GCC中地址消毒剂的有意义的堆栈跟踪

Question

我刚尝试使用GCC和-fsanitize=address标志进行编译。当我运行我的程序时，地址清理程序发现了一个缺陷，但堆栈跟踪没有帮助。如何配置它以使其指向我需要查看的源代码位置？

=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
    #0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
    #1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
    #2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
    #3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
    #4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #17 0x2
0x6006004b38a0 is located 0 bytes to the right of 32-byte region [0x6006004b3880,0x6006004b38a0)
allocated by thread T0 here:
    #0 0x10b8bb63a (/usr/local/lib/gcc/x86_64-apple-darwin13.0.0/4.8.2/libasan.0.dylib+0xe63a)
    #1 0x10b0777c6 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000077c6)
    #2 0x10b07701e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10000701e)
    #3 0x10b09cd1b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002cd1b)
    #4 0x10b09c6ef (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002c6ef)
    #5 0x10b09960e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002960e)
    #6 0x10b137844 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7844)
    #7 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #8 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #9 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #10 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #11 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #12 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #13 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #14 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #15 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #16 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #17 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #18 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #19 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #20 0x2
Shadow bytes around the buggy address:
  0x1c00c00966c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c0096700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c00c0096710: 00 00 00 00[fa]fa fd fd fd fd fa fa fd fd fd fa
  0x1c00c0096720: fa fa fd fd fd fa fa fa 00 00 00 07 fa fa 00 00
  0x1c00c0096730: 00 04 fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x1c00c0096740: fd fd fd fa fa fa fd fd fd fa fa fa 00 00 00 07
  0x1c00c0096750: fa fa 00 00 00 00 fa fa 00 00 00 04 fa fa fd fd
  0x1c00c0096760: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==32415== ABORTING

Answer 1

这对我有用：

• 确保已安装llvm（包括llvm-symbolizer）。

• 导出以下变量

  export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer

  （替换为llvm-symbolizer命令的正确路径）。

• 现在运行您的可执行文件（现在是a.out）

  ASAN_OPTIONS=symbolize=1 a.out

Answer 2

上面的GCC 4.9.3不需要单独的符号化器。

Check How to compile with GCC with static options

Answer 3

=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
    #0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
    #1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
    #2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
    #3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
    #4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #17 0x2

作为替代方案，这是我在Clang工作多年的经历。通过asan_symbolize管道输出以获取符号。所以你应该这样做：

./test.exe 2>&1 | asan_symbolize

我asan_symbolize和/usr/bin都有/usr/local/bin：

$ find /usr/ -name asan*
/usr/bin/asan_symbolize
/usr/lib/llvm-3.4/lib/clang/3.4/include/sanitizer/asan_interface.h
/usr/local/bin/asan_symbolize.py
/usr/local/lib/clang/3.5.0/include/sanitizer/asan_interface.h

我有两个副本，因为其中一个是通过apt-get（/usr/bin/asan_symbolize）与Clang一起安装的，我偶尔会从源代码构建Clang（/usr/local/bin/asan_symbolize.py）。

如果你有 没有 副本，那么我相信你可以从Google Code上的address-sanitizer获取它。

开始使用asan_symbolize后，您可能会遇到asan_symbolize由于路径更改而无法找到符号的情况（例如，程序或库已从其构建位置复制到目标位置目录）。为此，请参阅Asan邮件列表中的Specify Symbol Path to asan_symbolize?。

在 kcc＆＃39> 答案中，他打算做以下事情：

./test.exe 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize

（我认为这是测试Postgres时我必须做的事情）。

Python在Dynamic Analysis with Clang有一个Clang及其消毒剂的速成课程。它讨论了获取堆栈跟踪等主题。 （我编写了Python项目的页面，以帮助他们将Clang及其消毒剂添加到其发布工程流程中。现在已有几年了，但我相信所有信息仍然适用。）