Meaningful stack traces for address sanitizer in GCC

techfun 发表于 Dev

clstaudt

I just tried compiling with GCC and the -fsanitize=address flag. When I run my program, the address sanitizer finds a flaw, but the stack trace is not helpful. How can I configure this so that it points to the source code locations I need to look at?

=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
    #0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
    #1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
    #2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
    #3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
    #4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #17 0x2
0x6006004b38a0 is located 0 bytes to the right of 32-byte region [0x6006004b3880,0x6006004b38a0)
allocated by thread T0 here:
    #0 0x10b8bb63a (/usr/local/lib/gcc/x86_64-apple-darwin13.0.0/4.8.2/libasan.0.dylib+0xe63a)
    #1 0x10b0777c6 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000077c6)
    #2 0x10b07701e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10000701e)
    #3 0x10b09cd1b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002cd1b)
    #4 0x10b09c6ef (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002c6ef)
    #5 0x10b09960e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002960e)
    #6 0x10b137844 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7844)
    #7 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #8 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #9 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #10 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #11 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #12 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #13 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #14 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #15 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #16 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #17 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #18 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #19 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #20 0x2
Shadow bytes around the buggy address:
  0x1c00c00966c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c0096700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c00c0096710: 00 00 00 00[fa]fa fd fd fd fd fa fa fd fd fd fa
  0x1c00c0096720: fa fa fd fd fd fa fa fa 00 00 00 07 fa fa 00 00
  0x1c00c0096730: 00 04 fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x1c00c0096740: fd fd fd fa fa fa fd fd fd fa fa fa 00 00 00 07
  0x1c00c0096750: fa fa 00 00 00 00 fa fa 00 00 00 04 fa fa fd fd
  0x1c00c0096760: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==32415== ABORTING

iluvatar

This is what is working for me:

Make sure you have installed llvm (including llvm-symbolizer).
Export the following variable
```
export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer
```
(replace with your correct path to the llvm-symbolizer command).
Now run your executable (a.out for now) as
```
ASAN_OPTIONS=symbolize=1 a.out
```

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。