<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.StylE-mailovZprvy17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=CS link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for the explanation,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I will set my tests to run with different „coprime“ redzone sizes to cover more memory bugs.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>MF<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Kostya Serebryany [mailto:kcc@google.com] <br><b>Sent:</b> Tuesday, May 20, 2014 5:58 AM<br><b>To:</b> Richard Smith<br><b>Cc:</b> miroslav.fontan; Clang Dev<br><b>Subject:</b> Re: [cfe-dev] Asan bug or feature?<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>If you set env. variable ASAN_OPTIONS=redzone=64 asan fill find all three cases in your test. <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>From <a href="https://code.google.com/p/address-sanitizer/wiki/Flags" target="_blank">https://code.google.com/p/address-sanitizer/wiki/Flags</a>: <o:p></o:p></p></div><div><table class=MsoNormalTable border=1 cellpadding=0 style='border:solid #CCCCCC 1.0pt;border-spacing:0px'><tr><td style='border:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>redzone<o:p></o:p></span></p></td><td style='border:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>16<o:p></o:p></span></p></td><td style='border:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>Size of the minimal redzone. Since LLVM 3.3 asan uses adaptive redzones for heap, i.e. for large heap allocations the redzones are larger.<o:p></o:p></span></p></td></tr></table></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>hth, <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>--kcc <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>On Tue, May 20, 2014 at 12:49 AM, Richard Smith <<a href="mailto:richard@metafoo.co.uk" target="_blank">richard@metafoo.co.uk</a>> wrote:<o:p></o:p></p><div><div><div><div><p class=MsoNormal>On Mon, May 19, 2014 at 12:51 PM, miroslav.fontan <<a href="mailto:miroslav.fontan@wincor-nixdorf.cz" target="_blank">miroslav.fontan@wincor-nixdorf.cz</a>> wrote:<o:p></o:p></p><p class=MsoNormal>Hi all,<br><br>By hunting after address error in our app I have found unexpected asan<br>behaviour<br><br>Here is a minimal isolated example which runs without address error:<br><br>clang++ a.cpp -fsanitize=address<br><br>cat a.cpp<br><br>char* subroutine()<br>{<br> char* p = new char[8]();<br> return p;<br>}<br><br>int main( int /*argc*/, char** /*argv*/ )<br>{<br> char* pc_sub = subroutine();<br> char* pc_main = new char[8]();<br> pc_main[32] = 1; //points to pc_sub, no ERROR :-(<br>// pc_main[16] = 2; //points to bad address ERROR :-)<br> pc_sub[-32] = 3; //points to pc_main, no ERROR :-(<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div></div><div><p class=MsoNormal>Yes, ASan puts a redzone around heap allocations, but that redzone has a limited size (this is a memory / ability to catch bugs tradeoff). Put another way, ASan checks that you only use valid addresses, but doesn't check how those addresses are computed. Do you have some specific question about this?<o:p></o:p></p></div><div><div><p class=MsoNormal><o:p> </o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal> delete[] pc_main;<br> delete[] pc_sub;<br> return 0;<br>}<br><br>Regards<br><br>Miroslav<br><br><br><br>_______________________________________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><o:p></o:p></p></blockquote></div></div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></body></html>