Download Raw Diff

Details

Reviewers

kcc
samsonov
eugenis

Summary

Fast unwind works wrong in GCC 4.10 on ARM Linux due to FP format mismatch between libsanitizer and GCC. This is related bug in GCC (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61771).

Diff Detail

Event Timeline

m.ostapenko updated this revision to Diff 11933.Jul 27 2014, 11:44 PM

m.ostapenko retitled this revision from to Test failures in GCC ASan testsuite on ARM Linux due to FP format mismatch between libsanitizer and GCC..

m.ostapenko updated this object.

m.ostapenko edited the test plan for this revision. (Show Details)

m.ostapenko added reviewers: kcc, samsonov.

m.ostapenko set the repository for this revision to rL LLVM.

m.ostapenko added a project: deleted.

m.ostapenko added subscribers: ygribov, Unknown Object (MLST).

Herald added a subscriber: aemerson. · View Herald TranscriptJul 27 2014, 11:44 PM

Can we add tests?
Evgeniy suggests that a test may be implemented with a set of assembly files that have different ABIs (GCC's and Clang's)

I agree with tests, no regressions on current tests don't mean much.

cheers,
--renato

lib/sanitizer_common/sanitizer_stacktrace.cc
53	It's not clear how this will separate a GCC logic from LLVM one (or rather, different FP logics), on ARM. It'll also make the second IsValidFrame() call redundant on anything _but_ ARM. Maybe you should move all of it inside the #ifdef block? #ifdef __arm__ if (IsValidFrame((uptr)bp_prev[0], stack_top, stack_bottom)) return bp_prev; --bp_prev; #endif return bp_prev;

m.ostapenko updated this revision to Diff 11969.Jul 29 2014, 1:21 AM

m.ostapenko edited edge metadata.

Thanks, Renato, you are right, I've also added a small test. Should I add more tests?

ygribov added inline comments.Jul 29 2014, 1:30 AM

test/asan/TestCases/Linux/clang_gcc_abi.cc
5	Do we really need to check all optimization levels?
11	Perhaps make this local?
14	Contents of s is undefined so compiler could optimize this access out.
18	I think this should better be asm volatile.
30	Likewise.

samsonov added inline comments.Jul 29 2014, 4:41 PM

lib/sanitizer_common/sanitizer_stacktrace.cc
40	this function returns bool
65–66	This line is wrong. It assumes that FastUnwindStack() is called in the same thread for which we provide stack_top/stack_bottom. I believe this function describes a generic unwinding algorithm, and there's no place for hack like this here. Why do you need it?

m.ostapenko added inline comments.Jul 30 2014, 12:20 AM

lib/sanitizer_common/sanitizer_stacktrace.cc
65–66	Hm, stack_bottom is simply stack_top - kStackSize (8 MB), isn't it? So, we have 8 MB interval for "valid" stack addresses. But in Linux stack grows dynamically, so if access address is, for example, in the middle of this interval, this can cause a segmentation fault, because libc hasn't mapped this memory yet. So we need something like this to prevent this error. You are right, this will work only in case if FastUnwindStack() is called in the same thread for which we provide stack_top/stack_bottom, but if it is called in another thread, how can we implement such kind of protection?

ygribov added inline comments.Jul 30 2014, 12:28 AM

lib/sanitizer_common/sanitizer_stacktrace.cc
65–66	Can we do stack_bottom = Max(stack_bottom, bp) instead?

Updated patch according to Renato's and Yury's comments. Regarding the issue about stack_bottom, I still believe that we need something like the protection was suggested.

ygribov added inline comments.Aug 6 2014, 3:30 AM

lib/sanitizer_common/sanitizer_stacktrace.cc
65–66	I'd still ask for bp instead of &size here.
test/asan/TestCases/Linux/clang_gcc_abi.cc
31	Broken formatting.

ygribov added inline comments.Aug 6 2014, 7:34 AM

lib/sanitizer_common/sanitizer_stacktrace.cc
41	Should this be 2 * sizeof(uhwptr)?

samsonov added inline comments.Aug 6 2014, 3:43 PM

lib/sanitizer_common/sanitizer_stacktrace.cc
65–66	Stack size is not always 8Mb, it's configurable in many ways. And, yes, it grows dynamically. But we don't assume that the whole interval from stack_top to stack_bottom is accessible. We would access unmapped memory only if there's a bug in unwinding algorithm or the frame pointers are broken. Do you actually observe such cases?

ygribov added inline comments.Aug 6 2014, 9:55 PM

lib/sanitizer_common/sanitizer_stacktrace.cc
65–66	We could also access unmapped area if code was compiled without fp support. And yes, we saw this in our ARM tests.

