解决消毒器故障 [英] Address sanitizer failure

问题描述

我正在使用gcc和嵌入了clang的消毒器，包括地址消毒器.一切正常，但是在下一个演示代码中，尽管有错误，但我没有得到与错误相关的输出(更确切地说，根本没有输出):

#include <string>
#include <iostream>

using std::string;
using std::cout;

class Foo
{
    string _member;
public:
    Foo(): _member("just a string") {}
    const string& get() const { return _member; }
};

const string& bar()
{
    // returning reference to a temp object on stack
    return Foo().get();
}

int main()
{
    cout << bar() << '\n';
    return 0;
}

我尝试了g++ -O0 -g -fsanitize=address test.cc，并且与clang++相同:g ++-version只打印任何内容，而clang-version长时间打印垃圾内容. Valgrind在非仪器二进制文件上提供反馈: Syscall param write(buf) points to unaddressable byte(s).

这是内部问题还是我做错了什么?

版本:gcc 4.9.2，clang 3.6.0

解决方案

最初，我认为您在访问临时Foo对象时会遇到返回后使用"错误.由于内存开销大，默认情况下ASan不会检测到UAR(请参见专用Wiki页面 a>).

但是现在我意识到情况更加复杂:std::string可以按原样存储输入指针(写时复制优化)，将其复制到对象内部的小缓冲区(短字符串优化)或新的堆分配中缓冲.实际行为取决于您使用的特定STL版本(例如，AFAIR libstdc ++实现最近已更改).

我建议您将其报告给 Asan的跟踪器继续在那里进行调查.

I'm using gcc and clang-embedded sanitizers for a little, including address sanitizer. And things work pretty well, but on next demo code I get no output related to a error despite it is there (to be more precise -- no output at all):

#include <string>
#include <iostream>

using std::string;
using std::cout;

class Foo
{
    string _member;
public:
    Foo(): _member("just a string") {}
    const string& get() const { return _member; }
};

const string& bar()
{
    // returning reference to a temp object on stack
    return Foo().get();
}

int main()
{
    cout << bar() << '\n';
    return 0;
}

I tried g++ -O0 -g -fsanitize=address test.cc and same with clang++: g++-version just prints nothing, clang one prints garbage for a long time. Valgrind on non-instrumented binary gives feedback: Syscall param write(buf) points to unaddressable byte(s).

Is it internal asan problem or I'm doing something wrong?

Versions: gcc 4.9.2, clang 3.6.0

解决方案

Originally I thought that you face a use-after-return bug here on accessing temporary Foo object. UARs are not detected by ASan by default due to high memory overhead (see more details at dedicated wikipage).

But now I realized that situation is more complicated: std::string may store input pointer as is (copy-on-write optimization), copy it to small buffer inside object (short string optimization) or to a new heap-allocated buffer. The actual behavior depends on particular STL version that you are using (e.g. AFAIR libstdc++ implementation has recently changed).

I suggest you to report it to Asan's tracker to continue investigation there.

这篇关于解决消毒器故障的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！