[llvm-dev] AddressSanitizer on SPECCPU2006
Muhui Jiang via llvm-dev
llvm-dev at lists.llvm.org
Wed Sep 5 07:50:04 PDT 2018
Hi Alex
UBSAN_OPTIONS is the right answer. It works for me! Thank you very much
Regards
Muhui
Alexander Potapenko <glider at google.com> 于2018年9月5日周三 下午10:11写道:
> On Wed, Sep 5, 2018 at 2:25 PM Muhui Jiang <jiangmuhui at gmail.com> wrote:
> >
> > Hi Alex
> >
> > Thanks for your email. But it seems not work. I removed the
> -fsanitize=address flag.
> >
> > The global buffer overflow message doesn't show. However, no *.sancov
> file is created after I run perlbench. Thus, I could not get the BB
> coverage. Do you have any ideas? Many Thanks
> This has disappeared from the docs
> (http://clang.llvm.org/docs/SanitizerCoverage.html), but in the
> absence of ASan runtime you should use UBSAN_OPTIONS=coverage=1
> At least a small example works for me:
>
> $ clang t.c -fsanitize-coverage=bb -o t
> clang-8: warning: argument '-fsanitize-coverage=[func|bb|edge]' is
> deprecated, use
> '-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]' instead
> [-Wdeprecated]
> $ UBSAN_OPTIONS=coverage=1 ./t
> SanitizerCoverage: ./t.168004.sancov: 1 PCs written
>
>
> > Regards
> > Muhui
> >
> > Alexander Potapenko <glider at google.com> 于2018年9月5日周三 下午7:14写道:
> >>
> >> Hi Muhui,
> >>
> >> If you want just the coverage information you can remove the
> >> -fsanitize=address flag from the command line.
> >>
> >> HTH,
> >> Alex
> >> On Wed, Sep 5, 2018 at 1:06 PM Muhui Jiang <jiangmuhui at gmail.com>
> wrote:
> >> >
> >> > Hi
> >> >
> >> > If so, is it able to disable this check. All I need is just to get
> the BB coverage information
> >> >
> >> > Regards
> >> > Muhui
> >> >
> >> > Alexander Potapenko <glider at google.com>于2018年9月5日 周三下午6:57写道:
> >> >>
> >> >> This is a known problem in SPECCPU2006, see
> >> >> https://github.com/google/sanitizers/wiki/AddressSanitizerFoundBugs
> >> >> On Wed, Sep 5, 2018 at 7:36 AM Muhui Jiang via llvm-dev
> >> >> <llvm-dev at lists.llvm.org> wrote:
> >> >> >
> >> >> > Hi
> >> >> >
> >> >> > I am using SanitizerCoverage feature supported by clang to get the
> basicblock coverage.
> >> >> >
> >> >> > my tested binaries are spec cpu2006. I compiled the binary with
> the option
> >> >> > COPTIMIZE = -O0 -fsanitize=address -fsanitize-coverage=bb -flto
> -fno-strict-aliasing -std=gnu89 -gdwarf-3
> >> >> >
> >> >> > After the compiling process is end. I run the 400.perlbench. with
> the command
> >> >> > ASAN_OPTIONS=coverage=1 ./perlbench. However, the AddressSanitizer
> detect the global buffer overflow and I could not run the perlbench
> properly.
