1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>GWP-ASan — LLVM 13 documentation</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/llvm-theme.css" type="text/css" />
<script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/doctools.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="How to set up LLVM-style RTTI for your class hierarchy" href="HowToSetUpLLVMStyleRTTI.html" />
<link rel="prev" title="Known Bits Analysis" href="GlobalISel/KnownBits.html" />
<style type="text/css">
table.right { float: right; margin-left: 20px; }
table.right td { border: 1px solid #ccc; }
</style>
</head><body>
<div class="logo">
<a href="index.html">
<img src="_static/logo.png"
alt="LLVM Logo" width="250" height="88"/></a>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="HowToSetUpLLVMStyleRTTI.html" title="How to set up LLVM-style RTTI for your class hierarchy"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="GlobalISel/KnownBits.html" title="Known Bits Analysis"
accesskey="P">previous</a> |</li>
<li><a href="https://llvm.org/">LLVM Home</a> | </li>
<li><a href="index.html">Documentation</a>»</li>
<li class="nav-item nav-item-1"><a href="Reference.html" accesskey="U">Reference</a> »</li>
<li class="nav-item nav-item-this"><a href="">GWP-ASan</a></li>
</ul>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h3>Documentation</h3>
<ul class="want-points">
<li><a href="https://llvm.org/docs/GettingStartedTutorials.html">Getting Started/Tutorials</a></li>
<li><a href="https://llvm.org/docs/UserGuides.html">User Guides</a></li>
<li><a href="https://llvm.org/docs/Reference.html">Reference</a></li>
</ul>
<h3>Getting Involved</h3>
<ul class="want-points">
<li><a href="https://llvm.org/docs/Contributing.html">Contributing to LLVM</a></li>
<li><a href="https://llvm.org/docs/HowToSubmitABug.html">Submitting Bug Reports</a></li>
<li><a href="https://llvm.org/docs/GettingInvolved.html#mailing-lists">Mailing Lists</a></li>
<li><a href="https://llvm.org/docs/GettingInvolved.html#irc">IRC</a></li>
<li><a href="https://llvm.org/docs/GettingInvolved.html#meetups-and-social-events">Meetups and Social Events</a></li>
</ul>
<h3>Additional Links</h3>
<ul class="want-points">
<li><a href="https://llvm.org/docs/FAQ.html">FAQ</a></li>
<li><a href="https://llvm.org/docs/Lexicon.html">Glossary</a></li>
<li><a href="https://llvm.org/pubs">Publications</a></li>
<li><a href="https://github.com/llvm/llvm-project//">Github Repository</a></li>
</ul>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="_sources/GwpAsan.rst.txt"
rel="nofollow">Show Source</a></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" />
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>$('#searchbox').show(0);</script>
</div>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="gwp-asan">
<h1>GWP-ASan<a class="headerlink" href="#gwp-asan" title="Permalink to this headline">¶</a></h1>
<div class="contents local topic" id="contents">
<ul class="simple">
<li><p><a class="reference internal" href="#introduction" id="id1">Introduction</a></p></li>
<li><p><a class="reference internal" href="#gwp-asan-vs-asan" id="id2">GWP-ASan vs. ASan</a></p></li>
<li><p><a class="reference internal" href="#design" id="id3">Design</a></p>
<ul>
<li><p><a class="reference internal" href="#allocator-support" id="id4">Allocator Support</a></p></li>
<li><p><a class="reference internal" href="#guarded-allocation-pool" id="id5">Guarded Allocation Pool</a></p></li>
<li><p><a class="reference internal" href="#buffer-underflow-overflow-detection" id="id6">Buffer Underflow/Overflow Detection</a></p></li>
<li><p><a class="reference internal" href="#use-after-free-detection" id="id7">Use after Free Detection</a></p></li>
</ul>
</li>
<li><p><a class="reference internal" href="#usage" id="id8">Usage</a></p>
<ul>
<li><p><a class="reference internal" href="#options" id="id9">Options</a></p></li>
<li><p><a class="reference internal" href="#example" id="id10">Example</a></p></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="introduction">
<h2><a class="toc-backref" href="#id1">Introduction</a><a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
<p>GWP-ASan is a sampled allocator framework that assists in finding use-after-free
and heap-buffer-overflow bugs in production environments. It informally is a
recursive acronym, “<strong>G</strong>WP-ASan <strong>W</strong>ill <strong>P</strong>rovide <strong>A</strong>llocation
<strong>SAN</strong>ity”.</p>
<p>GWP-ASan is based on the classic
<a class="reference external" href="https://linux.die.net/man/3/efence">Electric Fence Malloc Debugger</a>, with a
key adaptation. Notably, we only choose a very small percentage of allocations
to sample, and apply guard pages to these sampled allocations only. The sampling
is small enough to allow us to have very low performance overhead.</p>
<p>There is a small, tunable memory overhead that is fixed for the lifetime of the
process. This is approximately ~40KiB per process using the default settings,
depending on the average size of your allocations.</p>
</div>
<div class="section" id="gwp-asan-vs-asan">
<h2><a class="toc-backref" href="#id2">GWP-ASan vs. ASan</a><a class="headerlink" href="#gwp-asan-vs-asan" title="Permalink to this headline">¶</a></h2>
<p>Unlike <a class="reference external" href="https://clang.llvm.org/docs/AddressSanitizer.html">AddressSanitizer</a>,
GWP-ASan does not induce a significant performance overhead. ASan often requires
the use of dedicated canaries to be viable in production environments, and as
such is often impractical.</p>
<p>GWP-ASan is only capable of finding a subset of the memory issues detected by
ASan. Furthermore, GWP-ASan’s bug detection capabilities are only probabilistic.
