Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(792)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: docs/ASAN.rst

Issue 2145213002: Subzero: implemented wrapper script to replace calls to calloc() (Closed) Base URL: https://chromium.googlesource.com/native_client/pnacl-subzero.git@master
Patch Set: Addressed comments and added error testing Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | pydir/sz-clang.py » ('j') | pydir/sz-clang.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Using AddressSanitizer in Subzero 1 Using AddressSanitizer in Subzero
2 ================================= 2 =================================
3 3
4 AddressSanitizer is a powerful compile-time tool used to detect and report 4 AddressSanitizer is a powerful compile-time tool used to detect and report
5 illegal memory accesses. For a full description of the tool, see the original 5 illegal memory accesses. For a full description of the tool, see the original
6 `paper 6 `paper
7 <https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf>`_. 7 <https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf>`_.
8 AddressSanitizer is only supported on native builds of .pexe files and cannot be 8 AddressSanitizer is only supported on native builds of .pexe files and cannot be
9 used in production. 9 used in production.
10 10
11 In Subzero, AddressSanitizer depends on being able to find and instrument calls 11 In Subzero, AddressSanitizer depends on being able to find and instrument calls
12 to various functions such as malloc() and free(), and as such the .pexe file 12 to various functions such as malloc() and free(), and as such the .pexe file
13 being translated must not have had those symbols stripped. Subzero will not 13 being translated must not have had those symbols stripped or inlined. Subzero
14 complain if it is told to translate a .pexe file with its symbols stripped, but 14 will not complain if it is told to translate a .pexe file with its symbols
15 it will not be able to find calls to malloc() and free(), so AddressSanitizer 15 stripped, but it will not be able to find calls to malloc(), calloc(), free(),
16 will not work correctly in the final executable. 16 etc., so AddressSanitizer will not work correctly in the final executable.
17
18 Furthermore, pnacl-clang automatically inlines some calls to calloc(),
19 even with inlining turned off, so we provide wrapper scripts,
20 sz-clang.py and sz-clang++.py, that normally just pass their arguments
21 through to pnacl-clang or pnacl-clang++, but add instrumentation to
22 replace calls to calloc() at the source level if they are passed
23 -fsanitize-address.
17 24
18 These are the steps to compile hello.c to an instrumented object file:: 25 These are the steps to compile hello.c to an instrumented object file::
19 26
20 pnacl-clang -o hello.nonfinal.pexe hello.c 27 sz-clang.py -fno-inline -fsanitize-address -o hello.nonfinal.pexe hello.c
Karl 2016/07/14 20:36:29 Silly question: Should you add -fno-inline if -fsa
tlively 2016/07/15 01:54:24 Done.
21 pnacl-finalize --no-strip-syms -o hello.pexe hello.nonfinal.pexe 28 pnacl-finalize --no-strip-syms -o hello.pexe hello.nonfinal.pexe
22 pnacl-sz -fsanitize-address -filetype=obj -o hello.o hello.pexe 29 pnacl-sz -fsanitize-address -filetype=obj -o hello.o hello.pexe
23 30
24 The resulting object file must be linked with the Subzero-specific 31 The resulting object file must be linked with the Subzero-specific
25 AddressSanitizer runtime to work correctly. A .pexe file can be compiled with 32 AddressSanitizer runtime to work correctly. A .pexe file can be compiled with
26 AddressSanitizer and properly linked into a final executable using 33 AddressSanitizer and properly linked into a final executable using
27 subzero/pydir/szbuild.py with the --fsanitize-address flag, i.e.:: 34 subzero/pydir/szbuild.py with the --fsanitize-address flag, i.e.::
28 35
29 pydir/szbuild.py --fsanitize-address hello.pexe 36 pydir/szbuild.py --fsanitize-address hello.pexe
30 37
31 Handling Wide Loads 38 Handling Wide Loads
32 =================== 39 ===================
33 40
34 Since AddressSanitizer is implemented only in Subzero, the target .pexe may 41 Since AddressSanitizer is implemented only in Subzero, the target .pexe may
35 contain widened loads that would cause false positives. To avoid reporting such 42 contain widened loads that would cause false positives. To avoid reporting such
36 loads as errors, we treat any word-aligned, four byte load as a potentially 43 loads as errors, we treat any word-aligned, four byte load as a potentially
37 widened load and only check the first byte of the loaded word against shadow 44 widened load and only check the first byte of the loaded word against shadow
38 memory. 45 memory.
OLDNEW
« no previous file with comments | « no previous file | pydir/sz-clang.py » ('j') | pydir/sz-clang.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698