Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

handle asan check failures #358

Merged
merged 3 commits into from
Dec 1, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions src/agent/onefuzz/data/asan-check-failure-missing-symbolizer.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
=================================================================
==15479==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 "((0 && "Address is not in memory and not in shadow?")) != (0)" (0x0, 0x0)
==15479==WARNING: invalid path to external symbolizer!
==15479==WARNING: Failed to use and restart external symbolizer!
#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)
#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)
#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)
#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)
#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)
#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)
#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)
#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)
#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)
#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)
#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)

15 changes: 15 additions & 0 deletions src/agent/onefuzz/data/asan-check-failure.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
=================================================================
==31189==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 "((0 && "Address is not in memory and not in shadow?")) != (0)" (0x0, 0x0)
#0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)
#1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)
#2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)
#3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)
#4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)
#5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)
#6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)
#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3
#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12
#9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12
#10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)

33 changes: 30 additions & 3 deletions src/agent/onefuzz/src/asan.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@ pub struct AsanLog {

impl AsanLog {
pub fn parse(text: String) -> Option<Self> {
let (summary, sanitizer, fault_type) = parse_summary(&text)?;
let (summary, sanitizer, fault_type) = match parse_summary(&text) {
Some(x) => x,
None => parse_asan_runtime_error(&text)?,
};

let call_stack = parse_call_stack(&text).unwrap_or_else(Vec::default);

let log = Self {
Expand Down Expand Up @@ -55,6 +59,16 @@ impl AsanLog {
}
}

fn parse_asan_runtime_error(text: &str) -> Option<(String, String, String)> {
let pattern = r"==\d+==((\w+) (CHECK failed): [^ \n]+)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.get(1)?.as_str().trim();
let sanitizer = captures.get(2)?.as_str().trim();
let fault_type = captures.get(3)?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}

fn parse_summary(text: &str) -> Option<(String, String, String)> {
let pattern = r"SUMMARY: ((\w+): (data race|deadly signal|[^ \n]+).*)";
let re = Regex::new(pattern).ok()?;
Expand Down Expand Up @@ -176,7 +190,7 @@ mod tests {
use super::AsanLog;

#[test]
fn test_asan_log_parse() {
fn test_asan_log_parse() -> anyhow::Result<()> {
let test_cases = vec![
(
"data/libfuzzer-asan-log.txt",
Expand Down Expand Up @@ -226,15 +240,28 @@ mod tests {
"breakpoint",
43,
),
(
"data/asan-check-failure.txt",
"AddressSanitizer",
"CHECK failed",
12,
),
(
"data/asan-check-failure-missing-symbolizer.txt",
"AddressSanitizer",
"CHECK failed",
bmc-msft marked this conversation as resolved.
Show resolved Hide resolved
12,
),
];

for (log_path, sanitizer, fault_type, call_stack_len) in test_cases {
let data = std::fs::read_to_string(log_path).unwrap();
let data = std::fs::read_to_string(log_path)?;
let log = AsanLog::parse(data).unwrap();

assert_eq!(log.sanitizer, sanitizer);
assert_eq!(log.fault_type, fault_type);
assert_eq!(log.call_stack.len(), call_stack_len);
}
Ok(())
}
}