Alexey, you are right, this is a really specific situation. Removed the line. Is it OK now?

samsonov added inline comments.Aug 20 2014, 9:57 AM

lib/sanitizer_common/sanitizer_stacktrace.cc
47	Make this inline.
48	This check is not needed if we're not on ARM. Can you keep the original behavior on non-ARM platforms? #ifdef __arm__ if (!IsValidFrame(bp, stack_top, stack_bottom) return 0; uhwptr bp_prev = (uhwptr )bp; if (IsValidFrame((uptr)bp_prev[0], stack_top, stack_bottom) return bp_prev; return bp_prev - 1; #else return (uhwptr*)bp; #endif
66–68	Move this line upper (before calling GetCanonicFrame for the first time).
test/asan/TestCases/Linux/clang_gcc_abi.cc
41	Put CHECK-lines closer to the actual source code lines

Update according to last review notes.

Looks reasonable. Please fix the test case and let me know if I should land this for you.

test/asan/TestCases/Linux/clang_gcc_abi.cc
15	[[@LINE]] directives don't look right now.

Thanks, fixed. Could you apply it when you have a time?

samsonov added inline comments.Aug 29 2014, 5:22 PM

test/asan/TestCases/Linux/clang_gcc_abi.cc
15	Just sanity checking: doesn't ASan output line 13 in the error report? (the one with the BOOM)
28	This can be [[@LINE+1]] if you put it immediately after the asm blob (which would probably be more appropriate/clear).

m.ostapenko added inline comments.Sep 1 2014, 12:11 AM

test/asan/TestCases/Linux/clang_gcc_abi.cc

Yes, it does.

=================================================================
==12410==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x422007f3 at pc 0x000c1444 bp 0x40800118 sp 0x40800110
READ of size 1 at 0x422007f3 thread T0
    #0 0xc1443 in boom /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:13:3
    #1 0xc1453 in gcc_abi /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:19:3
    #2 0xc1453 in gcc_abi /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:19:3
    #3 0xc1453 in gcc_abi /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:19:3

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:13 boom

However, ASan unable to unwind the stack deeper then gcc_abi function. Should I do something about it?

ygribov added inline comments.Sep 1 2014, 12:37 AM

test/asan/TestCases/Linux/clang_gcc_abi.cc
15	That's expected - your inline asm lacks frame info so assembler can't generate proper unwind instructions which puzzles slow unwinder.

Moved check lines.

Landed in r217079. Thanks for working on this!

This revision is now accepted and ready to land.Sep 3 2014, 2:20 PM

m.ostapenko closed this revision.Oct 22 2015, 5:28 AM

Diff 13155

lib/sanitizer_common/sanitizer_stacktrace.cc

Show All 30 Lines	#else
return pc - 1;		return pc - 1;
#endif		#endif
}		}

uptr StackTrace::GetCurrentPc() {		uptr StackTrace::GetCurrentPc() {
return GET_CALLER_PC();		return GET_CALLER_PC();
}		}

		// Check if given pointer points into allocated stack area.
		static inline bool IsValidFrame(uptr frame, uptr stack_top, uptr stack_bottom) {
		samsonovUnsubmitted Not Done Reply Inline Actions this function returns bool samsonov: this function returns bool
		return frame > stack_bottom && frame < stack_top - 2 * sizeof (uhwptr);
		ygribovUnsubmitted Not Done Reply Inline Actions Should this be 2 * sizeof(uhwptr)? ygribov: Should this be 2 * sizeof(uhwptr)?
		}

