Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(176)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: docs/ASAN.rst

Issue 2145213002: Subzero: implemented wrapper script to replace calls to calloc() (Closed) Base URL: https://chromium.googlesource.com/native_client/pnacl-subzero.git@master
Patch Set: Updated command examples Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | pydir/sz-clang.py » ('j') | pydir/sz-clang.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Using AddressSanitizer in Subzero 1 Using AddressSanitizer in Subzero
2 ================================= 2 =================================
3 3
4 AddressSanitizer is a powerful compile-time tool used to detect and report 4 AddressSanitizer is a powerful compile-time tool used to detect and report
5 illegal memory accesses. For a full description of the tool, see the original 5 illegal memory accesses. For a full description of the tool, see the original
6 `paper 6 `paper
7 <https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf>`_. 7 <https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf>`_.
8 AddressSanitizer is only supported on native builds of .pexe files and cannot be 8 AddressSanitizer is only supported on native builds of .pexe files and cannot be
9 used in production. 9 used in production.
10 10
11 In Subzero, AddressSanitizer depends on being able to find and instrument calls 11 In Subzero, AddressSanitizer depends on being able to find and instrument calls
12 to various functions such as malloc() and free(), and as such the .pexe file 12 to various functions such as malloc() and free(), and as such the .pexe file
13 being translated must not have had those symbols stripped. Subzero will not 13 being translated must not have had those symbols stripped or inlined. Subzero
14 complain if it is told to translate a .pexe file with its symbols stripped, but 14 will not complain if it is told to translate a .pexe file with its symbols
15 it will not be able to find calls to malloc() and free(), so AddressSanitizer 15 stripped, but it will not be able to find calls to malloc(), calloc(), free(),
16 will not work correctly in the final executable. 16 etc., so AddressSanitizer will not work correctly in the final executable.
17
18 Furthermore, pnacl-clang automatically inlines calls to calloc(), even with
Karl 2016/07/14 17:33:50 s/calls/some calls/? Do you know it does this to
tlively 2016/07/14 20:26:14 Done.
19 inlining turned off, so we provide a wrapper script, sz-clang.py, that normally
20 just passes its arguments through to pnacl-clang, but adds instrumentation to
21 replace calls to calloc() at the source level if it is passed
22 -fsanitize-address.
17 23
18 These are the steps to compile hello.c to an instrumented object file:: 24 These are the steps to compile hello.c to an instrumented object file::
19 25
20 pnacl-clang -o hello.nonfinal.pexe hello.c 26 sz-clang.py -fno-inline -fsanitize-address -o hello.nonfinal.pexe hello.c
21 pnacl-finalize --no-strip-syms -o hello.pexe hello.nonfinal.pexe 27 pnacl-finalize --no-strip-syms -o hello.pexe hello.nonfinal.pexe
22 pnacl-sz -fsanitize-address -filetype=obj -o hello.o hello.pexe 28 pnacl-sz -fsanitize-address -filetype=obj -o hello.o hello.pexe
23 29
24 The resulting object file must be linked with the Subzero-specific 30 The resulting object file must be linked with the Subzero-specific
25 AddressSanitizer runtime to work correctly. A .pexe file can be compiled with 31 AddressSanitizer runtime to work correctly. A .pexe file can be compiled with
26 AddressSanitizer and properly linked into a final executable using 32 AddressSanitizer and properly linked into a final executable using
27 subzero/pydir/szbuild.py with the --fsanitize-address flag, i.e.:: 33 subzero/pydir/szbuild.py with the --fsanitize-address flag, i.e.::
28 34
29 pydir/szbuild.py --fsanitize-address hello.pexe 35 pydir/szbuild.py --fsanitize-address hello.pexe
30 36
31 Handling Wide Loads 37 Handling Wide Loads
32 =================== 38 ===================
33 39
34 Since AddressSanitizer is implemented only in Subzero, the target .pexe may 40 Since AddressSanitizer is implemented only in Subzero, the target .pexe may
35 contain widened loads that would cause false positives. To avoid reporting such 41 contain widened loads that would cause false positives. To avoid reporting such
36 loads as errors, we treat any word-aligned, four byte load as a potentially 42 loads as errors, we treat any word-aligned, four byte load as a potentially
37 widened load and only check the first byte of the loaded word against shadow 43 widened load and only check the first byte of the loaded word against shadow
38 memory. 44 memory.
OLDNEW
« no previous file with comments | « no previous file | pydir/sz-clang.py » ('j') | pydir/sz-clang.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698