> >> >> >
> >> >> > Is there anything wrong or I missed some configurations? I just
> want to compile the binaries with instrumented coverage information so that
> I can calculate the bb coverage. Many Thanks
> >> >> >
> >> >> >
> >> >> > ==17619==ERROR: AddressSanitizer: global-buffer-overflow on
> address 0x000000b46465 at pc 0x00000049ffcd bp 0x7fff4f265ec0 sp
> 0x7fff4f265670
> >> >> >
> >> >> > READ of size 6 at 0x000000b46465 thread T0
> >> >> >
> >> >> > #0 0x49ffcc in __interceptor_memcmp.part.75
> /home/jmh/Downloads/llvm-4/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690
> >> >> >
> >> >> > #1 0x6843a0 in PerlIO_find_layer
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:751:6
> >> >> >
> >> >> > #2 0x6869fc in PerlIO_default_buffer
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1015:32
> >> >> >
> >> >> > #3 0x683f13 in PerlIO_default_layers
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1113:6
> >> >> >
> >> >> > #4 0x691cff in PerlIO_resolve_layers
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1433:26
> >> >> >
> >> >> > #5 0x690ef3 in PerlIO_openn
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1519:15
> >> >> >
> >> >> > #6 0x6907a1 in PerlIO_fdopen
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:4745:12
> >> >> >
> >> >> > #7 0x6906e8 in PerlIO_stdstreams
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1150:2
> >> >> >
> >> >> > #8 0x6946ef in Perl_PerlIO_stdin
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:4686:2
> >> >> >
> >> >> > #9 0x66a465 in S_open_script
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:3348:12
> >> >> >
> >> >> > #10 0x65f01d in S_parse_body
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:1718:5
> >> >> >
> >> >> > #11 0x65b5b9 in perl_parse
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:1312:2
> >> >> >
> >> >> > #12 0x696dd2 in main
> /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlmain.c:96:18
> >> >> >
> >> >> > #13 0x7f169601082f in __libc_start_main
> /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
> >> >> >
> >> >> > #14 0x41bc58 in _start
> (/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlbench+0x41bc58)
> >> >> >
> >> >> >
> >> >> > 0x000000b46465 is located 0 bytes to the right of global variable
> '<string literal>' defined in 'perlio.c:2566:5' (0xb46460) of size 5
> >> >> >
> >> >> > '<string literal>' is ascii string 'unix'
> >> >> >
> >> >> > SUMMARY: AddressSanitizer: global-buffer-overflow
> /home/jmh/Downloads/llvm-4/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690
> in __interceptor_memcmp.part.75
> >> >> >
> >> >> > Shadow bytes around the buggy address:
> >> >> >
> >> >> > 0x000080160c30: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
> >> >> >
> >> >> > 0x000080160c40: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9
> >> >> >
> >> >> > 0x000080160c50: f9 f9 f9 f9 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9
> >> >> >
> >> >> > 0x000080160c60: 00 00 00 00 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9
> >> >> >
> >> >> > 0x000080160c70: 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 00 00 00 00
> >> >> >
> >> >> > =>0x000080160c80: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00[05]f9 f9 f9
> >> >> >
> >> >> > 0x000080160c90: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9
> >> >> >
> >> >> > 0x000080160ca0: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
> >> >> >
> >> >> > 0x000080160cb0: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
> >> >> >
> >> >> > 0x000080160cc0: f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9
> >> >> >
> >> >> > 0x000080160cd0: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
> >> >> >
> >> >> > Shadow byte legend (one shadow byte represents 8 application
> bytes):
> >> >> >
> >> >> > Addressable: 00
> >> >> >
> >> >> > Partially addressable: 01 02 03 04 05 06 07
> >> >> >
> >> >> > Heap left redzone: fa
> >> >> >
> >> >> > Freed heap region: fd
> >> >> >
> >> >> > Stack left redzone: f1
> >> >> >
> >> >> > Stack mid redzone: f2
> >> >> >
> >> >> > Stack right redzone: f3
> >> >> >
> >> >> > Stack after return: f5
> >> >> >
> >> >> > Stack use after scope: f8
> >> >> >
> >> >> > Global redzone: f9
> >> >> >
> >> >> > Global init order: f6
> >> >> >
> >> >> > Poisoned by user: f7
> >> >> >
> >> >> > Container overflow: fc
> >> >> >
> >> >> > Array cookie: ac
> >> >> >
> >> >> > Intra object redzone: bb
> >> >> >
> >> >> > ASan internal: fe
> >> >> >
> >> >> > Left alloca redzone: ca
> >> >> >
> >> >> > Right alloca redzone: cb
> >> >> >
> >> >> > ==17619==ABORTING
> >> >> >
> >> >> >
> >> >> >
> >> >> > Regards
> >> >> >
> >> >> > Muhui
> >> >> > _______________________________________________
> >> >> > LLVM Developers mailing list
> >> >> > llvm-dev at lists.llvm.org
> >> >> > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Alexander Potapenko
> >> >> Software Engineer
> >> >>
> >> >> Google Germany GmbH
> >> >> Erika-Mann-Straße, 33
> >> >> 80636 München
> >> >>
> >> >> Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
> >> >> Registergericht und -nummer: Hamburg, HRB 86891
> >> >> Sitz der Gesellschaft: Hamburg
> >>
> >>
> >>
> >> --
> >> Alexander Potapenko
> >> Software Engineer
> >>
> >> Google Germany GmbH
> >> Erika-Mann-Straße, 33
> >> 80636 München
> >>
> >> Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
> >> Registergericht und -nummer: Hamburg, HRB 86891
> >> Sitz der Gesellschaft: Hamburg
>
>
>
> --
> Alexander Potapenko
> Software Engineer
>
> Google Germany GmbH
> Erika-Mann-Straße, 33
> 80636 München
>
> Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180905/1781a95f/attachment.html>
More information about the llvm-dev
mailing list