| OLD | NEW |
|---|
| 1 Using AddressSanitizer in Subzero | 1 Using AddressSanitizer in Subzero |
| 2 ================================= | 2 ================================= |
| 3 | 3 |
| 4 AddressSanitizer is a powerful compile-time tool used to detect and report | 4 AddressSanitizer is a powerful compile-time tool used to detect and report |
| 5 illegal memory accesses. For a full description of the tool, see the original | 5 illegal memory accesses. For a full description of the tool, see the original |
| 6 `paper | 6 `paper |
| 7 <https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf>`_. | 7 <https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf>`_. |
| 8 AddressSanitizer is only supported on native builds of .pexe files and cannot be | 8 AddressSanitizer is only supported on native builds of .pexe files and cannot be |
| 9 used in production. | 9 used in production. |
| 10 | 10 |
| 11 In Subzero, AddressSanitizer depends on being able to find and instrument calls | 11 In Subzero, AddressSanitizer depends on being able to find and instrument calls |
| 12 to various functions such as malloc() and free(), and as such the .pexe file | 12 to various functions such as malloc() and free(), and as such the .pexe file |
| 13 being translated must not have had those symbols stripped. Subzero will not | 13 being translated must not have had those symbols stripped. Subzero will not |
| 14 complain if it is told to translate a .pexe file with its symbols stripped, but | 14 complain if it is told to translate a .pexe file with its symbols stripped, but |
| 15 it will not be able to find calls to malloc() and free(), so AddressSanitizer | 15 it will not be able to find calls to malloc() and free(), so AddressSanitizer |
| 16 will not work correctly in the final executable. | 16 will not work correctly in the final executable. |
| 17 | 17 |
| 18 These are the steps to compile hello.c to an instrumented object file:: | 18 These are the steps to compile hello.c to an instrumented object file:: |
| 19 | 19 |
| 20 pnacl-clang -o hello.nonfinal.pexe hello.c | 20 pnacl-clang -o hello.nonfinal.pexe hello.c |
| 21 pnacl-finalize --no-strip-syms -o hello.pexe hello.nonfinal.pexe | 21 pnacl-finalize --no-strip-syms -o hello.pexe hello.nonfinal.pexe |
| 22 pnacl-sz -fsanitize-address -filetype=obj -o hello.o hello.pexe | 22 pnacl-sz -fsanitize-address -filetype=obj -o hello.o hello.pexe |
| 23 | 23 |
| 24 The resulting object file must be linked with the Subzero-specific | 24 The resulting object file must be linked with the Subzero-specific |
| 25 AddressSanitizer runtime to work correctly. A .pexe file can be compiled with | 25 AddressSanitizer runtime to work correctly. A .pexe file can be compiled with |
| 26 AddressSanitizer and properly linked into a final executable using | 26 AddressSanitizer and properly linked into a final executable using |
| 27 subzero/pydir/szbuild.py with the --fsanitize-address flag, i.e.:: | 27 subzero/pydir/szbuild.py with the --fsanitize-address flag, i.e.:: |
| 28 | 28 |
| 29 pydir/szbuild.py --fsanitize-address hello.pexe | 29 pydir/szbuild.py --fsanitize-address hello.pexe |
| 30 |
| 31 Handling Wide Loads |
| 32 =================== |
| 33 |
| 34 Since AddressSanitizer is implemented only in Subzero, the target .pexe may |
| 35 contain widened loads that would cause false positives. To avoid reporting such |
| 36 loads as errors, we treat any word-aligned, four byte load as a potentially |
| 37 widened load and only check the first byte of the loaded word against shadow |
| 38 memory. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2115693002:
Implemented loose checking for potential widened loads (Closed)
Base URL: https://chromium.googlesource.com/native_client/pnacl-subzero.git@master