This is an archive of the discontinued LLVM Phabricator instance.

Differential D11365

[asan] Add a "dump_registers" flag to print out CPU registers after a SIGSEGV
ClosedPublic

Authored by kubamracek on Jul 20 2015, 12:34 PM.

Details

Reviewers
kcc
glider
samsonov
Commits
rG073cea612836: [asan] Add a "dump_registers" flag to print out CPU registers after a SIGSEGV
rCRT287957: [asan] Add a "dump_registers" flag to print out CPU registers after a SIGSEGV
rL287957: [asan] Add a "dump_registers" flag to print out CPU registers after a SIGSEGV
Summary

This patch adds a new ASan flag, dump_registers (off by default), which after a SIGSEGV prints out all CPU registers. These are available in the signal handler context. The use case is when you're not running under the debugger, and you end up with a SIGSEGV ASan report, which doesn't contain much information – knowing the register values can be helpful here. Another interesting case is on x86_64, where if you fault on a non-canonical address (e.g. 0xdeaddeaddeaddead), this address is not propagated into siginfo->si_addr and is only located in one of the registers.

I only implemented the Darwin part and left the other functions (Linux, Windows) empty in hopes that some good soul will fill these in :)

Diff Detail

Repository
rL LLVM

Event Timeline

kubamracek updated this revision to Diff 30179.Jul 20 2015, 12:34 PM
kubamracek retitled this revision from to [asan] Add a "dump_registers" flag to print out CPU registers after a SIGSEGV.
kubamracek updated this object.
kubamracek added reviewers: glider, samsonov, kcc.
kubamracek added subscribers: llvm-commits, kcc, samsonov and 2 others.
kcc edited edge metadata.Jul 20 2015, 1:16 PM

Looks good in general, still a few comments

lib/asan/asan_flags.inc
146 ↗(On Diff #30179)

Add something like "OSX-only for now"

lib/sanitizer_common/sanitizer_linux.cc
1102 ↗(On Diff #30179)

Add something like "Printf("DumpAllRegisters is not implemented on this platform");

same below.

lib/sanitizer_common/sanitizer_mac.cc
438 ↗(On Diff #30179)

#undef the macros at the end of the function

test/asan/TestCases/Darwin/dump_registers.cc
1 ↗(On Diff #30179)

I wonder if you can move this test one level up (not Darwin-specific) and restrict it for Darwin.

glider accepted this revision.Jul 21 2015, 2:17 AM
glider edited edge metadata.

LGTM once comments from Kostya are fixed.

This revision is now accepted and ready to land.Jul 21 2015, 2:18 AM
kubamracek updated this revision to Diff 30237.Jul 21 2015, 2:36 AM
kubamracek edited edge metadata.

Addressing review comments.

I wonder if you can move this test one level up (not Darwin-specific) and restrict it for Darwin.

Hm, it doesn't seem so. REQUIRES: Darwin doesn't work. I could add XFAIL: Linux and XFAIL: FreeBSD...

Also, what do you think about having this on by default?

kcc added a comment.Jul 21 2015, 6:23 PM
In D11365#208870, @kubabrecka wrote:

Addressing review comments.

I wonder if you can move this test one level up (not Darwin-specific) and restrict it for Darwin.

Hm, it doesn't seem so. REQUIRES: Darwin doesn't work. I could add XFAIL: Linux and XFAIL: FreeBSD...

Unless Alexey can suggest how to require Darwin, add a bunch of XFAILs.

Also, what do you think about having this on by default?

I don't mind at all, good idea.

kubamracek updated this revision to Diff 30489.Jul 23 2015, 8:24 AM

Added the XFAILs. Turning the flag on by default.

Herald added subscribers: srhines, danalbert, tberghammer. · View Herald TranscriptJul 23 2015, 8:24 AM
samsonov added inline comments.Jul 23 2015, 3:32 PM
lib/sanitizer_common/sanitizer_linux.cc
1102 ↗(On Diff #30489)

IMO you should either remove this line to not litter the output, or avoid enabling dump_registers by default...

lib/sanitizer_common/sanitizer_win.cc
663 ↗(On Diff #30489)

ditto

kubamracek updated this revision to Diff 30570.Jul 24 2015, 6:13 AM

IMO you should either remove this line to not litter the output, or avoid enabling dump_registers by default...

