[LLVMdev] linker warnings in Linking CXX executable Debug/AsanTest

Jack Howarth howarth at bromo.med.uc.edu
Fri Nov 2 18:21:09 PDT 2012 

On Fri, Nov 02, 2012 at 01:01:59PM -0400, Jack Howarth wrote:
> On Fri, Nov 02, 2012 at 06:45:07PM +0400, Alexey Samsonov wrote:
> > Hi, Jack!
> > 
> > 
> > I'll take a look at this. However, tests below fail for a different reason
> > (they don't use Debug/AsanTest at all).
> > How do you configure a CMake build tree? Can you somehow get (or run
> > manually) the script which is used
> > for running log-path_test.cc and other failing test cases?
> > 
> > 
> 
> I have in build/projects/compiler-rt/lib/asan/lit_tests/Output/log-path_test.cc.tmp.log.393
> 
> =================================================================
> ==393== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x00010a580fca at pc 0x10829ca5c bp 0x7fff57964910 sp 0x7fff57964908
> READ of size 1 at 0x00010a580fca thread T0
>     #0 0x10829ca5b (/sw/src/fink.build/llvm32-3.2-0/llvm-3.2/build/projects/compiler-rt/lib/asan/lit_tests/Output/log-path_test.cc.tmp+0x100001a5b)
>     #1 0x7fff8bd827e0 (/usr/lib/system/libdyld.dylib+0x27e0)
>     #2 0x0
> 0x00010a580fca is located 0 bytes to the right of 10-byte region [0x00010a580fc0,0x00010a580fca)
> allocated by thread T0 here:
>     #0 0x1082a5472 (/sw/src/fink.build/llvm32-3.2-0/llvm-3.2/build/projects/compiler-rt/lib/asan/lit_tests/Output/log-path_test.cc.tmp+0x10000a472)
>     #1 0x7fff94c3b152 (/usr/lib/system/libsystem_c.dylib+0x2d152)
>     #2 0x7fff94c3bba6 (/usr/lib/system/libsystem_c.dylib+0x2dba6)
>     #3 0x10829c876 (/sw/src/fink.build/llvm32-3.2-0/llvm-3.2/build/projects/compiler-rt/lib/asan/lit_tests/Output/log-path_test.cc.tmp+0x100001876)
>     #4 0x7fff8bd827e0 (/usr/lib/system/libdyld.dylib+0x27e0)
> Shadow byte and word:
>   0x1000214b01f9: 2
>   0x1000214b01f8: 00 02 fb fb fb fb fb fb
> More shadow bytes:
>   0x1000214b01d8: fa fa fa fa fa fa fa fa
>   0x1000214b01e0: fa fa fa fa fa fa fa fa
>   0x1000214b01e8: fa fa fa fa fa fa fa fa
>   0x1000214b01f0: fa fa fa fa fa fa fa fa
> =>0x1000214b01f8: 00 02 fb fb fb fb fb fb
>   0x1000214b0200: fa fa fa fa fa fa fa fa
>   0x1000214b0208: fa fa fa fa fa fa fa fa
>   0x1000214b0210: fa fa fa fa fa fa fa fa
>   0x1000214b0218: fa fa fa fa fa fa fa fa
> Stats: 0M malloced (0M for red zones) by 1 calls
> Stats: 0M realloced by 0 calls
> Stats: 0M freed by 0 calls
> Stats: 0M really freed by 0 calls
> Stats: 0M (128 full pages) mmaped in 1 calls
>   mmaps   by size class: 7:4095; 
>   mallocs by size class: 7:1; 
>   frees   by size class: 
>   rfrees  by size class: 
> Stats: malloc large: 0 small slow: 1
> ==393== ABORTING
> 
> in build/projects/compiler-rt/lib/asan/lit_tests/Output/trncpy-overflow.cc.tmp.out
> 
> =================================================================
> ==996== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x00010920b049 at pc 0x106f2b7db bp 0x7fff58cdb970 sp 0x7fff58cdb118
> WRITE of size 1 at 0x00010920b049 thread T0
>     #0 0x106f2b7da in _wrap_strncpy _asan_rtl_:5
>     #1 0x106f25a05 in _main /sw/src/fink.build/llvm32-3.2-0/llvm-3.2/projects/compiler-unsigned short restrict/lib/asan/lit_tests/strncpy-overflow.cc:24:0
>     #2 0x7fff8bd827e0 in start (in libdyld.dylib) + 0
>     #3 0x0
> 0x00010920b049 is located 0 bytes to the right of 9-byte region [0x00010920b040,0x00010920b049)
> allocated by thread T0 here:
>     #0 0x106f2e362 in (anonymous namespace)::mz_malloc(_malloc_zone_t*, unsigned long) _asan_rtl_:3
>     #1 0x7fff94c3b152 in malloc_zone_malloc (in libsystem_c.dylib) + 70
>     #2 0x7fff94c3bba6 in malloc (in libsystem_c.dylib) + 40
>     #3 0x106f25974 in _main /sw/src/fink.build/llvm32-3.2-0/llvm-3.2/projects/compiler-unsigned short restrict/lib/asan/lit_tests/strncpy-overflow.cc:23:0
>     #4 0x7fff8bd827e0 in start (in libdyld.dylib) + 0
> Shadow byte and word:
>   0x100021241609: 1
>   0x100021241608: 00 01 fb fb fb fb fb fb
> long double restrictunsigned __int128::* shadow bytes:
>   0x1000212415e8: fa fa fa fa fa fa fa fa
>   0x1000212415f0: fa fa fa fa fa fa fa fa
>   0x1000212415f8: 06 fb fb fb fb fb fb fb
>   0x100021241600: fa fa fa fa fa fa fa fa
> =>0x100021241608: 00 01 fb fb fb fb fb fb
>   0x100021241610: fa fa fa fa fa fa fa fa
>   0x100021241618: fa fa fa fa fa fa fa fa
>   0x100021241620: fa fa fa fa fa fa fa fa
>   0x100021241628: fa fa fa fa fa fa fa fa
> Stats: 0M malloced (0M for red zones) by 2 calls
> Stats: 0M realloced by 0 calls
> Stats: 0M freed by 0 calls
> Stats: 0M really freed by 0 calls
> Stats: 0M (128 full pages) mmaped in 1 calls
>   mmaps   by size class: 7:4095;
>   mallocs by size class: 7:2;
>   frees   by size class:
>   rfrees  by size class:
> Stats: malloc large: 0 small slow: 1
> ==996== ABORTING
> 
> and in build/projects/compiler-rt/lib/asan/lit_tests/Output/use-after-free.cc.tmp.out
> 
> =================================================================
> ==1125== ERROR: AddressSanitizer: heap-use-after-free on address 0x00010c958fc5 at pc 0x10a675c5e bp 0x7fff5558aab0 sp 0x7fff5558aaa8
> READ of size 1 at 0x00010c958fc5 thread T0
>     #0 0x10a675c5d in _main /sw/src/fink.build/llvm32-3.2-0/llvm-3.2/projects/compiler-unsigned short restrict/lib/asan/lit_tests/use-after-free.cc:22:0
>     #1 0x7fff8bd827e0 in start (in libdyld.dylib) + 0
>     #2 0x0
> 0x00010c958fc5 is located 5 bytes inside of 10-byte region [0x00010c958fc0,0x00010c958fca)
> freed by thread T0 here:
>     #0 0x10a67e6a8 in free_common _asan_rtl_:5
>     #1 0x10a67e6a8 in (anonymous namespace)::mz_free(_malloc_zone_t*, void*) _asan_rtl_:0
>     #2 0x10a67dd22 in _wrap_free _asan_rtl_:7
>     #3 0x10a675bd7 in _main /sw/src/fink.build/llvm32-3.2-0/llvm-3.2/projects/compiler-unsigned short restrict/lib/asan/lit_tests/use-after-free.cc:21:0
>     #4 0x7fff8bd827e0 in start (in libdyld.dylib) + 0
>     #4 0x0
> previously allocated by thread T0 here:
>     #0 0x10a67e4b2 in (anonymous namespace)::mz_malloc(_malloc_zone_t*, unsigned long) _asan_rtl_:3
>     #1 0x7fff94c3b152 in malloc_zone_malloc (in libsystem_c.dylib) + 70
>     #2 0x7fff94c3bba6 in malloc (in libsystem_c.dylib) + 40
>     #3 0x10a675b94 in _main /sw/src/fink.build/llvm32-3.2-0/llvm-3.2/projects/compiler-unsigned short restrict/lib/asan/lit_tests/use-after-free.cc:20:0
>     #4 0x7fff8bd827e0 in start (in libdyld.dylib) + 0
> Shadow byte and word:
>   0x10002192b1f8: fd
>   0x10002192b1f8: fd fd fd fd fd fd fd fd
> long double restrictunsigned __int128::* shadow bytes:
>   0x10002192b1d8: fa fa fa fa fa fa fa fa
>   0x10002192b1e0: fa fa fa fa fa fa fa fa
>   0x10002192b1e8: fa fa fa fa fa fa fa fa
>   0x10002192b1f0: fa fa fa fa fa fa fa fa
> =>0x10002192b1f8: fd fd fd fd fd fd fd fd
>   0x10002192b200: fa fa fa fa fa fa fa fa
>   0x10002192b208: fa fa fa fa fa fa fa fa
>   0x10002192b210: fa fa fa fa fa fa fa fa
>   0x10002192b218: fa fa fa fa fa fa fa fa
> Stats: 0M malloced (0M for red zones) by 1 calls
> Stats: 0M realloced by 0 calls
> Stats: 0M freed by 1 calls
> Stats: 0M really freed by 0 calls
> Stats: 0M (128 full pages) mmaped in 1 calls
>   mmaps   by size class: 7:4095;
>   mallocs by size class: 7:1;
>   frees   by size class: 7:1;
>   rfrees  by size class:
> Stats: malloc large: 0 small slow: 1
> ==1125== ABORTING
> 
> Hopefully that helps.
>          Jack
> 

