|
version 1.2, 2017/02/16 00:06:15
|
version 1.3, 2017/02/16 00:08:58
|
|
Line 2
|
Line 2
|
| |
|
| ## Address Sanitizer (+UBsan) (preliminary) ## |
## Address Sanitizer (+UBsan) (preliminary) ## |
| |
|
| ASan reports memory violations, and detects many off-by-ones. It seems |
ASan reports memory violations, and detects many off-by-ones. It seems to produce very high quality reports. |
| to produce very high quality reports. |
|
| |
|
| It only needs to be compiled on the resulting binary[1]. It cannot compile |
It only needs to be compiled on the resulting binary[1]. It cannot compile static objects so requires some fiddling with makefiles to disable those. |
| static objects so requires some fiddling with makefiles to disable those. |
|
| |
|
| I've been running it on netbsd tests in the following manner[2]: |
I've been running it on netbsd tests in the following manner[2]: |
| |
|
| cd /usr/src/tests/lib/libc |
cd /usr/src/tests/lib/libc |
| env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20 |
env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20 |
| |
|
| env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run |
env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run # [3] |
| |
|
| sysctl -w security.pax.aslr.enabled=0 # [3] |
sysctl -w security.pax.aslr.enabled=0 # [4] |
| |
|
| 1. Seems like this is a cause of worse reports, as in-library functions |
1. Seems like this is a cause of worse reports, as in-library functions |
| are not intercepted. |
are not intercepted. |
| |
|
| 2. Not even close to canonical commands, should probably be improved. |
2. Not even close to canonical commands, should probably be improved. |
| |
|
| 3. To workaround "Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly". An alternative is to LD_PRELOAD and LD_LIBRARY_PATH an entirely separate libc, ld.elf_so, etc. |
3. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself triggers a bug. Should have a look at it so this option doesn't need to be disabled. |
| |
|
| 4. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself |
4. To workaround "Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly". An alternative is to LD_PRELOAD and LD_LIBRARY_PATH an entirely separate libc, ld.elf_so, etc. |
| triggers a bug. Should have a look at it so this option doesn't |
|
| need to be disabled. |
5. ASan can be wrong about which function is faulting, if we're talking about functions internal to the library. Running it on a separate file or in GDB can be helpful. Worth trying if the failure doesn't make sense. |
| |
|
| Important note: ASan should not be run on production systems. [It can pose a |
Important note: ASan should not be run on production systems. [It can pose a |
| security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9). |
security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9). |
![[BACK]](/icons/back.gif){kind=icon}
Return to maya.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / users