[llvm-dev] [cfe-dev] Buildling with/without AddressSanitizer causes divergent execution behaviour
Reid Kleckner via llvm-dev
llvm-dev at lists.llvm.org
Wed Feb 17 10:57:11 PST 2016
On Wed, Feb 17, 2016 at 10:48 AM, Dan Liew <dan at su-root.co.uk> wrote:
> Well I dug into Z3's codebase a little more and figured out what the
> problem was. If you're curious see .
Neat bug. :)
> What worries me more is that prior to a heap-use-after-free being
> reported there an out of bounds write occurs but ASan doesn't catch it
> which seems like a bug to me. Note I'm using Clang 3.7.1
> This seems like a bug to me. Thoughts?
m_segments is at the end of the clause_allocator object, which I'm assuming
is allocated in another object sls here:
clause_allocator m_alloc; // clause allocator
clause_vector m_bin_clauses; // binary clauses
The out-of-bounds access probably touches memory in m_bin_clauses.
One of ASan's limitations is that it can't currently catch intra-object
There's a prototype that adds padding to make it possible to catch this
kind of bug, but I haven't seen anyone pushing it forward for a while now.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the llvm-dev