Wrong debugging information with -fsanitize=address (and memset?) #27047
Comments
|
assigned to @krobelus |
|
This is still reproducible with both GDB and LLDB. It is only reproducible if an object is compiled with -fsanitize=address. Tested with:
Reproducers, in either case varying the local array size still reproduces the problem: Reproducer 1 which I mostly used in debugging (see also below)cat > func.c <<EOF build files separately such that a smaller func.o can be dumped.clang -fsanitize=address -g func.c -c Reproducer 2cat > x.c <<EOF Again, the expected result is that the correct parameters are reported. In practice, garbage is displayed in both "bt" (backtrace) and "frame". When a breakpoint is set at "f", GDB stops here (at "B>"): B> cmpl $0, (%rdx) After running "stepi" a couple of times, it turns out that after the instruction before ".loc 1 4 5", the correct information is displayed. With GCC however, the ".loc 1 3" marker (file 1, line 3) is correctly placed after the prologue and does contain the correct information. Example output of "objdump -sg a.out", use the first offset between brackets to find the corresponding output in the "Contents of the .debug_info section" (e.g. find "2a" in the line starting with " 0020 "): With GCC, there is this line instead: but trying to patch the Clang-generated binary (0156 -> 019c) to use this did not improve the situation. Debugging tools:
Spec references: |
|
I found a similar test case that triggers the same symptoms in both gcc and Clang. Reported to gcc in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91439 |
|
Proposed fix: https://reviews.llvm.org/D70894 |
Extended Description
Since a while (months), Clang with ASAN on Arch Linux generates objects which have wrong debugging information. The addresses seems incorrect and will result in wrong debugging output.
I have reduced it to a function containing a memset (printf does not trigger the issue for example). See the following output (argc is expected to be 1, argv an address like 0x7fffffffe418).
$ clang -fsanitize=address -g test.c && gdb -ex start -batch ./a.out
Temporary breakpoint 1 at 0x4d8ce7: file test.c, line 15.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Temporary breakpoint 1, main (argc=4289312, argv=0x4d8e6d <__libc_csu_init+77>) at test.c:35
35 int main(int argc, char *argv[]) {
$ lldb ./a.out
(lldb) target create "./a.out"
Current executable set to './a.out' (x86_64).
(lldb) breakpoint set -name main
Breakpoint 1: where = a.out`main + 23 at test.c:35, address = 0x00000000004d8ce7
(lldb) r
AddressSanitizer debugger support is active. Memory error breakpoint has been installed and you can now use the 'memory history' command.
Process 4799 launched: './a.out' (x86_64)
Process 4799 stopped
main(argc=4289312, argv=0x00000000004d8e6d) + 23 at test.c:35, name = 'a.out', stop reason = breakpoint 1.1 frame #​0: 0x00000000004d8ce7 a.outmain(argc=4289312, argv=0x00000000004d8e6d) + 23 at test.c:3532 */
33 extern void *memset(void *, int, unsigned long);
34
-> 35 int main(int argc, char *argv[]) {
36 int action;
37 memset(&action, 0, sizeof(action));
38 return 0;
$ pacman -Q clang lldb gdb
clang 3.7.1-1
lldb 3.7.1-1
gdb 7.10.1-1
$ clang --version
clang version 3.7.1 (tags/RELEASE_371/final)
Target: x86_64-unknown-linux-gnu
Thread model: posix
The text was updated successfully, but these errors were encountered: