Android L arm address sanitizer problem
chunhuili chunhuili
Address sanitizer on L version, we meet some problem as blow, maybe we miss some useful information for this feature, could you please show us the useful user guide for L ASan?
For 32bit process enable Address sanitizer, Android L 5.0 address sanitizer can't work, for L 5.1 java process enable ASan can work after disable many inceptor functions,below is part of com.android.browser maps.
00040000-03000000 ---p 00000000 00:00 0
03000000-18000000 rw-p 00000000 00:00 0
18941000-275f0000 rw-s 00000000 00:04 19513 /dev/ashmem/DiscardableMemoryAshmemAllocator (deleted)
b6ab6000-b6ae7000 r-xp 00000000 b3:11 1231 /system/lib/libclang_rt.asan_arm_android.so
b6ae7000-b6ae8000 r--p 00030000 b3:11 1231 /system/lib/libclang_rt.asan_arm_android.so
b6ae8000-b6ae9000 rw-p 00031000 b3:11 1231 /system/lib/libclang_rt.asan_arm_android.so
b6f6b000-b6f70000 r-xp 00000000 b3:11 226 /system/bin/asan/app_process
b6f70000-b6f71000 r--p 00004000 b3:11 226 /system/bin/asan/app_process
b6f71000-b6f72000 rw-p 00005000 b3:11 226 /system/bin/asan/app_process
Google issue about address sanitizer: https://code.google.com/p/address-sanitizer/issues/detail?id=326
main problem:
1. Conflict with libsigchain on Android 5.0, which also intercepts sigaction; On Android L 5.1, libsigchain.so no LD_PRELOAD
2. Missing libcorkscrew.so. We need a different way to unwind from a signal handler
For this problem, we have porting corkscrew unwind lib for providing related backtrace API
3. many intercept function SIGSEGV, strcmp/memchr etc
we also find information which show ASan can't work on L version.
https://code.google.com/p/address-sanitizer/wiki/Android
NOTE: ASan is broken on Android L. Use a K* build. This will be fixed in one of the future L updates.
For 64bit process, compiler is GCC 4.9, GCC 4.9 manual show it support address sanitizer but when set -fsanitize=address, no instrument for load/store.
gcc 4.9.2 user guide: -fsanitize=address
Enable AddressSanitizer, a fast memory error detector. Memory access instructions will be instrumented to detect out-of-bounds and use-after-free bugs. See http://code.google.com/p/address-sanitizer/ for more details. The run-time behavior can be influenced using the ASAN_OPTIONS environment variable; see https://code.google.com/p/address-sanitizer/wiki/Flags# Run-time_flags for a list of supported options
Evgeniy Stepanov
is it still an issue for you?
Please provide more info about the failure mode. ASan is supposed to
work on the current AOSP master branch with Clang toolchain in the
latest NDK, as described in
https://code.google.com/p/address-sanitizer/wiki/Android.
This comment looks up-to-date:
https://code.google.com/p/address-sanitizer/issues/detail?id=326#c2
> 1. Conflict with libsigchain on Android 5.0, which also intercepts
> sigaction; On Android L 5.1, libsigchain.so no LD_PRELOAD
>
> 2. Missing libcorkscrew.so. We need a different way to unwind from a signal
> handler
>
> For this problem, we have porting corkscrew unwind lib for providing related
> backtrace API
>
> 3. many intercept function SIGSEGV, strcmp/memchr etc
> You received this message because you are subscribed to the Google Groups
> "address-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to address-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
chunhuili chunhuili
arm 32bit platform ASan can work as above description "L 5.1 java process enable ASan can work after disable many inceptor functions", I build with Android build system not NDK. But aarch64 bit can't wok
For aarch64 platform
build with NDK r10d clang 3.5, error as below:
NDK_TOOLCHAIN_VERSION=clang3.5
NDK_TOOLCHAIN=arm-linux-androideabi-clang3.5
APP_ABI := arm64-v8a
ndk_build/android-ndk-r10d/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/lib/gcc/aarch64-linux-android/4.9/../../../../aarch64-linux-android/bin/ld: cannot find /ndk_build/android-ndk-r10d/toolchains/llvm-3.5/prebuilt/linux-x86_64/bin/../lib/clang/3.5/lib/linux/libclang_rt.asan-aarch64-android.so: No such file or directory
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [obj/local/arm64-v8a/asan_debug] Error 1
build with NDK r10d gcc 4.9 error as below
NDK_TOOLCHAIN_VERSION=4.9
NDK_TOOLCHAIN=aarch64-linux-android-4.9
APP_ABI := arm64-v8a
/ndk_build/android-ndk-r10d/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9/../../../../aarch64-linux-android/bin/ld: cannot find libasan_preinit.o: No such file or directory
/ndk_build/android-ndk-r10d/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9/../../../../aarch64-linux-android/bin/ld: cannot find -lasan
collect2: error: ld returned 1 exit status
build with Android build system add gcc flag -fsanitize=address, it can't detect use after free, and /proc/pid/maps no asan libs.
the following link show NDK r10d not support 64-bit ABIs
https://code.google.com/p/address-sanitizer/wiki/Android
AddressSanitizer in NDK r10d does not support 64-bit ABIs, and compilation with APP_ABI := all will fail.
There is a topic discuss aarch64 ASan porting which prefer GCC with ASan
https://groups.google.com/forum/#!searchin/address-sanitizer/aarch64/address-sanitizer/YzYRJEvVimw/t0JVN9pF_j4J
Thanks a lot for your kindly support.
在 2015年3月31日星期二 UTC+8下午9:34:08,Evgeniy Stepanov写道:
Evgeniy Stepanov
<chunhui...@gmail.com> wrote:
> Hi Evgeniy,
>
> arm 32bit platform ASan can work as above description "L 5.1 java process
> enable ASan can work after disable many inceptor functions",
functions that pop up on every process start, or did you need to do
something extra to make it work? The former is expected.
> I build with
> Android build system not NDK. But aarch64 bit can't wok
compiler-rt source, and I recall it mostly works, with a few tests
failing, but the core functionality is there.
chunhuili chunhuili
在 2015年4月16日星期四 UTC+8下午10:58:03,Evgeniy Stepanov写道:
On Sat, Apr 11, 2015 at 12:31 AM, chunhuili chunhuili
<chunhui...@gmail.com> wrote:
> Hi Evgeniy,
>
> arm 32bit platform ASan can work as above description "L 5.1 java process
> enable ASan can work after disable many inceptor functions",
Do you mean the messages about failing to setup interceptors for ~15
functions that pop up on every process start, or did you need to do
something extra to make it work? The former is expected.
Yes, when enable Asan for java process through "setprop wrap.$PROCESS_NAME", funtion below can't work in myside
external\compiler-rt\lib\asan\asan_interceptors.h
#if !SANITIZER_WINDOWS
//mask for NULL pointer
# define ASAN_INTERCEPT_ATOLL_AND_STRTOLL 0
# define ASAN_INTERCEPT__LONGJMP 0
# define ASAN_INTERCEPT_STRDUP 0
# define ASAN_INTERCEPT_INDEX 0
# define ASAN_INTERCEPT_PTHREAD_CREATE 0
# define ASAN_INTERCEPT_MLOCKX 0
# define ASAN_INTERCEPT_FORK 0
#else
# define ASAN_INTERCEPT_ATOLL_AND_STRTOLL 0
# define ASAN_INTERCEPT__LONGJMP 0
# define ASAN_INTERCEPT_STRDUP 0
# define ASAN_INTERCEPT_INDEX 0
# define ASAN_INTERCEPT_PTHREAD_CREATE 0
# define ASAN_INTERCEPT_MLOCKX 0
# define ASAN_INTERCEPT_FORK 0
#endif
> I build with
> Android build system not NDK. But aarch64 bit can't wok
Yes, aarch64 runtime is not packaged in the NDK. You can build it from
compiler-rt source, and I recall it mostly works, with a few tests
failing, but the core functionality is there.
Do you mean aarch64 on L official release can work?
frameworks\base\cmds\app_process\Android.mk show ASan only enable for 32bit app_process,
if it can work, how to enable aarch64 app_process ASan, with GCC or clang?
Thank you very much!
Evgeniy Stepanov
There were lots of ASan-related changes both in LLVM repo and in AOSP
in the last two weeks. You were right, ASan in AOSP was limited to
ARM, and it still is, but we plan to add AArch64 and probably X86 soon
(in fact it might work already if you update the #if guards). Other
than that, ASan works out-of-the-box on AOSP master branch (we tested
on Nexus 5).
On Sat, Apr 25, 2015 at 8:08 PM, chunhuili chunhuili
Yuri Gribov
address-sanitizer <address-...@googlegroups.com> wrote:
> Again, sorry for the delayed response.
>
> There were lots of ASan-related changes both in LLVM repo and in AOSP
> in the last two weeks. You were right, ASan in AOSP was limited to
> ARM, and it still is, but we plan to add AArch64 and probably X86 soon
> (in fact it might work already if you update the #if guards). Other
> than that, ASan works out-of-the-box on AOSP master branch (we tested
> on Nexus 5).
-Y
Evgeniy Stepanov
the ASan runtime built from external/compiler-rt instead of whatever
gcc toolchain contains. Linking is done in the Android build system
(i.e. -nostdlib and explicit -lclang_rt.asan...), so nothing
gcc-specific here either.
Contributions are welcome.
>
> -Y