Makes sense. In that case it seems to me that it's better to just drop the flag altogether, and simply print this when it's implemented (OS X only for now).

kcc added a comment.Jul 27 2015, 11:38 AM

I'd keep the flag, just make it on by default.

kubamracek updated this revision to Diff 30819.Jul 28 2015, 8:02 AM

Addressing review comments (keeping the flag, on by default, removing output when not implemented).

Closed by commit rL287957: [asan] Add a "dump_registers" flag to print out CPU registers after a SIGSEGV (authored by kuba.brecka). · Explain WhyNov 25 2016, 5:00 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
6 lines
3 lines
sanitizer_common/
2 lines
4 lines
50 lines
4 lines
test/
asan/
TestCases/
Darwin/
26 lines

Diff 79325

compiler-rt/trunk/lib/asan/asan_errors.cc

Show First 20 LinesShow All 47 Lines▼ Show 20 Lines if (IsAccessibleMemoryRange(pc, 16)) {
} }
str.append("\n"); str.append("\n");
} else { } else {
str.append("unaccessible\n"); str.append("unaccessible\n");
} }
Report("%s", str.data()); Report("%s", str.data());
} }
static void MaybeDumpRegisters(void *context) {
if (!flags()->dump_registers) return;
SignalContext::DumpAllRegisters(context);
}
void ErrorDeadlySignal::Print() { void ErrorDeadlySignal::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
const char *description = DescribeSignalOrException(signo); const char *description = DescribeSignalOrException(signo);
Report( Report(
"ERROR: AddressSanitizer: %s on unknown address %p (pc %p bp %p sp %p " "ERROR: AddressSanitizer: %s on unknown address %p (pc %p bp %p sp %p "
"T%d)\n", "T%d)\n",
description, (void *)addr, (void *)pc, (void *)bp, (void *)sp, tid); description, (void *)addr, (void *)pc, (void *)bp, (void *)sp, tid);
Show All 9 Lines if (addr < GetPageSizeCached())
Report("Hint: address points to the zero page.\n"); Report("Hint: address points to the zero page.\n");
} }
scariness.Print(); scariness.Print();
BufferedStackTrace stack; BufferedStackTrace stack;
GetStackTraceWithPcBpAndContext(&stack, kStackTraceMax, pc, bp, context, GetStackTraceWithPcBpAndContext(&stack, kStackTraceMax, pc, bp, context,
common_flags()->fast_unwind_on_fatal); common_flags()->fast_unwind_on_fatal);
stack.Print(); stack.Print();
MaybeDumpInstructionBytes(pc); MaybeDumpInstructionBytes(pc);
MaybeDumpRegisters(context);
Printf("AddressSanitizer can not provide additional info.\n"); Printf("AddressSanitizer can not provide additional info.\n");
ReportErrorSummary(description, &stack); ReportErrorSummary(description, &stack);
} }
void ErrorDoubleFree::Print() { void ErrorDoubleFree::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
char tname[128]; char tname[128];
▲ Show 20 LinesShow All 408 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_flags.inc

Show First 20 LinesShow All 127 Lines▼ Show 20 LinesASAN_FLAG(
"If true, honor the container overflow annotations. See " "If true, honor the container overflow annotations. See "
"https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow") "https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow")
ASAN_FLAG(int, detect_odr_violation, 2, ASAN_FLAG(int, detect_odr_violation, 2,
"If >=2, detect violation of One-Definition-Rule (ODR); " "If >=2, detect violation of One-Definition-Rule (ODR); "
"If ==1, detect ODR-violation only if the two variables " "If ==1, detect ODR-violation only if the two variables "
"have different sizes") "have different sizes")
ASAN_FLAG(bool, dump_instruction_bytes, false, ASAN_FLAG(bool, dump_instruction_bytes, false,
"If true, dump 16 bytes starting at the instruction that caused SEGV") "If true, dump 16 bytes starting at the instruction that caused SEGV")
ASAN_FLAG(bool, dump_registers, true,
"If true, dump values of CPU registers when SEGV happens. Only "
"available on OS X for now.")
ASAN_FLAG(const char *, suppressions, "", "Suppressions file name.") ASAN_FLAG(const char *, suppressions, "", "Suppressions file name.")
ASAN_FLAG(bool, halt_on_error, true, ASAN_FLAG(bool, halt_on_error, true,
"Crash the program after printing the first error report " "Crash the program after printing the first error report "
"(WARNING: USE AT YOUR OWN RISK!)") "(WARNING: USE AT YOUR OWN RISK!)")
ASAN_FLAG(bool, use_odr_indicator, false, ASAN_FLAG(bool, use_odr_indicator, false,
"Use special ODR indicator symbol for ODR violation detection") "Use special ODR indicator symbol for ODR violation detection")

