解决消毒器故障 [英] Address sanitizer failure
问题描述
我正在使用gcc和嵌入了clang的消毒器,包括地址消毒器.一切正常,但是在下一个演示代码中,尽管有错误,但我没有得到与错误相关的输出(更确切地说,根本没有输出):
#include <string>
#include <iostream>
using std::string;
using std::cout;
class Foo
{
string _member;
public:
Foo(): _member("just a string") {}
const string& get() const { return _member; }
};
const string& bar()
{
// returning reference to a temp object on stack
return Foo().get();
}
int main()
{
cout << bar() << '\n';
return 0;
}
我尝试了g++ -O0 -g -fsanitize=address test.cc
,并且与clang++
相同:g ++-version只打印任何内容,而clang-version长时间打印垃圾内容.
Valgrind在非仪器二进制文件上提供反馈:
Syscall param write(buf) points to unaddressable byte(s)
.
这是内部问题还是我做错了什么?
版本:gcc 4.9.2,clang 3.6.0
最初,我认为您在访问临时Foo对象时会遇到返回后使用"错误.由于内存开销大,默认情况下ASan不会检测到UAR(请参见专用Wiki页面 a>).
但是现在我意识到情况更加复杂:std::string
可以按原样存储输入指针(写时复制优化),将其复制到对象内部的小缓冲区(短字符串优化)或新的堆分配中缓冲.实际行为取决于您使用的特定STL版本(例如,AFAIR libstdc ++实现最近已更改).
我建议您将其报告给 Asan的跟踪器继续在那里进行调查.>
I'm using gcc and clang-embedded sanitizers for a little, including address sanitizer. And things work pretty well, but on next demo code I get no output related to a error despite it is there (to be more precise -- no output at all):
#include <string>
#include <iostream>
using std::string;
using std::cout;
class Foo
{
string _member;
public:
Foo(): _member("just a string") {}
const string& get() const { return _member; }
};
const string& bar()
{
// returning reference to a temp object on stack
return Foo().get();
}
int main()
{
cout << bar() << '\n';
return 0;
}
I tried g++ -O0 -g -fsanitize=address test.cc
and same with clang++
: g++-version just prints nothing, clang one prints garbage for a long time.
Valgrind on non-instrumented binary gives feedback:
Syscall param write(buf) points to unaddressable byte(s)
.
Is it internal asan problem or I'm doing something wrong?
Versions: gcc 4.9.2, clang 3.6.0
Originally I thought that you face a use-after-return bug here on accessing temporary Foo object. UARs are not detected by ASan by default due to high memory overhead (see more details at dedicated wikipage).
But now I realized that situation is more complicated: std::string
may store input pointer as is (copy-on-write optimization), copy it to small buffer inside object (short string optimization) or to a new heap-allocated buffer. The actual behavior depends on particular STL version that you are using (e.g. AFAIR libstdc++ implementation has recently changed).
I suggest you to report it to Asan's tracker to continue investigation there.
这篇关于解决消毒器故障的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!