[llvm-dev] Buildling with/without AddressSanitizer causes divergent execution behaviour

Dan Liew via llvm-dev llvm-dev at lists.llvm.org
Tue Feb 9 10:57:17 PST 2016



I've been building an application with and without the address
sanitizer (with gcc 5.3 and clang 3.7.1) and I've observed that the
application's behaviour changes (assertion hit/ not hit). I'm
wondering if this could be a bug in address sanitizer or if the
application I'm running is just buggy (e.g. doing bad things like
relying on memory layout, etc.). I'm also observing ASan reporting a
heap-use-after-free which Valgrind is not reporting, which makes me
wonder if it is a false positive.

Any hints on how I might determine this? Building with UBSan doesn't
turn up anything.

# Longer version (if you are interested in the specific details)

The application of interest is the Z3 constraint solver [1].

Much of what I'm going to say is covered in [2] which is a bug report
I opened (including a heap-use-after-free AddressSanitizer finds, I'm
not sure if this a false positive or not) but here are the basics of
what I found.

Build Z3 as follows

git clone https://github.com/Z3Prover/z3.git
cd z3

# Now apply the attached patch.
# Basically this makes it so that in ``examples/c/test_capi.c``
# the main() function only calls two functions.
# Note if you build without the patch when running ``c_example``
program AddressSanitizer
# reports a heap-use-after-free. I'm not sure if this a false positive
or not. Valgrind doesn't
# seem to think there's a problem.

# Build with ASan, Assertion will be hit when running the example
CXX=clang++ CC=clang CXXFLAGS="-fno-omit-frame-pointer
-fsanitize=address" LDFLAGS="-fsanitize=address" python
scripts/mk_make.py --debug --noomp --build build_asan
cd build_asan
make c_examples
LD_LIBRARY_PATH=`pwd` ./c_example
File: ../src/sat/sat_clause.h
Line: 59

# Now build without ASan
cd ../
CXX=clang++ CC=clang python scripts/mk_make.py --debug --noomp --build
cd build_noasan
make c_example
LD_LIBRARY_PATH=`pwd` ./c_example

# No assertion is hit

Any insights/suggestions on how I could debug what I'm seeing further
would be appreciated.

[1] https://github.com/z3prover/z3
[2] https://github.com/Z3Prover/z3/issues/436

-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch_c_examples.patch
Type: text/x-patch
Size: 1218 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160209/d3ebf585/attachment.bin>

More information about the llvm-dev mailing list