Address Sanitizer on Android

Greg_Fitzgerald · June 4, 2013, 6:21pm

I have simple standalone ASan examples working on Android, and now I'd
like to try using ASan with the Android build system. I'm building
the release_33 branch of llvm+clang+compiler-rt with CMake. To test,
I'm looking at libjpg, because with just a small change its Android.mk
it compiles in a few seconds and without needing any additional
dependencies.

When I run 'djpeg' on JellyBean, ASan reports the error message below.
Can you please help me interpret it? Do you know what I might be
doing wrong?

$ adb shell "cd /data/data && ASAN_OPTIONS=debug=1,verbosity=1
LD_PRELOAD=libclang_rt.asan-arm-android.so LD_LIBRARY_PATH=. ./djpeg
./testimg.jpg"

==28210==Parsed ASAN_OPTIONS: debug=1,verbosity=1
==28210==AddressSanitizer: libc interceptors initialized

`[0x20000000, 0xffffffff]` || HighMem ||
`[0x04000000, 0x1fffffff]` || HighShadow ||
`[0x00040000, 0x03ffffff]` || ShadowGap ||

MemToShadow(shadow): 0x00000000 0x00000000 0x00800000 0x03ffffff
red_zone=16
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0
==28210==Shadow memory range interleaves with an existing memory
mapping. ASan cannot proceed correctly. ABORTING.
==28210==Process memory map follows:
     0x00008000-0x0000f000 /data/data/djpeg
     0x0000f000-0x00010000 /data/data/djpeg
     0x00010000-0x00011000
     0x40094000-0x400a7000 /system/bin/linker
     0x400a7000-0x400a8000 /system/bin/linker
     0x400a8000-0x400a9000 /system/bin/linker
     0x400a9000-0x400b5000
     0x400e7000-0x400e8000 /system/lib/libstdc++.so
     0x400e8000-0x400e9000 /system/lib/libstdc++.so
     0x400e9000-0x400ea000
     0x40110000-0x40125000 /system/lib/libm.so
     0x40125000-0x40126000 /system/lib/libm.so
     0x40126000-0x40127000
     0x40159000-0x4018b000 /data/data/libclang_rt.asan-arm-android.so
     0x4018b000-0x4018c000 /data/data/libclang_rt.asan-arm-android.so
     0x4018c000-0x4018d000 /data/data/libclang_rt.asan-arm-android.so
     0x4018d000-0x405b8000
     0x405b8000-0x405fb000 /system/lib/libc.so
     0x405fb000-0x405fe000 /system/lib/libc.so
     0x405fe000-0x40609000
     0x40609000-0x406a5000 /data/data/libjpeg.so
     0x406a5000-0x406a6000
     0x406a6000-0x406a7000 /data/data/libjpeg.so
     0x406a7000-0x406a8000 /data/data/libjpeg.so
     0x406a8000-0x406b4000 /dev/__properties__ (deleted)
     0x406e6000-0x406e8000
     0x4073e000-0x40740000
     0x40748000-0x4074a000
     0xbe8b7000-0xbe8d8000 [stack]
     0xffff0000-0xffff1000 [vectors]
==28210==End of process memory map.

Thanks,
Greg

Greg_Fitzgerald · June 4, 2013, 8:28pm

When I run 'djpeg' on JellyBean, ASan reports the error message below.

==28210==Shadow memory range interleaves with an existing memory
mapping. ASan cannot proceed correctly. ABORTING.

Got figured out. I needed to use TARGET_LDFLAGS. LOCAL_LDFLAGS seems
to be ignored in my clang build.

LOCAL_CFLAGS += -fsanitize=address
TARGET_LDFLAGS +=-fsanitize=address -target arm-linux-androideabi

And once doing that, I also needed to build against Android API 8 or later:
$ ndk-build V=1 NDK_TOOLCHAIN_VERSION=clang3.3 APP_PLATFORM=android-8

-Greg

Evgenii_Stepanov · June 5, 2013, 7:19am

Since JellyBean or so Android switched to PIE binaries. ASan only
supports those.