问题
I am trying to build (with clang) my application with the address sanitizer described here (https://github.com/google/sanitizers/wiki/AddressSanitizer, more precisely here: https://github.com/google/sanitizers/wiki/AddressSanitizerOnAndroid), but I am having trouble understanding the whole process, especially using gradle.
It looks like there is at least 3 ways of enabling it:
1°) Following the first link, t says that all you have to do is doing this:
adding
-fsanitize=addressto the cppFlags + optional-fno-omit-frame-pointeradding
-fsanitize=addressto the linker flags (is it necessary?)
2°) following the second link, it seems that you have to do:
- same as first
- root a device then run asan_device_setup on it through adb
- add a
LD_PRELOAD=libclang_rt.asan-arm-android.sosomewhere? I guess it should be put in the 'arguments' part of the gradle externalNativeBuild? But where can the app find this library? Do I have to link it myself? Or is it already somewhere on the device?
3°) I also found a "new" way of doing it, which shouldn't requires roots access (well it does but it is a bug due to be corrected at some point):
https://virtualrealitypop.com/oreo-ndk-secrets-7d075a9b084
This method actually does what is done in first and second point, plus runs the app by launching a shell script that exports some values for asan to work.
As far as my investigation goes, I am a bit confused on what is the proper method to have a fully sanitized app (with statically linked libraries) working on my rooted emulator.
The farther I have gone was to actually build and launch the app (using 2°), but without specifying LD_PRELOAD flag), but the app crashes with a container-overflow in some eglMakeCurrent function that isn't even part of my code, and I don't get any stack for it:
02-19 16:26:21.553 28771-28789/com.mycompany.myapp I/zygote: Background concurrent copying GC freed 10159(1175KB) AllocSpace objects, 12(304KB) LOS objects, 50% free, 2MB/4MB, paused 144.861ms total 1.252s
[ 02-19 16:26:21.554 28771:28956 I/ ]
=================================================================
[ 02-19 16:26:21.554 28771:28956 I/ ]
[ 02-19 16:26:21.557 28771:28956 I/ ]
[ 02-19 16:26:21.563 28771:28956 I/ ]
==28771==ERROR: AddressSanitizer: container-overflow on address 0xa136e990 at pc 0xa49849e2 bp 0x82e60558 sp 0x82e60128
[ 02-19 16:26:21.563 28771:28956 I/ ]
[ 02-19 16:26:21.565 28771:28956 I/ ]
[ 02-19 16:26:21.566 28771:28956 I/ ]
WRITE of size 2 at 0xa136e990 thread T334 (GLThread 337)
[ 02-19 16:26:21.566 28771:28956 I/ ]
I am not sure it is a real overflow because I am not sure all my app is built with sanitizer (I have built my so+ all my statics with it but is it enough?), and https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow says that if your whole app isn't built with sanitizer you may get false positives.
So my questions are:
A°) has someone actually managed to build a sanitized app using android studio?
B°) If yes, what is the correct way to do it (meaning the one that will be supported)?
回答1:
So after a bit of struggle, I have used the method described in
https://virtualrealitypop.com/oreo-ndk-secrets-7d075a9b084. I have added a new sanitize_debug target in my build.gradle with the following:
tasks.whenTaskAdded { task ->
if (task.name == 'generateSanitize_debugBuildConfig') {
task.dependsOn createWrapScriptAddDir
}
}
task deleteASAN(type: Delete) {
delete 'jni/sanitizer/'
}
static def writeWrapScriptToFullyCompileJavaApp(wrapFile, abi) {
if(abi == "armeabi" || abi == "armeabi-v7a")
abi = "arm"
if(abi == "arm64-v8a")
abi = "aarch64"
if (abi == "x86")
abi = "i686"
wrapFile.withWriter { writer ->
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "$0")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=\$HERE/libclang_rt.asan-${abi}-android.so\n")
writer.write('\$@\n')
}
}
task copyASANLibs {
def libDirs = android.ndkDirectory.absolutePath + "/toolchains/llvm/prebuilt/"
for (String abi : rootProject.ext.abiFilters) {
def destDir = new File("wizards/src/sanitize_debug/jniLibs/" + abi)
destDir.mkdirs()
def renamedAbi = abi
if(abi == "armeabi-v7a" || abi == "armeabi")
renamedAbi = "arm"
if(abi == "arm64-v8a")
renamedAbi = "aarch64"
if (abi == "x86")
renamedAbi = "i686"
FileTree tree = fileTree(dir: libDirs).include("**/*asan*${renamedAbi}*.so")
tree.each { File file ->
copy {
from file
into destDir.absolutePath
}
}
}
}
task createWrapScriptAddDir(dependsOn: copyASANLibs) {
for (String abi : rootProject.ext.abiFilters) {
def dir = new File("wizards/src/sanitize_debug/resources/lib/" + abi)
dir.mkdirs()
def wrapFile = new File(dir, "wrap.sh")
wrapFile.setExecutable(true, false)
writeWrapScriptToFullyCompileJavaApp(wrapFile, abi)
}
}
The things that needs to be improved are
1°) the cleanup phase when switching to a non sanitized build must be called manually,
2°) The wrapper script is built and packaged for all arm architectures, which is a workaround the fact that you can't easily specify a target architecture for the wrap.sh scrip (see bug https://issuetracker.google.com/issues/74058603)
回答2:
In order to also debug you can adjust the answer from downstroy and tweak wrap.sh script, since the simple version of wrap.sh will prevent debugging ( from https://developer.android.com/ndk/guides/wrap-script ) :
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "$0")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=\$HERE/libclang_rt.asan-${abi}-android.so\n")
writer.write('cmd=$1\n')
writer.write('shift\n')
writer.write('os_version=$(getprop ro.build.version.sdk)\n')
writer.write('if [ "$os_version" -eq "27" ]; then\n')
writer.write('cmd="$cmd -Xrunjdwp:transport=dt_android_adb,suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('elif [ "$os_version" -eq "28" ]; then\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection -XjdwpOptions:suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('else\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection $@"\n')
writer.write('fi\n')
writer.write('exec $cmd\n')
来源:https://stackoverflow.com/questions/48870291/android-studio-address-sanitizer-using-build-gradle