This is an archive of the discontinued LLVM Phabricator instance.

Differential D8291

[compiler-rt] Demangling for DlAddrSymbolizer
ClosedPublic

Authored by kubamracek on Mar 12 2015, 7:17 AM.

Details

Reviewers
samsonov
Summary

On OS X, dladdr() provides mangled names only, so we need need to demangle in DlAddrSymbolizer::SymbolizePC.

Diff Detail

Event Timeline

kubamracek updated this revision to Diff 21828.Mar 12 2015, 7:17 AM
kubamracek retitled this revision from to [compiler-rt] Demangling for DlAddrSymbolizer.
kubamracek updated this object.
kubamracek edited the test plan for this revision. (Show Details)
kubamracek added subscribers: Unknown Object (MLST), zaks.anna, samsonov and 2 others.
zaks.anna added inline comments.Mar 12 2015, 10:09 AM
lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc
42

Maybe we should provide an option that allows us to turn off demangling? It would make it easier to isolate cases where we get a second failure while reporting. Clients who don't need this (ex: running under the debugger) could turn this off.

What do you think?

kubamracek added inline comments.Mar 12 2015, 10:21 AM
lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc
42

Can demangling really cause such a bad failure? I was under the impression that either __cxa_demangle could be missing (because we're not linked against libcxx) or it could return NULL, and we handle both these cases here. (Which reminds me that the extra check for NULL-ness above in sanitizer_symbolizer_mac.cc is not necessary, because DemangleCXXABI can never return NULL).

However, if you suspect that it could actually cause a crash, having an option to turn it on/off sounds like a good idea.

FYI, if you use ASAN_OPTIONS=symbolize=0, stack traces will not be symbolicated at all, and no demangling will occur either.

zaks.anna added a comment.Mar 12 2015, 10:27 AM

I've just noticed this FIXME in the comment:
" __cxa_demangle aggressively insists on allocating memory."

Allocating memory while in a bad state could result in unpredictable behavior.

samsonov accepted this revision.Mar 12 2015, 5:37 PM
samsonov added a reviewer: samsonov.

FYI I'm ok with this patch. Allocating memory during report printing is bad, will roundtrip through our allocator, and can cause different side-effects. However, we can't do much better here. InternalSymbolizer we're using internally allocates a *lot* of memory, and we were able to get away with it for quite a while for now.

This revision is now accepted and ready to land.Mar 12 2015, 5:37 PM
kubamracek closed this revision.Mar 22 2015, 4:44 AM

Landed in r232910. Later I'll try to take another look into memory allocations during report printing.

Revision Contents

PathSize
lib/
sanitizer_common/
2 lines
6 lines
2 lines
test/
asan/
TestCases/
Darwin/
33 lines

Diff 21828

lib/sanitizer_common/sanitizer_symbolizer_internal.h

Show All 22 Lines
// InternalAlloc) and null-terminataed buffer is returned. They return a pointer // InternalAlloc) and null-terminataed buffer is returned. They return a pointer
// to the next characted after the found delimiter. // to the next characted after the found delimiter.
const char *ExtractToken(const char *str, const char *delims, char **result); const char *ExtractToken(const char *str, const char *delims, char **result);
const char *ExtractInt(const char *str, const char *delims, int *result); const char *ExtractInt(const char *str, const char *delims, int *result);
const char *ExtractUptr(const char *str, const char *delims, uptr *result); const char *ExtractUptr(const char *str, const char *delims, uptr *result);
const char *ExtractTokenUpToDelimiter(const char *str, const char *delimiter, const char *ExtractTokenUpToDelimiter(const char *str, const char *delimiter,
char **result); char **result);
const char *DemangleCXXABI(const char *name);
// SymbolizerTool is an interface that is implemented by individual "tools" // SymbolizerTool is an interface that is implemented by individual "tools"
// that can perform symbolication (external llvm-symbolizer, libbacktrace, // that can perform symbolication (external llvm-symbolizer, libbacktrace,
// Windows DbgHelp symbolizer, etc.). // Windows DbgHelp symbolizer, etc.).
class SymbolizerTool { class SymbolizerTool {
public: public:
// The main |Symbolizer| class implements a "fallback chain" of symbolizer // The main |Symbolizer| class implements a "fallback chain" of symbolizer
// tools. In a request to symbolize an address, if one tool returns false, // tools. In a request to symbolize an address, if one tool returns false,
// the next tool in the chain will be tried. // the next tool in the chain will be tried.
▲ Show 20 LinesShow All 69 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_symbolizer_mac.cc

