
<div dir="ltr">Does this happen with any small application on your system, or only with this (presumably big) one? <div>You will need to figure out why the asan's mmap fails here. </div><div>Best is to run the process under strace and see <br></div><div>  * are there any mmaps that intersect with this one</div><div>  * are there any syscalls that limit the address space (setrlimit)</div><div><br></div><div>--kcc </div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 19, 2016 at 7:18 PM, ZhaoKang <span dir="ltr"><<a href="mailto:zhaokang@mail.tsinghua.edu.cn" target="_blank">zhaokang@mail.tsinghua.edu.cn</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Kostya,<div><br></div><div>Thanks a lot for your reply!</div><div>For the first question, we have dump out the info, please see the following:</div><div>==============================<wbr>===============</div><div><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">ASAN_OPTIONS=verbosity=1 ./csim.exe <u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept '__isoc99_printf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'__isoc99_sprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'__isoc99_snprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept '__isoc99_fprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'__isoc99_vprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'__isoc99_vsprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'__isoc99_vsnprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept '__isoc99_vfprintf'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'process_vm_readv'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: failed to intercept

'process_vm_writev'<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==AddressSanitizer: libc interceptors initialized<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem   

||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x005000000000, 0x02008fff6fff]` || ShadowGap3 ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x003000000000, 0x004fffffffff]` ||

MidMem     ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x000a7fff8000, 0x002fffffffff]` || ShadowGap2 ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x00067fff8000, 0x000a7fff7fff]` || MidShadow  ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x00008fff7000, 0x00067fff7fff]` || ShadowGap  ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow  ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">|| `[0x000000000000, 0x00007fff7fff]` ||

LowMem     ||<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff

0x004091ff6e00 0x02008fff6fff 0x00014fff7000 0x0001cfff6fff<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">redzone=16<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">max_redzone=2048<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">quarantine_size_mb=256M<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">malloc_context_size=30<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">SHADOW_SCALE: 3<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">SHADOW_GRANULARITY: 8<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">SHADOW_OFFSET: 0x7fff8000<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==ERROR: AddressSanitizer failed to allocate

0xdfff0001000 (15392894357504) bytes at address 2008fff7000 (errno: 12)<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">==25048==<wbr>ReserveShadowMemoryRange failed while trying to map

0xdfff0001000 bytes. Perhaps you're using ulimit -v<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Aborted (core dumped)</span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><span style="line-height:16.8px">=============================<wbr>================</span></p>


<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Thanks!</span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Kang</span></p><br><blockquote name="replyContent" style="padding-left:5px;margin-left:5px;border-left:#b6b6b6 2px solid;margin-right:0">----------<br><b>From:</b> "Kostya Serebryany" <<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>><br>

<b>Time:</b> 2016-09-09 05:50:03<br><b>Time:</b> ZhaoKang <<a href="mailto:zhaokang@mail.tsinghua.edu.cn" target="_blank">zhaokang@mail.tsinghua.edu.cn</a><wbr>><br><b>CC:</b> "Clang Dev" <<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>><br><b>Subject:</b> Re: [cfe-dev] Question about Clang/LLVM addresssanitizer<div><div class="h5"><br><br><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 8, 2016 at 1:09 AM, ZhaoKang via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">Hello,<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597"> </span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">We have one

question about the clang compiler option: -fsanitize=address. (We want to use

the feature to detect potential bug in out c++ design.)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">However, when

using clang to compile our two cases with this option, one case error out with

following message:<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US"> </span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">==31183==ERROR: AddressSanitizer <b><span style="color:red">failed to allocate 0x400000000</span></b> (17179869184) bytes

at address 67fff8000 (errno: 12)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">==31183==ReserveShadowMemoryRa<wbr>nge failed

while trying to map 0x400000000 bytes. Perhaps you're using ulimit </span><span lang="EN-US" style="font-family:"Courier New"">–</span><span lang="EN-US">v</span></p></blockquote><div><br></div><div>This happens at startup right? </div><div>something causes asan to fail to allocate the shadow.</div><div><br></div><div>please send the output of </div><div>   ASAN_OPTIONS=verbosity=1 ./your-binary</div><div><br></div><div>or, better, send the reproducer. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US"><u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US"> </span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">The other case

error out with following message:<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">==30711==ERROR: AddressSanitizer: <b><span style="color:red">stack-buffer-overflow</span></b> on address 0x7fff8a931dcd at

pc 0x000000861eec bp 0x7fff8a9303f0 sp 0x7fff8a9303e8</span></p></blockquote><div><br></div><div>that smells like a real bug in your code. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US"><u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">READ of size 1 at 0x7fff8a931dcd thread