		// In GCC on ARM bp points to saved lr, not fp, so we should check the next
		// cell in stack to be a saved frame pointer. GetCanonicFrame returns the
		// pointer to saved frame pointer in any case.
		static inline uhwptr *GetCanonicFrame(uptr bp,
		samsonovUnsubmitted Not Done Reply Inline Actions Make this inline. samsonov: Make this inline.
		uptr stack_top,
		samsonovUnsubmitted Not Done Reply Inline Actions This check is not needed if we're not on ARM. Can you keep the original behavior on non-ARM platforms? #ifdef __arm__ if (!IsValidFrame(bp, stack_top, stack_bottom) return 0; uhwptr bp_prev = (uhwptr )bp; if (IsValidFrame((uptr)bp_prev[0], stack_top, stack_bottom) return bp_prev; return bp_prev - 1; #else return (uhwptr)bp; #endif samsonov:* This check is not needed if we're not on ARM. Can you keep the original behavior on non-ARM…
		uptr stack_bottom) {
		#ifdef __arm__
		if (!IsValidFrame(bp, stack_top, stack_bottom)) return 0;
		uhwptr bp_prev = (uhwptr )bp;
		if (IsValidFrame((uptr)bp_prev[0], stack_top, stack_bottom)) return bp_prev;
		rengolinUnsubmitted Not Done Reply Inline Actions It's not clear how this will separate a GCC logic from LLVM one (or rather, different FP logics), on ARM. It'll also make the second IsValidFrame() call redundant on anything _but_ ARM. Maybe you should move all of it inside the #ifdef block? #ifdef __arm__ if (IsValidFrame((uptr)bp_prev[0], stack_top, stack_bottom)) return bp_prev; --bp_prev; #endif return bp_prev; rengolin: It's not clear how this will separate a GCC logic from LLVM one (or rather, different FP…
		return bp_prev - 1;
		#else
		return (uhwptr*)bp;
		#endif
		}

void StackTrace::FastUnwindStack(uptr pc, uptr bp,		void StackTrace::FastUnwindStack(uptr pc, uptr bp,
uptr stack_top, uptr stack_bottom,		uptr stack_top, uptr stack_bottom,
uptr max_depth) {		uptr max_depth) {
CHECK_GE(max_depth, 2);		CHECK_GE(max_depth, 2);
trace[0] = pc;		trace[0] = pc;
size = 1;		size = 1;
uhwptr frame = (uhwptr )bp;
uhwptr *prev_frame = frame - 1;
if (stack_top < 4096) return; // Sanity check for stack top.		if (stack_top < 4096) return; // Sanity check for stack top.
		samsonovUnsubmitted Not Done Reply Inline Actions This line is wrong. It assumes that FastUnwindStack() is called in the same thread for which we provide stack_top/stack_bottom. I believe this function describes a generic unwinding algorithm, and there's no place for hack like this here. Why do you need it? samsonov: This line is wrong. It assumes that FastUnwindStack() is called in the same thread for which we…
