llvm dev - Jun 2013 - [LLVMdev] Address Sanitizer on Android

I have simple standalone ASan examples working on Android, and now I'd
like to try using ASan with the Android build system.  I'm building
the release_33 branch of llvm+clang+compiler-rt with CMake.  To test,
I'm looking at libjpg, because with just a small change its Android.mk
it compiles in a few seconds and without needing any additional
dependencies.

When I run 'djpeg' on JellyBean, ASan reports the error message below.
 Can you please help me interpret it?  Do you know what I might be
doing wrong?

$ adb shell "cd /data/data && ASAN_OPTIONS=debug=1,verbosity=1
LD_PRELOAD=libclang_rt.asan-arm-android.so LD_LIBRARY_PATH=. ./djpeg
./testimg.jpg"

==28210==Parsed ASAN_OPTIONS: debug=1,verbosity=1
==28210==AddressSanitizer: libc interceptors initialized
|| `[0x20000000, 0xffffffff]` || HighMem    ||
|| `[0x04000000, 0x1fffffff]` || HighShadow ||
|| `[0x00040000, 0x03ffffff]` || ShadowGap  ||
MemToShadow(shadow): 0x00000000 0x00000000 0x00800000 0x03ffffff
red_zone=16
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0
==28210==Shadow memory range interleaves with an existing memory
mapping. ASan cannot proceed correctly. ABORTING.
==28210==Process memory map follows:
     0x00008000-0x0000f000   /data/data/djpeg
     0x0000f000-0x00010000   /data/data/djpeg
     0x00010000-0x00011000
     0x40094000-0x400a7000   /system/bin/linker
     0x400a7000-0x400a8000   /system/bin/linker
     0x400a8000-0x400a9000   /system/bin/linker
     0x400a9000-0x400b5000
     0x400e7000-0x400e8000   /system/lib/libstdc++.so
     0x400e8000-0x400e9000   /system/lib/libstdc++.so
     0x400e9000-0x400ea000
     0x40110000-0x40125000   /system/lib/libm.so
     0x40125000-0x40126000   /system/lib/libm.so
     0x40126000-0x40127000
     0x40159000-0x4018b000   /data/data/libclang_rt.asan-arm-android.so
     0x4018b000-0x4018c000   /data/data/libclang_rt.asan-arm-android.so
     0x4018c000-0x4018d000   /data/data/libclang_rt.asan-arm-android.so
     0x4018d000-0x405b8000
     0x405b8000-0x405fb000   /system/lib/libc.so
     0x405fb000-0x405fe000   /system/lib/libc.so
     0x405fe000-0x40609000
     0x40609000-0x406a5000   /data/data/libjpeg.so
     0x406a5000-0x406a6000
     0x406a6000-0x406a7000   /data/data/libjpeg.so
     0x406a7000-0x406a8000   /data/data/libjpeg.so
     0x406a8000-0x406b4000   /dev/__properties__ (deleted)
     0x406e6000-0x406e8000
     0x4073e000-0x40740000
     0x40748000-0x4074a000
     0xbe8b7000-0xbe8d8000   [stack]
     0xffff0000-0xffff1000   [vectors]
==28210==End of process memory map.

Thanks,
Greg

> When I run 'djpeg' on JellyBean, ASan reports the error message
below.
>
> ==28210==Shadow memory range interleaves with an existing memory
> mapping. ASan cannot proceed correctly. ABORTING.
Got figured out.  I needed to use TARGET_LDFLAGS.  LOCAL_LDFLAGS seems
to be ignored in my clang build.

