<div dir="ltr">Hi Alex<div><br></div><div>UBSAN_OPTIONS is the right answer. It works for me! Thank you very much</div><div><br></div><div>Regards</div><div>Muhui</div></div><br><div class="gmail_quote"><div dir="ltr">Alexander Potapenko <<a href="mailto:glider@google.com">glider@google.com</a>> 于2018年9月5日周三 下午10:11写道:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Sep 5, 2018 at 2:25 PM Muhui Jiang <<a href="mailto:jiangmuhui@gmail.com" target="_blank">jiangmuhui@gmail.com</a>> wrote:<br>
><br>
> Hi Alex<br>
><br>
> Thanks for your email. But it seems not work. I removed the -fsanitize=address flag.<br>
><br>
> The global buffer overflow message doesn't show. However, no *.sancov file is created after I run perlbench. Thus, I could not get the BB coverage. Do you have any ideas? Many Thanks<br>
This has disappeared from the docs<br>
(<a href="http://clang.llvm.org/docs/SanitizerCoverage.html" rel="noreferrer" target="_blank">http://clang.llvm.org/docs/SanitizerCoverage.html</a>), but in the<br>
absence of ASan runtime you should use UBSAN_OPTIONS=coverage=1<br>
At least a small example works for me:<br>
<br>
$ clang t.c -fsanitize-coverage=bb -o t<br>
clang-8: warning: argument '-fsanitize-coverage=[func|bb|edge]' is<br>
deprecated, use<br>
'-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]' instead<br>
[-Wdeprecated]<br>
$ UBSAN_OPTIONS=coverage=1 ./t<br>
SanitizerCoverage: ./t.168004.sancov: 1 PCs written<br>
<br>
<br>
> Regards<br>
> Muhui<br>
><br>
> Alexander Potapenko <<a href="mailto:glider@google.com" target="_blank">glider@google.com</a>> 于2018年9月5日周三 下午7:14写道:<br>
>><br>
>> Hi Muhui,<br>
>><br>
>> If you want just the coverage information you can remove the<br>
>> -fsanitize=address flag from the command line.<br>
>><br>
>> HTH,<br>
>> Alex<br>
>> On Wed, Sep 5, 2018 at 1:06 PM Muhui Jiang <<a href="mailto:jiangmuhui@gmail.com" target="_blank">jiangmuhui@gmail.com</a>> wrote:<br>
>> ><br>
>> > Hi<br>
>> ><br>
>> > If so, is it able to disable this check. All I need is just to get the BB coverage information<br>
>> ><br>
>> > Regards<br>
>> > Muhui<br>
>> ><br>
>> > Alexander Potapenko <<a href="mailto:glider@google.com" target="_blank">glider@google.com</a>>于2018年9月5日 周三下午6:57写道:<br>
>> >><br>
>> >> This is a known problem in SPECCPU2006, see<br>
>> >> <a href="https://github.com/google/sanitizers/wiki/AddressSanitizerFoundBugs" rel="noreferrer" target="_blank">https://github.com/google/sanitizers/wiki/AddressSanitizerFoundBugs</a><br>
>> >> On Wed, Sep 5, 2018 at 7:36 AM Muhui Jiang via llvm-dev<br>
>> >> <<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>> wrote:<br>
>> >> ><br>
>> >> > Hi<br>
>> >> ><br>
>> >> > I am using SanitizerCoverage feature supported by clang to get the basicblock coverage.<br>
>> >> ><br>
>> >> > my tested binaries are spec cpu2006. I compiled the binary with the option<br>
>> >> > COPTIMIZE = -O0 -fsanitize=address -fsanitize-coverage=bb -flto -fno-strict-aliasing -std=gnu89 -gdwarf-3<br>
>> >> ><br>
>> >> > After the compiling process is end. I run the 400.perlbench. with the command<br>
>> >> > ASAN_OPTIONS=coverage=1 ./perlbench. However, the AddressSanitizer detect the global buffer overflow and I could not run the perlbench properly.<br>
>> >> ><br>
>> >> > Is there anything wrong or I missed some configurations? I just want to compile the binaries with instrumented coverage information so that I can calculate the bb coverage. Many Thanks<br>
>> >> ><br>
>> >> ><br>
>> >> > ==17619==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000b46465 at pc 0x00000049ffcd bp 0x7fff4f265ec0 sp 0x7fff4f265670<br>
>> >> ><br>
>> >> > READ of size 6 at 0x000000b46465 thread T0<br>
>> >> ><br>
>> >> > #0 0x49ffcc in __interceptor_memcmp.part.75 /home/jmh/Downloads/llvm-4/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690<br>
>> >> ><br>
>> >> > #1 0x6843a0 in PerlIO_find_layer /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:751:6<br>
>> >> ><br>
>> >> > #2 0x6869fc in PerlIO_default_buffer /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1015:32<br>
>> >> ><br>
>> >> > #3 0x683f13 in PerlIO_default_layers /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1113:6<br>
>> >> ><br>
>> >> > #4 0x691cff in PerlIO_resolve_layers /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1433:26<br>
>> >> ><br>
>> >> > #5 0x690ef3 in PerlIO_openn /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1519:15<br>
>> >> ><br>
>> >> > #6 0x6907a1 in PerlIO_fdopen /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:4745:12<br>
>> >> ><br>