As such, we recommend using ASan over GWP-ASan in testing, as well as anywhere
else that guaranteed error detection is more valuable than the 2x execution
slowdown/binary size bloat. For the majority of production environments, this
impact is too high, and GWP-ASan proves extremely useful.</p>
</div>
<div class="section" id="design">
<h2><a class="toc-backref" href="#id3">Design</a><a class="headerlink" href="#design" title="Permalink to this headline">¶</a></h2>
<p><strong>Please note:</strong> The implementation of GWP-ASan is largely in-flux, and these
details are subject to change. There are currently other implementations of
GWP-ASan, such as the implementation featured in
<a class="reference external" href="https://cs.chromium.org/chromium/src/components/gwp_asan/">Chromium</a>. The
long-term support goal is to ensure feature-parity where reasonable, and to
support compiler-rt as the reference implementation.</p>
<div class="section" id="allocator-support">
<h3><a class="toc-backref" href="#id4">Allocator Support</a><a class="headerlink" href="#allocator-support" title="Permalink to this headline">¶</a></h3>
<p>GWP-ASan is not a replacement for a traditional allocator. Instead, it works by
inserting stubs into a supporting allocator to redirect allocations to GWP-ASan
when they’re chosen to be sampled. These stubs are generally implemented in the
implementation of <code class="docutils literal notranslate"><span class="pre">malloc()</span></code>, <code class="docutils literal notranslate"><span class="pre">free()</span></code> and <code class="docutils literal notranslate"><span class="pre">realloc()</span></code>. The stubs are
extremely small, which makes using GWP-ASan in most allocators fairly trivial.
The stubs follow the same general pattern (example <code class="docutils literal notranslate"><span class="pre">malloc()</span></code> pseudocode
below):</p>
<div class="highlight-cpp notranslate"><div class="highlight"><pre><span></span><span class="cp">#ifdef INSTALL_GWP_ASAN_STUBS</span>
<span class="n">gwp_asan</span><span class="o">::</span><span class="n">GuardedPoolAllocator</span> <span class="n">GWPASanAllocator</span><span class="p">;</span>
<span class="cp">#endif</span>
<span class="kt">void</span><span class="o">*</span> <span class="n">YourAllocator</span><span class="o">::</span><span class="n">malloc</span><span class="p">(..)</span> <span class="p">{</span>
<span class="cp">#ifdef INSTALL_GWP_ASAN_STUBS</span>
<span class="k">if</span> <span class="p">(</span><span class="n">GWPASanAllocator</span><span class="p">.</span><span class="n">shouldSample</span><span class="p">(..))</span>
<span class="k">return</span> <span class="n">GWPASanAllocator</span><span class="p">.</span><span class="n">allocate</span><span class="p">(..);</span>
<span class="cp">#endif</span>
<span class="c1">// ... the rest of your allocator code here.</span>
<span class="p">}</span>
</pre></div>
</div>
<p>Then, all the supporting allocator needs to do is compile with
<code class="docutils literal notranslate"><span class="pre">-DINSTALL_GWP_ASAN_STUBS</span></code> and link against the GWP-ASan library! For
performance reasons, we strongly recommend static linkage of the GWP-ASan
library.</p>
</div>
<div class="section" id="guarded-allocation-pool">
<h3><a class="toc-backref" href="#id5">Guarded Allocation Pool</a><a class="headerlink" href="#guarded-allocation-pool" title="Permalink to this headline">¶</a></h3>
<p>The core of GWP-ASan is the guarded allocation pool. Each sampled allocation is
backed using its own <em>guarded</em> slot, which may consist of one or more accessible
pages. Each guarded slot is surrounded by two <em>guard</em> pages, which are mapped as
inaccessible. The collection of all guarded slots makes up the <em>guarded
allocation pool</em>.</p>
</div>
<div class="section" id="buffer-underflow-overflow-detection">
<h3><a class="toc-backref" href="#id6">Buffer Underflow/Overflow Detection</a><a class="headerlink" href="#buffer-underflow-overflow-detection" title="Permalink to this headline">¶</a></h3>
<p>We gain buffer-overflow and buffer-underflow detection through these guard
pages. When a memory access overruns the allocated buffer, it will touch the
inaccessible guard page, causing memory exception. This exception is caught and
handled by the internal crash handler. Because each allocation is recorded with
metadata about where (and by what thread) it was allocated and deallocated, we
can provide information that will help identify the root cause of the bug.</p>
<p>Allocations are randomly selected to be either left- or right-aligned to provide
equal detection of both underflows and overflows.</p>
</div>
<div class="section" id="use-after-free-detection">
<h3><a class="toc-backref" href="#id7">Use after Free Detection</a><a class="headerlink" href="#use-after-free-detection" title="Permalink to this headline">¶</a></h3>
<p>The guarded allocation pool also provides use-after-free detection. Whenever a
sampled allocation is deallocated, we map its guarded slot as inaccessible. Any
memory accesses after deallocation will thus trigger the crash handler, and we
can provide useful information about the source of the error.</p>
<p>Please note that the use-after-free detection for a sampled allocation is
transient. To keep memory overhead fixed while still detecting bugs, deallocated
slots are randomly reused to guard future allocations.</p>
</div>
</div>
<div class="section" id="usage">
<h2><a class="toc-backref" href="#id8">Usage</a><a class="headerlink" href="#usage" title="Permalink to this headline">¶</a></h2>
<p>GWP-ASan already ships by default in the
<a class="reference external" href="https://llvm.org/docs/ScudoHardenedAllocator.html">Scudo Hardened Allocator</a>,
so building with <code class="docutils literal notranslate"><span class="pre">-fsanitize=scudo</span></code> is the quickest and easiest way to try out
GWP-ASan.</p>
<div class="section" id="options">
<h3><a class="toc-backref" href="#id9">Options</a><a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h3>
<p>GWP-ASan’s configuration is managed by the supporting allocator. We provide a
generic configuration management library that is used by Scudo. It allows
several aspects of GWP-ASan to be configured through the following methods:</p>
<ul class="simple">
<li><p>When the GWP-ASan library is compiled, by setting
<code class="docutils literal notranslate"><span class="pre">-DGWP_ASAN_DEFAULT_OPTIONS</span></code> to the options string you want set by default.
If you’re building GWP-ASan as part of a compiler-rt/LLVM build, add it during
cmake configure time (e.g. <code class="docutils literal notranslate"><span class="pre">cmake</span> <span class="pre">...</span> <span class="pre">-DGWP_ASAN_DEFAULT_OPTIONS="..."</span></code>). If
you’re building GWP-ASan outside of compiler-rt, simply ensure that you
specify <code class="docutils literal notranslate"><span class="pre">-DGWP_ASAN_DEFAULT_OPTIONS="..."</span></code> when building
<code class="docutils literal notranslate"><span class="pre">optional/options_parser.cpp</span></code>).</p></li>
<li><p>By defining a <code class="docutils literal notranslate"><span class="pre">__gwp_asan_default_options</span></code> function in one’s program that
returns the options string to be parsed. Said function must have the following
prototype: <code class="docutils literal notranslate"><span class="pre">extern</span> <span class="pre">"C"</span> <span class="pre">const</span> <span class="pre">char*</span> <span class="pre">__gwp_asan_default_options(void)</span></code>, with a
default visibility. This will override the compile time define;</p></li>
<li><p>Depending on allocator support (Scudo has support for this mechanism): Through
the environment variable <code class="docutils literal notranslate"><span class="pre">GWP_ASAN_OPTIONS</span></code>, containing the options string
to be parsed. Options defined this way will override any definition made
through <code class="docutils literal notranslate"><span class="pre">__gwp_asan_default_options</span></code>.</p></li>
</ul>
<p>The options string follows a syntax similar to ASan, where distinct options
can be assigned in the same string, separated by colons.</p>
<p>For example, using the environment variable:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">GWP_ASAN_OPTIONS="MaxSimultaneousAllocations=16:SampleRate=5000" ./a.out</span>
</pre></div>
</div>
<p>Or using the function:</p>
