ASan for Android Applications

From:
http://address-sanitizer.googlecode.com/svn-history/r1624/wiki/Android.wiki

AddressSanitizer is fully supported in AOSP starting with JellyBean release. To run
applications built with ASan you'll need an -eng build of Android.

To build any part of Android system with ASan, add
LOCAL_ADDRESS_SANITIZER:=true to the appropriate Android.mk.

I don't see that string 'LOCAL_ADDRESS_SANITIZER' in the latest NDK
(r8e). The wiki mentions needing an "-eng" build. Do I need that
"-eng" because it includs bug-fixes needed by the ASan runtime? or
can I move forward with just an upgraded build system? If so, is the
Makefile that processes that variable available online? I attempted
to use asan by just adding "-fsanitize=address" to cflags/ldflags and
preloading the runtime, but my "hello-jni" app died on startup. Are
there additional flags I need to remove or defines to add?

Thanks,
Greg

+eugenis

You are citing the "Android platform workflow" section, which is about
sanitizing components of the Android system itself.
For NDK apps, see "Android NDK workflow" in the same document.

You need -eng build because preloading libraries into dalvik vm is not
allowed in user builds. JellyBean includes several bugfixes in the
dynamic loader that asan needs.

Was there any useful output in adb logcat when your program crashed?

Evgeniy, thanks for your help.

You need -eng build because preloading libraries into dalvik vm is not
allowed in user builds. JellyBean includes several bugfixes in the
dynamic loader that asan needs.

Do you have the sha1 hashes for any of those patches? I might be able
to track down a build that includes them.

Was there any useful output in adb logcat when your program crashed?

Yes, I've been getting some nice hints in adb logcat along the way.
When I wasn't correctly invoking the wrapper script, I got a nice
linker error and stack trace saying that
libclang_rt.asan-arm-android.so wasn't found. After properly
preloading the ASan runtime, I see the following error message:

W/Zygote ( 144): Error reading pid from wrapped process, child may have died
W/Zygote ( 144): java.io.EOFException
W/Zygote ( 144): at libcore.io.Streams.readFully(Streams.java:83)
W/Zygote ( 144): at java.io.DataInputStream.readInt(DataInputStream.java:124)
W/Zygote ( 144): at
com.android.internal.os.ZygoteConnection.handleParentProc(ZygoteConnection.java:908)
W/Zygote ( 144): at
com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:258)
W/Zygote ( 144): at
com.android.internal.os.ZygoteInit.runSelectLoopMode(ZygoteInit.java:654)
W/Zygote ( 144): at
com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551)
W/Zygote ( 144): at dalvik.system.NativeStart.main(Native Method)

I don't see any information from the child process though. Do you a
way to figure that out?

Thanks,
Greg

This is one of the latest:
http://android.git.linaro.org/gitweb?p=platform/bionic.git;a=commit;h=9181a5dcfe69199415c7aebf93524cc3dd6f8a6f

W/Zygote ( 144): Error reading pid from wrapped process, child may have died
W/Zygote ( 144): java.io.EOFException
W/Zygote ( 144): at libcore.io.Streams.readFully(Streams.java:83)
W/Zygote ( 144): at java.io.DataInputStream.readInt(DataInputStream.java:124)
W/Zygote ( 144): at
com.android.internal.os.ZygoteConnection.handleParentProc(ZygoteConnection.java:908)
W/Zygote ( 144): at
com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:258)
W/Zygote ( 144): at
com.android.internal.os.ZygoteInit.runSelectLoopMode(ZygoteInit.java:654)
W/Zygote ( 144): at
com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551)
W/Zygote ( 144): at dalvik.system.NativeStart.main(Native Method)

I don't see any information from the child process though. Do you a
way to figure that out?

Nope, sorry, no idea. Maybe there is something useful in the log
before that? You could try replacing ASan with something simpler, like
strace, to verify that this wrapping machinery works correctly.