Hi,
I was working on investigating creepy segfaults yesterday[1][2] and it
was complicated enough to make me think that in our age of advanced
tools there should be one powerful enough to catch errors like this
(it was "use after return" actually, when a pointer to a stack
variable was stored and used after the function was already
terminated, leading to strange stack corruption bugs).
To my surprise, I found that Clang already has the needed facilities
and they provide awesome diagnostics (with colour highligting):
$ ./configure CC=clang CFLAGS="-fno-omit-frame-pointer \
-fsanitize=address -fsanitize=undefined -ggdb3"
...
$ make
...
$ ASAN_SYMBOLIZER_PATH=`which llvm-symbolizer-3.5` ./src/openocd -s tcl/ -f
interface/jlink.cfg -f target/lpc17xx.cfg -c "init; halt"
Open On-Chip Debugger 0.9.0-dev-00350-g68e05ee-dirty (2015-04-05-11:10)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.sourceforge.net/doc/doxygen/bugs.html
Error: session transport was not selected. Use 'transport select <transport>'
Info : session transport was not selected, defaulting to JTAG
adapter speed: 10 kHz
adapter_nsrst_delay: 200
jtag_ntrst_delay: 200
cortex_m reset_config sysresetreq
Info : J-Link ARM-OB STM32 compiled Aug 22 2012 19:52:04
Info : J-Link caps 0x88ea5833
Info : J-Link hw version 70000
Info : J-Link hw type J-Link
Info : J-Link max mem block 11288
Info : J-Link configuration
Info : USB-Address: 0xff
Info : Kickstart power on JTAG-pin 19: 0xd1e22e00
Info : Vref = 3.300 TCK = 1 TDI = 0 TDO = 1 TMS = 0 SRST = 1 TRST = 1
Info : J-Link JTAG Interface ready
Info : clock speed 10 kHz
Info : JTAG tap: lpc17xx.cpu tap/device found: 0x4ba00477 (mfg: 0x23b, part:
0xba00, ver: 0x4)
core.c:1002:46: runtime error: left shift of 15 by 28 places cannot be
represented in type 'int'
../../src/helper/binarybuffer.h:123:17: runtime error: left shift of 1 by 31
places cannot be represented in type 'int'
../../src/helper/types.h:127:65: runtime error: left shift of 240 by 24 places
cannot be represented in type 'int'
Info : lpc17xx.cpu: hardware has 6 breakpoints, 4 watchpoints
Info : accepting 'gdb' connection on tcp/3333
lpc2000.c:696:49: runtime error: left shift of 48640 by 16 places cannot be
represented in type 'int'
cortex_m.c:141:35: runtime error: left shift of 65535 by 16 places cannot be
represented in type 'int'
cortex_m.c:143:25: runtime error: left shift of 41055 by 16 places cannot be
represented in type 'int'
../../src/helper/types.h:127:65: runtime error: left shift of 190 by 24 places
cannot be represented in type 'int'
Info : JTAG tap: lpc17xx.cpu tap/device found: 0x4ba00477 (mfg: 0x23b, part:
0xba00, ver: 0x4)
=================================================================
==28650==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff39573890 at pc 0x0000007e77fb bp 0x7fff3954f830 sp 0x7fff3954f828
WRITE of size 8 at 0x7fff39573890 thread T0
#0 0x7e77fa in target_free_all_working_areas_restore
/home/paulfertser/openocd-code/src/target/target.c:1843:4
#1 0x822013 in jim_target_reset
/home/paulfertser/openocd-code/src/target/target.c:4889:2
#2 0xa2831d in command_unknown
/home/paulfertser/openocd-code/src/helper/command.c:1013:10
#3 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#4 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#5 0x1beef90 in Jim_EvalCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12914:14
#6 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#7 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#8 0x1b91a32 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10573:35
#9 0x1bd2d4a in Jim_IfCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12046:24
#10 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#11 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#12 0x1c5979b in JimCallProcedure
/home/paulfertser/openocd-code/jimtcl/jim.c:10878:15
#13 0x1ba3301 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10180:19
#14 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#15 0x1beef90 in Jim_EvalCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12914:14
#16 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#17 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#18 0x1c5979b in JimCallProcedure
/home/paulfertser/openocd-code/jimtcl/jim.c:10878:15
#19 0x1ba3301 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10180:19
#20 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#21 0x1bd2d4a in Jim_IfCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12046:24
#22 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#23 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#24 0x1c96a37 in JimForeachMapHelper
/home/paulfertser/openocd-code/jimtcl/jim.c:11954:26
#25 0x1bd0587 in Jim_ForeachCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:11982:12
#26 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#27 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#28 0x1c5979b in JimCallProcedure
/home/paulfertser/openocd-code/jimtcl/jim.c:10878:15
#29 0x1ba3301 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10180:19
#30 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#31 0x1c0fc3f in Jim_CatchCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:13897:20
#32 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#33 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#34 0x1cbddd0 in JimSubstOneToken
/home/paulfertser/openocd-code/jimtcl/jim.c:10297:21
#35 0x1ba7c78 in JimInterpolateTokens
/home/paulfertser/openocd-code/jimtcl/jim.c:10345:17