LOCAL_CFLAGS += -fsanitize=address
TARGET_LDFLAGS +=-fsanitize=address -target arm-linux-androideabi

And once doing that, I also needed to build against Android API 8 or later:
$ ndk-build V=1 NDK_TOOLCHAIN_VERSION=clang3.3 APP_PLATFORM=android-8

-Greg


On Tue, Jun 4, 2013 at 11:21 AM, Greg Fitzgerald <garious at gmail.com>
wrote:
> I have simple standalone ASan examples working on Android, and now I'd
> like to try using ASan with the Android build system.  I'm building
> the release_33 branch of llvm+clang+compiler-rt with CMake.  To test,
> I'm looking at libjpg, because with just a small change its Android.mk
> it compiles in a few seconds and without needing any additional
> dependencies.
>
> When I run 'djpeg' on JellyBean, ASan reports the error message
below.
>  Can you please help me interpret it?  Do you know what I might be
> doing wrong?
>
> $ adb shell "cd /data/data && ASAN_OPTIONS=debug=1,verbosity=1
> LD_PRELOAD=libclang_rt.asan-arm-android.so LD_LIBRARY_PATH=. ./djpeg
> ./testimg.jpg"
>
> ==28210==Parsed ASAN_OPTIONS: debug=1,verbosity=1
> ==28210==AddressSanitizer: libc interceptors initialized
> || `[0x20000000, 0xffffffff]` || HighMem    ||
> || `[0x04000000, 0x1fffffff]` || HighShadow ||
> || `[0x00040000, 0x03ffffff]` || ShadowGap  ||
> MemToShadow(shadow): 0x00000000 0x00000000 0x00800000 0x03ffffff
> red_zone=16
> malloc_context_size=30
> SHADOW_SCALE: 3
> SHADOW_GRANULARITY: 8
> SHADOW_OFFSET: 0
> ==28210==Shadow memory range interleaves with an existing memory
> mapping. ASan cannot proceed correctly. ABORTING.
> ==28210==Process memory map follows:
>      0x00008000-0x0000f000   /data/data/djpeg
>      0x0000f000-0x00010000   /data/data/djpeg
>      0x00010000-0x00011000
>      0x40094000-0x400a7000   /system/bin/linker
>      0x400a7000-0x400a8000   /system/bin/linker
>      0x400a8000-0x400a9000   /system/bin/linker
>      0x400a9000-0x400b5000
>      0x400e7000-0x400e8000   /system/lib/libstdc++.so
>      0x400e8000-0x400e9000   /system/lib/libstdc++.so
>      0x400e9000-0x400ea000
>      0x40110000-0x40125000   /system/lib/libm.so
>      0x40125000-0x40126000   /system/lib/libm.so
>      0x40126000-0x40127000
>      0x40159000-0x4018b000   /data/data/libclang_rt.asan-arm-android.so
>      0x4018b000-0x4018c000   /data/data/libclang_rt.asan-arm-android.so
>      0x4018c000-0x4018d000   /data/data/libclang_rt.asan-arm-android.so
>      0x4018d000-0x405b8000
>      0x405b8000-0x405fb000   /system/lib/libc.so
>      0x405fb000-0x405fe000   /system/lib/libc.so
>      0x405fe000-0x40609000
>      0x40609000-0x406a5000   /data/data/libjpeg.so
>      0x406a5000-0x406a6000
>      0x406a6000-0x406a7000   /data/data/libjpeg.so
>      0x406a7000-0x406a8000   /data/data/libjpeg.so
>      0x406a8000-0x406b4000   /dev/__properties__ (deleted)
>      0x406e6000-0x406e8000
>      0x4073e000-0x40740000
>      0x40748000-0x4074a000
>      0xbe8b7000-0xbe8d8000   [stack]
>      0xffff0000-0xffff1000   [vectors]
> ==28210==End of process memory map.
>
> Thanks,
> Greg

Since JellyBean or so Android switched to PIE binaries. ASan only
supports those.

