subject:"\[Bug sanitizer\/84208\] fsanitize\-address\-use\-after\-scope Not working for ARM"

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

2018-02-09 Thread rearnsha at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84208

Richard Earnshaw  changed:

   What|Removed |Added

 Status|WAITING |RESOLVED
 Resolution|--- |INVALID

--- Comment #6 from Richard Earnshaw  ---
As requested

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

2018-02-08 Thread akhilesh.k at samsung dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84208

--- Comment #5 from Akhilesh Kumar  ---
Please Mark this bug ID as invalid with the same patch I am able to run on ARM
also there was issue in My setup only (Sorry for the noise). 

Test results on ARM (gcc 6.2.1)
sh-3.2# out_of_scope
=
==3348==ERROR: AddressSanitizer: stack-use-after-scope on address 0xbe35c700 at
pc 0x000108e8 bp 0xbe35c6c4 sp 0xbe35c6bc
WRITE of size 1 at 0xbe35c700 thread T0
#0 0x108e7 in main /data2/TC/scripts/test2.c:10
#1 0x410768ab in __libc_start_main (/lib/libc.so.6+0x410768ab)

Address 0xbe35c700 is located in stack of thread T0 at offset 32 in frame
#0 0x107ef in main /data2/TC/scripts/test2.c:3

  This frame has 1 object(s):
[32, 33) 'my_char' <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
  (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: AddressSanitizer stack-use-after-scope
/data2/TC/scripts/test2.c:10 in main
Shadow bytes around the buggy address:
  0x37c6b890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b8d0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x37c6b8e0:[f8]f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x37c6b8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37c6b930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:   fa
  Heap right redzone:  fb
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack partial redzone:   f4
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==3348==ABORTING
sh-3.2# [SECOS][PSCI] Suspend Start CPU #0

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

2018-02-05 Thread akhilesh.k at samsung dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84208

--- Comment #4 from Akhilesh Kumar  ---
Please find Patch and test Case 

I tried but unable to attached patch as Attachment :(

My Changes for address-use-after-scope which is working for X86 but not for ARM
target 

---
 gcc/asan.c  | 302 ++--
 gcc/asan.h  |  66 ++--
 gcc/cfgexpand.c |  18 +---
 gcc/common.opt  |   3 +
 gcc/dbgcnt.def  |   1 +
 gcc/doc/invoke.texi |  15 ++-
 gcc/gimple.c|   3 +
 gcc/gimple.h|   9 ++
 gcc/gimplify.c  | 236 +---
 gcc/internal-fn.c   |   9 ++
 gcc/internal-fn.def |   1 +
 gcc/opts.c  |  27 -
 gcc/params.def  |   6 ++
 gcc/params.h|   2 +
 gcc/sanitizer.def   |   5 +-
 gcc/sanopt.c|   3 +
 16 files changed, 607 insertions(+), 99 deletions(-)

diff --git a/gcc/asan.c b/gcc/asan.c
index 0775fc1..089fb7a 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -243,6 +243,22 @@ static unsigned HOST_WIDE_INT asan_shadow_offset_value;
 static bool asan_shadow_offset_computed;
 static vec sanitized_sections;

+/* Return true if STMT is ASAN_MARK poisoning internal function call.  */
+static inline bool
+asan_mark_poison_p (gimple *stmt)
+{
+  return (gimple_call_internal_p (stmt, IFN_ASAN_MARK)
+ && tree_to_uhwi (gimple_call_arg (stmt, 0)) == ASAN_MARK_CLOBBER);
+
+}
+
+/* Set of variable declarations that are going to be guarded by
+   use-after-scope sanitizer.  */
+
+static hash_set *asan_handled_variables = NULL;
+
+hash_set  *asan_used_labels = NULL;
+
 /* Sets shadow offset to value in string VAL.  */

 bool
@@ -285,6 +301,14 @@ set_sanitized_sections (const char *sections)
 }
 }

+bool
+asan_sanitize_stack_p (void)
+{
+  return ((flag_sanitize & SANITIZE_ADDRESS)
+ && ASAN_STACK
+ && !asan_no_sanitize_address_p ());
+}
+
 /* Checks whether section SEC should be sanitized.  */

 static bool
@@ -313,22 +337,13 @@ asan_shadow_offset ()

 alias_set_type asan_shadow_set = -1;

-/* Pointer types to 1 resp. 2 byte integers in shadow memory.  A separate
+/* Pointer types to 1, 2 or 4 byte integers in shadow memory.  A separate
alias set is used for all shadow memory accesses.  */
-static GTY(()) tree shadow_ptr_types[2];
+static GTY(()) tree shadow_ptr_types[3];

 /* Decl for __asan_option_detect_stack_use_after_return.  */
 static GTY(()) tree asan_detect_stack_use_after_return;

