From: Jim Meyering <jim@meyering.net>
To: emacs-devel@gnu.org
Subject: building/using address-sanitizer-enabled emacs?
Date: Sat, 06 May 2017 20:40:05 -0700 [thread overview]
Message-ID: <lubpf3o9v5mj1m.fsf@meyering.net> (raw)
Has anyone managed to dump an ASAN-enabled emacs recently?
I can build and use an ASAN-enabled temacs, but it's too slow, of course.
When I build as follows, (using latest gcc-built-from-today's-git[*] --
very recent gcc is required for my use of the new
-fsanitize-address-use-after-scope), the temacs-to-emacs dump fails
with a global-buffer-overflow:
san='-fsanitize-address-use-after-scope -fsanitize=address -static-libasan'
./configure --prefix=/p/p/emacs-asan --without-gpm --without-x \
--with-x-toolkit=no --with-png=no --with-jpeg=no --with-sound=no \
CFLAGS="-O0 -ggdb3 $san" LDFLAGS="$san" && make
I guess it's not too surprising -- given what dumping does -- that it
is not yet ASAN-aware, but there are so many traces of address sanitizer
work already in emacs that I'm hoping someone has already dealt with this.
------------------
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under the name emacs
=================================================================
==8192==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000001d561e1 at pc 0x000000463102 bp 0x7fffffffbca0 sp 0x7fffffffb450
READ of size 13643296 at 0x000001d561e1 thread T0
#0 0x463101 in __interceptor_memcpy /h/j/gcc/libsanitizer/asan/asan_interceptors.cc:456
#1 0x9896c0 in unexec /h/j/emacs/src/unexelf.c:407
#2 0x74d8ad in Fdump_emacs /h/j/emacs/src/emacs.c:2191
#3 0x8df69d in eval_sub /h/j/emacs/src/eval.c:2223
#4 0x8d51c4 in Fprogn /h/j/emacs/src/eval.c:449
#5 0x8deed5 in eval_sub /h/j/emacs/src/eval.c:2173
#6 0x8d4d41 in Fif /h/j/emacs/src/eval.c:406
#7 0x8deed5 in eval_sub /h/j/emacs/src/eval.c:2173
#8 0x945a9c in readevalloop /h/j/emacs/src/lread.c:1947
#9 0x942b1d in Fload /h/j/emacs/src/lread.c:1352
#10 0x8df946 in eval_sub /h/j/emacs/src/eval.c:2234
#11 0x8ddf54 in Feval /h/j/emacs/src/eval.c:2042
#12 0x751a34 in top_level_2 /h/j/emacs/src/keyboard.c:1121
#13 0x8da12d in internal_condition_case /h/j/emacs/src/eval.c:1326
#14 0x751a97 in top_level_1 /h/j/emacs/src/keyboard.c:1129
#15 0x8d8911 in internal_catch /h/j/emacs/src/eval.c:1091
#16 0x751899 in command_loop /h/j/emacs/src/keyboard.c:1090
#17 0x75033f in recursive_edit_1 /h/j/emacs/src/keyboard.c:697
#18 0x7506dd in Frecursive_edit /h/j/emacs/src/keyboard.c:768
#19 0x74bbb9 in main /h/j/emacs/src/emacs.c:1687
#20 0x7ffff5b52400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#21 0x40d369 in _start (/h/j/emacs/src/temacs+0x40d369)
0x000001d561e1 is located 0 bytes to the right of global variable 'display_completed' defined in 'dispnew.c:100:6' (0x1d561e0) of size 1
'display_completed' is ascii string ''
0x000001d561e1 is located 63 bytes to the left of global variable 'delayed_size_change' defined in 'dispnew.c:104:13' (0x1d56220) of size 1
SUMMARY: AddressSanitizer: global-buffer-overflow /h/j/gcc/libsanitizer/asan/asan_interceptors.cc:456 in __interceptor_memcpy
Shadow bytes around the buggy address:
0x0000803a2be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000803a2c30: 00 00 00 00 00 00 00 00 00 00 00 00[01]f9 f9 f9
0x0000803a2c40: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0000803a2c50: 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0000803a2c60: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0000803a2c70: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0000803a2c80: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==8192==ABORTING
Makefile:735: recipe for target 'bootstrap-emacs' failed
make[1]: *** [bootstrap-emacs] Error 1
make[1]: Leaving directory '/h/j/emacs/src'
Makefile:416: recipe for target 'src' failed
make: *** [src] Error 2
-------------------
[*] One caveat: to get past a gcc ICE (just reported as https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80659), I had to apply this kludgey patch:
diff --git a/src/process.c b/src/process.c
index 0edd092..8abd0d2 100644
--- a/src/process.c
+++ b/src/process.c
@@ -4724,10 +4725,13 @@ server_accept_connection (Lisp_Object server, int channel)
case AF_LOCAL:
#endif
default:
+ abort ();
+#if 0
caller = Fnumber_to_string (make_number (connect_counter));
AUTO_STRING (space_less_than, " <");
AUTO_STRING (greater_than, ">");
caller = concat3 (space_less_than, caller, greater_than);
+#endif
break;
}
next reply other threads:[~2017-05-07 3:40 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-07 3:40 Jim Meyering [this message]
2017-05-07 19:54 ` building/using address-sanitizer-enabled emacs? Paul Eggert
2017-05-07 21:44 ` Jim Meyering
2017-05-08 2:36 ` Eli Zaretskii
2017-05-08 5:42 ` Paul Eggert
2017-05-08 14:39 ` Eli Zaretskii
2017-05-08 14:46 ` Paul Eggert
2017-05-08 16:04 ` Eli Zaretskii
2017-05-09 5:48 ` Jim Meyering
2017-05-09 15:18 ` Eli Zaretskii
2017-05-09 17:06 ` Jim Meyering
2017-05-09 17:45 ` Eli Zaretskii
2017-05-09 19:22 ` Paul Eggert
2017-05-09 22:49 ` Jim Meyering
2017-05-10 2:41 ` Eli Zaretskii
2017-05-16 21:49 ` Paul Eggert
2017-05-17 2:24 ` Eli Zaretskii
2017-05-17 14:46 ` Paul Eggert
2017-05-17 16:06 ` Eli Zaretskii
2017-05-17 20:05 ` Paul Eggert
2017-05-18 4:15 ` Eli Zaretskii
2017-05-09 23:15 ` Philipp Stephani
2017-05-10 2:42 ` Eli Zaretskii
2017-05-10 22:24 ` Philipp Stephani
2017-05-13 8:02 ` Eli Zaretskii
2017-05-13 15:08 ` [PATCH] Fix use of sockaddr_in Philipp Stephani
2017-05-13 16:52 ` Eli Zaretskii
2017-05-13 19:14 ` Andreas Schwab
2017-05-13 19:29 ` Eli Zaretskii
2017-05-13 20:05 ` Andreas Schwab
2017-05-14 2:32 ` Eli Zaretskii
2017-05-14 6:11 ` Andreas Schwab
2017-05-14 14:20 ` Eli Zaretskii
2017-05-15 6:15 ` Paul Eggert
2017-05-15 9:04 ` Philipp Stephani
2017-05-17 20:38 ` Paul Eggert
2017-05-27 11:35 ` Philipp Stephani
2017-05-17 15:16 ` Eli Zaretskii
2017-05-17 20:15 ` Paul Eggert
2017-05-14 10:28 ` Lars Ingebrigtsen
2017-05-14 19:06 ` Philipp Stephani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lubpf3o9v5mj1m.fsf@meyering.net \
--to=jim@meyering.net \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).