T0<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">    #0 0x861eeb in

ap_private<8, false, true>::RType<32, true>::mult ap_private<8,

false, true>::operator*<32, true>(ap_private<32, true,

(32)<=(64)> const&) const

(/wrk/xbj_vdi/fangqing/work/sp<wbr>rite/hls/BugSpray/crs/810730/<wbr>hscale/solution1/csim/build/<wbr>csim.exe+0x861eeb)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">    #1 0x7d717f in

ap_private<8, false, (8)<=(64)>::RType<32, true>::mult operator*<8,

false>(ap_private<8, false, (8)<=(64)> const&, int)

(/wrk/xbj_vdi/fangqing/work/sp<wbr>rite/hls/BugSpray/crs/810730/<wbr>hscale/solution1/csim/build/<wbr>csim.exe+0x7d717f)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">    </span><span lang="EN-US" style="font-family:"Courier New"">…</span><span lang="EN-US"><u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">    #6 0x3099a1d9c3 in

__libc_start_main (/lib64/libc.so.6+0x3099a1d9c3<wbr>)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">    #7 0x4c3648 in _start

(/wrk/xbj_vdi/fangqing/work/sp<wbr>rite/hls/BugSpray/crs/810730/<wbr>hscale/solution1/csim/build/<wbr>csim.exe+0x4c3648)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US"> </span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">Address 0x7fff8a931dcd is located in

stack of thread T0 at offset 1549 in frame<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">    #0 0x78628f in

hscale_core(hls::stream<HSC_MP<wbr>IX_STRUCT>&, ap_uint<4>,

ap_uint<16>, ap_uint<16>, ap_uint<16>, ap_uint<32>,

ap_uint<2>, ap_int<16> (*) [8],

hls::stream<HSC_MPIX_STRUCT>&)

(/wrk/xbj_vdi/fangqing/work/sp<wbr>rite/hls/BugSpray/crs/810730/<wbr>hscale/solution1/csim/build/<wbr>csim.exe+0x78628f)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US"> </span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US">  This frame has 215 object(s):<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.6pt"><span lang="EN-US">[32, 33)

'RegSmplsPerClk'<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.6pt"><span lang="EN-US">[48, 49)

'RegBitsPerCol'<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.6pt"><span lang="EN-US">[64, 66)

'TotalLines'<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.6pt"><span lang="EN-US" style="font-family:"Courier New"">…</span><span lang="EN-US"><u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:15.75pt"><span lang="EN-US">[1552, 1553)

'ref.tmp65' <== Memory access at offset 1549 underflows this variable<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.0pt"><span lang="EN-US">[1568, 1569)

'ref.tmp68'<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.0pt"><span lang="EN-US" style="font-family:"Courier New"">…</span><span lang="EN-US"><u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText" style="text-indent:21.0pt"><span lang="EN-US"> </span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">Both of them can

be compiled successfully and run correctly when compiled with clang without

this addrsanitizer option. However both of them failed when add this option.<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">From the error

message we can see AddressSanitizer need to allocate a very large memory (about

16G byte) from heap memory pool (1<sup>st</sup> case), or occupy large stack

memory and cause stack-buffer-overflow (2<sup>nd</sup> case). (ulimit </span><span lang="EN-US" style="font-family:"Courier New";color:#2f5597">–</span><span lang="EN-US" style="color:#2f5597">v shows unlimited)<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597">So our question is

it is this feature</span><span lang="EN-US" style="font-family:"Courier New";color:#2f5597">’</span><span lang="EN-US" style="color:#2f5597">s shortcoming or

there is something wrong with our development environment?<u></u><u></u></span></p>


<p class="m_-5230326661904914995m_3909676279768923390MsoPlainText"><span lang="EN-US" style="color:#2f5597"> </span></p><br><br><br><br>______________________________<wbr>_________________<br>

cfe-dev mailing list<br>

<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>

<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a><br>

<br></blockquote></div><br></div></div>

</div></div></blockquote></div><br><br><br></blockquote></div><br></div>