<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - asan global instrumentation broken for interposed global variables"
href="https://bugs.llvm.org/show_bug.cgi?id=37545">37545</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>asan global instrumentation broken for interposed global variables
</td>
</tr>
<tr>
<th>Product</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>richard-llvm@metafoo.co.uk
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Situation:
main binary contains a weak definition of global symbol foo
foo.so contains a strong definition of global symbol foo
ASan instruments the strong definition but not the weak one:
<a href="https://github.com/llvm-mirror/llvm/blob/master/lib/Transforms/Instrumentation/AddressSanitizer.cpp#L1661">https://github.com/llvm-mirror/llvm/blob/master/lib/Transforms/Instrumentation/AddressSanitizer.cpp#L1661</a>
Now, after dynamic linking, the program has only one definition of foo (the one
from the main binary) but still has the global registration code from foo.so,
which tries to register that global symbol.
In my test case, the registration fails because the weak definition is
underaligned for a sanitized global, and ASan reports a bogus ODR violation
error. If the alignment happens to match, ASan would presumably instead mark a
bogus region of the address space as being global redzone.
As of r332028, Clang creates the above situation for entirely valid code:
// main.cc
#include <typeinfo>
struct A;
auto &x = typeid(A*);
void use_foo();
int main() { use_foo(); }
// foo.cc
struct A {
virtual void f();
};
void A::f() {}
void use_foo() {}
$ clang++ foo.cc -shared -o /tmp/foo.so -fsanitize=address
$ clang++ /tmp/foo.so main.cc -o /tmp/main -fsanitize=address
$ /tmp/main
==211158==The following global variable is not properly aligned.
==211158==This may happen if another global with the same name
==211158==resides in another non-instrumented module.
==211158==Or the global comes from a C file built w/o -fno-common.
==211158==In either case this is likely an ODR violation bug,
==211158==but AddressSanitizer can not provide more details.
=================================================================
==211158==ERROR: AddressSanitizer: odr-violation (0x00000050a1d6):
[1] size=3 'typeinfo name for A' -
[2] size=3 'typeinfo name for A' -
These globals were registered at these points:
[1]:
#0 0x42dcfe in
__asan_register_globals[...]/compiler-rt/lib/asan/asan_globals.cc:358:3
#1 0x7f32dfe18a70 in asan.module_ctor (/tmp/foo.so+0xa70)
[2]:
#0 0x42dcfe in __asan_register_globals
[...]/compiler-rt/lib/asan/asan_globals.cc:358:3
#1 0x7f32dfe18a70 in asan.module_ctor (/tmp/foo.so+0xa70)
==211158==HINT: if you don't care about these errors you may set
ASAN_OPTIONS=detect_odr_violation=0
SUMMARY: AddressSanitizer: odr-violation: global 'typeinfo name for A' at -
==211158==ABORTING</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>