Show All 25 Lines
#include <sys/wait.h> #include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
#include <util.h> #include <util.h>
bool DlAddrSymbolizer::SymbolizePC(uptr addr, SymbolizedStack *stack) { bool DlAddrSymbolizer::SymbolizePC(uptr addr, SymbolizedStack *stack) {
Dl_info info; Dl_info info;
int result = dladdr((const void *)addr, &info); int result = dladdr((const void *)addr, &info);
if (!result) return false; if (!result) return false;
if (const char *demangled = DemangleCXXABI(info.dli_sname)) {
stack->info.function = internal_strdup(demangled);
} else {
stack->info.function = internal_strdup(info.dli_sname); stack->info.function = internal_strdup(info.dli_sname);
}
return true; return true;
} }
bool DlAddrSymbolizer::SymbolizeData(uptr addr, DataInfo *info) { bool DlAddrSymbolizer::SymbolizeData(uptr addr, DataInfo *info) {
return false; return false;
} }
class AtosSymbolizerProcess : public SymbolizerProcess { class AtosSymbolizerProcess : public SymbolizerProcess {
▲ Show 20 LinesShow All 100 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc

Show All 32 Linesnamespace __cxxabiv1 {
extern "C" SANITIZER_WEAK_ATTRIBUTE extern "C" SANITIZER_WEAK_ATTRIBUTE
char *__cxa_demangle(const char *mangled, char *buffer, char *__cxa_demangle(const char *mangled, char *buffer,
size_t *length, int *status); size_t *length, int *status);
} }
namespace __sanitizer { namespace __sanitizer {
// Attempts to demangle the name via __cxa_demangle from __cxxabiv1. // Attempts to demangle the name via __cxa_demangle from __cxxabiv1.
static const char *DemangleCXXABI(const char *name) { const char *DemangleCXXABI(const char *name) {
// FIXME: __cxa_demangle aggressively insists on allocating memory. // FIXME: __cxa_demangle aggressively insists on allocating memory.
zaks.annaUnsubmitted
Not Done
ReplyInline Actions

Maybe we should provide an option that allows us to turn off demangling? It would make it easier to isolate cases where we get a second failure while reporting. Clients who don't need this (ex: running under the debugger) could turn this off.

What do you think?

zaks.anna: Maybe we should provide an option that allows us to turn off demangling? It would make it…
kubamracekAuthorUnsubmitted
Not Done
ReplyInline Actions

Can demangling really cause such a bad failure? I was under the impression that either __cxa_demangle could be missing (because we're not linked against libcxx) or it could return NULL, and we handle both these cases here. (Which reminds me that the extra check for NULL-ness above in sanitizer_symbolizer_mac.cc is not necessary, because DemangleCXXABI can never return NULL).

However, if you suspect that it could actually cause a crash, having an option to turn it on/off sounds like a good idea.

FYI, if you use ASAN_OPTIONS=symbolize=0, stack traces will not be symbolicated at all, and no demangling will occur either.

kubamracek: Can demangling really cause such a bad failure? I was under the impression that either…
// There's not much we can do about that, short of providing our // There's not much we can do about that, short of providing our
// own demangler (libc++abi's implementation could be adapted so that // own demangler (libc++abi's implementation could be adapted so that
// it does not allocate). For now, we just call it anyway, and we leak // it does not allocate). For now, we just call it anyway, and we leak
// the returned value. // the returned value.
if (__cxxabiv1::__cxa_demangle) if (__cxxabiv1::__cxa_demangle)
if (const char *demangled_name = if (const char *demangled_name =
__cxxabiv1::__cxa_demangle(name, 0, 0, 0)) __cxxabiv1::__cxa_demangle(name, 0, 0, 0))
return demangled_name; return demangled_name;
▲ Show 20 LinesShow All 414 LinesShow Last 20 Lines

test/asan/TestCases/Darwin/dladdr-demangling.cc

// In a non-forking sandbox, we fallback to dladdr(). Test that we provide
// properly demangled C++ names in that case.
// RUN: %clangxx_asan -O0 %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=verbosity=2 not %run sandbox-exec -p '(version 1)(allow default)(deny process-fork)' %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-DLADDR
#include <stdlib.h>
class MyClass {
public:
int my_function(int n) {
char *x = (char*)malloc(n * sizeof(char));
free(x);
return x[5];
// CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
// CHECK: {{READ of size 1 at 0x.* thread T0}}
// CHECK-DLADDR: Using dladdr symbolizer as fallback
// CHECK-DLADDR: failed to fork external symbolizer
// CHECK: {{ #0 0x.* in MyClass::my_function\(int\)}}
// CHECK: {{freed by thread T0 here:}}
// CHECK: {{ #0 0x.* in wrap_free}}
// CHECK: {{ #1 0x.* in MyClass::my_function\(int\)}}
// CHECK: {{previously allocated by thread T0 here:}}
// CHECK: {{ #0 0x.* in wrap_malloc}}
// CHECK: {{ #1 0x.* in MyClass::my_function\(int\)}}
}
};
int main() {
MyClass o;
return o.my_function(10);
}