ASan and UBSan Test Failures

I am building LLVM on OS X 10.7.5 with cmake. Under this configuration some ASan and UBSan tests
are failing:

$ make check-ubsan

Some more information …

I am building LLVM on OS X 10.7.5 with cmake. Under this configuration some ASan and UBSan tests
are failing:

$ make check-ubsan

********************
Testing Time: 2.36s
********************
Failing Tests (11):
   UndefinedBehaviorSanitizer :: Float/cast-overflow.cpp
   UndefinedBehaviorSanitizer :: Integer/add-overflow.cpp
   UndefinedBehaviorSanitizer :: Integer/div-zero.cpp
   UndefinedBehaviorSanitizer :: Integer/no-recover.cpp
   UndefinedBehaviorSanitizer :: Integer/sub-overflow.cpp
   UndefinedBehaviorSanitizer :: Integer/uadd-overflow.cpp
   UndefinedBehaviorSanitizer :: Integer/usub-overflow.cpp
   UndefinedBehaviorSanitizer :: Misc/bool.cpp
   UndefinedBehaviorSanitizer :: Misc/enum.cpp
   UndefinedBehaviorSanitizer :: TypeCheck/misaligned.cpp
   UndefinedBehaviorSanitizer :: TypeCheck/null.cpp

Expected Passes : 10
Expected Failures : 1
Unexpected Failures: 11

These tests fail with the following assertion:

==40116== Sanitizer CHECK failed: /Users/meadori/Code/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_mac.cc:26 ((0 && "unimplemented")) != (0) (0, 0)

Should these tests be running? StartSymbolizerSubprocess and GetListOfModules are
not implemented for OS X.

$ make check-asan

********************
Testing Time: 125.18s
********************
Failing Tests (1):
   AddressSanitizer :: use-after-free.cc

This failure seems to be due to adding ALWAYS_INLINE to 'free_common' in r158885.
I think fixing the stack trace checks in use-after-free.cc will do:

- // CHECK-Darwin: {{ #0 0x.* in .*free_common.*}}
- // CHECK-Darwin: {{ #1 0x.* in .*mz_free.*}}
+ // CHECK-Darwin: {{ #0 0x.* in .*mz_free.*}}
   // We override free() on Darwin, thus no malloc_zone_free
- // CHECK-Darwin: {{ #2 0x.* in _?wrap_free}}
- // CHECK-Darwin: {{ #3 0x.* in _?main .*use-after-free.cc:21}}
+ // CHECK-Darwin: {{ #1 0x.* in _?wrap_free}}
+ // CHECK-Darwin: {{ #2 0x.* in _?main .*use-after-free.cc:21}}

I also encounter this issue and solved it locally by implementing this 2 functions.

- The linux version of StartSymbolizerSubprocess uses only POSIX function and can be reused as is on OS X (maybe we should move it in a new sanitizer_symbolizer_posix.cc file)
- I have a simple implementation of GetListOfModules (see the attached file) but it required 10.6 at least.

That said, implementing this 2 functions is not enough to get something useful on OS X. It remains major issue:

- InitializeExternalSymbolizer is never called, and so the values returns GetListOfModules is never use.
- llvm-symbolizer failed to get file and location of the stack trace symbols using debug informations.
- When using ubsan to instrument a dynamic library, trying to load this library will result in missing "__ubsan_xxx" symbols error.

Is someone working on asan/ubsan integration on OS X actually ?

sanitizer_symbolizer_mac.cc (2.93 KB)

I also encounter this issue and solved it locally by implementing this 2
functions.

- The linux version of StartSymbolizerSubprocess uses only POSIX function
and can be reused as is on OS X (maybe we should move it in a new
sanitizer_symbolizer_posix.cc file)
- I have a simple implementation of GetListOfModules (see the attached
file) but it required 10.6 at least.

That said, implementing this 2 functions is not enough to get something
useful on OS X. It remains major issue:

- InitializeExternalSymbolizer is never called, and so the values returns
GetListOfModules is never use.
- llvm-symbolizer failed to get file and location of the stack trace
symbols using debug informations.
- When using ubsan to instrument a dynamic library, trying to load this
library will result in missing "__ubsan_xxx" symbols error.

Is someone working on asan/ubsan integration on OS X actually ?

Alex (in CC) is working on asan for OS X. I think he can handle ubsan as
well. (but give us a few days, we are all out of office due to holidays).

--kcc

OK, thanks. If there are no objections, then I can go ahead and
commit the attached test case fix I mentioned before. Adding
ALWAYS_INLINE to 'free_common' in r158885 changed the stack trace.

use-after-free-test.patch (870 Bytes)

Hi Meador,

I couldn't reproduce the ASan failures on my 10.8 machine (trying that
on a 10.7 one now)
I'll look into making the in-process symbolizer work on OSX (which
should fix some of the ubsan failures), but we do not need it in
production currently, so I'm not sure when I get to it.

Great, thanks for looking into it. If you can't get around to
implementing the symbolizer for OS X, then it would be nice if
you can at least disable the tests that require it on OS X.
`make check` should always pass on a fresh checkout.