<div class="highlight-cpp notranslate"><div class="highlight"><pre><span></span><span class="k">extern</span> <span class="s">"C"</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">__gwp_asan_default_options</span><span class="p">()</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">"MaxSimultaneousAllocations=16:SampleRate=5000"</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>
</div>
<p>The following options are available:</p>
<table class="docutils align-default">
<colgroup>
<col style="width: 24%" />
<col style="width: 8%" />
<col style="width: 68%" />
</colgroup>
<tbody>
<tr class="row-odd"><td><p>Option</p></td>
<td><p>Default</p></td>
<td><p>Description</p></td>
</tr>
<tr class="row-even"><td><p>Enabled</p></td>
<td><p>true</p></td>
<td><p>Is GWP-ASan enabled?</p></td>
</tr>
<tr class="row-odd"><td><p>PerfectlyRightAlign</p></td>
<td><p>false</p></td>
<td><p>When allocations are right-aligned, should we perfectly align them up to the
page boundary? By default (false), we round up allocation size to the nearest
power of two (2, 4, 8, 16) up to a maximum of 16-byte alignment for
performance reasons. Setting this to true can find single byte
buffer-overflows at the cost of performance, and may be incompatible with
some architectures.</p></td>
</tr>
<tr class="row-even"><td><p>MaxSimultaneousAllocations</p></td>
<td><p>16</p></td>
<td><p>Number of simultaneously-guarded allocations available in the pool.</p></td>
</tr>
<tr class="row-odd"><td><p>SampleRate</p></td>
<td><p>5000</p></td>
<td><p>The probability (1 / SampleRate) that a page is selected for GWP-ASan
sampling. Sample rates up to (2^31 - 1) are supported.</p></td>
</tr>
<tr class="row-even"><td><p>InstallSignalHandlers</p></td>
<td><p>true</p></td>
<td><p>Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This
allows better error reports by providing stack traces for allocation and
deallocation when reporting a memory error. GWP-ASan’s signal handler will
forward the signal to any previously-installed handler, and user programs
that install further signal handlers should make sure they do the same. Note,
if the previously installed SIGSEGV handler is SIG_IGN, we terminate the
process after dumping the error report.</p></td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="example">
<h3><a class="toc-backref" href="#id10">Example</a><a class="headerlink" href="#example" title="Permalink to this headline">¶</a></h3>
<p>The below code has a use-after-free bug, where the <code class="docutils literal notranslate"><span class="pre">string_view</span></code> is created as
a reference to the temporary result of the <code class="docutils literal notranslate"><span class="pre">string+</span></code> operator. The
use-after-free occurs when <code class="docutils literal notranslate"><span class="pre">sv</span></code> is dereferenced on line 8.</p>
<div class="highlight-cpp notranslate"><div class="highlight"><pre><span></span>1: #include <iostream>
2: #include <string>
3: #include <string_view>
4:
5: int main() {
6: std::string s = "Hellooooooooooooooo ";
7: std::string_view sv = s + "World\n";
8: std::cout << sv;
9: }
</pre></div>
</div>
<p>Compiling this code with Scudo+GWP-ASan will probabilistically catch this bug
and provide us a detailed error report:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="gp">$</span> clang++ -fsanitize<span class="o">=</span>scudo -std<span class="o">=</span>c++17 -g buggy_code.cpp
<span class="gp">$</span> <span class="k">for</span> i in <span class="sb">`</span>seq <span class="m">1</span> <span class="m">200</span><span class="sb">`</span><span class="p">;</span> <span class="k">do</span>
<span class="go"> GWP_ASAN_OPTIONS="SampleRate=100" ./a.out > /dev/null;</span>
<span class="go"> done</span>
<span class="go">|</span>
<span class="go">| *** GWP-ASan detected a memory error ***</span>
<span class="go">| Use after free at 0x7feccab26000 (0 bytes into a 41-byte allocation at 0x7feccab26000) by thread 31027 here:</span>
<span class="go">| ...</span>
<span class="go">| #9 ./a.out(_ZStlsIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_St17basic_string_viewIS3_S4_E+0x45) [0x55585c0afa55]</span>
<span class="go">| #10 ./a.out(main+0x9f) [0x55585c0af7cf]</span>
