Trouble adding leak sanitizer suppressions with --fsanitizer-blacklist option

Hi cfe-users -

I'm using clang-3.4 from Ubuntu Trusty and trying to get leak
sanitizer integrated with a project. The project builds with
-fsanitize=address passed to all compile and link lines, and reports
various memory errors, so I know it is working. When run with
ASAN_OPTIONS="detect_leaks=1" in the environment leaks are reported at
exit, so that is working as well.

I have a suppressions file that works correctly when
LSAN_OPTIONS="suppressions=etc/asan.suppressions" is set in the shell
environment. The expected suppressions are applied and the suppressed
leaks are not reported at exit. The file looks like this:

$ cat ./etc/asan.suppressions
# ignore v8 for now
leak:v8::

However, if I try to set this file as the suppressions file with
--fsanitize-blacklist=etc/asan.suppressions, then the suppressions are
not applied, and all of the leaks I would expect to have been
suppressed are still reported. I know that clang actually is consuming
the file, because if I put a malformed line into the suppressions file
the build fails with:

clang: error: malformed sanitizer blacklist: 'Malformed line 1: 'aslaskdfj''

I'm passing both -fsanitize=address and
-fsanitize-blacklist=etc/asan.suppressions to both the compile and
link stages of the build.

Obviously, I can just use LSAN_OPTIONS, but the blacklist would I
think be preferable if I could get it to work.

What am I doing wrong?

Also, a question about the blacklist that does not seem to be answered
in the docs:

Does the blacklist file get read on each execution of the binary built
with -fsanitize-blacklist, and therefore needs to be kept with the
binary? Or are the contents of the blacklist file read at compile time
and baked into the executable so that the binary can be used
standalone? I'm hoping the latter, as what I would really like to use
is __lsan_default_suppressions, but it appears that that is not
available until clang-3.5 (it is mentioned in
sanitizer/lsan_interface.h for clang-3.5, but not for clang-3.4), and
unfortunately I need this integration to work with clang-3.4.

Thanks,
Andrew

$ uname -a
Linux workstation 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ clang++ --version
Ubuntu clang version 3.4-1ubuntu3 (tags/RELEASE_34/final) (based on LLVM 3.4)
Target: x86_64-pc-linux-gnu
Thread model: posix

Hi Andrew,

Blacklist file and suppressions file are different, and have different format:
Here’s the description of blacklist file format for ASan: http://clang.llvm.org/docs/AddressSanitizer.html#blacklist

Blacklist file is only used during the compilation. Compiler just doesn’t insert ASan checks for blacklisted items, so
if you have a bug in a blacklisted function, its code will not have ASan checks, and this the bug has no chance of being reported in runtime.

Suppression file is used in runtime - when the error actually happens, it is matched against the suppressions, and is not reported in case of a match.

Note that:

  1. There’s no way to “suppress” ASan errors. Currently all ASan errors are fatal and immediately crash your executable. This is done on purpose -
    we believe ASan-detected errors are critical and definitely needs to be fixed, and making the errors unrecoverable improves tool performance

  2. There’s currently no way to “blacklist” memory leaks. They can only be suppressed. The reason is - LSan doesn’t modify the program at compile time at
    all. It just replaces the memory allocator at link time, plugging in custom functions instead of malloc/free from standard library. So, in order to propagate
    blacklist contents to LSan, we’d have to bake it into the executable, which we don’t really want to do.

Now this problem is solved with __lsan_default_suppressions, so I don’t really know what to advise you, assuming you’re bound to the old version of Clang.

Hi Andrew,

Blacklist file and suppressions file are different, and have different
format:
Here's the description of blacklist file format for ASan:
http://clang.llvm.org/docs/AddressSanitizer.html#blacklist

Blacklist file is only used during the compilation. Compiler just doesn't
insert ASan checks for blacklisted items, so
if you have a bug in a blacklisted function, its code will not have ASan
checks, and this the bug has no chance of being reported in runtime.

Suppression file is used in runtime - when the error actually happens, it is
matched against the suppressions, and is not reported in case of a match.

I see. That makes sense, but maybe wasn't very clear from the documentation.

Note that:
1) There's no way to "suppress" ASan errors. Currently all ASan errors are
fatal and immediately crash your executable. This is done on purpose -
we believe ASan-detected errors are critical and definitely needs to be
fixed, and making the errors unrecoverable improves tool performance

Understood, and I like this behavior of ASan. In this situation though
the only thing I need to suppress are leaks, the ASan errors have
already been scrubbed out.

2) There's currently no way to "blacklist" memory leaks. They can only be
suppressed. The reason is - LSan doesn't modify the program at compile time
at
all. It just replaces the memory allocator at link time, plugging in custom
functions instead of malloc/free from standard library. So, in order to
propagate
blacklist contents to LSan, we'd have to bake it into the executable, which
we don't really want to do.

Now this problem is solved with __lsan_default_suppressions, so I don't
really know what to advise you, assuming you're bound to the old version of
Clang.

Yes __lsan_default_suppressions is really nice. I actually started
with that in my dev environment which uses clang-3.5 and it worked
very well, but for the moment my solution needs to support clang-3.4
as well.

LSAN_OPTIONS it is...

Thank you for the detailed explanations,
Andrew