ASAN build for Chrome OS

[Ian Barkley-Yeung]

I see note about an ASAN ChromeOS build here, but I'm not really clear what it does. 

Does it build all the userspace programs (like the platform2 binaries) with ASAN, or just Chrome? 

Is there a way to build the various platform2 daemons with santizers and run them in a VM?

Is ASAN the only sanitizer that works, or can UBSAN or MSAN be used? 

Thanks

Ian

[Manoj Gupta]

I think amd64-generic-asan builder is what you are looking for.

https://cros-goldeneye.corp.google.com/chromeos/legoland/builderHistory?buildConfig=amd64-generic-asan&buildBranch=master

It builds most platform packages and Chrome with asan instrumentation. You can search in build_packages and check if that package has asan flag enabled.

This builder also runs the built image with vm tests (but not tast vm tests): https://screenshot.googleplex.com/58HfVSQ6uogSSdm

We also have the ubsan builder (https://cros-goldeneye.corp.google.com/chromeos/legoland/builderHistory?buildConfig=amd64-generic-ubsan&buildBranch=master)  but it does not run vm tests since it does not boot right now and there hasn't been any significant interest in fixing that.

No msan (or tsan) builder however. msan needs *all* packages to have msan instrumentation which is a major hassle. Closest thing to msan is msan based fuzzing which thankfully builds only a smaller (manageable) number of packages.

Thanks,

Manoj

--
--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-dev

[Ian Barkley-Yeung]

Just to be clear, I'm not trying to run the tests, I want to run a VM that has my binary build with asan (or ubsan) and mess around with it manually.

>  You can search in build_packages and check if that package has asan flag enabled.

Sorry, I don't understand what you mean by "search in build_packages". I don't see any reference to asan in the package's ebuild file, is that what you mean?

> This builder also runs the built image with vm tests (but not tast vm tests)

That seems unfortunate since most of our tests are tast tests now...

[Manoj Gupta]

On Tue, Mar 2, 2021 at 12:19 PM Ian Barkley-Yeung <i...@chromium.org> wrote:

Just to be clear, I'm not trying to run the tests, I want to run a VM that has my binary build with asan (or ubsan) and mess around with it manually.

You can download the qemu image from the build artifacts and use it.

 

>  You can search in build_packages and check if that package has asan flag enabled.

Sorry, I don't understand what you mean by "search in build_packages". I don't see any reference to asan in the package's ebuild file, is that what you mean?

I am referring to the build packages logs in the builder https://screenshot.googleplex.com/56HipuXDyikaJZA

 

> This builder also runs the built image with vm tests (but not tast vm tests)

That seems unfortunate since most of our tests are tast tests now...

+Benjamin Pastene 

I see amd64-generic-full can run tast vm tests. Maybe the same logic can be extended to asan builder.

[Ian Barkley-Yeung]

> You can download the qemu image from the build artifacts and use it.

Can you give me a pointer to it? 

cros chrome-sdk --board=amd64-generic-asan --download-vm --clear-sdk-cache --log-level=info

just gives me "Invalid board specified: amd64-generic-asan" (I'm following the instructions at https://chromium.googlesource.com/chromiumos/docs/+/HEAD/cros_vm.md#download-the-vm, since that is how I normally start VMs)

Goldeneye doesn't list any of the generic boards, so I can't get to the qemu from goldeneye, which is how I normally get to build artifacts.

Thanks

Ian

[Manoj Gupta]

On Tue, Mar 2, 2021 at 5:12 PM Ian Barkley-Yeung <i...@chromium.org> wrote:

> You can download the qemu image from the build artifacts and use it.

Can you give me a pointer to it? 

cros chrome-sdk --board=amd64-generic-asan --download-vm --clear-sdk-cache --log-level=info

just gives me "Invalid board specified: amd64-generic-asan" (I'm following the instructions at https://chromium.googlesource.com/chromiumos/docs/+/HEAD/cros_vm.md#download-the-vm, since that is how I normally start VMs)

Goldeneye doesn't list any of the generic boards, so I can't get to the qemu from goldeneye, which is how I normally get to build artifacts.

you can get the artifacts directly from one of the builder jobs: https://screenshot.googleplex.com/4E6JazoucD75hq9

[Ian Barkley-Yeung]

Cool, that works, at least to a basic level.

Is it even theoretically possible to build just a single ebuild package with asan / ubsan, or does it need to be all-or-nothing? Are there shared libraries which would make that impossible? 

Thanks again

[Manoj Gupta]

On Tue, Mar 2, 2021 at 6:55 PM Ian Barkley-Yeung <i...@chromium.org> wrote:

Cool, that works, at least to a basic level.

Is it even theoretically possible to build just a single ebuild package with asan / ubsan, or does it need to be all-or-nothing? Are there shared libraries which would make that impossible? 

You can build a single package and deploy to a device with USE=asan emerge-<board> package followed by cros deploy. The caveat is that the package must be building executables, not libraries. 

In the case of a library, all executables that use the library need to be built with sanitizers (asan/ubsan). Otherwise, the binaries will fail to execute with complain about missing symbols.

[Qiuhao Li]

Hi Manoj,

Are the asan-built qemu images publicly available to download? https://screenshot.googleplex.com/4E6JazoucD75hq9 seems to require a google.com account.

Thanks

[Mike Frysinger]

currently they are not publicly released

-mike