steleman / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

Unable to use asan_device_setup.sh on android #320

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. browse https://code.google.com/p/address-sanitizer/wiki/Android
2. it says there is a script can be used to prepare device to run ASan 
applications
3. the link leads to nothing

What is the expected output? What do you see instead?
I expect the "new way", to preload ASan runtime library into zygote process, is 
ready to be run with ndk app.
I found the r202245 in compiler-rt project removed the .sh extension.
However, by using asan_device_setup, the emulator could not be started 
successfully.

I do some modification as attached asan_device_setup.patch.
The modified asan_device_setup could start emulator successfully.
But, I am not sure if it is the correct way to preload ASan runtime library 
into zygote process.

[try asan's new way on ndk app: OK] 
I write a heap-use-after-free app as attached.
The log_ndk_ap.txt shows good report on detecting heap-use-after-free.

Here shows the emulator related version.
PLATFORM_VERSION=4.4
HOST_OS_EXTRA=Linux-3.5.0-29-generic-x86_64-with-Ubuntu-12.04-precise
BUILD_ID=KRT16M
libclang_rt.asan-arm-android.so is extracted from android-ndk-r9d

May I know if it is a good time to try asan on android now?
Does my modification meet your expected?
Thanks a lot.

Original issue reported on code.google.com by tony.ys_...@htc.com on 17 Jun 2014 at 2:57

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by konstant...@gmail.com on 17 Jun 2014 at 4:01

GoogleCodeExporter commented 9 years ago
Sorry for the delay.
The problem here is that historically we have 2 paths of running ASan on 
Android - one through the platform tree (works only for platform binaries and 
libraries), and the other through asan_device_setup for NDK apps. Currently 
they conflict - asan_device_setup trips on the asanwrapper binary from the 
platform build.

If you are primarily interested in sanitizing NDK apps, I suggest flashing a 
normal -userdebug build of Android. Then stock asan_device_setup should just 
work.

I'll look into making these 2 modes play along. The end result will probably 
look a lot like asan_device_setup in its current form.

Original comment by euge...@google.com on 25 Jun 2014 at 9:44

GoogleCodeExporter commented 9 years ago
Thank you, I saw the script link has been updated.

I will try first to sanitize NDK apps by the asan_device_setup.
Thanks again.

Original comment by tony.ys_...@htc.com on 26 Jun 2014 at 3:11

GoogleCodeExporter commented 9 years ago
Hi All,
I'm planning to do the ASan for chrome shell.
AddressSanitizer (ASAN)  --> Building on Android.
I followed the below steps :
gclient sync --nohooks
. build/android/envsetup.sh
GYP_DEFINES="OS=android asan=1 component=shared_library" gclient runhooks.

I'm able to build  and install the chromeshell.apk and contentshell.apk, but 
unable to launch the application  its crashing at launch.

as per my understanding crash may be due to :
1. Huge binary size like ChromeShell.apk size is 77 MB.
2. Binary contains the 75 + shared libraries (*.cr.so) (I think Android will 
only support 128  shared lib)

Please help in running the ASAN  with Chrome on Android .

Original comment by kulkarni...@gmail.com on 7 Jul 2014 at 9:25

GoogleCodeExporter commented 9 years ago
Not enough information. Did you run asan_device_setup (I assume you did)? What 
does the crash look like? Try attaching gdb and getting a stack trace.

And please file another bug, this is an entirely different issue.

Original comment by euge...@google.com on 7 Jul 2014 at 9:47

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Hi Eugenis,

I run an android userdebug emulator which built by AOSP code with 
PLATFORM_VERSION=4.4.3.43.43.43.
And, run the asan_device_setup from compiler-rt project with version 210259.

After emulator re-start, it shows below fatal log.
=> F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x4 in tid 2453 
(app_process.rea)

Could you help to correct my testing steps?
Thanks a lot.

Here shows more information about my testing.
[emulator build version]
PLATFORM_VERSION_CODENAME=AOSP
PLATFORM_VERSION=4.4.3.43.43.43
TARGET_PRODUCT=aosp_arm
TARGET_BUILD_VARIANT=userdebug
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv7-a
TARGET_CPU_VARIANT=generic
TARGET_2ND_ARCH=
TARGET_2ND_ARCH_VARIANT=
TARGET_2ND_CPU_VARIANT=
HOST_ARCH=x86_64
HOST_OS=linux
HOST_OS_EXTRA=Linux-3.5.0-46-generic-x86_64-with-Ubuntu-12.10-quantal
HOST_BUILD_TYPE=release
BUILD_ID=AOSP
OUT_DIR=out

[/system/bin in emulator]
$ adb shell ls -l /system/bin | grep app_process
-rwxr-xr-x root     shell         160 2014-07-13 23:59 app_process
-rwxr-xr-x root     shell       13664 2014-07-13 23:59 app_process.real
-rwxr-xr-x root     shell       13664 2014-07-04 07:37 app_process32
$ adb shell cat /system/bin/app_process
#!/system/bin/sh
ASAN_OPTIONS=start_deactivated=1,alloc_dealloc_mismatch=0 \
LD_PRELOAD=libclang_rt.asan-arm-android.so \
exec /system/bin/app_process.real $@

$ adb shell cat /system/bin/asanwrapper
#!/system/bin/sh
LD_PRELOAD=libclang_rt.asan-arm-android.so \
exec $@

[logcat from emulator]
1. start emulator successfully
2. run command at device time "07-13 23:59:00"
$ ./asan_device_setup --lib 
android-ndk-r9d/toolchains/llvm-3.3/prebuilt/linux-x86_64/lib/clang/3.3/lib/linu
x/libclang_rt.asan-arm-android.so
3. emulator cannot boot up successfully
07-13 23:59:04.757  2453  2453 F libc    : Fatal signal 11 (SIGSEGV), code 1, 
fault addr 0x4 in tid 2453 (app_process.rea)
07-13 23:59:09.649  2606  2606 F libc    : Fatal signal 11 (SIGSEGV), code 1, 
fault addr 0x4 in tid 2606 (app_process.rea)
07-13 23:59:14.585  2728  2728 F libc    : Fatal signal 11 (SIGSEGV), code 1, 
fault addr 0x4 in tid 2728 (app_process.rea)
07-13 23:59:19.501  2849  2849 F libc    : Fatal signal 11 (SIGSEGV), code 1, 
fault addr 0x4 in tid 2849 (app_process.rea)

Original comment by tony.ys_...@htc.com on 14 Jul 2014 at 4:05

Attachments:

GoogleCodeExporter commented 9 years ago
07-13 23:59:09.652    54    54 E         : ptrace attach failed: Permission 
denied
07-13 23:59:09.640    54    54 W debuggerd: type=1400 audit(0.0:7): avc: denied 
{ ptrace } for sconte
xt=u:r:debuggerd:s0 tcontext=u:r:init:s0 tclass=process

This is weird.
I'll try to reproduce.
Meanwhile, it looks like you are using a very old 
libclang_rt.asan-arm-android.so from llvm-3.3. Maybe building a fresh library 
would help.

https://code.google.com/p/android/issues/detail?id=61799

Original comment by euge...@google.com on 14 Jul 2014 at 2:31

GoogleCodeExporter commented 9 years ago
Failure looks a little different on our side.
Ours is caused by __libc_malloc_dispatch format changing in bionic a4037805.
This should be fixed soon-ish, meanwhile ASan is broken on ToT AOSP, sorry.

Original comment by euge...@google.com on 15 Jul 2014 at 11:31

GoogleCodeExporter commented 9 years ago
Hi Eugenis,

Thanks for you confirmation.
But, it is weird that we have different root cause.
I will try to build a fresh library and also look forward to your good news. :)

Original comment by tony.ys_...@htc.com on 16 Jul 2014 at 9:31