Interestingly, while Mountain Lion produces the 3 regressions, on Lion I only see
the failure in log-path_test.cc (which appears to fail identically).

> > >
> > > I am seeing some AddressSanitizer failures like...
> > >
> > > FAIL: AddressSanitizer :: log-path_test.cc (13 of 12542)
> > > ******************** TEST 'AddressSanitizer :: log-path_test.cc' FAILED
> > > ********************
> > >
> > > FAIL: AddressSanitizer :: strncpy-overflow.cc (27 of 12542)
> > > ******************** TEST 'AddressSanitizer :: strncpy-overflow.cc' FAILED
> > > ********************
> > >
> > > FAIL: AddressSanitizer :: use-after-free.cc (34 of 12542)
> > > ******************** TEST 'AddressSanitizer :: use-after-free.cc' FAILED
> > > ********************
> > >
> > > etc, and wonder if they could be related to that those linkage warnings.
> > > If so, I'll open a bug report.
> > > Thanks in advance.
> > >          Jack
> > > ps This is using a debug build on x86_64-apple-darwin12 with Xcode 4.5.2's
> > > linker.
> > >
> > >
> > > _______________________________________________
> > > LLVM Developers mailing list
> > > LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> > > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
> > >
> > 
> > 
> > 
> > -- 
> > Alexey Samsonov, MSK
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list