GCCのアドレスサニタイザーの意味のあるスタックトレース
GCCと-fsanitize=address 国旗。プログラムを実行すると、アドレスサニタイザーで欠陥が見つかりましたが、スタックトレースは役に立ちません。これを調べて、参照する必要があるソースコードの場所を指すようにするにはどうすればよいですか?
=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
#0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
#1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
#2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
#3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
#4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
#5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
#6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
#7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
#8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
#9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
#10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
#11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
#12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
#13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
#14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
#15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
#16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
#17 0x2
0x6006004b38a0 is located 0 bytes to the right of 32-byte region [0x6006004b3880,0x6006004b38a0)
allocated by thread T0 here:
#0 0x10b8bb63a (/usr/local/lib/gcc/x86_64-Apple-darwin13.0.0/4.8.2/libasan.0.dylib+0xe63a)
#1 0x10b0777c6 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000077c6)
#2 0x10b07701e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10000701e)
#3 0x10b09cd1b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002cd1b)
#4 0x10b09c6ef (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002c6ef)
#5 0x10b09960e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002960e)
#6 0x10b137844 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7844)
#7 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
#8 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
#9 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
#10 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
#11 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
#12 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
#13 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
#14 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
#15 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
#16 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
#17 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
#18 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
#19 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
#20 0x2
Shadow bytes around the buggy address:
0x1c00c00966c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c00c00966d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c00c00966e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c00c00966f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c00c0096700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c00c0096710: 00 00 00 00[fa]fa fd fd fd fd fa fa fd fd fd fa
0x1c00c0096720: fa fa fd fd fd fa fa fa 00 00 00 07 fa fa 00 00
0x1c00c0096730: 00 04 fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x1c00c0096740: fd fd fd fa fa fa fd fd fd fa fa fa 00 00 00 07
0x1c00c0096750: fa fa 00 00 00 00 fa fa 00 00 00 04 fa fa fd fd
0x1c00c0096760: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==32415== ABORTING
これは私のために働いています:
- Llvm(llvm-symbolizerを含む)がインストールされていることを確認します。
次の変数をエクスポートします
エクスポートASAN_SYMBOLIZER_PATH =/usr/bin/llvm-symbolizer
(llvm-symbolizerコマンドへの正しいパスに置き換えてください)。
次に、実行可能ファイル(現時点ではa.out)を実行します。
ASAN_OPTIONS = symbolize = 1 a.out
上記のGCC 4.9.3では、個別のシンボライザーは必要ありません。
=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
#0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
#1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
#2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
#3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
#4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
#5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
#6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
#7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
#8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
#9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
#10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
#11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
#12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
#13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
#14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
#15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
#16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
#17 0x2
別の方法として、これは私がClangの下で何年もの間やってきたことです。出力をasan_symbolizeにパイプして、シンボルを取得します。だからあなたは次のようなことをするべきです:
./test.exe 2>&1 | asan_symbolize
asan_symbolizeと/usr/binの両方に/usr/local/binがあります:
$ find /usr/ -name asan*
/usr/bin/asan_symbolize
/usr/lib/llvm-3.4/lib/clang/3.4/include/sanitizer/asan_interface.h
/usr/local/bin/asan_symbolize.py
/usr/local/lib/clang/3.5.0/include/sanitizer/asan_interface.h
1つはapt-get(/usr/bin/asan_symbolize)を介してClangと共にインストールされたため、2つのコピーがあります。ソースからClangをビルドすることもあります(/usr/local/bin/asan_symbolize.py)。
noのコピーがある場合は、- address- sanitizer Googleコードで。
asan_symbolizeの使用を開始すると、パスの変更が原因でasan_symbolizeがシンボルを見つけられない場合があります(たとえば、プログラムまたはライブラリがビルド場所から宛先ディレクトリにコピーされた)。そのためには、Asanメーリングリストの asan_symbolizeへのシンボルパスを指定しますか? を参照してください。
kcc'sの答えでは、彼は次のようなことをするつもりでした:
./test.exe 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize
(私はPostgresをテストするときにそれをしなければならなかったと思います)。
PythonはClangとそのサニタイザ Dynamic Analysis with Clang にクラッシュコースがあります。スタックトレースの取得などのトピックについて説明します。 (Pythonプロジェクトのページを書いて、リリースエンジニアリングプロセスにClangとそのサニタイザーを追加できるようにしました。数年前のものですが、すべての情報がまだ当てはまると思います)。