search

R-Fuzz / symsan

A LLVM Sanitizer for Symbolic Tracing
Apache License 2.0
206 stars 29 forks source link

C++ target with Z3 solver #9

Closed cgfandia-tii closed 11 months ago

cgfandia-tii commented 2 years ago

During the building C++ target with Z3 solver I have a linking problem:

relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'

What is the status of C++ support? With KO_USE_FASTGEN=1 there is no issues. I used the default docker environment and default build steps. The whole output:

root@28f36c4a75e2:/workdir/symsan# KO_CC=clang-12 KO_CXX=clang++-12 KO_USE_Z3=1 build/bin/ko-clang++ -v tests/cpp_fstream.cpp -o /tmp/cpp_fstream.symsan
Ubuntu clang version 12.0.0-3ubuntu1~20.04.5
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Candidate multilib: .;@m64
Selected multilib: .;@m64
 "/usr/lib/llvm-12/bin/clang" -cc1 -triple x86_64-pc-linux-gnu -emit-obj --mrelax-relocations -disable-free -disable-llvm-verifier -discard-value-names -main-file-name cpp_fstream.cpp -mrelocation-model pic -pic-level 1 -fhalf-no-semantic-interposition -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debug-info-kind=limited -dwarf-version=4 -debugger-tuning=gdb -v -resource-dir /usr/lib/llvm-12/lib/clang/12.0.0 -internal-isystem /usr/lib/llvm-12/bin/../include/c++/v1 -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-12/lib/clang/12.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -fdeprecated-macro -fdebug-compilation-dir /workdir/symsan -ferror-limit 19 -funroll-loops -fgnuc-version=4.2.1 -fcxx-exceptions -fexceptions -fcolor-diagnostics -vectorize-loops -vectorize-slp -load /workdir/symsan/build/bin/../lib/symsan/libTaintPass.so -mllvm -taint-abilist=/workdir/symsan/build/bin/../lib/symsan/dfsan_abilist.txt -mllvm -taint-abilist=/workdir/symsan/build/bin/../lib/symsan/zlib_abilist.txt -faddrsig -o /tmp/cpp_fstream-962f23.o -x c++ tests/cpp_fstream.cpp
clang -cc1 version 12.0.0 based upon LLVM 12.0.0 default target x86_64-pc-linux-gnu
ignoring nonexistent directory "/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/lib/llvm-12/bin/../include/c++/v1
 /usr/local/include
 /usr/lib/llvm-12/lib/clang/12.0.0/include
 /usr/include/x86_64-linux-gnu
 /usr/include
End of search list.
 "/usr/bin/ld" -pie -z relro --hash-style=gnu --build-id --eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o /tmp/cpp_fstream.symsan /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/Scrt1.o /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/crti.o /usr/bin/../lib/gcc/x86_64-linux-gnu/9/crtbeginS.o -L/usr/bin/../lib/gcc/x86_64-linux-gnu/9 -L/usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu -L/usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../lib64 -L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib64 -L/usr/lib/x86_64-linux-gnu/../../lib64 -L/usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../.. -L/usr/lib/llvm-12/bin/../lib -L/lib -L/usr/lib /tmp/cpp_fstream-962f23.o --whole-archive /workdir/symsan/build/bin/../lib/symsan/libdfsan_rt-x86_64.a --no-whole-archive --dynamic-list=/workdir/symsan/build/bin/../lib/symsan/libdfsan_rt-x86_64.a.syms -T/workdir/symsan/build/bin/../lib/symsan/taint.ld --whole-archive /workdir/symsan/build/bin/../lib/symsan/libc++.a /workdir/symsan/build/bin/../lib/symsan/libc++abi.a /workdir/symsan/build/bin/../lib/symsan/libunwind.a --no-whole-archive -lrt --no-as-needed --gc-sections -ldl -lpthread -lm -lz --whole-archive /workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a --no-whole-archive -lz3 -lc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc /usr/bin/../lib/gcc/x86_64-linux-gnu/9/crtendS.o /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/crtn.o
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<unsigned int>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text+0xbcf): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text+0x1e71): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__16vectorIjNS_9allocatorIjEEE6insertINS_21__hash_const_iteratorIPNS_11__hash_nodeIjPvEEEEEENS_9enable_ifIXaasr27__is_cpp17_forward_iteratorIT_EE5valuesr16is_constructibleIjNS_15iterator_traitsISC_E9referenceEEE5valueENS_11__wrap_iterIPjEEE4typeENSG_IPKjEESC_SC_[_ZNSt3__16vectorIjNS_9allocatorIjEEE6insertINS_21__hash_const_iteratorIPNS_11__hash_nodeIjPvEEEEEENS_9enable_ifIXaasr27__is_cpp17_forward_iteratorIT_EE5valuesr16is_constructibleIjNS_15iterator_traitsISC_E9referenceEEE5valueENS_11__wrap_iterIPjEEE4typeENSG_IPKjEESC_SC_]+0x801): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<std::__1::__hash_value_type<unsigned int, unsigned int>, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableINS_17__hash_value_typeIjjEENS_22__unordered_map_hasherIjS2_NS_4hashIjEENS_8equal_toIjEELb1EEENS_21__unordered_map_equalIjS2_S7_S5_Lb1EEENS_9allocatorIS2_EEE8__rehashEm[_ZNSt3__112__hash_tableINS_17__hash_value_typeIjjEENS_22__unordered_map_hasherIjS2_NS_4hashIjEENS_8equal_toIjEELb1EEENS_21__unordered_map_equalIjS2_S7_S5_Lb1EEENS_9allocatorIS2_EEE8__rehashEm]+0x2bb): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<unsigned int, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableIjNS_4hashIjEENS_8equal_toIjEENS_9allocatorIjEEE8__rehashEm[_ZNSt3__112__hash_tableIjNS_4hashIjEENS_8equal_toIjEENS_9allocatorIjEEE8__rehashEm]+0x2bb): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<std::__1::__hash_value_type<unsigned int, z3::expr>, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableINS_17__hash_value_typeIjN2z34exprEEENS_22__unordered_map_hasherIjS4_NS_4hashIjEENS_8equal_toIjEELb1EEENS_21__unordered_map_equalIjS4_S9_S7_Lb1EEENS_9allocatorIS4_EEE8__rehashEm[_ZNSt3__112__hash_tableINS_17__hash_value_typeIjN2z34exprEEENS_22__unordered_map_hasherIjS4_NS_4hashIjEENS_8equal_toIjEELb1EEENS_21__unordered_map_equalIjS4_S9_S7_Lb1EEENS_9allocatorIS4_EEE8__rehashEm]+0x2bb): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<std::__1::__hash_value_type<unsigned int, std::__1::unordered_set<unsigned int, std::__1::hash<unsigned int>, std::__1::equal_to<unsigned int>, std::__1::allocator<unsigned int> > >, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableINS_17__hash_value_typeIjNS_13unordered_setIjNS_4hashIjEENS_8equal_toIjEENS_9allocatorIjEEEEEENS_22__unordered_map_hasherIjSA_S4_S6_Lb1EEENS_21__unordered_map_equalIjSA_S6_S4_Lb1EEENS7_ISA_EEE8__rehashEm[_ZNSt3__112__hash_tableINS_17__hash_value_typeIjNS_13unordered_setIjNS_4hashIjEENS_8equal_toIjEENS_9allocatorIjEEEEEENS_22__unordered_map_hasherIjSA_S4_S6_Lb1EEENS_21__unordered_map_equalIjSA_S6_S4_Lb1EEENS7_ISA_EEE8__rehashEm]+0x2bb): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<branch_dep_t*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__16vectorIP12branch_dep_tNS_9allocatorIS2_EEE8__appendEm[_ZNSt3__16vectorIP12branch_dep_tNS_9allocatorIS2_EEE8__appendEm]+0x144): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<z3::expr, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableIN2z34exprE9expr_hash10expr_equalNS_9allocatorIS2_EEE8__rehashEm[_ZNSt3__112__hash_tableIN2z34exprE9expr_hash10expr_equalNS_9allocatorIS2_EEE8__rehashEm]+0x3a9): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<std::__1::__hash_value_type<std::__1::pair<unsigned int, void*>, unsigned short>, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableINS_17__hash_value_typeINS_4pairIjPvEEtEENS_22__unordered_map_hasherIS4_S5_12context_hashNS_8equal_toIS4_EELb1EEENS_21__unordered_map_equalIS4_S5_S9_S7_Lb1EEENS_9allocatorIS5_EEE8__rehashEm[_ZNSt3__112__hash_tableINS_17__hash_value_typeINS_4pairIjPvEEtEENS_22__unordered_map_hasherIS4_S5_12context_hashNS_8equal_toIS4_EELb1EEENS_21__unordered_map_equalIS4_S5_S9_S7_Lb1EEENS_9allocatorIS5_EEE8__rehashEm]+0x2d5): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `std::__1::__throw_length_error(char const*)'
/workdir/symsan/build/bin/../lib/symsan/libZ3Solver.a(z3.cpp.o): in function `std::__1::allocator<std::__1::__hash_node_base<std::__1::__hash_node<unsigned long, void*>*>*>::allocate(unsigned long)':
/usr/lib/llvm-12/bin/../include/c++/v1/memory:835:(.text._ZNSt3__112__hash_tableImNS_4hashImEENS_8equal_toImEENS_9allocatorImEEE8__rehashEm[_ZNSt3__112__hash_tableImNS_4hashImEENS_8equal_toImEENS_9allocatorImEEE8__rehashEm]+0x2bd): additional relocation overflows omitted from the output
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ChengyuSong commented 2 years ago

The in-process Z3 solving module uses Z3's C++ API and a few STL containers, so itself has dependencies on C++ libs. It's possible to resolve these issues by adding those dependencies to the abilist to not instrument them and rebuild the C++ libs, but it's not simple. So the best solution is to use a out-of-process solving module like fastgen.