It seems that my one line fix in asan branch (r192605) is not included in Dodji's patch set.
David On Fri, Nov 9, 2012 at 5:58 AM, Jakub Jelinek <ja...@redhat.com> wrote: > On Fri, Nov 09, 2012 at 02:14:04PM +0100, Tobias Burnus wrote: >> Dodji Seketeli wrote: >> >This patch imports the initial state of asan as it was in the >> >Google branch. >> > >> >It provides basic infrastructure for asan to instrument memory >> >accesses on the heap, at -O3. Note that it supports neither stack nor >> >global variable protection. >> >> I tried the 01/10 to 10/10 patch series but it doesn't trigger for >> the following test case: >> >> #include <stdlib.h> >> #include <stdio.h> >> >> int >> main() { >> int *i; >> i = malloc(10*sizeof(*i)); >> free(i); /* <<< Free memory. */ >> i[10] = 5; /* <<< out of boundary even if not freed. */ >> printf("%d\n", i[11]); /* <<< out of boundary even if not freed. */ >> return 0; >> } >> >> (All of them are reported by Clang.) If I look at the dump (or >> assembler), I see the call to __asan_init, __asan_report_store4 and >> __asan_report_load4. However, when running the program ltrace only >> shows the calls to: __libc_start_main, __asan_init, malloc, free and >> printf. I haven't debugged why the condition is false [see >> attachment for the dump]. > > Can't reproduce that (admittedly with asan SVN branch rather than the > patchset): > > ./xgcc -B ./ -O2 -fasan -o a a.c > -Wl,-rpath,/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/ > \ > -L > /usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/ > ./a > ================================================================= > ==20614== ERROR: AddressSanitizer heap-use-after-free on address > 0x7f7d8245afec at pc 0x4006f8 bp 0x7fff9beda4c0 sp 0x7fff9beda4b8 > READ of size 4 at 0x7f7d8245afec thread T0 > #0 0x4006f7 (/usr/src/gcc-asan/obj/gcc/a+0x4006f7) > 0x7f7d8245afec is located 4 bytes to the right of 40-byte region > [0x7f7d8245afc0,0x7f7d8245afe8) > freed by thread T0 here: > #0 0x7f7d82796585 > > #(/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/libasan.so.0.0.0+0xf585) > #1 0x4006b5 (/usr/src/gcc-asan/obj/gcc/a+0x4006b5) > previously allocated by thread T0 here: > #0 0x7f7d82796645 > > #(/usr/src/gcc-asan/obj/x86_64-unknown-linux-gnu/libsanitizer/asan/.libs/libasan.so.0.0.0+0xf645) > #1 0x4006aa (/usr/src/gcc-asan/obj/gcc/a+0x4006aa) > Shadow byte and word: > 0x1fefb048b5fd: fd > 0x1fefb048b5f8: fd fd fd fd fd fd fd fd > More shadow bytes: > 0x1fefb048b5d8: fa fa fa fa fa fa fa fa > 0x1fefb048b5e0: fa fa fa fa fa fa fa fa > 0x1fefb048b5e8: fa fa fa fa fa fa fa fa > 0x1fefb048b5f0: fa fa fa fa fa fa fa fa > =>0x1fefb048b5f8: fd fd fd fd fd fd fd fd > 0x1fefb048b600: fa fa fa fa fa fa fa fa > 0x1fefb048b608: fa fa fa fa fa fa fa fa > 0x1fefb048b610: fa fa fa fa fa fa fa fa > 0x1fefb048b618: fa fa fa fa fa fa fa fa > Stats: 0M malloced (0M for red zones) by 1 calls > Stats: 0M realloced by 0 calls > Stats: 0M freed by 1 calls > Stats: 0M really freed by 0 calls > Stats: 0M (128 full pages) mmaped in 1 calls > mmaps by size class: 7:4095; > mallocs by size class: 7:1; > frees by size class: 7:1; > rfrees by size class: > Stats: malloc large: 0 small slow: 1 > ==20614== ABORTING > > Jakub