Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ASan doesn't play well with vmmap on OS X 10.7 #63

Closed
ramosian-glider opened this issue Aug 31, 2015 · 6 comments
Closed

ASan doesn't play well with vmmap on OS X 10.7 #63

ramosian-glider opened this issue Aug 31, 2015 · 6 comments

Comments

@ramosian-glider
Copy link
Member

Originally reported on Google Code with ID 63

$ cat t.c
#include <stdlib.h>
int main() {
  char *c = malloc(100);
  free(c);
  free(c);
  return 0;
}
=============================
$ clang t.c -faddress-sanitizer -o t
$ ASAN_OPTIONS=sleep_before_dying=100 ./t
==298== ERROR: AddressSanitizer attempting double-free on 0x000103fdff80:
    #0 0x1019d3ac1 (/Users/glider/src/asan/llvm/build/./t+0x8ac1)
    #1 0x1019cbb4f (/Users/glider/src/asan/llvm/build/./t+0xb4f)
    #2 0x1019cba04 (/Users/glider/src/asan/llvm/build/./t+0xa04)
    #3 0x1
0x000103fdff80 is located 0 bytes inside of 100-byte region [0x000103fdff80,0x000103fdffe4)
freed by thread T0 here:
    #0 0x1019d3fe7 (/Users/glider/src/asan/llvm/build/./t+0x8fe7)
    #1 0x1019d3ab0 (/Users/glider/src/asan/llvm/build/./t+0x8ab0)
    #2 0x1019cbb23 (/Users/glider/src/asan/llvm/build/./t+0xb23)
    #3 0x1019cba04 (/Users/glider/src/asan/llvm/build/./t+0xa04)
    #4 0x1
previously allocated by thread T0 here:
    #0 0x1019d3de4 (/Users/glider/src/asan/llvm/build/./t+0x8de4)
    #1 0x7fff873d73c8 (/usr/lib/system/libsystem_c.dylib+0xa03c8)
    #2 0x7fff873d81a4 (/usr/lib/system/libsystem_c.dylib+0xa11a4)
    #3 0x1019cbaec (/Users/glider/src/asan/llvm/build/./t+0xaec)
    #4 0x1019cba04 (/Users/glider/src/asan/llvm/build/./t+0xa04)
    #5 0x1
Stats: 0M malloced (0M for red zones) by 1 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 1 calls
Stats: 0M really freed by 0 calls
Stats: 4M (1024 full pages) mmaped in 1 calls
  mmaps   by size class: 8:16383; 
  mallocs by size class: 8:1; 
  frees   by size class: 8:1; 
  rfrees  by size class: 
Stats: malloc large: 0 small slow: 1
==298== Sleeping for 100 second(s)

[in another terminal]
$ vmmap 298 2>&1 |  /Users/glider/src/chrome-commit/src/tools/valgrind/asan/asan_symbolize.py


==567== ERROR: AddressSanitizer attempting free on address which was not malloc()-ed:
0x7f8112036400
    #0 0x210f67422 in operator delete(void*) (in t) + 34
    #1 0x7fff827ba2c3 in CSSymbolicatorCreateWithSignatureAndNotification (in CoreSymbolication)
+ 1261
    #2 0x7fff827a022b in TDwarfSymbolAbbrev<Dwarf<Dwarf32, Pointer64, LittleEndian>
>::TDwarfSymbolAbbrev(unsigned int, unsigned char, std::vector<CSCppDwarfAttribute,
std::allocator<CSCppDwarfAttribute> >&, TDwarfAbbrevData<Dwarf<Dwarf32, Pointer64,
LittleEndian> >&) (in CoreSymbolication) + 625
    #3 0x7fff827a00c2 in TDwarfSymbolAbbrev<Dwarf<Dwarf32, Pointer64, LittleEndian>
>::TDwarfSymbolAbbrev(unsigned int, unsigned char, std::vector<CSCppDwarfAttribute,
std::allocator<CSCppDwarfAttribute> >&, TDwarfAbbrevData<Dwarf<Dwarf32, Pointer64,
LittleEndian> >&) (in CoreSymbolication) + 264
    #4 0x7fff8cefac86 in pidFromHint (in Symbolication) + 1133
    #5 0x7fff8ceec7f2 in -[VMUClassInfo _copyRemoteIvarAt:] (in Symbolication) + 6
    #6 0x10e41d44c in 0x10000244c
    #7 0x10e41cabc in 0x100001abc
    #8 0x2
Stats: 0M malloced (0M for red zones) by 0 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 0 calls
Stats: 0M really freed by 0 calls
Stats: 0M (0 full pages) mmaped in 0 calls
  mmaps   by size class:
  mallocs by size class:
  frees   by size class:
  rfrees  by size class:
Stats: malloc large: 0 small slow: 0

Reported by ramosian.glider on 2012-04-13 10:44:14

@ramosian-glider
Copy link
Member Author

Reported by konstantin.s.serebryany on 2012-05-22 08:49:13

  • Labels added: OpSys-OSX

@ramosian-glider
Copy link
Member Author

Also confirmed on 10.8

Reported by ramosian.glider on 2012-10-29 14:10:36

  • Labels added: Priority-Low
  • Labels removed: Priority-Medium

@ramosian-glider
Copy link
Member Author

With the introduction of the dynamic library the vmmap output now looks as:

$ vmmap 39445
Virtual Memory Map of process 39445 (t)
Output report format:  2.2  -- 64-bit process

2013-02-06 19:39:09.678 vmmap[39511:707] *** Symbolication:  Couldn't load /Users/glider/src/asan-clean/llvm/llvm_cmake_build/lib/clang/3.3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
to introspect target process's malloc zone named asan: dlopen(/Users/glider/src/asan-clean/llvm/llvm_cmake_build/lib/clang/3.3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib,
261): Symbol not found: ___asan_mapping_offset
  Referenced from: /Users/glider/src/asan-clean/llvm/llvm_cmake_build/lib/clang/3.3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
  Expected in: flat namespace
 in /Users/glider/src/asan-clean/llvm/llvm_cmake_build/lib/clang/3.3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib

==== Non-writable regions for process 39445
__TEXT                 000000010b564000-000000010b565000 [    4K] r-x/rwx SM=COW  ...s/glider/src/asan-clean/llvm/llvm_cmake_build/t
__LINKEDIT             000000010b566000-000000010b567000 [    4K] r--/rwx SM=COW  ...s/glider/src/asan-clean/llvm/llvm_cmake_build/t
MALLOC metadata        000000010b567000-000000010b568000 [    4K] r--/rwx SM=PRV  
__TEXT                 000000010b56c000-000000010b58a000 [  120K] r-x/rwx SM=COW  ...3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
__LINKEDIT             000000010ddd4000-000000010ddeb000 [   92K] r--/rwx SM=COW  ...3/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
VM_ALLOCATE            0000120000000000-0000140000000000 [  2.0T] ---/rwx SM=NUL  
...
[map follows]


I wonder if we can (or should) do something about the process not having __asan_mapping_offset.

Reported by ramosian.glider on 2013-02-06 15:42:10

@ramosian-glider
Copy link
Member Author

Marking this bug as WontFix with a FixLater label.
Feel free to reopen if you want to work on this.

Reported by ramosian.glider on 2013-12-26 15:08:54

  • Status changed: WontFix
  • Labels added: FixLater

@ramosian-glider
Copy link
Member Author

Even better, let it be a duplicate of issue 201, since having a fallback (or retiring
__asan_mapping_offset) is everything we need.

Reported by ramosian.glider on 2013-12-26 15:11:21

@ramosian-glider
Copy link
Member Author

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:59

  • Labels added: ProjectAddressSanitizer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant