This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
docs/
23
AddressSanitizer.rst
-
LeakSanitizer.rst

Differential D10559

[asan] Update the llvm webpage describing ASan
ClosedPublic

Authored by zaks.anna on Jun 18 2015, 6:24 PM.

Download Raw Diff

Details

Reviewers

kcc
glider
samsonov

Summary

This commit contains several updates to the Address Sanitizer webpage:

Add the description of the interceptor suppression ("Suppressing Reports in external Libraries")
Re-organized a bit: grouped a few things under the Issue Suppression section, grouped IOC and leaks under a section, placed symbolication info into Symbolizing the Reports section..
"MacOS" -> "OS X"
Added a paragraph to the Usage section describing when DYLD_INSERT_LIBRARIES might need to be used.

(I've added the generated html into the Test Plan. Hope that works:))

Diff Detail

Event Timeline

zaks.anna updated this revision to Diff 27984.Jun 18 2015, 6:24 PM

zaks.anna retitled this revision from to [asan] Update the llvm webpage describing ASan.

zaks.anna updated this object.

zaks.anna edited the test plan for this revision. (Show Details)

zaks.anna added reviewers: kcc, glider, samsonov.

zaks.anna added subscribers: kubamracek, Unknown Object (MLST).

Let's try to add the generated html again:

AddressSanitizer.html21 KBDownload

Thanks for working on this!

docs/AddressSanitizer.rst
64	I would prefer bullet points for reasons.
66	I think we don't have to mention Valgrind, and just claim that all ASan errors are true positives, and the program can be in inconsistent state, causing confusing results, and (potentially) misleading subsequent reports.
235–236	I wonder if we can bump it to 10.7...
275	That's weird to have this at the very bottom. Maybe, put between limitations and platforms?
282	While you're here.... it's not experimental anymore - it's on by default for Linux. (not implemented on Mac)

zaks.anna added inline comments.Jun 19 2015, 4:51 PM

docs/AddressSanitizer.rst
66	Will do. This was copy and pasted from the original.
235–236	I'd definitely be ok with this!
282	What about Android and FreeBSD? Is it only available on Linux?

samsonov added inline comments.Jun 19 2015, 5:12 PM

docs/AddressSanitizer.rst
235–236	Yes, I see that we already build runtime with `-mmacosx-version-min=10.7`
282	Yes, for now it's Linux-only (though porting to FreeBSD is probably manageable).

Addressed Alexey's review comments.
Moved the Additional Checks much closer to the top.
Updated the LeakSanitizer page as well.

Herald added a subscriber: tberghammer. · View Herald TranscriptJun 19 2015, 5:33 PM

LGTM

docs/AddressSanitizer.rst
69	s/inconstant/inconsistent?

This revision is now accepted and ready to land.Jun 19 2015, 6:52 PM

LGTM with a couple of nits.

docs/AddressSanitizer.rst
69	"the program heap" instead of "the program", maybe?
78	"the ASan library"
130	IIRC this feature still doesn't work on OSX, shall we mention that?
195–196	What about `__attribute__((no_sanitize("address")))`?
254	Shall we reflect the current iOS port state?

zaks.anna added inline comments.Jun 22 2015, 11:00 AM

docs/AddressSanitizer.rst
69	It does not have to be the heap; it can be anything. All you know is that something is trying to access an address that is not accessible.
78	I am going to correct the capitalization and add the following: (You can find the library by searching for dynamic libraries with "asan" in their name.)
130	What about Android and FreeBSD?
195–196	Should we suggest using attribute((no_sanitize("address"))) instead of attribute((no_sanitize_address))? And not mention attribute((no_sanitize_address)) at all?

samsonov added inline comments.Jun 22 2015, 2:52 PM

docs/AddressSanitizer.rst
130	Should work there.
195–196	Yeah, we want no_sanitize("list", "of", "sanitizers") to eventually replace it.

Addressed comments from glider.

Still LGTM
So what about the iOS port?

docs/AddressSanitizer.rst
69	Agreed.

In r240725
(I've added iOS Simulator as supported.)

zaks.anna closed this revision.Jun 25 2015, 6:13 PM

Revision Contents

Path

Size

docs/

AddressSanitizer.rst

145 lines

LeakSanitizer.rst

3 lines

Diff 28167

docs/AddressSanitizer.rst

Show First 20 Lines • Show All 54 Lines • ▼ Show 20 Lines
.. code-block:: console		.. code-block:: console

# Compile		# Compile
% clang -O1 -g -fsanitize=address -fno-omit-frame-pointer -c example_UseAfterFree.cc		% clang -O1 -g -fsanitize=address -fno-omit-frame-pointer -c example_UseAfterFree.cc
# Link		# Link
% clang -g -fsanitize=address example_UseAfterFree.o		% clang -g -fsanitize=address example_UseAfterFree.o

If a bug is detected, the program will print an error message to stderr and		If a bug is detected, the program will print an error message to stderr and
exit with a non-zero exit code. To make AddressSanitizer symbolize its output		exit with a non-zero exit code. AddressSanitizer exits on the first detected error.
		This is by design:
		samsonovUnsubmitted Not Done Reply Inline Actions I would prefer bullet points for reasons. samsonov: I would prefer bullet points for reasons.

		* This approach allows AddressSanitizer to produce faster and smaller generated code
		samsonovUnsubmitted Not Done Reply Inline Actions I think we don't have to mention Valgrind, and just claim that all ASan errors are true positives, and the program can be in inconsistent state, causing confusing results, and (potentially) misleading subsequent reports. samsonov: I think we don't have to mention Valgrind, and just claim that all ASan errors are true…
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions Will do. This was copy and pasted from the original. zaks.anna: Will do. This was copy and pasted from the original.
		(both by ~5%).
		* Fixing bugs becomes unavoidable. AddressSaniftizer does not produce
		false alarms. Once a memory corruption occurs, the program is in an inconsistent
		samsonovUnsubmitted Not Done Reply Inline Actions s/inconstant/inconsistent? samsonov: s/inconstant/inconsistent?
		gliderUnsubmitted Not Done Reply Inline Actions "the program heap" instead of "the program", maybe? glider: "the program heap" instead of "the program", maybe?
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions It does not have to be the heap; it can be anything. All you know is that something is trying to access an address that is not accessible. zaks.anna: It does not have to be the heap; it can be anything. All you know is that something is trying…
		gliderUnsubmitted Not Done Reply Inline Actions Agreed. glider: Agreed.
		state, which could lead to confusing results and potentially misleading
		subsequent reports.

		If your process is sandboxed and you are running on OS X 10.10 or earlier, you
		will need to set ``DYLD_INSERT_LIBRARIES`` environment variable and point it to
		the ASan library that is packaged with the compiler used to build the
		executable. (You can find the library by searching for dynamic libraries with
		``asan`` in their name.) If the environment variable is not set, the process will
		try to re-exec. Also keep in mind that when moving the executable to another machine,
		gliderUnsubmitted Not Done Reply Inline Actions "the ASan library" glider: "the ASan library"
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions I am going to correct the capitalization and add the following: (You can find the library by searching for dynamic libraries with "asan" in their name.) zaks.anna: I am going to correct the capitalization and add the following: (You can find the library by…
		the ASan library will also need to be copied over.

		Symbolizing the Reports
		=========================

		To make AddressSanitizer symbolize its output
you need to set the ``ASAN_SYMBOLIZER_PATH`` environment variable to point to		you need to set the ``ASAN_SYMBOLIZER_PATH`` environment variable to point to
the ``llvm-symbolizer`` binary (or make sure ``llvm-symbolizer`` is in your		the ``llvm-symbolizer`` binary (or make sure ``llvm-symbolizer`` is in your
``$PATH``):		``$PATH``):

.. code-block:: console		.. code-block:: console

% ASAN_SYMBOLIZER_PATH=/usr/local/bin/llvm-symbolizer ./a.out		% ASAN_SYMBOLIZER_PATH=/usr/local/bin/llvm-symbolizer ./a.out
==9442== ERROR: AddressSanitizer heap-use-after-free on address 0x7f7ddab8c084 at pc 0x403c8c bp 0x7fff87fb82d0 sp 0x7fff87fb82c8		==9442== ERROR: AddressSanitizer heap-use-after-free on address 0x7f7ddab8c084 at pc 0x403c8c bp 0x7fff87fb82d0 sp 0x7fff87fb82c8
Show All 23 Lines	.. code-block:: console
READ of size 4 at 0x7f7ddab8c084 thread T0		READ of size 4 at 0x7f7ddab8c084 thread T0
#0 0x403c8c in main example_UseAfterFree.cc:4		#0 0x403c8c in main example_UseAfterFree.cc:4
#1 0x7f7ddabcac4d in __libc_start_main ??:0		#1 0x7f7ddabcac4d in __libc_start_main ??:0
...		...

Note that on OS X you may need to run ``dsymutil`` on your binary to have the		Note that on OS X you may need to run ``dsymutil`` on your binary to have the
file\:line info in the AddressSanitizer reports.		file\:line info in the AddressSanitizer reports.

AddressSanitizer exits on the first detected error. This is by design.		Additional Checks
One reason: it makes the generated code smaller and faster (both by		=================
~5%). Another reason: this makes fixing bugs unavoidable. With Valgrind,
it is often the case that users treat Valgrind warnings as false		Initialization order checking
positives (which they are not) and don't fix them.		-----------------------------

		AddressSanitizer can optionally detect dynamic initialization order problems,
		gliderUnsubmitted Not Done Reply Inline Actions IIRC this feature still doesn't work on OSX, shall we mention that? glider: IIRC this feature still doesn't work on OSX, shall we mention that?
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions What about Android and FreeBSD? zaks.anna: What about Android and FreeBSD?
		samsonovUnsubmitted Not Done Reply Inline Actions Should work there. samsonov: Should work there.
		when initialization of globals defined in one translation unit uses
		globals defined in another translation unit. To enable this check at runtime,
		you should set environment variable
		``ASAN_OPTIONS=check_initialization_order=1``.

		Note that this option is not supported on OS X.

		Memory leak detection
		---------------------

		For more information on leak detector in AddressSanitizer, see
		:doc:`LeakSanitizer`. The leak detection is turned on by default on Linux;
		however, it is not yet supported on other platforms.

		Issue Suppression
		=================

		AddressSanitizer is not expected to produce false positives. If you see one,
		look again; most likely it is a true positive!

		Suppressing Reports in External Libraries
		-----------------------------------------
		Runtime interposition allows AddressSanitizer to find bugs in code that is
		not being recompiled. If you run into an issue in external libraries, we
		recommend immediately reporting it to the library maintainer so that it
		gets addressed. However, you can use the following suppression mechanism
		to unblock yourself and continue on with the testing. This suppression
		mechanism should only be used for suppressing issues in external code; it
		does not work on code recompiled with AddressSanitizer. To suppress errors
		in external libraries, set the ``ASAN_OPTIONS`` environment variable to point
		to a suppression file. You can either specify the full path to the file or the
		path of the file relative to the location of your executable.

		.. code-block:: bash

		ASAN_OPTIONS=suppressions=MyASan.supp

		Use the following format to specify the names of the functions or libraries
		you want to suppress. You can see these in the error report. Remember that
		the narrower the scope of the suppression, the more bugs you will be able to
		catch.

``__has_feature(address_sanitizer)``		.. code-block:: bash
------------------------------------
		interceptor_via_fun:NameOfCFunctionToSuppress
		interceptor_via_fun:-[ClassName objCMethodToSuppress:]
		interceptor_via_lib:NameOfTheLibraryToSuppress

		Conditional Compilation with ``__has_feature(address_sanitizer)``
		-----------------------------------------------------------------

In some cases one may need to execute different code depending on whether		In some cases one may need to execute different code depending on whether
AddressSanitizer is enabled.		AddressSanitizer is enabled.
:ref:`\_\_has\_feature <langext-__has_feature-__has_extension>` can be used for		:ref:`\_\_has\_feature <langext-__has_feature-__has_extension>` can be used for
this purpose.		this purpose.

.. code-block:: c		.. code-block:: c

#if defined(__has_feature)		#if defined(__has_feature)
# if __has_feature(address_sanitizer)		# if __has_feature(address_sanitizer)
// code that builds only under AddressSanitizer		// code that builds only under AddressSanitizer
# endif		# endif
#endif		#endif

``__attribute__((no_sanitize_address))``		Disabling Instrumentation with ``__attribute__((no_sanitize("address")))``
-----------------------------------------------		--------------------------------------------------------------------------
		gliderUnsubmitted Not Done Reply Inline Actions What about `__attribute__((no_sanitize("address")))`? glider: What about `__attribute__((no_sanitize("address")))`?
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions Should we suggest using attribute((no_sanitize("address"))) instead of attribute((no_sanitize_address))? And not mention attribute((no_sanitize_address)) at all? zaks.anna: Should we suggest using __attribute__((no_sanitize("address"))) instead of __attribute__…
		samsonovUnsubmitted Not Done Reply Inline Actions Yeah, we want no_sanitize("list", "of", "sanitizers") to eventually replace it. samsonov: Yeah, we want no_sanitize("list", "of", "sanitizers") to eventually replace it.

Some code should not be instrumented by AddressSanitizer. One may use the		Some code should not be instrumented by AddressSanitizer. One may use the
function attribute		function attribute ``__attribute__((no_sanitize("address")))``
:ref:`no_sanitize_address <langext-address_sanitizer>`		(which has deprecated synonyms
(or a deprecated synonym `no_address_safety_analysis`)		:ref:`no_sanitize_address <langext-address_sanitizer>` and
to disable instrumentation of a particular function. This attribute may not be		`no_address_safety_analysis`) to disable instrumentation of a particular
supported by other compilers, so we suggest to use it together with		function. This attribute may not be supported by other compilers, so we suggest
``__has_feature(address_sanitizer)``.		to use it together with ``__has_feature(address_sanitizer)``.

Initialization order checking		Suppressing Errors in Recompiled Code (Blacklist)
-----------------------------		-------------------------------------------------

AddressSanitizer can optionally detect dynamic initialization order problems,
when initialization of globals defined in one translation unit uses
globals defined in another translation unit. To enable this check at runtime,
you should set environment variable
``ASAN_OPTIONS=check_initialization_order=1``.

Blacklist
---------

AddressSanitizer supports ``src`` and ``fun`` entity types in		AddressSanitizer supports ``src`` and ``fun`` entity types in
:doc:`SanitizerSpecialCaseList`, that can be used to suppress error reports		:doc:`SanitizerSpecialCaseList`, that can be used to suppress error reports
in the specified source files or functions. Additionally, AddressSanitizer		in the specified source files or functions. Additionally, AddressSanitizer
introduces ``global`` and ``type`` entity types that can be used to		introduces ``global`` and ``type`` entity types that can be used to
suppress error reports for out-of-bound access to globals with certain		suppress error reports for out-of-bound access to globals with certain
names and types (you may only specify class or struct types).		names and types (you may only specify class or struct types).

Show All 11 Lines	.. code-block:: bash
# Disable out-of-bound checks for global instances of a given class ...		# Disable out-of-bound checks for global instances of a given class ...
type:Namespace::BadClassName		type:Namespace::BadClassName
# ... or a given struct. Use wildcard to deal with anonymous namespace.		# ... or a given struct. Use wildcard to deal with anonymous namespace.
type:Namespace2::*::BadStructName		type:Namespace2::*::BadStructName
# Disable initialization-order checks for globals:		# Disable initialization-order checks for globals:
global:bad_init_global=init		global:bad_init_global=init
type:BadInitClassSubstring=init		type:BadInitClassSubstring=init
src:bad/init/files/*=init		src:bad/init/files/*=init

Memory leak detection
---------------------

For the experimental memory leak detector in AddressSanitizer, see
:doc:`LeakSanitizer`.

Supported Platforms
===================

AddressSanitizer is supported on

* Linux i386/x86\_64 (tested on Ubuntu 12.04);
* MacOS 10.6 - 10.9 (i386/x86\_64).
* Android ARM
* FreeBSD i386/x86\_64 (tested on FreeBSD 11-current)

Ports to various other platforms are in progress.

Limitations		Limitations
		samsonovUnsubmitted Not Done Reply Inline Actions I wonder if we can bump it to 10.7... samsonov: I wonder if we can bump it to 10.7...
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions I'd definitely be ok with this! zaks.anna: I'd definitely be ok with this!
		samsonovUnsubmitted Not Done Reply Inline Actions Yes, I see that we already build runtime with `-mmacosx-version-min=10.7` samsonov: Yes, I see that we already build runtime with `-mmacosx-version-min=10.7`
===========		===========

* AddressSanitizer uses more real memory than a native run. Exact overhead		* AddressSanitizer uses more real memory than a native run. Exact overhead
depends on the allocations sizes. The smaller the allocations you make the		depends on the allocations sizes. The smaller the allocations you make the
bigger the overhead is.		bigger the overhead is.
* AddressSanitizer uses more stack memory. We have seen up to 3x increase.		* AddressSanitizer uses more stack memory. We have seen up to 3x increase.
* On 64-bit platforms AddressSanitizer maps (but not reserves) 16+ Terabytes of		* On 64-bit platforms AddressSanitizer maps (but not reserves) 16+ Terabytes of
virtual address space. This means that tools like ``ulimit`` may not work as		virtual address space. This means that tools like ``ulimit`` may not work as
usually expected.		usually expected.
* Static linking is not supported.		* Static linking is not supported.

		Supported Platforms
		===================

		AddressSanitizer is supported on:

		* Linux i386/x86\_64 (tested on Ubuntu 12.04)
		* OS X 10.7 - 10.11 (i386/x86\_64)
		gliderUnsubmitted Not Done Reply Inline Actions Shall we reflect the current iOS port state? glider: Shall we reflect the current iOS port state?
		* Android ARM
		* FreeBSD i386/x86\_64 (tested on FreeBSD 11-current)

		Ports to various other platforms are in progress.

Current Status		Current Status
==============		==============

AddressSanitizer is fully functional on supported platforms starting from LLVM		AddressSanitizer is fully functional on supported platforms starting from LLVM
3.1. The test suite is integrated into CMake build and can be run with ``make		3.1. The test suite is integrated into CMake build and can be run with ``make
check-asan`` command.		check-asan`` command.

More Information		More Information
================		================

`http://code.google.com/p/address-sanitizer <http://code.google.com/p/address-sanitizer/>`_		`http://code.google.com/p/address-sanitizer <http://code.google.com/p/address-sanitizer/>`_

		samsonovUnsubmitted Not Done Reply Inline Actions That's weird to have this at the very bottom. Maybe, put between limitations and platforms? samsonov: That's weird to have this at the very bottom. Maybe, put between limitations and platforms?
		samsonovUnsubmitted Not Done Reply Inline Actions While you're here.... it's not experimental anymore - it's on by default for Linux. (not implemented on Mac) samsonov: While you're here.... it's not experimental anymore - it's on by default for Linux. (not…
		zaks.annaAuthorUnsubmitted Not Done Reply Inline Actions What about Android and FreeBSD? Is it only available on Linux? zaks.anna: What about Android and FreeBSD? Is it only available on Linux?
		samsonovUnsubmitted Not Done Reply Inline Actions Yes, for now it's Linux-only (though porting to FreeBSD is probably manageable). samsonov: Yes, for now it's Linux-only (though porting to FreeBSD is probably manageable).

docs/LeakSanitizer.rst

	Show All 11 Lines
	:doc:`AddressSanitizer` to get both memory error and leak detection.			:doc:`AddressSanitizer` to get both memory error and leak detection.
	LeakSanitizer does not introduce any additional slowdown when used in this mode.			LeakSanitizer does not introduce any additional slowdown when used in this mode.
	The LeakSanitizer runtime can also be linked in separately to get leak detection			The LeakSanitizer runtime can also be linked in separately to get leak detection
	only, at a minimal performance cost.			only, at a minimal performance cost.

	Current status			Current status
	==============			==============

	LeakSanitizer is experimental and supported only on x86\_64 Linux.			LeakSanitizer is turned on by default, but it is only supported on x86\_64
				Linux.

	The combined mode has been tested on fairly large software projects. The			The combined mode has been tested on fairly large software projects. The
	stand-alone mode has received much less testing.			stand-alone mode has received much less testing.

	There are plans to support LeakSanitizer in :doc:`MemorySanitizer` builds.			There are plans to support LeakSanitizer in :doc:`MemorySanitizer` builds.

	More Information			More Information
	================			================

	`https://code.google.com/p/address-sanitizer/wiki/LeakSanitizer			`https://code.google.com/p/address-sanitizer/wiki/LeakSanitizer
	<https://code.google.com/p/address-sanitizer/wiki/LeakSanitizer>`_			<https://code.google.com/p/address-sanitizer/wiki/LeakSanitizer>`_