[llvm-bugs] [Bug 42703] New: Cannot intercept __cxa_throw etc. on Solaris

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Jul 21 08:46:41 PDT 2019 

https://bugs.llvm.org/show_bug.cgi?id=42703

            Bug ID: 42703
           Summary: Cannot intercept __cxa_throw etc. on Solaris
           Product: compiler-rt
           Version: 9.0
          Hardware: PC
                OS: Solaris
            Status: NEW
          Severity: normal
          Priority: P
         Component: asan
          Assignee: unassignedbugs at nondot.org
          Reporter: ro at gcc.gnu.org
                CC: llvm-bugs at lists.llvm.org

AddressSanitizer-*-sunos :: TestCases/intercept-rethrow-exception.cc currently
FAILs on Solaris:

Assertion failed: !__asan_region_is_poisoned(poisoned1, poisoned2 - poisoned1 +
1), file
/vol/llvm/src/compiler-rt/local/test/asan/TestCases/intercept-rethrow-exception.cc,
line 66

The test relies on std::rethrow_exception being intercepted, which is not the
case.  Enabling the interception in lib/asan/asan_interceptors.h reveals why:
400+ asan tests FAIL if this is done like this:

Command Output (stderr):
--
/vol/llvm/src/compiler-rt/local/test/asan/TestCases/Posix/asan-sigbus.cpp:46:16:
error: CHECK-BUS: expected string not found in input
 // CHECK-BUS: DEADLYSIGNAL
               ^
<stdin>:1:1: note: scanning from here
==744221==AddressSanitizer CHECK failed:
/vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_rtl.cc:401
"((!asan_init_is_running && "ASan init calls itself!")) != (0)" (0x0, 0x0)
^

It turns out the attempt to intercept __cxa_throw triggers a recursive call
to __asan::AsanInitInternal:

Thread 2 hit Breakpoint 1, __asan::AsanInitInternal ()
    at /vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_rtl.cc:621
621       AsanInitInternal();
(gdb) where
#0  __asan::AsanInitInternal ()
    at /vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_rtl.cc:621
#1  __asan_init ()
    at /vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_rtl.cc:621
#2  0x08132298 in asan.module_ctor ()
#3  0xfe6b180b in call_array () from /usr/lib/ld.so.1
#4  0xfe6b19d6 in call_init () from /usr/lib/ld.so.1
#5  0xfe6b16e3 in is_dep_init () from /usr/lib/ld.so.1
#6  0xfe6c1a14 in elf_bndr () from /usr/lib/ld.so.1
#7  0xfe6a2ed0 in elf_rtbndr () from /usr/lib/ld.so.1
#8  0xfe6e6f88 in ?? ()
#9  0xfe6b180b in call_array () from /usr/lib/ld.so.1
#10 0xfe6b19b7 in call_init () from /usr/lib/ld.so.1
#11 0xfe6b16e3 in is_dep_init () from /usr/lib/ld.so.1
#12 0xfe6b8932 in dlsym () from /usr/lib/ld.so.1
#13 0x0810b172 in __interception::GetFuncAddr (wrapper_addr=134854144, 
    name=0x8080fa9 "__cxa_throw")
    at
/vol/llvm/src/llvm/local/projects/compiler-rt/lib/interception/interception_linux.cc:42
#14 __interception::InterceptFunction (name=0x8080fa9 "__cxa_throw", 
    ptr_to_real=0x8196418 <__interception::real___cxa_throw>, func=134854144, 
    wrapper=134854144)
    at
/vol/llvm/src/llvm/local/projects/compiler-rt/lib/interception/interception_linux.cc:61
#15 0x080f7897 in __asan::InitializeAsanInterceptors () at
/vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_interceptors.cc:635
#16 0x08106b49 in __asan::AsanInitInternal () at
/vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_rtl.cc:452
#17 0xfe6b180b in call_array () from /usr/lib/ld.so.1
#18 0xfe6b061e in setup () from /usr/lib/ld.so.1
#19 0xfe6c3374 in _setup () from /usr/lib/ld.so.1
#20 0xfe6a2dbf in _rt_boot () from /usr/lib/ld.so.1

Running a failing testcase with LD_DEBUG=dl,init,bindings, one sees what's
going
on:

979231: 1: symbol=__cxa_throw;  dlsym() called from file=asan-sigbus.cpp.tmp;
starting at file=/usr/lib/libstdc++.so.6  [ RTLD_NEXT ]
979231: 1: binding file=asan-sigbus.cpp.tmp to file=/usr/lib/libstdc++.so.6:
symbol '__cxa_throw'
979231: 1: 
979231: 1: calling .init (dynamically triggered from dlsym):
/usr/lib/libstdc++.so.6
979231: 1: 
979231: 1: calling .init_array[0]:0xfdeb86b0: /usr/lib/libstdc++.so.6
979231: 1: calling .init_array[1]:0xfdeb9200: /usr/lib/libstdc++.so.6
979231: 1: binding file=/usr/lib/libstdc++.so.6 to
file=/usr/lib/libstdc++.so.6: symbol '_ZNSt14error_categoryC2Ev'
979231: 1: binding file=/usr/lib/libstdc++.so.6 to file=asan-sigbus.cpp.tmp:
symbol '__cxa_atexit'
979231: 1: 
979231: 1: calling .init (dynamically triggered from PLT): asan-sigbus.cpp.tmp
979231: 1: 
979231: 1: calling .init_array[0]:0x8132290: asan-sigbus.cpp.tmp
979231: 1: binding file=asan-sigbus.cpp.tmp to file=/lib/libc.so.1: symbol
'_getpid'
979231: 1: binding file=asan-sigbus.cpp.tmp to file=/usr/lib/libgcc_s.so.1:
symbol '__udivmoddi4'
979231: 1: binding file=asan-sigbus.cpp.tmp to file=/lib/libc.so.1: symbol
'_write'
==979231==AddressSanitizer CHECK failed:
/vol/llvm/src/llvm/local/projects/compiler-rt/lib/asan/asan_rtl.cc:401
"((!asan_init_is_running && "ASan init calls itself!")) != (0)" (0x0, 0x0)

i.e. the dldym(__cxa_throw) finds it in libstdc++.so.6, triggers
.init/.init_array
processing there which in turns triggers .init/.init_array processing in the
executable, calling __asan_init while __asan::AsanInitInternal from
.preinit_array is already running.

Unless there's a way around this, __cxa_throw etc. interception has to remain
disabled.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190721/7012d182/attachment.html>

More information about the llvm-bugs mailing list