asan global instrumentation broken for interposed global variables #36893
Comments
|
assigned to @vitalybuka |
|
I've reverted r332028 for now, in r332879. Note that this undoes a change that fixes a conformance bug. |
|
Not sure what to do here. We can just avoid instrumenting typeinfo globals as a workaround... |
|
If the global registration data referred to the copy of the symbol from that DSO rather than the one selected by the dynamic linker, I think that would resolve this problem. (I don't know for sure, but I think it may be possible to get that effect by changing the global to an internal symbol with a new name, and adding an external-linkage alias to it with the original name, then using the non-alias name only for the ASan registration data.) |
|
The alias trick would work, I guess. Instrumented IR transform would look like: @foo = global i32 42 Or, we could try to leverage dso_local information to avoid instrumenting interposable globals. If the user sets -fPIE or doesn't explicitly set -fPIC, we can assume that we'll be linked into an executable, and if so, everything with a definition is dso_local, and everything should be instrumented. |
EugeneZelenko
added
the
clang:driver
|
@llvm/issue-subscribers-clang-driver |
Extended Description
Situation:
main binary contains a weak definition of global symbol foo
foo.so contains a strong definition of global symbol foo
ASan instruments the strong definition but not the weak one:
https://github.com/llvm-mirror/llvm/blob/master/lib/Transforms/Instrumentation/AddressSanitizer.cpp#L1661
Now, after dynamic linking, the program has only one definition of foo (the one from the main binary) but still has the global registration code from foo.so, which tries to register that global symbol.
In my test case, the registration fails because the weak definition is underaligned for a sanitized global, and ASan reports a bogus ODR violation error. If the alignment happens to match, ASan would presumably instead mark a bogus region of the address space as being global redzone.
As of r332028, Clang creates the above situation for entirely valid code:
// main.cc
#include
struct A;
auto &x = typeid(A*);
void use_foo();
int main() { use_foo(); }
// foo.cc
struct A {
virtual void f();
};
void A::f() {}
void use_foo() {}
$ clang++ foo.cc -shared -o /tmp/foo.so -fsanitize=address
$ clang++ /tmp/foo.so main.cc -o /tmp/main -fsanitize=address
$ /tmp/main
==211158==The following global variable is not properly aligned.
==211158==This may happen if another global with the same name
==211158==resides in another non-instrumented module.
==211158==Or the global comes from a C file built w/o -fno-common.
==211158==In either case this is likely an ODR violation bug,
==211158==but AddressSanitizer can not provide more details.
==211158==ERROR: AddressSanitizer: odr-violation (0x00000050a1d6):
[1] size=3 'typeinfo name for A' -
[2] size=3 'typeinfo name for A' -
These globals were registered at these points:
[1]:
#0 0x42dcfe in __asan_register_globals[...]/compiler-rt/lib/asan/asan_globals.cc:358:3
#1 0x7f32dfe18a70 in asan.module_ctor (/tmp/foo.so+0xa70)
[2]:
#0 0x42dcfe in __asan_register_globals [...]/compiler-rt/lib/asan/asan_globals.cc:358:3
#1 0x7f32dfe18a70 in asan.module_ctor (/tmp/foo.so+0xa70)
==211158==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
SUMMARY: AddressSanitizer: odr-violation: global 'typeinfo name for A' at -
==211158==ABORTING
The text was updated successfully, but these errors were encountered: