-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ubsan: not work fine in ARM/AArch64 runtime on Android #817
Comments
Do you run your test on Android or Linux board? What compiler version do you use? |
You can try remove |
@chefmax Thanks for your attention , I run it on my Android phone and using the AOSP compile tool chain , The compiler called in the build is
I tried remove those flag and test on board again, the output is the same |
I tried build the test code with [https://gcc.godbolt.org/#](online compiler) using x86-64 clang 3.8.1 (dosen't have an ARM clang available on it ) Test code
is compiled to asm ,and got __ubsan_handle_add_overflow in the end of trap
So, does it mean that abort() is not what we want or it just something on ARM/AArch64 do the replacement after calling abort()? |
This behavior is controlled by -f(no-)sanitize-trap flag. Android NDK build system inserts -fsanitize-trap for you by default. This can be changed by adding LOCAL_SANITIZE_DIAG=undefined or just -fno-sanitize-trap=undefined in compiler flags. |
Hi eugenis, Thanks for your attention!
After removing
And I got error while linking,all the symbols are defined in code . Seems there being some static lib (sanitizer common ?) missing while linking , Maybe the abort() is workaround for these linking error?
|
There's a workaround saying that the ubsan so generate are disabled unless soong has support to pick a module from prebuilts , so I open it and workaround to I tried on my phone with the patch below ,it already works with all the libs in prebuilts
For workaround this seems ok to work now. Thanks a lot for all these help . |
Another question, I use androidmk to translate mk to bp ,and the target seems build without ubsan
I also tried |
AFAIK "undefined" in Soong includes just a subset of UBSan. Try
"all_undefined".
…On Fri, Jun 2, 2017 at 5:45 AM, butterl ***@***.***> wrote:
Another question, I use androidmk to translate mk to bp ,and the target
seems build without ubsan
cc_binary {
name: "ubsan_test",
clang: true,
sanitize: {
undefined: true,
diag: {
undefined: true,
},
},
cflags: [
"-g",
"-Wall",
"-Werror",
"-std=gnu++11",
"-Wno-missing-field-initializers",
"-O0",
],
srcs: ["add-overflow.cpp"],
}
I also triedmisc_undefined: ["xxx"] flag as in other bp files ,but still
not work
Is there any special grammar for sanitizers setting in bp file ?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#817 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZuSubJqt6mzW5RVUOM_N1cBFjVSJl7ks5sAAPzgaJpZM4NsnI7>
.
|
cool, it works 👍
And a workaround patch is also needed :
|
For ubsan now using the libs in prebuilts, is there a cmd to check for the UB checking list? I 'm using an UB demo from a real bug in AOSP to test , but the UBsan seems unaware of it.
UBsan inserted trap code for buffer_end <= *buffer as below, and "type_mismatch" seems not what the UB is (ordered comparison of pointers in the same object/array from Stephen's comments in the bugfix page ).
A quick comparison could be see from the excellent online compiler with |
On Sat, Jun 3, 2017 at 12:31 AM, butterl ***@***.***> wrote:
For ubsan now using the libs in prebuilts, is there a cmd to check for the
UB checking list?
Clang manual.
https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
I 'm using an UB demo from a real bug in AOSP to test , but the UBsan seems
unaware of it.
Below is the test code from the origin code
<https://android-review.googlesource.com/#/c/354494/>
#include <stdio.h>
#include <stdint.h>
struct SizedBuffer {
uint32_t length;
};
int read_from_buffer( uint8_t **buffer, uint8_t * end,
SizedBuffer *target) {
if (*buffer + sizeof(target->length) > end) return -1;
*buffer += sizeof(target->length);
if (target->length != 0) {
const uint8_t *buffer_end = *buffer + target->length; // <= unsigned overflow is not UB in C but have
if ( buffer_end > end
|| buffer_end <= *buffer ) // <= UB here when passing -O2 to clang ,the judgement is optimized away letting huge length pass the check
return -1;
*buffer += target->length;
}
return 0;
}
uint8_t g_data[50] = {0};
int main()
{
SizedBuffer Test = {0};
Test.length = 32;
uint8_t *date_end = g_data + 40;
uint8_t *date_start = g_data;
read_from_buffer(&date_start,date_end,&Test);
return 0;
}
UBsan inserted trap code for buffer_end <= *buffer as below, and
"type_mismatch" seems not what the UB is (ordered comparison of pointers in
the same object/array from Stephen's comments in the bugfix page
<https://android-review.googlesource.com/#/c/354494/> ).
...
test r12b, 1
je .LBB0_14
...
.LBB0_14:
mov edi, .L__unnamed_8
mov rsi, rbx
call __ubsan_handle_type_mismatch
mov eax, 1
jmp .LBB0_15
A quick comparison could be see from the excellent online compiler
<https://gcc.godbolt.org/#> with -O2 -g -fsanitize=undefined and-O0 -g
-fsanitize=undefined using the demo code
Adding an unsigned offset to a pointer can not decrease the pointer value,
so the comparison is impossible and can be optimized out. This is because
pointer overflow is UB. UBsan reports it as
runtime error: pointer index expression with base XXX overflowed to YYY
Try replacing "undefined" with "all_undefined" in the "diag:" section.
Otherwise you get checks for all undefined behavior, but human-readable
diagnostics only for a small subset.
|
I mean that listing the enabled checking from the runtime libs, Now I'm using the libs in prebuilts, not the fresh built ones.
I tried with all_undefined in diag,
and got error returned And I also I tried with example test case checking the error type you posted,
with build command to test on host
it came out I also tried with a newer version ,but this come even without a sanitizer warning
Does it mean the ubsan lib I'm using is not support the pointer check yet? |
On Tue, Jun 6, 2017 at 11:42 PM, butterl ***@***.***> wrote:
Clang manual.
https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
I mean that listing the enabled checking from the runtime libs, Now I'm
using the libs in prebuilts, not the fresh built ones.
That's right - ubsan runtime library should match the compiler. The set of
checks is determined by the compiler version. We don't maintain this list
for random llvm revisions though.
Adding an unsigned offset to a pointer can not decrease the pointer value,
so the comparison is impossible and can be optimized out. This is because
pointer overflow is UB. UBsan reports it as
runtime error: pointer index expression with base XXX overflowed to YYY
Try replacing "undefined" with "all_undefined" in the "diag:" section.
Otherwise you get checks for all undefined behavior, but human-readable
diagnostics only for a small subset.
I tried with all_undefined in diag,
diag: {
all_undefined: true,
},
and got error returned unrecognized property "sanitize.diag.all_undefined"
And I also I tried with example test case
<https://reviews.llvm.org/D20323#89e539c3> checking the error type you
posted,
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
int main(int argc, char *argv[]) {
// SAFE-NOT: runtime error
// ERR: runtime error: pointer index expression with base {{.*}} overflowed to
char *p = (char *)(UINTPTR_MAX);
printf("%p\n", p + atoi(argv[1]));
return 0;
}
with build command to test on host
prebuilts/clang/host/linux-x86/clang-3859424/bin/clang++ -g \
-fsanitize=undefined -fno-sanitize-trap=undefined -O2 pointer.cc
it came out
==8461==Sanitizer CHECK failed: external/compiler-rt/lib/ubsan/ubsan_init.cc:62
((UBSAN_MODE_UNKNOWN)) != ((ubsan_mode)) (0, 0)
I also tried with a newer version ,but this come even without a sanitizer
warning
clang version 5.0.0 (trunk 301384)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
Does it mean the ubsan lib I'm using is not support the pointer check yet?
Yes, you are right. Pointer overflow checking was added to LLVM less than a
month ago and it's not in Android yet.
… —
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#817 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZuSoCF-TeZAxF5rTAaICES2pbOCA5Aks5sBkZmgaJpZM4NsnI7>
.
|
Yes I see ,I built a clang trunk version ,and got __ubsan_handle_pointer_overflow in the host asm for the UB code line. 👍
Is there any good way to update to the newest Clang? Seems it‘s not that easy to just replace all bins in the prebuilts. |
Did you try replacing one of the prebuilts directories with an LLVM/Clang
build tree? It might just work.
…On Thu, Jun 8, 2017 at 7:09 PM, butterl ***@***.***> wrote:
Yes, you are right. Pointer overflow checking was added to LLVM less than a
month ago and it's not in Android yet.
Yes I see ,I built a clang trunk version ,and got __ubsan_handle_pointer_overflow
in the host asm for the UB code line. 👍
mov edi, .L__unnamed_6
mov qword ptr [rsp], rsi # 8-byte Spill
mov rsi, r12
mov rdx, rbx
mov rbp, r8
call __ubsan_handle_pointer_overflow
mov rsi, qword ptr [rsp] # 8-byte Reload
mov r8, rbp
jmp .LBB0_11
Is there any good way to update to the newest Clang? Seems it‘s not that
easy to just replace all bins in the prebuilts.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#817 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZuSqcGd5I67QBP-06EqphRifdMy2D0ks5sCKlzgaJpZM4NsnI7>
.
|
Already submit change to AOSP to enable UBsan only check |
Hi ,
I tried built a test app with
From the ASM code , the abort() trap is inserted but running on board(ARM64 Android Phone) , it just abort() and nothing more is printed :(
The detail is https://issuetracker.google.com/issues/38250996
Anyone know how to let the trap goto the ubsan_xx_handler and give out the "runtime error :xxx ” log
Or I'm missing something important in the build ?
BR,
Chao
The text was updated successfully, but these errors were encountered: