version 1.2, 2017/02/16 00:06:15
|
version 1.3, 2017/02/16 00:08:58
|
Line 2
|
Line 2
|
|
|
## Address Sanitizer (+UBsan) (preliminary) ## |
## Address Sanitizer (+UBsan) (preliminary) ## |
|
|
ASan reports memory violations, and detects many off-by-ones. It seems |
ASan reports memory violations, and detects many off-by-ones. It seems to produce very high quality reports. |
to produce very high quality reports. |
|
|
|
It only needs to be compiled on the resulting binary[1]. It cannot compile |
It only needs to be compiled on the resulting binary[1]. It cannot compile static objects so requires some fiddling with makefiles to disable those. |
static objects so requires some fiddling with makefiles to disable those. |
|
|
|
I've been running it on netbsd tests in the following manner[2]: |
I've been running it on netbsd tests in the following manner[2]: |
|
|
cd /usr/src/tests/lib/libc |
cd /usr/src/tests/lib/libc |
env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20 |
env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20 |
|
|
env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run |
env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run # [3] |
|
|
sysctl -w security.pax.aslr.enabled=0 # [3] |
sysctl -w security.pax.aslr.enabled=0 # [4] |
|
|
1. Seems like this is a cause of worse reports, as in-library functions |
1. Seems like this is a cause of worse reports, as in-library functions |
are not intercepted. |
are not intercepted. |
|
|
2. Not even close to canonical commands, should probably be improved. |
2. Not even close to canonical commands, should probably be improved. |
|
|
3. To workaround "Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly". An alternative is to LD_PRELOAD and LD_LIBRARY_PATH an entirely separate libc, ld.elf_so, etc. |
3. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself triggers a bug. Should have a look at it so this option doesn't need to be disabled. |
|
|
4. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself |
4. To workaround "Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly". An alternative is to LD_PRELOAD and LD_LIBRARY_PATH an entirely separate libc, ld.elf_so, etc. |
triggers a bug. Should have a look at it so this option doesn't |
|
need to be disabled. |
5. ASan can be wrong about which function is faulting, if we're talking about functions internal to the library. Running it on a separate file or in GDB can be helpful. Worth trying if the failure doesn't make sense. |
|
|
Important note: ASan should not be run on production systems. [It can pose a |
Important note: ASan should not be run on production systems. [It can pose a |
security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9). |
security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9). |