<span class="go">| #11 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fecc966952b]</span>
<span class="go">| #12 ./a.out(_start+0x2a) [0x55585c0867ba]</span>
<span class="go">|</span>
<span class="go">| 0x7feccab26000 was deallocated by thread 31027 here:</span>
<span class="go">| ...</span>
<span class="go">| #7 ./a.out(main+0x83) [0x55585c0af7b3]</span>
<span class="go">| #8 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fecc966952b]</span>
<span class="go">| #9 ./a.out(_start+0x2a) [0x55585c0867ba]</span>
<span class="go">|</span>
<span class="go">| 0x7feccab26000 was allocated by thread 31027 here:</span>
<span class="go">| ...</span>
<span class="go">| #12 ./a.out(main+0x57) [0x55585c0af787]</span>
<span class="go">| #13 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fecc966952b]</span>
<span class="go">| #14 ./a.out(_start+0x2a) [0x55585c0867ba]</span>
<span class="go">|</span>
<span class="go">| *** End GWP-ASan report ***</span>
<span class="go">| Segmentation fault</span>
</pre></div>
</div>
<p>To symbolize these stack traces, some care has to be taken. Scudo currently uses
GNU’s <code class="docutils literal notranslate"><span class="pre">backtrace_symbols()</span></code> from <code class="docutils literal notranslate"><span class="pre"><execinfo.h></span></code> to unwind. The unwinder
provides human-readable stack traces in <code class="docutils literal notranslate"><span class="pre">function+offset</span></code> form, rather than
the normal <code class="docutils literal notranslate"><span class="pre">binary+offset</span></code> form. In order to use addr2line or similar tools to
recover the exact line number, we must convert the <code class="docutils literal notranslate"><span class="pre">function+offset</span></code> to
<code class="docutils literal notranslate"><span class="pre">binary+offset</span></code>. A helper script is available at
<code class="docutils literal notranslate"><span class="pre">compiler-rt/lib/gwp_asan/scripts/symbolize.sh</span></code>. Using this script will
attempt to symbolize each possible line, falling back to the previous output if
anything fails. This results in the following output:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="gp">$</span> cat my_gwp_asan_error.txt <span class="p">|</span> symbolize.sh
<span class="go">|</span>
<span class="go">| *** GWP-ASan detected a memory error ***</span>
<span class="go">| Use after free at 0x7feccab26000 (0 bytes into a 41-byte allocation at 0x7feccab26000) by thread 31027 here:</span>
<span class="go">| ...</span>
<span class="go">| #9 /usr/lib/gcc/x86_64-linux-gnu/8.0.1/../../../../include/c++/8.0.1/string_view:547</span>
<span class="go">| #10 /tmp/buggy_code.cpp:8</span>
<span class="go">|</span>
<span class="go">| 0x7feccab26000 was deallocated by thread 31027 here:</span>
<span class="go">| ...</span>
<span class="go">| #7 /tmp/buggy_code.cpp:8</span>
<span class="go">| #8 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fecc966952b]</span>
<span class="go">| #9 ./a.out(_start+0x2a) [0x55585c0867ba]</span>
<span class="go">|</span>
<span class="go">| 0x7feccab26000 was allocated by thread 31027 here:</span>
<span class="go">| ...</span>
<span class="go">| #12 /tmp/buggy_code.cpp:7</span>
<span class="go">| #13 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fecc966952b]</span>
<span class="go">| #14 ./a.out(_start+0x2a) [0x55585c0867ba]</span>
<span class="go">|</span>
<span class="go">| *** End GWP-ASan report ***</span>
<span class="go">| Segmentation fault</span>
</pre></div>
</div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="HowToSetUpLLVMStyleRTTI.html" title="How to set up LLVM-style RTTI for your class hierarchy"
>next</a> |</li>
<li class="right" >
<a href="GlobalISel/KnownBits.html" title="Known Bits Analysis"
>previous</a> |</li>
<li><a href="https://llvm.org/">LLVM Home</a> | </li>
<li><a href="index.html">Documentation</a>»</li>
<li class="nav-item nav-item-1"><a href="Reference.html" >Reference</a> »</li>
<li class="nav-item nav-item-this"><a href="">GWP-ASan</a></li>
</ul>
</div>
<div class="footer" role="contentinfo">
© Copyright 2003-2021, LLVM Project.
Last updated on 2021-09-18.
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
</div>
</body>
</html>
|
