x4B18444: malloc (vg_replace_malloc.c:263)
==17093== by 0x440541E: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x44085D3: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4412D5C: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x4B48BE8: ??? (in /lib/i386-linux-gnu/libdl-2.15.so)
==17093== by 0x440ECBE: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093==
dlopen libgcc_s.so.1 success
dlsym __gcc_personality_v0 success
==17093== Conditional jump or move depends on uninitialised value(s)
==17093== at 0x441835D: ??? (in /lib/i386-linux-gnu/ld-2.15.so)
==17093== by 0x656E6965: ???
==17093==
dlopen /home/zhaoqin/Workspace/DrMemory/builds/build_x86_dbg.svn/tests/libloaderlib.so failure

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on February 20, 2013 15:10:46

by adding debug symbol:
for x86:
sudo apt-get install libc6-dbg:i386
for x64
sudo apt-get install libc6-dbg
the uninit errors from both DrM and Valgrind are gone.

Keep this issue open but make its priority low, so we can add the new code pattern that cause the similar false positive in the future.

Labels: -Priority-Medium Priority-Low

@derekbruening
Copy link
Contributor Author

From bruen...@google.com on February 20, 2013 16:00:02

this code pattern is the well-known optimized string routine pattern (look for "0xfefefeff" in the code base). there's no reason to keep this open for "code patterns".

the action item would be to document the issue w/ no syms for ld.so so users know about it, and perhaps have some automated detection of the issue where the tool would issue a warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug-FalsePositive Migrated OpSys-Linux Priority-Low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening