Svadev mailing list

[Matthew Wala <wala1 AT illinois.edu>]

On Wed, Jan 18, 2012 at 4:41 PM, David Keaton 
<dmk AT dmk.com>
 wrote:
>      I tried the version of SAFECode that works with the LLVM 3.0
> release, and I got a puzzling result.  I'm hoping you have seen this before.
>
>      I used svn to check out the release_30 branch of LLVM (not the
> trunk) and put poolalloc and safecode in the projects directory.  I
> built it following the directions on the SAFECode web site.  I did this
> on Ubuntu 10.04 x86-64.
>
>      Then I copied and pasted the sample buffer overflow program from
> the SAFECode web site.
>
> http://sva.cs.illinois.edu/docs/UsersGuide.html
>
>      I used the following commands to compile and run it, pointing to
> the libraries I had just built as part of the SAFECode build.
>
> clang -g -fmemsafety -o overflow overflow.c -L${HOME}/local/lib
> ./overflow 10
>
>      The first part of the result was what I expected from reading the
> documentation.  Then a repeating attempted null pointer dereference
> occurred, and SAFECode didn't seem to be able to find out where it came
> from.
>
> SAFECode:Violation Type 0x6 when accessing  0x170eda9 at IP=0x4025ea
>
> =======+++++++    SAFECODE RUNTIME ALERT +++++++=======
> = Error type                            :       Load/Store Error
> = Faulting pointer                      :       0x170eda9
> = Program counter                       :       0x4025ea
> = Fault PC Source                       :       
> /home/dmk/com/llvm/sample/overfl
> ow.c:7
> =
> = Object allocated at PC                :       0x402d15
> = Allocated in Source File              :       
> /home/dmk/com/llvm/sample/overfl
> ow.c:17
> = Object allocation sequence number     :       3
> = Object start                          :       0x170eda0
> = Object length                         :       0x9
> SAFECode: Fault!
> SAFECode:Violation Type 0x9 when accessing  0xc0000001 at IP=0x8
>
> =======+++++++    SAFECODE RUNTIME ALERT +++++++=======
> = Error type                            :       Uninitialized/NULL Pointer 
> Error
> = Faulting pointer                      :       0xc0000001
> = Program counter                       :       0x8
> = Fault PC Source                       :       <unknown>:0
> SAFECode: Fault!
> SAFECode:Violation Type 0x9 when accessing  0xc0000001 at IP=0x8
>
> =======+++++++    SAFECODE RUNTIME ALERT +++++++=======
> = Error type                            :       Uninitialized/NULL Pointer 
> Error
> = Faulting pointer                      :       0xc0000001
> = Program counter                       :       0x8
> = Fault PC Source                       :       <unknown>:0
> SAFECode: Fault!
> SAFECode:Violation Type 0x9 when accessing  0xc0000001 at IP=0x8
>
>  . . .
>
>      The null pointer dereference keeps reoccurring until I abort the
> program.
>
>      Is this a known problem?  What is it that creates a null pointer
> dereference with a program counter of 0x8?
>

I'm pretty sure this is why the long error sequence occurs:

http://lists.cs.uiuc.edu/pipermail/svadev/2011-August/000104.html

If you want to output only the first error message and then exit, use
the '-fmemsafety-terminate' option along with '-fmemsafety' when
compiling your code.

As to why the program counter is printed as 0x8, it looks like the
runtime was accessing the wrong register value on x86-64 Linux. This
should be fixed in revision 148458.

Matt


>                                        David Keaton
> _______________________________________________
> svadev mailing list
> svadev AT cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/svadev