Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Commit

Permalink
handle asan check failures (#358)
Browse files Browse the repository at this point in the history
  • Loading branch information
bmc-msft authored Dec 1, 2020
1 parent fc34725 commit 0182dc5
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 3 deletions.
17 changes: 17 additions & 0 deletions src/agent/onefuzz/data/asan-check-failure-missing-symbolizer.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
=================================================================
==15479==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 "((0 && "Address is not in memory and not in shadow?")) != (0)" (0x0, 0x0)
==15479==WARNING: invalid path to external symbolizer!
==15479==WARNING: Failed to use and restart external symbolizer!
#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)
#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)
#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)
#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)
#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)
#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)
#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)
#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)
#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)
#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)
#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)

15 changes: 15 additions & 0 deletions src/agent/onefuzz/data/asan-check-failure.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
=================================================================
==31189==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 "((0 && "Address is not in memory and not in shadow?")) != (0)" (0x0, 0x0)
#0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)
#1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)
#2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)
#3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)
#4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)
#5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)
#6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)
#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3
#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12
#9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12
#10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)

33 changes: 30 additions & 3 deletions src/agent/onefuzz/src/asan.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@ pub struct AsanLog {

impl AsanLog {
pub fn parse(text: String) -> Option<Self> {
let (summary, sanitizer, fault_type) = parse_summary(&text)?;
let (summary, sanitizer, fault_type) = match parse_summary(&text) {
Some(x) => x,
None => parse_asan_runtime_error(&text)?,
};

let call_stack = parse_call_stack(&text).unwrap_or_else(Vec::default);

let log = Self {
Expand Down Expand Up @@ -55,6 +59,16 @@ impl AsanLog {
}
}

fn parse_asan_runtime_error(text: &str) -> Option<(String, String, String)> {
let pattern = r"==\d+==((\w+) (CHECK failed): [^ \n]+)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.get(1)?.as_str().trim();
let sanitizer = captures.get(2)?.as_str().trim();
let fault_type = captures.get(3)?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}

fn parse_summary(text: &str) -> Option<(String, String, String)> {
let pattern = r"SUMMARY: ((\w+): (data race|deadly signal|[^ \n]+).*)";
let re = Regex::new(pattern).ok()?;
Expand Down Expand Up @@ -176,7 +190,7 @@ mod tests {
use super::AsanLog;

#[test]
fn test_asan_log_parse() {
fn test_asan_log_parse() -> anyhow::Result<()> {
let test_cases = vec![
(
"data/libfuzzer-asan-log.txt",
Expand Down Expand Up @@ -226,15 +240,28 @@ mod tests {
"breakpoint",
43,
),
(
"data/asan-check-failure.txt",
"AddressSanitizer",
"CHECK failed",
12,
),
(
"data/asan-check-failure-missing-symbolizer.txt",
"AddressSanitizer",
"CHECK failed",
12,
),
];

for (log_path, sanitizer, fault_type, call_stack_len) in test_cases {
let data = std::fs::read_to_string(log_path).unwrap();
let data = std::fs::read_to_string(log_path)?;
let log = AsanLog::parse(data).unwrap();

assert_eq!(log.sanitizer, sanitizer);
assert_eq!(log.fault_type, fault_type);
assert_eq!(log.call_stack.len(), call_stack_len);
}
Ok(())
}
}

0 comments on commit 0182dc5

Please sign in to comment.