[llvm-dev] AddressSanitizer on SPECCPU2006

Muhui Jiang via llvm-dev llvm-dev at lists.llvm.org
Tue Sep 4 22:36:33 PDT 2018 

Hi

I am using SanitizerCoverage feature supported by clang to get the
basicblock coverage.

my tested binaries are spec cpu2006. I compiled the binary with the option
COPTIMIZE   = -O0 -fsanitize=address -fsanitize-coverage=bb -flto
-fno-strict-aliasing -std=gnu89 -gdwarf-3

After the compiling process is end. I run the 400.perlbench.  with the
command
ASAN_OPTIONS=coverage=1 ./perlbench. However, the AddressSanitizer detect
the global buffer overflow and I could not run the perlbench properly.

Is there anything wrong or I missed some configurations? I just want to
compile the binaries with instrumented coverage information so that I can
calculate the bb coverage. Many Thanks


==17619==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000b46465 at pc 0x00000049ffcd bp 0x7fff4f265ec0 sp 0x7fff4f265670

READ of size 6 at 0x000000b46465 thread T0

    #0 0x49ffcc in __interceptor_memcmp.part.75
/home/jmh/Downloads/llvm-4/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690

    #1 0x6843a0 in PerlIO_find_layer
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:751:6

    #2 0x6869fc in PerlIO_default_buffer
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1015:32

    #3 0x683f13 in PerlIO_default_layers
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1113:6

    #4 0x691cff in PerlIO_resolve_layers
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1433:26

    #5 0x690ef3 in PerlIO_openn
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1519:15

    #6 0x6907a1 in PerlIO_fdopen
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:4745:12

    #7 0x6906e8 in PerlIO_stdstreams
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:1150:2

    #8 0x6946ef in Perl_PerlIO_stdin
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlio.c:4686:2

    #9 0x66a465 in S_open_script
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:3348:12

    #10 0x65f01d in S_parse_body
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:1718:5

    #11 0x65b5b9 in perl_parse
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perl.c:1312:2

    #12 0x696dd2 in main
/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlmain.c:96:18

    #13 0x7f169601082f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291

    #14 0x41bc58 in _start
(/home/jmh/Downloads/spec2006_v1.2/benchspec/CPU2006/400.perlbench/build/build_base_elf-64bit.0000/perlbench+0x41bc58)


0x000000b46465 is located 0 bytes to the right of global variable '<string
literal>' defined in 'perlio.c:2566:5' (0xb46460) of size 5

  '<string literal>' is ascii string 'unix'

SUMMARY: AddressSanitizer: global-buffer-overflow
/home/jmh/Downloads/llvm-4/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690
in __interceptor_memcmp.part.75

Shadow bytes around the buggy address:

  0x000080160c30: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00

  0x000080160c40: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9

  0x000080160c50: f9 f9 f9 f9 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9

  0x000080160c60: 00 00 00 00 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9

  0x000080160c70: 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 00 00 00 00

=>0x000080160c80: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00[05]f9 f9 f9

  0x000080160c90: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9

  0x000080160ca0: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00

  0x000080160cb0: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9

  0x000080160cc0: f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9

  0x000080160cd0: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

==17619==ABORTING



Regards

Muhui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180905/da2378b4/attachment-0001.html>

More information about the llvm-dev mailing list