<div style="font-family: arial, helvetica, sans-serif; font-size: 10pt">And with tsan the situation is worse because it has to intercept __cxa_guard_acquire/__cxa_guard_release,<br><br><div class="gmail_quote">On Wed, Dec 5, 2012 at 12:45 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:arial,helvetica,sans-serif;font-size:10pt"><br><br><div class="gmail_quote"><div class="im">On Wed, Dec 5, 2012 at 12:36 PM, Chandler Carruth <span dir="ltr"><<a href="mailto:chandlerc@gmail.com" target="_blank">chandlerc@gmail.com</a>></span> wrote:<br>
</div><div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:arial,helvetica,sans-serif;font-size:10pt"><div dir="ltr"><div>On Wed, Dec 5, 2012 at 12:13 AM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br>
</div><div class="gmail_extra"><div class="gmail_quote"><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:arial,helvetica,sans-serif;font-size:10pt">
<div>
+asan/tsan/msan folks </div><div><br></div>That's not as simple as this, I afraid. <div>In *san there are two different kinds of interceptors. </div>
<div>1. foo from libc/libstc++ is completely replaced with foo from asan. Example: malloc, operator new</div><div>2. foo from libc/libstc++ is wrapped, such that when a user calls foo it calls the asan copy, but then the asan function calls the original foo. Example: pthread_create, __cxa_throw</div>
<div><br></div><div>This change allows to use -static-libstdc++ with asan w/o link failures, but asan is still broken for -static-libstdc++ in a subtle way (since the __cxa_throw is not intercepted, asan will have rare false positives in presence of exceptions).</div>
</div></blockquote><div><br></div></div><div>Can you describe the rare false positive? What would be needed to fully fix this?</div></div></div></div></div></blockquote><div><br></div></div><div><span style="font-family:arial,helvetica,sans-serif;font-size:13px">__cxa_throw is unfriendly to asan as it never returns from the current function.</span></div>
<div><span style="font-family:arial,helvetica,sans-serif;font-size:13px">If there is poisoned stack it will neve get unpoisoned after throw. Some one else later will step on the poisoned stack and get a false positive. </span></div>
<div><span style="font-family:arial,helvetica,sans-serif;font-size:13px">This is why we </span></div><div><span style="font-family:arial,helvetica,sans-serif;font-size:13px"> 1. Intercept </span><span style="font-family:arial,helvetica,sans-serif;font-size:13px">__cxa_throw and call </span><font face="arial, helvetica, sans-serif">__asan_handle_no_return (asan/asan_interceptors.cc</font><span style="font-family:arial,helvetica,sans-serif">)</span></div>
<div><font face="arial, helvetica, sans-serif"> 2. We also call </font><span style="font-family:arial,helvetica,sans-serif">__asan_handle_no_return before any noreturn call when we instrument it. </span></div><div><br></div>
<div>Today if you use <span style="font-family:arial,helvetica,sans-serif;font-size:13px">-static-libstdc++ the asan's __cxa_throw interceptor is not called.</span></div><div><font face="arial, helvetica, sans-serif">So, if a throw happens in a code that we don't instrument, we will not call </font><span style="font-family:arial,helvetica,sans-serif">__asan_handle_no_return at all. Booom. </span></div>
<div class="im">
<div><span style="font-family:arial,helvetica,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,helvetica,sans-serif;font-size:13px"><br></span></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-family:arial,helvetica,sans-serif;font-size:10pt"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-family:arial,helvetica,sans-serif;font-size:10pt">
<div>Tsan also intercepts __cxa_guard in the similar way, so it will have false positives on function scope statics. </div><div><br></div><div>Do we really care that much about linking asan with static libstdc++?</div></div>
</blockquote><div><br></div></div><div>In my opinion, yes. We already have too much that is special about linking with asan....</div></div></div></div></div></blockquote><div><br></div></div><div>Well, yes. E.g. it does not support fully static linking at all, and hardly ever will. </div>
<div><br></div><div>--kcc </div><div><div class="h5"><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:arial,helvetica,sans-serif;font-size:10pt">
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-family:arial,helvetica,sans-serif;font-size:10pt"><div>
<br></div><div>--kcc </div><div><div><div><br><br><div class="gmail_quote">On Wed, Dec 5, 2012 at 2:54 AM, Chandler Carruth <span dir="ltr"><<a href="mailto:chandlerc@gmail.com" target="_blank">chandlerc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: chandlerc<br>
Date: Tue Dec 4 16:54:37 2012<br>
New Revision: 169328<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=169328&view=rev" target="_blank">http://llvm.org/viewvc/llvm-project?rev=169328&view=rev</a><br>
Log:<br>
Add -whole-archive around the ASan runtime archive in the link command.<br>
<br>
This ensures that even though it comes first, we pick up its .o files.<br>
Note that if we can use this (or something similar / equivalent) on<br>
other platforms, we could potentially remove<br>
ReplaceOperatorsNewAndDelete from the ASan runtimes.<br>
<br>
We should probably do something similar for TSan and MSan as well.<br>
<br>
Modified:<br>
cfe/trunk/lib/Driver/Tools.cpp<br>
cfe/trunk/test/Driver/asan-ld.c<br>
<br>
Modified: cfe/trunk/lib/Driver/Tools.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/Tools.cpp?rev=169328&r1=169327&r2=169328&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/Tools.cpp?rev=169328&r1=169327&r2=169328&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/lib/Driver/Tools.cpp (original)<br>
+++ cfe/trunk/lib/Driver/Tools.cpp Tue Dec 4 16:54:37 2012<br>
@@ -1524,8 +1524,14 @@<br>
// The ASan runtime needs to come before -lstdc++ (or -lc++, libstdc++.a,<br>
// etc.) so that the linker picks ASan's versions of the global 'operator<br>
// new' and 'operator delete' symbols. We take the extreme (but simple)<br>
- // strategy of inserting it at the front of the link command.<br>
- CmdArgs.insert(CmdArgs.begin(), Args.MakeArgString(LibAsan));<br>
+ // strategy of inserting it at the front of the link command. It also<br>
+ // needs to be forced to end up in the executable, so wrap it in<br>
+ // whole-archive.<br>
+ SmallVector<const char*, 3> PrefixArgs;<br>
+ PrefixArgs.push_back("-whole-archive");<br>
+ PrefixArgs.push_back(Args.MakeArgString(LibAsan));<br>
+ PrefixArgs.push_back("-no-whole-archive");<br>
+ CmdArgs.insert(CmdArgs.begin(), PrefixArgs.begin(), PrefixArgs.end());<br>
CmdArgs.push_back("-lpthread");<br>
CmdArgs.push_back("-ldl");<br>
CmdArgs.push_back("-export-dynamic");<br>
<br>
Modified: cfe/trunk/test/Driver/asan-ld.c<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Driver/asan-ld.c?rev=169328&r1=169327&r2=169328&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Driver/asan-ld.c?rev=169328&r1=169327&r2=169328&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/test/Driver/asan-ld.c (original)<br>
+++ cfe/trunk/test/Driver/asan-ld.c Tue Dec 4 16:54:37 2012<br>
@@ -19,7 +19,7 @@<br>
//<br>
// CHECK-LINUX-CXX: "{{.*}}ld{{(.exe)?}}"<br>
// CHECK-LINUX-CXX-NOT: "-lc"<br>
-// CHECK-LINUX-CXX: libclang_rt.asan-i386.a"<br>
+// CHECK-LINUX-CXX: "-whole-archive" "{{.*}}libclang_rt.asan-i386.a" "-no-whole-archive"<br>
// CHECK-LINUX-CXX: "-lpthread"<br>
// CHECK-LINUX-CXX: "-ldl"<br>
// CHECK-LINUX-CXX: "-export-dynamic"<br>
@@ -32,7 +32,7 @@<br>
//<br>
// CHECK-LINUX-CXX-STATIC: "{{.*}}ld{{(.exe)?}}"<br>
// CHECK-LINUX-CXX-STATIC-NOT: stdc++<br>
-// CHECK-LINUX-CXX-STATIC: libclang_rt.asan-i386.a"<br>
+// CHECK-LINUX-CXX-STATIC: "-whole-archive" "{{.*}}libclang_rt.asan-i386.a" "-no-whole-archive"<br>
// CHECK-LINUX-CXX-STATIC: stdc++<br>
<br>
// RUN: %clang -no-canonical-prefixes %s -### -o %t.o 2>&1 \<br>
<br>
<br>
_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@cs.uiuc.edu" target="_blank">cfe-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
</blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@cs.uiuc.edu" target="_blank">cfe-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
<br></blockquote></div></div></div><br></div></div></div>
</blockquote></div></div></div><br></div>
</blockquote></div><br></div>