>> >> > #7 0x6906e8 in PerlIO_stdstreams /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1150:2<br>
>> >> ><br>
>> >> > #8 0x6946ef in Perl_PerlIO_stdin /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:4686:2<br>
>> >> ><br>
>> >> > #9 0x66a465 in S_open_script /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:3348:12<br>
>> >> ><br>
>> >> > #10 0x65f01d in S_parse_body /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:1718:5<br>
>> >> ><br>
>> >> > #11 0x65b5b9 in perl_parse /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:1312:2<br>
>> >> ><br>
>> >> > #12 0x696dd2 in main /home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlmain.c:96:18<br>
>> >> ><br>
>> >> > #13 0x7f169601082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291<br>
>> >> ><br>
>> >> > #14 0x41bc58 in _start (/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlbench+0x41bc58)<br>
>> >> ><br>
>> >> ><br>
>> >> > 0x000000b46465 is located 0 bytes to the right of global variable '<string literal>' defined in 'perlio.c:2566:5' (0xb46460) of size 5<br>
>> >> ><br>
>> >> > '<string literal>' is ascii string 'unix'<br>
>> >> ><br>
>> >> > SUMMARY: AddressSanitizer: global-buffer-overflow /home/jmh/Downloads/llvm-4/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690 in __interceptor_memcmp.part.75<br>
>> >> ><br>
>> >> > Shadow bytes around the buggy address:<br>
>> >> ><br>
>> >> > 0x000080160c30: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00<br>
>> >> ><br>
>> >> > 0x000080160c40: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160c50: f9 f9 f9 f9 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160c60: 00 00 00 00 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160c70: 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 00 00 00 00<br>
>> >> ><br>
>> >> > =>0x000080160c80: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00[05]f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160c90: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160ca0: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00<br>
>> >> ><br>
>> >> > 0x000080160cb0: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160cc0: f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9<br>
>> >> ><br>
>> >> > 0x000080160cd0: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00<br>
>> >> ><br>
>> >> > Shadow byte legend (one shadow byte represents 8 application bytes):<br>
>> >> ><br>
>> >> > Addressable: 00<br>
>> >> ><br>
>> >> > Partially addressable: 01 02 03 04 05 06 07<br>
>> >> ><br>
>> >> > Heap left redzone: fa<br>
>> >> ><br>
>> >> > Freed heap region: fd<br>
>> >> ><br>
>> >> > Stack left redzone: f1<br>
>> >> ><br>
>> >> > Stack mid redzone: f2<br>
>> >> ><br>
>> >> > Stack right redzone: f3<br>
>> >> ><br>
>> >> > Stack after return: f5<br>
>> >> ><br>
>> >> > Stack use after scope: f8<br>
>> >> ><br>
>> >> > Global redzone: f9<br>
>> >> ><br>
>> >> > Global init order: f6<br>
>> >> ><br>
>> >> > Poisoned by user: f7<br>
>> >> ><br>
>> >> > Container overflow: fc<br>
>> >> ><br>
>> >> > Array cookie: ac<br>
>> >> ><br>
>> >> > Intra object redzone: bb<br>
>> >> ><br>
>> >> > ASan internal: fe<br>
>> >> ><br>
>> >> > Left alloca redzone: ca<br>
>> >> ><br>
>> >> > Right alloca redzone: cb<br>
>> >> ><br>
>> >> > ==17619==ABORTING<br>
>> >> ><br>
>> >> ><br>
>> >> ><br>
>> >> > Regards<br>
>> >> ><br>
>> >> > Muhui<br>
>> >> > _______________________________________________<br>
>> >> > LLVM Developers mailing list<br>
>> >> > <a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
>> >> > <a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br>
>> >><br>
>> >><br>
>> >><br>
>> >> --<br>
>> >> Alexander Potapenko<br>
>> >> Software Engineer<br>
>> >><br>
>> >> Google Germany GmbH<br>
>> >> Erika-Mann-Straße, 33<br>
>> >> 80636 München<br>
>> >><br>
>> >> Geschäftsführer: Paul Manicle, Halimah DeLaine Prado<br>
>> >> Registergericht und -nummer: Hamburg, HRB 86891<br>
>> >> Sitz der Gesellschaft: Hamburg<br>
>><br>
>><br>
>><br>
>> --<br>
>> Alexander Potapenko<br>
>> Software Engineer<br>
>><br>
>> Google Germany GmbH<br>
>> Erika-Mann-Straße, 33<br>
>> 80636 München<br>
>><br>
>> Geschäftsführer: Paul Manicle, Halimah DeLaine Prado<br>
>> Registergericht und -nummer: Hamburg, HRB 86891<br>
>> Sitz der Gesellschaft: Hamburg<br>
<br>
<br>
<br>
-- <br>
Alexander Potapenko<br>
Software Engineer<br>
<br>
Google Germany GmbH<br>
Erika-Mann-Straße, 33<br>
80636 München<br>
<br>
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado<br>
Registergericht und -nummer: Hamburg, HRB 86891<br>
Sitz der Gesellschaft: Hamburg<br>
</blockquote></div>