Hello, I'd like to announce that since Tizen 3.0 2015.Q2 we have an Address Sanitizer support.
Address Sanitizer is a tool to detect memory corruption bugs such as buffer overflows, use-after-free and so on in run time. The tool is pretty alike to valgrind but gives much lesser overhead. Currently it works for builds both in Tizen native environment and gbs builds for arm, x86 and x86_64. To use the tool you should provide a '-fsanitize=address' compiler flag and provide `libasan' into running environment (installed automatically to gbs chroot, can be installed to device using zypper install libasan) and then run application. The simplest example in clean Tizen (can be seen in motion https://asciinema.org/a/23077 at 5:00): 1 #include <stdlib.h> 2 int main() 3 { 4 int* a = malloc(10*sizeof(int)); /* Allocating 10 ints */ 5 int x = a[10]; /* ERROR: try to access to 11th */ 6 return x; 7 } # gcc -fsanitize=address test.c # ./a.out Results into: ================================================================= ==406==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x75400ff8 at pc 0x10783 bp 0x7efc9ab8 sp 0x7efc9abc READ of size 4 at 0x75400ff8 thread T0 #0 0x10781 in main /root/test.c:5 #1 0x7694b8f5 in __libc_start_main (/lib/libc.so.6+0x168f5) 0x75400ff8 is located 0 bytes to the right of 40-byte region [0x75400fd0,0x75400ff8) allocated by thread T0 here: #0 0x76aa72cb in malloc (/lib/libasan.so.1+0x472cb) #1 0x1073f in main /root/test.c:4 #2 0x7694b8f5 in __libc_start_main (/lib/libc.so.6+0x168f5) SUMMARY: AddressSanitizer: heap-buffer-overflow /root/test.c:5 main ==== From here goes memory layout you might be interested in ==== So the first backtrace shows us an `x = a[10]' as a buffer overflow bug and the second one shows where this buffer has been allocated. The check can also be applied to gbs build by just adding CFLAGS+="-fsanitize=address" and running application for test. As an example you can see a try of checking bc calculator from Tizen:Common using gbs: https://asciinema.org/a/23134 Known caveat: be careful if you already use valgrind to check you application for memory issues, Address Sanitizer and valgind both use memory functions hooking and therefore can't be used at the same time. Trying to run sanitized binary check causes valgrind fail. Best Regards, Vyacheslav Barinov _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
