This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/
-
lib/sanitizer_common/
-
sanitizer_common/
-
sanitizer_symbolizer_mac.cpp
-
test/asan/TestCases/Darwin/
-
asan/
-
TestCases/
-
Darwin/
-
symbolizer-function-offset-dladdr.cpp

Differential D84262

Avoid failing a CHECK in `DlAddrSymbolizer::SymbolizePC`.
ClosedPublic

Authored by delcypher on Jul 21 2020, 12:14 PM.

Download Raw Diff

Details

Reviewers

kubamracek
yln

Commits

rG923cf890d15a: Avoid failing a CHECK in `DlAddrSymbolizer::SymbolizePC`.

Summary

It turns out the CHECK(addr >= reinterpret_cast<upt>(info.dli_saddr)
can fail because on armv7s on iOS 9.3 dladdr() returns
info.dli_saddr with an address larger than the address we provided.

We should avoid crashing here because crashing in the middle of reporting
an issue is very unhelpful. Instead we now try to compute a function offset
if the value we get back from dladdr() looks sane, otherwise we don't
set the function offset.

A test case is included. It's basically a slightly modified version of
the existing test/sanitizer_common/TestCases/Darwin/symbolizer-function-offset-dladdr.cpp
test case that doesn't run on iOS devices right now.

More details:

In the concrete scenario on armv7s addr is 0x2195c870 and the returned
info.dli_saddr is 0x2195c871.

This what LLDB says when disassembling the code.

(lldb) dis -a 0x2195c870
libdyld.dylib`<redacted>:
    0x2195c870 <+0>: nop
    0x2195c872 <+2>: blx    0x2195c91c                ; symbol stub for: exit
    0x2195c876 <+6>: trap

The value returned by dladdr() doesn't make sense because it points
into the middle of a instruction.

There might also be other bugs lurking here because I noticed that the PCs we
gather during stackunwinding (before changing them with
StackTrace::GetPreviousInstructionPc()) look a little suspicious (e.g. the
PC stored for the frame with fail to symbolicate is 0x2195c873) as they don't
look properly aligned. This probably warrants further investigation in the future.

rdar://problem/65621511

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

delcypher created this revision.Jul 21 2020, 12:14 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2020, 12:14 PM

Herald added subscribers: Restricted Project, kristof.beyls. · View Herald Transcript

kubamracek accepted this revision.Jul 21 2020, 12:23 PM

This revision is now accepted and ready to land.Jul 21 2020, 12:23 PM

Fix failing test due to LSan.

Closed by commit rG923cf890d15a: Avoid failing a CHECK in `DlAddrSymbolizer::SymbolizePC`. (authored by delcypher). · Explain WhyJul 21 2020, 12:50 PM

This revision was automatically updated to reflect the committed changes.

Harbormaster completed remote builds in B65129: Diff 279606.Jul 21 2020, 12:57 PM

Harbormaster completed remote builds in B65131: Diff 279611.Jul 21 2020, 1:14 PM

Revision Contents

Path

Size

compiler-rt/

lib/

sanitizer_common/

sanitizer_symbolizer_mac.cpp

19 lines

test/

asan/

TestCases/

Darwin/

symbolizer-function-offset-dladdr.cpp

44 lines

Diff 279613

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_mac.cpp

Show All 27 Lines

namespace __sanitizer {		namespace __sanitizer {

bool DlAddrSymbolizer::SymbolizePC(uptr addr, SymbolizedStack *stack) {		bool DlAddrSymbolizer::SymbolizePC(uptr addr, SymbolizedStack *stack) {
Dl_info info;		Dl_info info;
int result = dladdr((const void *)addr, &info);		int result = dladdr((const void *)addr, &info);
if (!result) return false;		if (!result) return false;

CHECK(addr >= reinterpret_cast<uptr>(info.dli_saddr));		// Compute offset if possible. `dladdr()` doesn't always ensure that `addr >=
stack->info.function_offset = addr - reinterpret_cast<uptr>(info.dli_saddr);		// sym_addr` so only compute the offset when this holds. Failure to find the
		// function offset is not treated as a failure because it might still be
		// possible to get the symbol name.
		uptr sym_addr = reinterpret_cast<uptr>(info.dli_saddr);
		if (addr >= sym_addr) {
		stack->info.function_offset = addr - sym_addr;
		}

const char *demangled = DemangleSwiftAndCXX(info.dli_sname);		const char *demangled = DemangleSwiftAndCXX(info.dli_sname);
if (!demangled) return false;		if (!demangled) return false;
stack->info.function = internal_strdup(demangled);		stack->info.function = internal_strdup(demangled);
return true;		return true;
}		}

bool DlAddrSymbolizer::SymbolizeData(uptr addr, DataInfo *datainfo) {		bool DlAddrSymbolizer::SymbolizeData(uptr addr, DataInfo *datainfo) {
Dl_info info;		Dl_info info;
▲ Show 20 Lines • Show All 168 Lines • ▼ Show 20 Lines	if (start_address == AddressInfo::kUnknown) {
// Fallback to dladdr() to get function start address if atos doesn't report		// Fallback to dladdr() to get function start address if atos doesn't report
// it.		// it.
Dl_info info;		Dl_info info;
int result = dladdr((const void *)addr, &info);		int result = dladdr((const void *)addr, &info);
if (result)		if (result)
start_address = reinterpret_cast<uptr>(info.dli_saddr);		start_address = reinterpret_cast<uptr>(info.dli_saddr);
}		}

// Only assig to `function_offset` if we were able to get the function's		// Only assign to `function_offset` if we were able to get the function's
// start address.		// start address and we got a sensible `start_address` (dladdr doesn't always
if (start_address != AddressInfo::kUnknown) {		// ensure that `addr >= sym_addr`).
CHECK(addr >= start_address);		if (start_address != AddressInfo::kUnknown && addr >= start_address) {
stack->info.function_offset = addr - start_address;		stack->info.function_offset = addr - start_address;
}		}
return true;		return true;
}		}

bool AtosSymbolizer::SymbolizeData(uptr addr, DataInfo *info) {		bool AtosSymbolizer::SymbolizeData(uptr addr, DataInfo *info) {
if (!process_) return false;		if (!process_) return false;
char command[32];		char command[32];
Show All 16 Lines

compiler-rt/test/asan/TestCases/Darwin/symbolizer-function-offset-dladdr.cpp

This file was added.

				// FIXME(dliew): Duplicated from `test/sanitizer_common/TestCases/Darwin/symbolizer-function-offset-dladdr.cpp`.
				// This case can be dropped once sanitizer_common tests work on iOS devices (rdar://problem/47333049).

				// NOTE: `detect_leaks=0` is necessary because with LSan enabled the dladdr
				// symbolizer actually leaks memory because the call to
				// `__sanitizer::DemangleCXXABI` leaks memory which LSan detects
				// (rdar://problem/42868950).

				// RUN: %clangxx_asan %s -O0 -o %t
				// RUN: %env_asan_opts=detect_leaks=0,verbosity=2,external_symbolizer_path=,stack_trace_format='"function_name_%f___function_offset_%q"' %run %t > %t.output 2>&1
				// RUN: FileCheck -input-file=%t.output %s
				#include <sanitizer/common_interface_defs.h>
				#include <stdio.h>

				void baz() {
				printf("Do stuff in baz\n");
				__sanitizer_print_stack_trace();
				}

				void bar() {
				printf("Do stuff in bar\n");
				baz();
				}

				void foo() {
				printf("Do stuff in foo\n");
				bar();
				}

				int main() {
				printf("Do stuff in main\n");
				foo();
				return 0;
				}

				// CHECK: External symbolizer is explicitly disabled
				// CHECK: Using dladdr symbolizer

				// These `function_offset` patterns are designed to disallow `0x0` which is the
				// value printed for `kUnknown`.
				// CHECK: function_name_baz{{()?}}___function_offset_0x{{0[1-9a-f][0-9a-f]$}}
				// CHECK: function_name_bar{{()?}}___function_offset_0x{{0[1-9a-f][0-9a-f]$}}
				// CHECK: function_name_foo{{()?}}___function_offset_0x{{0[1-9a-f][0-9a-f]$}}
				// CHECK: function_name_main{{()?}}___function_offset_0x{{0[1-9a-f][0-9a-f]$}}