-/* Various flags for Asan builtins.  */
-enum asan_check_flags
-{
-  ASAN_CHECK_STORE = 1 << 0,
-  ASAN_CHECK_SCALAR_ACCESS = 1 << 1,
-  ASAN_CHECK_NON_ZERO_LEN = 1 << 2,
-  ASAN_CHECK_LAST = 1 << 3
-};
-
 /* Hashtable support for memory references used by gimple
statements.  */

@@ -931,12 +946,16 @@ static void
 asan_init_shadow_ptr_types (void)
 {
   asan_shadow_set = new_alias_set ();
-  shadow_ptr_types[0] = build_distinct_type_copy (signed_char_type_node);
-  TYPE_ALIAS_SET (shadow_ptr_types[0]) = asan_shadow_set;
-  shadow_ptr_types[0] = build_pointer_type (shadow_ptr_types[0]);
-  shadow_ptr_types[1] = build_distinct_type_copy (short_integer_type_node);
-  TYPE_ALIAS_SET (shadow_ptr_types[1]) = asan_shadow_set;
-  shadow_ptr_types[1] = build_pointer_type (shadow_ptr_types[1]);
+  tree types[3] = { signed_char_type_node, short_integer_type_node,
+   integer_type_node };
+
+  for (unsigned i = 0; i < 3; i++)
+{
+  shadow_ptr_types[i] = build_distinct_type_copy (types[i]);
+  TYPE_ALIAS_SET (shadow_ptr_types[i]) = asan_shadow_set;
+  shadow_ptr_types[i] = build_pointer_type (shadow_ptr_types[i]);
+}
+
   initialize_sanitizer_builtins ();
 }

@@ -1020,6 +1039,15 @@ asan_function_start (void)
 current_function_funcdef_no);
 }

+/* Return number of shadow bytes that are occupied by a local variable
+   of SIZE bytes.  */
+
+static unsigned HOST_WIDE_INT
+shadow_mem_size (unsigned HOST_WIDE_INT size)
+{
+  return ROUND_UP (size, ASAN_SHADOW_GRANULARITY) / ASAN_SHADOW_GRANULARITY;
+}
+
 /* Insert code to protect stack vars.  The prologue sequence should be emitted
directly, epilogue sequence returned.  BASE is the register holding the
stack base, against which OFFSETS array offsets are relative to, OFFSETS
@@ -1047,7 +1075,7 @@ asan_emit_stack_protection (rtx base, rtx pbase, unsigned
int alignb,
   HOST_WIDE_INT base_offset = offsets[length - 1];
   HOST_WIDE_INT base_align_bias = 0, offset, prev_offset;
   HOST_WIDE_INT asan_frame_size = offsets[0] - base_offset;
-  HOST_WIDE_INT last_offset, last_size;
+  HOST_WIDE_INT last_offset;
   int l;
   unsigned char cur_shadow_byte = ASAN_STACK_MAGIC_LEFT;
   tree str_cst, decl, id;
@@ -1222,10 +1250,10 @@ asan_emit_stack_protection (rtx base, rtx pbase,
unsigned int alignb,
   (aoff - prev_offset)
   >> ASAN_SHADOW_SHIFT);
  prev_offset = aoff;
- for (i = 0; i <

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

2018-02-05 Thread marxin at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84208

Martin Liška  changed:

   What|Removed |Added

 Status|UNCONFIRMED |WAITING
   Last reconfirmed||2018-02-05
 Ever confirmed|0   |1

--- Comment #3 from Martin Liška  ---
(In reply to Akhilesh Kumar from comment #2)
> > Does it work on non-changed gcc 7.2 on arm? 
>   Not yet verified because unable to cross compile gcc 7.2.  

Please try this.

> 
> > And with arm do mean arm-linux-gnueabi as the target or aarch64-linux-gnu?
>   I am using arm-*-gnueabi target

Note that the feature has landed in GCC 7.2 in multiple patches. I would
probably need to take a look how you did the backport.
Can you also provide the test-case which fails?

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

2018-02-05 Thread akhilesh.k at samsung dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84208

--- Comment #2 from Akhilesh Kumar  ---
> Does it work on non-changed gcc 7.2 on arm? 
  Not yet verified because unable to cross compile gcc 7.2.  

> And with arm do mean arm-linux-gnueabi as the target or aarch64-linux-gnu?
  I am using arm-*-gnueabi target

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

2018-02-04 Thread pinskia at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84208

--- Comment #1 from Andrew Pinski  ---
Does it work on non changed gcc 7.2 on arm? 

And with arm do mean arm-linux-gnueabi as the target or aarch64-linux-gnu?

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

[Bug sanitizer/84208] fsanitize-address-use-after-scope Not working for ARM

6 matches

Site Navigation

Mail list logo

Footer information