		m.ostapenkoAuthorUnsubmitted Not Done Reply Inline Actions Hm, stack_bottom is simply stack_top - kStackSize (8 MB), isn't it? So, we have 8 MB interval for "valid" stack addresses. But in Linux stack grows dynamically, so if access address is, for example, in the middle of this interval, this can cause a segmentation fault, because libc hasn't mapped this memory yet. So we need something like this to prevent this error. You are right, this will work only in case if FastUnwindStack() is called in the same thread for which we provide stack_top/stack_bottom, but if it is called in another thread, how can we implement such kind of protection? m.ostapenko: Hm, stack_bottom is simply stack_top - kStackSize (8 MB), isn't it? So, we have 8 MB interval…
		ygribovUnsubmitted Not Done Reply Inline Actions Can we do stack_bottom = Max(stack_bottom, bp) instead? ygribov: Can we do stack_bottom = Max(stack_bottom, bp) instead?
		ygribovUnsubmitted Not Done Reply Inline Actions I'd still ask for bp instead of &size here. ygribov: I'd still ask for bp instead of &size here.
		samsonovUnsubmitted Not Done Reply Inline Actions Stack size is not always 8Mb, it's configurable in many ways. And, yes, it grows dynamically. But we don't assume that the whole interval from stack_top to stack_bottom is accessible. We would access unmapped memory only if there's a bug in unwinding algorithm or the frame pointers are broken. Do you actually observe such cases? samsonov: Stack size is not always 8Mb, it's configurable in many ways. And, yes, it grows dynamically.
		ygribovUnsubmitted Not Done Reply Inline Actions We could also access unmapped area if code was compiled without fp support. And yes, we saw this in our ARM tests. ygribov: We could also access unmapped area if code was compiled without fp support. And yes, we saw…
		uhwptr *frame = GetCanonicFrame(bp, stack_top, stack_bottom);
		uhwptr *prev_frame = 0;
		samsonovUnsubmitted Not Done Reply Inline Actions Move this line upper (before calling GetCanonicFrame for the first time). samsonov: Move this line upper (before calling GetCanonicFrame for the first time).
// Avoid infinite loop when frame == frame[0] by using frame > prev_frame.		// Avoid infinite loop when frame == frame[0] by using frame > prev_frame.
while (frame > prev_frame &&		while (frame > prev_frame &&
frame < (uhwptr *)stack_top - 2 &&		IsValidFrame((uptr)frame, stack_top, stack_bottom) &&
frame > (uhwptr *)stack_bottom &&
IsAligned((uptr)frame, sizeof(*frame)) &&		IsAligned((uptr)frame, sizeof(*frame)) &&
size < max_depth) {		size < max_depth) {
uhwptr pc1 = frame[1];		uhwptr pc1 = frame[1];
if (pc1 != pc) {		if (pc1 != pc) {
trace[size++] = (uptr) pc1;		trace[size++] = (uptr) pc1;
}		}
prev_frame = frame;		prev_frame = frame;
frame = (uhwptr *)frame[0];		frame = GetCanonicFrame((uptr)frame[0], stack_top, stack_bottom);
}		}
}		}

