如何在gdb中破解多个clang/ubsan警告？

Question

使用以下测试程序(用clang 3.4编译并在gdb 7.6.1下运行)：

#include <limits.h>
#include <stdio.h>

int main(void)
{
    int a = INT_MAX + 1;
    int b = INT_MAX + 2;
    printf("Result: a = %d, b = %d\n", a, b);
}

我希望能够使用gdb在第二次出现未定义行为(int b = ...)时自动停止。

如果我用以下方式编译：

clang -fsanitize=undefined -O0 -ggdb3 -o test test.c

在gdb下运行程序的...then只会导致它运行到完成：

test.c:6:21: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
test.c:7:21: runtime error: signed integer overflow: 2147483647 + 2 cannot be represented in type 'int'
Result: a = -2147483648, b = -2147483647
[Inferior 1 (process 24185) exited normally]

但如果我用：

clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -O0 -ggdb3 -o test test.c

...then我无法在第一次事件之后继续：

Program received signal SIGILL, Illegal instruction.
0x0000000000400556 in main () at test.c:6
6       int a = INT_MAX + 1;
(gdb) c
Continuing.

Program terminated with signal SIGILL, Illegal instruction.
The program no longer exists.

是否有可能让gdb在(并且只有在)未定义的行为被标记时中断，而让程序继续进行呢？我要的是一种技术，它不仅适用于本例，而且一般情况下，违规行可能在循环中，值可能在运行时确定，等等。

Answer 1

在x86-64上，导致SIGILL并停止程序的指令是ud2 (http://asm.inightmare.org/opcodelst/index.php?op=UD2)。为了存档您的目标，您可以更改gdb对SIGILL的处理，并使用跳转(您需要在$pc on x86_64上添加2)：

这是如何将ud2指令放置在x86_64上测试程序的代码中：

   0x00000000004004f0 <+32>:    0f 85 02 00 00 00       jne    0x4004f8 <main+40>
=> 0x00000000004004f6 <+38>:    0f 0b   ud2
   0x00000000004004f8 <+40>:    b8 ff ff ff 7f  mov    $0x7fffffff,%eax

这些gdb命令是使用以下命令所必需的：

handle SIGILL stop print nopass
set $pc = $pc + 2

这是测试程序的一个示例：

$ gdb -q ./test
Reading symbols from /home/test...done.
(gdb) handle SIGILL stop print nopass
Signal        Stop      Print   Pass to program Description
SIGILL        Yes       Yes     No              Illegal instruction
(gdb) r
Starting program: /home/test

Program received signal SIGILL, Illegal instruction.
0x00000000004004f6 in main () at test.c:6
6         int a = INT_MAX + 1;
(gdb) set $pc = $pc + 2
(gdb) c
Continuing.

Program received signal SIGILL, Illegal instruction.
0x000000000040051f in main () at test.c:7
7         int b = INT_MAX + 2;
(gdb) set $pc = $pc + 2
(gdb) c
Continuing.
Result: a = -2147483648, b = -2147483647
[Inferior 1 (process 7898) exited normally]
(gdb)

有用的链接：

• http://sourceware.org/gdb/current/onlinedocs/gdb/Jumping.html#Jumping
• http://sourceware.org/gdb/current/onlinedocs/gdb/Signals.html#Signals