SyzyASAN

90 views
Skip to first unread message

Roman

unread,
Jan 22, 2017, 8:07:58 AM1/22/17
to Chromium-dev
Hello everyone, 

I'm interested in the Address Sanitizer feature for chromium on Windows. 
Does anyone here have an experience with it? Didn't find much info about it on the internet. 

I tried to follow the following blog post about the topic:

However all the links to the project related material, like:
give me 403 http error. 

Does someone know why, and where else can I found info about the projects and how to use them on windows?

Thank you!

PhistucK

unread,
Jan 22, 2017, 8:14:44 AM1/22/17
to ro...@cybellum.com, Chromium-dev

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+unsubscribe@chromium.org.

Sébastien Marchand

unread,
Jan 22, 2017, 12:34:08 PM1/22/17
to PhistucK Productions, chromium-dev, ro...@cybellum.com
Hi,

The project (and its documentation) has been moved to GitHub: https://github.com/google/syzygy

Roman Kesler

unread,
Jan 23, 2017, 3:55:00 AM1/23/17
to Sébastien Marchand, PhistucK Productions, chromium-dev
Thank you!

Isn't the syzygy only the infrastructure behind SyzyASAN?


Roman

unread,
Jan 23, 2017, 7:01:22 AM1/23/17
to Chromium-dev, ro...@cybellum.com
I browsed through the links, and it seem that many of the guides are not very updated or recent. Do you know if the project is still maintained? and if there is another source of information about it? and specifically installation and how to use guide? 

Thanks!


PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.

Nico Weber

unread,
Jan 23, 2017, 11:29:03 AM1/23/17
to ro...@cybellum.com, Chromium-dev
Hi Roman,

your email mixes up SyzyASan and "normal" address sanitizer. 

Address sanitizer is a memory checking tool based on compiler instrumentation with a custom runtime, documented at http://clang.llvm.org/docs/AddressSanitizer.html It was historically first implemented in clang, but I think gcc now also supports instrumenting code with it (using, I believe, LLVM's address sanitizer runtime). If you use clang, you can use address sanitizer on Windows that way. We use this setup to fuzz chrome on Windows.

Since clang used to not work on Windows, SyzyASan is an alternative implementation of the same idea. It uses syzygy to instrument the executable after compile and link have already run, and it has its own reimplementation of the runtime. I believe we sometimes send out SyzyASan chrome binaries to the canary channel.

So answers depend a bit on which of the two you're asking about, but as far as I know both are functional at the moment.

Nico

--

Roman

unread,
Jan 23, 2017, 1:25:54 PM1/23/17
to Chromium-dev, ro...@cybellum.com

Thanks, I understand that difference, and I'm talking about SyzyASan. - the tool that supposed to help find memory leaks in chrome on Windows platform. 

I just couldn't find useful info about it, accept the blog post, and https://code.google.com/archive/p/sawbuck/wikis , which has some documents about it, but they really hard to understand and look outdated. 

Primiano Tucci

unread,
Jan 23, 2017, 4:00:44 PM1/23/17
to ro...@cybellum.com, Chromium-dev, Chris Hamilton
On Mon, Jan 23, 2017 at 10:26 AM Roman <ro...@cybellum.com> wrote:

Thanks, I understand that difference, and I'm talking about SyzyASan. - the tool that supposed to help find memory leaks in chrome on Windows platform. 
+chrisha@ is the right person for more details in this point.
AFAIK SyzyAsan is not about finding leaks, rather heap access violations (UAF, out of bound accesses etc). What you describe would be a Syzy*L*San :)

Sébastien Marchand

unread,
Jan 23, 2017, 4:04:20 PM1/23/17
to prim...@chromium.org, ro...@cybellum.com, Chromium-dev, Chris Hamilton
Hi,

Primiano is right, SyzyAsan is made to detect heap access violations in Chrome, see its design doc for more details: https://github.com/google/syzygy/wiki/SyzyASanDesignDocument

There's some (up-to-date) instructions on how to use SyzyAsan at: https://github.com/google/syzygy/wiki/SyzyASanHowTo 

Thanks
Sébastien Marchand | Software Developer | sebma...@google.com 


Roman

unread,
Jan 26, 2017, 4:48:16 AM1/26/17
to Chromium-dev, prim...@chromium.org, ro...@cybellum.com, chr...@chromium.org
Thanks it's very helpful!

I'm following the instruction in the document you have given to me, but I receive an error when compiling the All_syzygy target (step 2):

ninja -C out/syzygy All_syzygy 

the error is:
error C3861: 'IsBinaryInstrumented': identifier not found

Didn't find anywhere info about that... didn't modify the code in any way..

Sébastien Marchand

unread,
Jan 26, 2017, 4:34:48 PM1/26/17
to ro...@cybellum.com, Chromium-dev, prim...@chromium.org, Chris Hamilton
Hum, that's weird, we build this target on our continuous builders so I don't expect it to be broken. I'll try to reproduce this locally.
Reply all
Reply to author
Forward
0 new messages