search

tst2005googlecode2 / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

False negative in init-order checker when non-dynamically initialized global is overwritten in global constructors. #225

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
$ cat tmp/init-order/false_neg/a.h 
void setGlobal();
int getGlobal();

$ cat tmp/init-order/false_neg/a.cc
int global = 0;
void setGlobal() { global = 42; }
int getGlobal() { return global; }

$ cat tmp/init-order/false_neg/b.cc
#include "a.h"
struct S {
  S() { setGlobal(); }
} s;

$ cat tmp/init-order/false_neg/c.cc
#include <stdio.h>
#include "a.h"
int foo = getGlobal();

int main() {
  printf("%d\n", foo);
}

The result depends on the order in which b.cc and c.cc constructors are run, 
but ASan doesn't report the problem as it doesn't see that although "global" is 
initialized with zero at program startup, it is overwritten in global 
constructors.

$ ./bin/clang++ -fsanitize=address,init-order tmp/init-order/false_neg/a.cc 
tmp/init-order/false_neg/c.cc tmp/init-order/false_neg/b.cc
$ ASAN_OPTIONS=check_initialization_order=true:strict_init_order=true ./a.out
0

$ ./bin/clang++ -fsanitize=address,init-order tmp/init-order/false_neg/a.cc 
tmp/init-order/false_neg/b.cc tmp/init-order/false_neg/c.cc
$ ASAN_OPTIONS=check_initialization_order=true:strict_init_order=true ./a.out
42

Original issue reported on code.google.com by samso...@google.com on 18 Sep 2013 at 4:06

GoogleCodeExporter commented 9 years ago 
Are you sure it's a false negative?
It is essentially the same as "plugin registration" scheme, where plugin in 
each module registers itself within a global register. Order of registration is 
undefined, but the result is always the same -- all plugins are registered.

Original comment by dvyu...@google.com on 18 Sep 2013 at 4:20

GoogleCodeExporter commented 9 years ago 
Replace int with int* and you will or will not get segmentation fault depending 
on the order of global constructors, so this pattern can easily lead to the 
actual bugs. I also agree there is a perfectly legal code that uses this 
pattern, like the one you mentioned. Can we distiguish between them?

Original comment by samso...@google.com on 19 Sep 2013 at 1:53

GoogleCodeExporter commented 9 years ago 
I do not see any way to do it.

Original comment by dvyu...@google.com on 19 Sep 2013 at 5:16

GoogleCodeExporter commented 9 years ago

Original comment by samso...@google.com on 8 May 2014 at 11:31