Please try to perform following command:
# setup the environment variables in the root directory of the tool
$ source tool/init_env.sh
# compile the program and get bit code
$ cd $ROOT_DIR/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972
$ ./cleanDIR.sh
$ clang -g -emit-llvm -c ./2016-1972.c -o 2016-1972.bc
# perform static analysis
$ $ROOT_DIR/tool/staticAnalysis/staticAnalysis.sh 2016-1972
# complie the instrumented program with ASAN
$ export Con_PATH=$ROOT_DIR/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/ConConfig.2016-1972
$ $ROOT_DIR/tool/staticAnalysis/DBDS-INSTRU/dbds-clang-fast -g -fsanitize=address -c ./2016-1972.c -o 2016-1972.o
$ clang++ ./2016-1972.o $ROOT_DIR/tool/staticAnalysis/DBDS-INSTRU/DBDSFunction.o -g -o 2016-1972 -lpthread -fsanitize=address -ldl
# perform DBDS
$ $ROOT_DIR/tool/DBDS/run_PDS.py -d 4 ./2016-1972Then you will get the results.
Start Testing!
test 0001
test 0002
...The DF ASAN output:
=================================================================
==102519==ERROR: AddressSanitizer: attempting double-free on 0x6040000000d0 in thread T1:
#0 0x4936fd (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4936fd)
#1 0x4c5bd9 (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5bd9)
#2 0x7f8ad2d0e6b9 (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#3 0x7f8ad1d974dc (/lib/x86_64-linux-gnu/libc.so.6+0x1074dc)
0x6040000000d0 is located 0 bytes inside of 40-byte region [0x6040000000d0,0x6040000000f8)
freed by thread T2 here:
#0 0x4936fd (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4936fd)
#1 0x4c5bd9 (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5bd9)
previously allocated by thread T0 here:
#0 0x49397d (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x49397d)
#1 0x4c5cca (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5cca)
#2 0x7f8ad1cb083f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
Thread T1 created by T0 here:
#0 0x47e10a (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x47e10a)
#1 0x4c5cf1 (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5cf1)
#2 0x7f8ad1cb083f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
Thread T2 created by T0 here:
#0 0x47e10a (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x47e10a)
#1 0x4c5d1b (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5d1b)
#2 0x7f8ad1cb083f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
SUMMARY: AddressSanitizer: double-free (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4936fd)
==102519==ABORTINGUse addr2line -e ./2016-1972 0x4c5bd9 to see the debug info
/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/./2016-1972.c:55
The ASAN output:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==102676==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7f4c55fa2d44 bp 0x000000000000 sp 0x7f4c523ceec0 T1)
==102676==The signal is caused by a READ memory access.
==102676==Hint: address points to the zero page.
#0 0x7f4c55fa2d43 (/lib/x86_64-linux-gnu/libpthread.so.0+0x9d43)
#1 0x4c5b13 (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5b13)
#2 0x7f4c55fa06b9 (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#3 0x7f4c550294dc (/lib/x86_64-linux-gnu/libc.so.6+0x1074dc)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libpthread.so.0+0x9d43)
Thread T1 created by T0 here:
#0 0x47e10a (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x47e10a)
#1 0x4c5cf1 (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/2016-1972+0x4c5cf1)
#2 0x7f4c54f4283f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
==102676==ABORTINGUse addr2line -e ./2016-1972 0x4c5b13 to see the debug info
/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-1972/./2016-1972.c:24