[cfe-dev] Asan bug or feature?

miroslav.fontan miroslav.fontan at wincor-nixdorf.cz
Tue May 20 00:30:00 PDT 2014 

Thanks for the explanation,

 

I will set my tests to run with different „coprime“ redzone sizes to cover more memory bugs.

 

MF

 

From: Kostya Serebryany [mailto:kcc at google.com] 
Sent: Tuesday, May 20, 2014 5:58 AM
To: Richard Smith
Cc: miroslav.fontan; Clang Dev
Subject: Re: [cfe-dev] Asan bug or feature?

 

If you set env. variable ASAN_OPTIONS=redzone=64 asan fill find all three cases in your test. 

 

>From https://code.google.com/p/address-sanitizer/wiki/Flags: 


redzone

16

Size of the minimal redzone. Since LLVM 3.3 asan uses adaptive redzones for heap, i.e. for large heap allocations the redzones are larger.

 

hth, 

 

--kcc 

 

On Tue, May 20, 2014 at 12:49 AM, Richard Smith <richard at metafoo.co.uk> wrote:

On Mon, May 19, 2014 at 12:51 PM, miroslav.fontan <miroslav.fontan at wincor-nixdorf.cz> wrote:

Hi all,

By hunting after address error in our app I have found unexpected asan
behaviour

Here is a minimal isolated example which runs without address error:

clang++ a.cpp -fsanitize=address

cat a.cpp

char* subroutine()
{
        char* p = new char[8]();
        return p;
}

int main( int /*argc*/, char** /*argv*/ )
{
        char* pc_sub = subroutine();
        char* pc_main = new char[8]();
        pc_main[32] = 1; //points to pc_sub, no ERROR :-(
//      pc_main[16] = 2; //points to bad address ERROR :-)
        pc_sub[-32] = 3; //points to pc_main, no ERROR :-(

 

Yes, ASan puts a redzone around heap allocations, but that redzone has a limited size (this is a memory / ability to catch bugs tradeoff). Put another way, ASan checks that you only use valid addresses, but doesn't check how those addresses are computed. Do you have some specific question about this?

 

        delete[] pc_main;
        delete[] pc_sub;
        return 0;
}

Regards

Miroslav



_______________________________________________
cfe-dev mailing list
cfe-dev at cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

 


_______________________________________________
cfe-dev mailing list
cfe-dev at cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140520/a02ba2f9/attachment.html>

More information about the cfe-dev mailing list