<div dir="ltr"><span lang="en-US"><font color="black" face="Tahoma"><span style="font-size:10pt" dir="ltr"><font face="Times New Roman"><span style="font-size:16px"><font face="Tahoma"><span style="font-size:10pt"></span></font></span></font></span></font></span><br>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">When I try to run a simple<span style="color:rgb(0,0,0);font-family:Tahoma;font-size:13.3333px"> "Hello World" program that prints using cout, I get this segfault error:</span>
<div><span style="color:rgb(0,0,0);font-family:Tahoma;font-size:13.3333px"><br></span></div><div>==69==Parsed ASAN_OPTIONS: verbosity=2<br>==69==AddressSanitizer: failed to intercept '__isoc99_printf'<br>
==69==AddressSanitizer: failed to intercept '__isoc99_sprintf'<br>==69==AddressSanitizer: failed to intercept '__isoc99_snprintf'<br>==69==AddressSanitizer: failed to intercept '__isoc99_fprintf'<br>
==69==AddressSanitizer: failed to intercept '__isoc99_vprintf'<br>==69==AddressSanitizer: failed to intercept '__isoc99_vsprintf'<br>==69==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'<br>
==69==AddressSanitizer: failed to intercept '__isoc99_vfprintf'<br>==69==AddressSanitizer: libc interceptors initialized<div class="im"><br>|| `[0x002000000000, 0x007fffffffff]` || HighMem ||<br>|| `[0x001400000000, 0x001fffffffff]` || HighShadow ||<br>
|| `[0x001200000000, 0x0013ffffffff]` || ShadowGap ||<br>|| `[0x001000000000, 0x0011ffffffff]` || LowShadow ||<br>|| `[0x000000000000, 0x000fffffffff]` || LowMem ||<br>MemToShadow(shadow): 0x001200000000 0x00123fffffff 0x001280000000 0x0013ffffffff<br>
redzone=16<br>max_redzone=2048<br>quarantine_size=256M<br>malloc_context_size=30<br>SHADOW_SCALE: 3<br>SHADOW_GRANULARITY: 8<br>SHADOW_OFFSET: 1000000000<br></div>==69==Installed the sigaction for signal 11<br>==69==SetCurrentThread: 0x007fb7ff1000 for thread 0x007fb7ff6000<br>
==69==T0: stack [0x007fff800000,0x008000000000) size 0x800000; local=0x007ffffffbd8<br>==69==AddressSanitizer Init done<br>ASAN:SIGSEGV<br>=================================================================<br>==69==ERROR: AddressSanitizer: SEGV on unknown address 0x100fffffff6e (pc 0x0000004a37b4 sp 0x007ffffffb70 bp 0x007ffffffbe0 T0)<br>
==69==AddressSanitizer CHECK failed: /local/mnt/workspace/gideonb/projects/toolchains/open-draco/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.cc:68 "((count)) < ((size))" (0x1, 0x1)<br> <empty stack><span style="color:rgb(0,0,0);font-family:Tahoma;font-size:13.3333px"><br>
</span></div></blockquote><span lang="en-US"><font color="black" face="Tahoma"><span style="font-size:10pt" dir="ltr"><font face="Times New Roman"><span style="font-size:16px"><font face="Tahoma"><span style="font-size:10pt"><font face="Times New Roman"><span style="font-size:16px"><font face="Tahoma"><span style="font-size:10pt"><br>
I've been using gdb to debug the segfault error I get when I run an ASan enabled binary:<br>
<span style="background-color:rgb(255,255,255)"><font color="red"><br>
<span style="color:rgb(68,68,68)">==6038==ERROR: AddressSanitizer: SEGV on unknown address 0x000000100022
(pc 0x0000004a3b8c sp 0x0040008000b0 bp 0x004000800170 T0)</span></font><span style="color:rgb(68,68,68)"><span style></span></span></span><br>
<br>
gdb gives the following error:<br>
<br>
<span style="color:rgb(102,102,102)"><span style="color:rgb(68,68,68)">Program received signal SIGSEGV, Segmentation fault.<br>
0x00000000004a3b8c in main () at test.cpp:6<br>
6 {</span><br>
</span><br>
I've stepped through ASan initialization code, and there appear to be no
errors until main() is called. I did a back trace and a dump of the
assembly from this point:<br>
<br>
<span style="color:rgb(68,68,68)">(gdb) bt<br>
#0 0x00000000004a3b8c in main () at test.cpp:6<br>
#1 0x0000004000aa0288 in __libc_start_main (main=0x0, argc=0, argv=0x4000800180, <br>
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, <br>
stack_end=<optimized out>) at libc-start.c:285<br>
#2 0x00000000004a39ac in _start ()<br>
(gdb) x/10i $pc-20<br>
0x4a3b78 <main()+160>: lsr x11, x8, x11<br>
0x4a3b7c <main()+164>: orr x12, xzr, #0x100000000000<br>
0x4a3b80 <main()+168>: orr x11, x11, x12<br>
0x4a3b84 <main()+172>: mov x12, #0x0 // #0<br>
0x4a3b88 <main()+176>: add x12, x11, x12<br>
=> 0x4a3b8c <main()+180>: str x10, [x12]<br>
0x4a3b90 <main()+184>: orr x10, xzr, #0x8<br>
0x4a3b94 <main()+188>: add x10, x11, x10<br>
0x4a3b98 <main()+192>: str w9, [x10]<br>
0x4a3b9c <main()+196>: orr x10, xzr, #0x3<br>
(gdb) p/x $x12<br>
$8 = 0x100800100022<br>
(gdb) p/x $x11<br>
$9 = 0x100800100022</span><br>
<br>
I noticed that the address reported in the ASan segfault error,
0x000000100022, is the same as the address held by x12, 0x100800100022,
but with the top bytes chopped off. I think this makes sense, since the
AArch64 address space is only 39-bits and ends at 0x7fffffffff.
However, I have not been able to determine where the address stored in
x12 is originating. Do you have any idea where this might be coming
from?<br>
<br>
Thanks,<br>
-Gideon</span></font></span></font></span></font></span></font></span></font></span></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 4, 2014 at 12:40 PM, Greg Fitzgerald <span dir="ltr"><<a href="mailto:garious@gmail.com" target="_blank">garious@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Wed, Jun 4, 2014 at 7:48 AM, Gideon Billings<br>
<<a href="mailto:gideonhbillings@gmail.com">gideonhbillings@gmail.com</a>> wrote:<br>
> Thanks! Applying this patch to qemu 2.0 fixed the mmap issue:<br>
> <a href="http://lists.gnu.org/archive/html/qemu-devel/2014-02/msg00319.html" target="_blank">http://lists.gnu.org/archive/html/qemu-devel/2014-02/msg00319.html</a><br>
><br>
> I am still getting the segfault error, though.<br>
<br>
</div>Cool, making progress. :)<br>
<br>
Expected Passes : 43<br>
Expected Failures : 2<br>
Unsupported Tests : 84<br>
Unexpected Failures: 138<br>
<br>
For that segfault, can you run in gdb and get a stack trace?<br>
<br>
Thanks,<br>
Greg<br>
</blockquote></div><br></div>