#36 0x1b91d6a in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10585:30
#37 0x1b91a32 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10573:35
#38 0x1c5979b in JimCallProcedure
/home/paulfertser/openocd-code/jimtcl/jim.c:10878:15
#39 0x1ba3301 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10180:19
#40 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#41 0x1bb2c2a in Jim_Eval
/home/paulfertser/openocd-code/jimtcl/jim.c:10963:12
#42 0x884c0a in target_process_reset
/home/paulfertser/openocd-code/src/target/target.c:640:11
#43 0x855fd0 in handle_reset_command
/home/paulfertser/openocd-code/src/target/target.c:2804:9
#44 0xa2aaac in run_command
/home/paulfertser/openocd-code/src/helper/command.c:613:15
#45 0xa28e65 in script_command_run
/home/paulfertser/openocd-code/src/helper/command.c:210:15
#46 0xa265bd in script_command
/home/paulfertser/openocd-code/src/helper/command.c:225:9
#47 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#48 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#49 0x1beef90 in Jim_EvalCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12914:14
#50 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#51 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#52 0x1c0fc3f in Jim_CatchCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:13897:20
#53 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#54 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#55 0x1b866ce in Jim_EvalExpression
/home/paulfertser/openocd-code/jimtcl/jim.c:9395:27
#56 0x1b95de4 in Jim_GetBoolFromExpr
/home/paulfertser/openocd-code/jimtcl/jim.c:9437:15
#57 0x1bd25bf in Jim_IfCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12034:27
#58 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#59 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#60 0x1bd2d4a in Jim_IfCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12046:24
#61 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#62 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#63 0x1bd3c7d in Jim_IfCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12057:24
#64 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#65 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#66 0x1c5979b in JimCallProcedure
/home/paulfertser/openocd-code/jimtcl/jim.c:10878:15
#67 0x1ba3301 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10180:19
#68 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#69 0x1beef90 in Jim_EvalCoreCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:12914:14
#70 0x1ba3981 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10184:19
#71 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#72 0x1c5979b in JimCallProcedure
/home/paulfertser/openocd-code/jimtcl/jim.c:10878:15
#73 0x1ba3301 in JimInvokeCommand
/home/paulfertser/openocd-code/jimtcl/jim.c:10180:19
#74 0x1b93d98 in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10640:23
#75 0x1bb1cc6 in Jim_EvalSource
/home/paulfertser/openocd-code/jimtcl/jim.c:10955:18
#76 0xa057bf in command_run_line
/home/paulfertser/openocd-code/src/helper/command.c:656:14
#77 0x9671fd in gdb_query_packet
/home/paulfertser/openocd-code/src/server/gdb_server.c:2288:4
#78 0x96217a in gdb_input_inner
/home/paulfertser/openocd-code/src/server/gdb_server.c:2687:16
#79 0x950ee4 in gdb_input
/home/paulfertser/openocd-code/src/server/gdb_server.c:2876:15
#80 0x99dbba in server_loop
/home/paulfertser/openocd-code/src/server/server.c:472:16
#81 0x4d9b8a in openocd_thread
/home/paulfertser/openocd-code/src/openocd.c:299:2
#82 0x4d8f0c in openocd_main
/home/paulfertser/openocd-code/src/openocd.c:330:8
#83 0x4d8083 in main /home/paulfertser/openocd-code/src/main.c:41:9
#84 0x7ff693e81b44 in __libc_start_main
/build/glibc-yk3Evw/glibc-2.19/csu/libc-start.c:287
#85 0x4d7cdc in _start (/home/paulfertser/openocd-code/src/openocd+0x4d7cdc)
Address 0x7fff39573890 is located in stack of thread T0 at offset 624 in frame
#0 0x1b8b6df in Jim_EvalObj
/home/paulfertser/openocd-code/jimtcl/jim.c:10446
This frame has 21 object(s):
[32, 36) ''
[48, 56) ''
[80, 88) ''
[112, 116) 'i'
[128, 136) 'script'
[160, 168) 'token'
[192, 196) 'retcode'
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
==28546==ABORTING
Had I seen a stacktrace like this instead of the segfault backtrace I
was getting in plain GDB, I'd be able to debug those issues
considerably faster.
Another important point I would like to add to this letter is that the
Clang static code analyzer is a very useful tool and it's easy to get
working for OpenOCD code. In fact, I propose to add to the hacking
guide a requirement for any significant contribution to be tested with
clang static checker, clang sanitizer and valgrind (e.g. by the
submitter herself or himself) and a corresponding note to the commit
message to be added.
For the reference, to run the static analyzer these command sequence
can be used:
$ ../configure
$ scan-build make CFLAGS=-std=gnu99
$ scan-view /tmp/scan-build-*
And then all the potential issues can be inspected with a web-browser,
where you get not only a specific place but also the specific
execution path and values that lead to a potential issue.
HTH
[1] http://openocd.zylin.com/#/c/2695/
[2] http://openocd.zylin.com/#/c/2696/
--
Be free, use free (http://www.gnu.org/philosophy/free-sw.html) software!
mailto:fercer...@gmail.com
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
OpenOCD-devel mailing list
OpenOCD-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openocd-devel