On Wed, Jun 5, 2013 at 12:28 AM, Greg Fitzgerald <garious at gmail.com>
wrote:
>> When I run 'djpeg' on JellyBean, ASan reports the error message
below.
>>
>> ==28210==Shadow memory range interleaves with an existing memory
>> mapping. ASan cannot proceed correctly. ABORTING.
>
> Got figured out.  I needed to use TARGET_LDFLAGS.  LOCAL_LDFLAGS seems
> to be ignored in my clang build.
>
> LOCAL_CFLAGS += -fsanitize=address
> TARGET_LDFLAGS +=-fsanitize=address -target arm-linux-androideabi
>
> And once doing that, I also needed to build against Android API 8 or later:
> $ ndk-build V=1 NDK_TOOLCHAIN_VERSION=clang3.3 APP_PLATFORM=android-8
>
> -Greg
>
>
> On Tue, Jun 4, 2013 at 11:21 AM, Greg Fitzgerald <garious at
gmail.com> wrote:
>> I have simple standalone ASan examples working on Android, and now
I'd
>> like to try using ASan with the Android build system.  I'm building
>> the release_33 branch of llvm+clang+compiler-rt with CMake.  To test,
>> I'm looking at libjpg, because with just a small change its
Android.mk
>> it compiles in a few seconds and without needing any additional
>> dependencies.
>>
>> When I run 'djpeg' on JellyBean, ASan reports the error message
below.
>>  Can you please help me interpret it?  Do you know what I might be
>> doing wrong?
>>
>> $ adb shell "cd /data/data &&
ASAN_OPTIONS=debug=1,verbosity=1
>> LD_PRELOAD=libclang_rt.asan-arm-android.so LD_LIBRARY_PATH=. ./djpeg
>> ./testimg.jpg"
>>
>> ==28210==Parsed ASAN_OPTIONS: debug=1,verbosity=1
>> ==28210==AddressSanitizer: libc interceptors initialized
>> || `[0x20000000, 0xffffffff]` || HighMem    ||
>> || `[0x04000000, 0x1fffffff]` || HighShadow ||
>> || `[0x00040000, 0x03ffffff]` || ShadowGap  ||
>> MemToShadow(shadow): 0x00000000 0x00000000 0x00800000 0x03ffffff
>> red_zone=16
>> malloc_context_size=30
>> SHADOW_SCALE: 3
>> SHADOW_GRANULARITY: 8
>> SHADOW_OFFSET: 0
>> ==28210==Shadow memory range interleaves with an existing memory
>> mapping. ASan cannot proceed correctly. ABORTING.
>> ==28210==Process memory map follows:
>>      0x00008000-0x0000f000   /data/data/djpeg
>>      0x0000f000-0x00010000   /data/data/djpeg
>>      0x00010000-0x00011000
>>      0x40094000-0x400a7000   /system/bin/linker
>>      0x400a7000-0x400a8000   /system/bin/linker
>>      0x400a8000-0x400a9000   /system/bin/linker
>>      0x400a9000-0x400b5000
>>      0x400e7000-0x400e8000   /system/lib/libstdc++.so
>>      0x400e8000-0x400e9000   /system/lib/libstdc++.so
>>      0x400e9000-0x400ea000
>>      0x40110000-0x40125000   /system/lib/libm.so
>>      0x40125000-0x40126000   /system/lib/libm.so
>>      0x40126000-0x40127000
>>      0x40159000-0x4018b000   /data/data/libclang_rt.asan-arm-android.so
>>      0x4018b000-0x4018c000   /data/data/libclang_rt.asan-arm-android.so
>>      0x4018c000-0x4018d000   /data/data/libclang_rt.asan-arm-android.so
>>      0x4018d000-0x405b8000
>>      0x405b8000-0x405fb000   /system/lib/libc.so
>>      0x405fb000-0x405fe000   /system/lib/libc.so
>>      0x405fe000-0x40609000
>>      0x40609000-0x406a5000   /data/data/libjpeg.so
>>      0x406a5000-0x406a6000
>>      0x406a6000-0x406a7000   /data/data/libjpeg.so
>>      0x406a7000-0x406a8000   /data/data/libjpeg.so
>>      0x406a8000-0x406b4000   /dev/__properties__ (deleted)
>>      0x406e6000-0x406e8000
>>      0x4073e000-0x40740000
>>      0x40748000-0x4074a000
>>      0xbe8b7000-0xbe8d8000   [stack]
>>      0xffff0000-0xffff1000   [vectors]
>> ==28210==End of process memory map.
>>
>> Thanks,
>> Greg