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h

Show First 20 LinesShow All 792 Lines▼ Show 20 Lines SignalContext(void *context, uptr addr, uptr pc, uptr sp, uptr bp,
: context(context), : context(context),
addr(addr), addr(addr),
pc(pc), pc(pc),
sp(sp), sp(sp),
bp(bp), bp(bp),
is_memory_access(is_memory_access), is_memory_access(is_memory_access),
write_flag(write_flag) {} write_flag(write_flag) {}
static void DumpAllRegisters(void *context);
// Creates signal context in a platform-specific manner. // Creates signal context in a platform-specific manner.
static SignalContext Create(void *siginfo, void *context); static SignalContext Create(void *siginfo, void *context);
// Returns true if the "context" indicates a memory write. // Returns true if the "context" indicates a memory write.
static WriteFlag GetWriteFlag(void *context); static WriteFlag GetWriteFlag(void *context);
}; };
void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp); void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp);
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_linux.cc

Show First 20 LinesShow All 1,298 Lines▼ Show 20 Lines#elif defined(__aarch64__)
if (!Aarch64GetESR(ucontext, &esr)) return UNKNOWN; if (!Aarch64GetESR(ucontext, &esr)) return UNKNOWN;
return esr & ESR_ELx_WNR ? WRITE : READ; return esr & ESR_ELx_WNR ? WRITE : READ;
#else #else
(void)ucontext; (void)ucontext;
return UNKNOWN; // FIXME: Implement. return UNKNOWN; // FIXME: Implement.
#endif #endif
} }
void SignalContext::DumpAllRegisters(void *context) {
// FIXME: Implement this.
}
void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) { void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
#if defined(__arm__) #if defined(__arm__)
ucontext_t *ucontext = (ucontext_t*)context; ucontext_t *ucontext = (ucontext_t*)context;
*pc = ucontext->uc_mcontext.arm_pc; *pc = ucontext->uc_mcontext.arm_pc;
*bp = ucontext->uc_mcontext.arm_fp; *bp = ucontext->uc_mcontext.arm_fp;
*sp = ucontext->uc_mcontext.arm_sp; *sp = ucontext->uc_mcontext.arm_sp;
#elif defined(__aarch64__) #elif defined(__aarch64__)
ucontext_t *ucontext = (ucontext_t*)context; ucontext_t *ucontext = (ucontext_t*)context;
▲ Show 20 LinesShow All 85 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc

Show First 20 LinesShow All 787 Lines▼ Show 20 Linesuptr FindAvailableMemoryRange(uptr shadow_size,
// We looked at all free regions and could not find one large enough. // We looked at all free regions and could not find one large enough.
return 0; return 0;
} }
// FIXME implement on this platform. // FIXME implement on this platform.
void GetMemoryProfile(fill_profile_f cb, uptr *stats, uptr stats_size) { } void GetMemoryProfile(fill_profile_f cb, uptr *stats, uptr stats_size) { }
void SignalContext::DumpAllRegisters(void *context) {
Report("Register values:\n");
ucontext_t *ucontext = (ucontext_t*)context;
# define DUMPREG64(r) \
Printf("%s = 0x%016llx ", #r, ucontext->uc_mcontext->__ss.__ ## r);
# define DUMPREG32(r) \
Printf("%s = 0x%08x ", #r, ucontext->uc_mcontext->__ss.__ ## r);
# define DUMPREG_(r) Printf(" "); DUMPREG(r);
# define DUMPREG__(r) Printf(" "); DUMPREG(r);
# define DUMPREG___(r) Printf(" "); DUMPREG(r);
# if defined(__x86_64__)
# define DUMPREG(r) DUMPREG64(r)
DUMPREG(rax); DUMPREG(rbx); DUMPREG(rcx); DUMPREG(rdx); Printf("\n");
DUMPREG(rdi); DUMPREG(rsi); DUMPREG(rbp); DUMPREG(rsp); Printf("\n");
DUMPREG_(r8); DUMPREG_(r9); DUMPREG(r10); DUMPREG(r11); Printf("\n");
DUMPREG(r12); DUMPREG(r13); DUMPREG(r14); DUMPREG(r15); Printf("\n");
# elif defined(__i386__)
# define DUMPREG(r) DUMPREG32(r)
DUMPREG(eax); DUMPREG(ebx); DUMPREG(ecx); DUMPREG(edx); Printf("\n");
DUMPREG(edi); DUMPREG(esi); DUMPREG(ebp); DUMPREG(esp); Printf("\n");
# elif defined(__aarch64__)
# define DUMPREG(r) DUMPREG64(r)
DUMPREG_(x[0]); DUMPREG_(x[1]); DUMPREG_(x[2]); DUMPREG_(x[3]); Printf("\n");
DUMPREG_(x[4]); DUMPREG_(x[5]); DUMPREG_(x[6]); DUMPREG_(x[7]); Printf("\n");
DUMPREG_(x[8]); DUMPREG_(x[9]); DUMPREG(x[10]); DUMPREG(x[11]); Printf("\n");
DUMPREG(x[12]); DUMPREG(x[13]); DUMPREG(x[14]); DUMPREG(x[15]); Printf("\n");
DUMPREG(x[16]); DUMPREG(x[17]); DUMPREG(x[18]); DUMPREG(x[19]); Printf("\n");
DUMPREG(x[20]); DUMPREG(x[21]); DUMPREG(x[22]); DUMPREG(x[23]); Printf("\n");
DUMPREG(x[24]); DUMPREG(x[25]); DUMPREG(x[26]); DUMPREG(x[27]); Printf("\n");
DUMPREG(x[28]); DUMPREG___(fp); DUMPREG___(lr); DUMPREG___(sp); Printf("\n");
# elif defined(__arm__)
# define DUMPREG(r) DUMPREG32(r)
DUMPREG_(r[0]); DUMPREG_(r[1]); DUMPREG_(r[2]); DUMPREG_(r[3]); Printf("\n");
DUMPREG_(r[4]); DUMPREG_(r[5]); DUMPREG_(r[6]); DUMPREG_(r[7]); Printf("\n");
DUMPREG_(r[8]); DUMPREG_(r[9]); DUMPREG(r[10]); DUMPREG(r[11]); Printf("\n");
DUMPREG(r[12]); DUMPREG___(sp); DUMPREG___(lr); DUMPREG___(pc); Printf("\n");
# else
# error "Unknown architecture"
# endif
# undef DUMPREG64
# undef DUMPREG32
# undef DUMPREG_
# undef DUMPREG__
# undef DUMPREG___
# undef DUMPREG
}
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_MAC #endif // SANITIZER_MAC

compiler-rt/trunk/lib/sanitizer_common/sanitizer_win.cc

Show First 20 LinesShow All 866 Lines▼ Show 20 Lines#endif
case 1: write_flag = SignalContext::WRITE; break; case 1: write_flag = SignalContext::WRITE; break;
case 8: write_flag = SignalContext::UNKNOWN; break; case 8: write_flag = SignalContext::UNKNOWN; break;
} }
bool is_memory_access = write_flag != SignalContext::UNKNOWN; bool is_memory_access = write_flag != SignalContext::UNKNOWN;
return SignalContext(context, access_addr, pc, sp, bp, is_memory_access, return SignalContext(context, access_addr, pc, sp, bp, is_memory_access,
write_flag); write_flag);
} }
void SignalContext::DumpAllRegisters(void *context) {
// FIXME: Implement this.
}
uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) { uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) {
// FIXME: Actually implement this function. // FIXME: Actually implement this function.
CHECK_GT(buf_len, 0); CHECK_GT(buf_len, 0);
buf[0] = 0; buf[0] = 0;
return 0; return 0;
} }
uptr ReadLongProcessName(/*out*/char *buf, uptr buf_len) { uptr ReadLongProcessName(/*out*/char *buf, uptr buf_len) {
▲ Show 20 LinesShow All 53 LinesShow Last 20 Lines

compiler-rt/trunk/test/asan/TestCases/Darwin/dump_registers.cc

// Check that ASan dumps the CPU registers on a SIGSEGV.
// RUN: %clangxx_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdio.h>
int main() {
fprintf(stderr, "Hello\n");
char *ptr;
if (sizeof(void *) == 8)
ptr = (char *)0x6666666666666666;
else if (sizeof(void *) == 4)
ptr = (char *)0x55555555;
else
assert(0 && "Your computer is weird.");
char c = *ptr; // BOOM
// CHECK: ERROR: AddressSanitizer: SEGV
// CHECK: Register values:
// CHECK: {{0x55555555|0x6666666666666666}}
fprintf(stderr, "World\n");
return c;
}