static bool MatchPc(uptr cur_pc, uptr trace_pc, uptr threshold) {		static bool MatchPc(uptr cur_pc, uptr trace_pc, uptr threshold) {
return cur_pc - trace_pc <= threshold \|\| trace_pc - cur_pc <= threshold;		return cur_pc - trace_pc <= threshold \|\| trace_pc - cur_pc <= threshold;
}		}

void StackTrace::PopStackFrames(uptr count) {		void StackTrace::PopStackFrames(uptr count) {
Show All 19 Lines

test/asan/TestCases/Linux/clang_gcc_abi.cc

				// RUN: %clangxx_asan -O0 -x c %s -o %t && not %run %t 2>&1 \| FileCheck %s
				// RUN: %clangxx_asan -O1 -x c %s -o %t && not %run %t 2>&1 \| FileCheck %s
				// RUN: %clangxx_asan -O2 -x c %s -o %t && not %run %t 2>&1 \| FileCheck %s
				// RUN: %clangxx_asan -O3 -x c %s -o %t && not %run %t 2>&1 \| FileCheck %s

				ygribovUnsubmitted Not Done Reply Inline Actions Do we really need to check all optimization levels? ygribov: Do we really need to check all optimization levels?
				// REQUIRES: arm-supported-target

				#include <stdlib.h>

				int boom() {
				volatile int three = 3;
				ygribovUnsubmitted Not Done Reply Inline Actions Perhaps make this local? ygribov: Perhaps make this local?
				char s = (char )malloc(three);
				// CHECK: #1 0x{{.}} in boom {{.}}clang_gcc_abi.cc:[[@LINE-1]]
				return s[three]; //BOOM
				ygribovUnsubmitted Not Done Reply Inline Actions Contents of s is undefined so compiler could optimize this access out. ygribov: Contents of s is undefined so compiler could optimize this access out.
				}
				samsonovUnsubmitted Not Done Reply Inline Actions [[@LINE]] directives don't look right now. samsonov: [[@LINE]] directives don't look right now.
				samsonovUnsubmitted Not Done Reply Inline Actions Just sanity checking: doesn't ASan output line 13 in the error report? (the one with the BOOM) samsonov: Just sanity checking: doesn't ASan output line 13 in the error report? (the one with the BOOM)
				m.ostapenkoAuthorUnsubmitted Not Done Reply Inline Actions Yes, it does. ================================================================= ==12410==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x422007f3 at pc 0x000c1444 bp 0x40800118 sp 0x40800110 READ of size 1 at 0x422007f3 thread T0 #0 0xc1443 in boom /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:13:3 #1 0xc1453 in gcc_abi /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:19:3 #2 0xc1453 in gcc_abi /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:19:3 #3 0xc1453 in gcc_abi /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:19:3 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/max/workspace/downloads/llvm/projects/compiler-rt/test/asan/TestCases/Linux/clang_gcc_abi.cc:13 boom However, ASan unable to unwind the stack deeper then gcc_abi function. Should I do something about it? m.ostapenko: Yes, it does. ``` =================================================================…
				ygribovUnsubmitted Not Done Reply Inline Actions That's expected - your inline asm lacks frame info so assembler can't generate proper unwind instructions which puzzles slow unwinder. ygribov: That's expected - your inline asm lacks frame info so assembler can't generate proper unwind…

				__attribute__((naked, noinline)) void gcc_abi() {
				// CHECK: #2 0x{{.}} in gcc_abi {{.}}clang_gcc_abi.cc:[[@LINE+1]]
				ygribovUnsubmitted Not Done Reply Inline Actions I think this should better be asm volatile. ygribov: I think this should better be asm volatile.
				asm volatile("str fp, [sp, #-8]!\n\t"
				"str lr, [sp, #4]\n\t"
				"add fp, sp, #4\n\t"
				"bl boom\n\t"
				"sub sp, fp, #4\n\t"
				"ldr fp, [sp]\n\t"
				"add sp, sp, #4\n\t"
				"ldr pc, [sp], #4\n\t"
				);
				}
				samsonovUnsubmitted Not Done Reply Inline Actions This can be [[@LINE+1]] if you put it immediately after the asm blob (which would probably be more appropriate/clear). samsonov: This can be [[@LINE+1]] if you put it immediately after the asm blob (which would probably be…

				__attribute__((naked, noinline)) void clang_abi() {
				ygribovUnsubmitted Not Done Reply Inline Actions Likewise. ygribov: Likewise.
				// CHECK: #3 0x{{.}} in clang_abi {{.}}clang_gcc_abi.cc:[[@LINE+1]]
				ygribovUnsubmitted Not Done Reply Inline Actions Broken formatting. ygribov: Broken formatting.
				asm volatile("push {r11, lr}\n\t"
				"mov r11, sp\n\t"
				"bl gcc_abi\n\t"
				"add r0, r0, #1\n\t"
				"pop {r11, pc}\n\t"
				);
				}

				int main() {
				clang_abi();
				samsonovUnsubmitted Not Done Reply Inline Actions Put CHECK-lines closer to the actual source code lines samsonov: Put CHECK-lines closer to the actual source code lines
				// CHECK: #4 0x{{.}} in main {{.}}clang_gcc_abi.cc:[[@LINE-1]]
				}

This is an archive of the discontinued LLVM Phabricator instance.

Test failures in GCC ASan testsuite on ARM Linux due to FP format mismatch between libsanitizer and GCC.
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 13155

lib/sanitizer_common/sanitizer_stacktrace.cc

test/asan/TestCases/Linux/clang_gcc_abi.cc

This is an archive of the discontinued LLVM Phabricator instance.

Test failures in GCC ASan testsuite on ARM Linux due to FP format mismatch between libsanitizer and GCC.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 13155

lib/sanitizer_common/sanitizer_stacktrace.cc

test/asan/TestCases/Linux/clang_gcc_abi.cc

Test failures in GCC ASan testsuite on ARM Linux due to FP format mismatch between libsanitizer and GCC.
ClosedPublic