Meaningful stack traces for address sanitizer in GCC

Tags:

I just tried compiling with GCC and the -fsanitize=address flag. When I run my program, the address sanitizer finds a flaw, but the stack trace is not helpful. How can I configure this so that it points to the source code locations I need to look at?

=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
    #0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
    #1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
    #2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
    #3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
    #4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #17 0x2
0x6006004b38a0 is located 0 bytes to the right of 32-byte region [0x6006004b3880,0x6006004b38a0)
allocated by thread T0 here:
    #0 0x10b8bb63a (/usr/local/lib/gcc/x86_64-apple-darwin13.0.0/4.8.2/libasan.0.dylib+0xe63a)
    #1 0x10b0777c6 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000077c6)
    #2 0x10b07701e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10000701e)
    #3 0x10b09cd1b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002cd1b)
    #4 0x10b09c6ef (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002c6ef)
    #5 0x10b09960e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x10002960e)
    #6 0x10b137844 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7844)
    #7 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #8 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #9 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #10 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #11 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #12 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #13 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #14 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #15 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #16 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #17 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #18 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #19 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #20 0x2
Shadow bytes around the buggy address:
  0x1c00c00966c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c00966f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c00c0096700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c00c0096710: 00 00 00 00[fa]fa fd fd fd fd fa fa fd fd fd fa
  0x1c00c0096720: fa fa fd fd fd fa fa fa 00 00 00 07 fa fa 00 00
  0x1c00c0096730: 00 04 fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x1c00c0096740: fd fd fd fa fa fa fd fd fd fa fa fa 00 00 00 07
  0x1c00c0096750: fa fa 00 00 00 00 fa fa 00 00 00 04 fa fa fd fd
  0x1c00c0096760: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==32415== ABORTING

596

asked Jan 16 '14 13:01

clstaudt

3 Answers

This is what is working for me:

Make sure you have installed llvm (including llvm-symbolizer).
Export the following variable
```
export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer
```
(replace with your correct path to the llvm-symbolizer command).
Now run your executable (a.out for now) as
```
ASAN_OPTIONS=symbolize=1 a.out
```

answered Oct 22 '22 06:10

iluvatar

=================================================================
==32415== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6006004b38a0 at pc 0x10b136d5c bp 0x7fff54b8e5d0 sp 0x7fff54b8e5c8
WRITE of size 8 at 0x6006004b38a0 thread T0
    #0 0x10b136d5b (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6d5b)
    #1 0x10b136e0c (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c6e0c)
    #2 0x10b138ef5 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c8ef5)
    #3 0x10b137a2e (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000c7a2e)
    #4 0x10b13acf2 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1000cacf2)
    #5 0x10b253647 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e3647)
    #6 0x10b24ee55 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dee55)
    #7 0x10b237108 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7108)
    #8 0x10b237c17 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c7c17)
    #9 0x10b2385c9 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001c85c9)
    #10 0x10b23f659 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cf659)
    #11 0x10b254951 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001e4951)
    #12 0x10b24fbeb (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001dfbeb)
    #13 0x10b23dc38 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001cdc38)
    #14 0x10b229d28 (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9d28)
    #15 0x10b229bda (/Users/cls/workspace/NetworKit/./NetworKit-Tests-D+0x1001b9bda)
    #16 0x7fff8b7785fc (/usr/lib/system/libdyld.dylib+0x35fc)
    #17 0x2

As an alternative, this is what I have been doing for years under Clang. Pipe your output through asan_symbolize to get the symbols. So you should do something like:

./test.exe 2>&1 | asan_symbolize

I have asan_symbolize in both /usr/bin and /usr/local/bin:

$ find /usr/ -name asan*
/usr/bin/asan_symbolize
/usr/lib/llvm-3.4/lib/clang/3.4/include/sanitizer/asan_interface.h
/usr/local/bin/asan_symbolize.py
/usr/local/lib/clang/3.5.0/include/sanitizer/asan_interface.h

I have two copies because one was installed with Clang via apt-get (/usr/bin/asan_symbolize), and I build Clang from sources on occasion (/usr/local/bin/asan_symbolize.py).

If you have no copies, then I believe you can fetch it from address-sanitizer on Google Code.

Once you start using asan_symbolize, you might encounter a situation where asan_symbolize cannot find the symbols due to a path change (for example, a program or library was copied from its build location to a destination directory). For that, see Specify Symbol Path to asan_symbolize? on the Asan mailing list.

In kcc's answer, he meant to do something like:

./test.exe 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize

(I think that's what I had to do when testing Postgres).

Python has a crash course in Clang and its sanitizers at Dynamic Analysis with Clang. It discusses topics like getting stack traces. (I wrote the page for the the Python project to help them add Clang and its sanitizers to its release engineering process. Its a few years old now, but I believe all the information still applies).

answered Oct 22 '22 06:10

jww

GCC 4.9.3 above does not require separate symbolizer.

Check How to compile with GCC with static options

answered Oct 22 '22 08:10

Gayan Pathirage

Related questions
                            
                                Array initialization optimization
                            
                                Is size_t the word size?
                            
                                lifetime of a std::initializer_list return value
                            
                                Hinnant's short_alloc and alignment guarantees
                            
                                Simpler way to create a C++ memorystream from (char*, size_t), without copying the data?
                            
                                Testing C++ code for endian-independence
                            
                                Semicolon on a function parameters
                            
                                Visual Studio 2012 different values Release/Debug mode
                            
                                Get std::fstream failure error messages and/or exceptions
                            
                                Why is MinGW very slow?
                            
                                How do smart pointers choose between delete and delete[]?
                            
                                Questions about Hinnant's stack allocator
                            
                                std::shared_ptr Exception Safety
                            
                                Do I need to cast to unsigned char before calling toupper(), tolower(), et al.?
                            
                                c++ Initializing a struct with an array as a member
                            
                                is there in C# a method for List<T> like resize in c++ for vector<T>
                            
                                Execute CMD commands using C++
                            
                                A Good C++ Library for SOAP
                            
                                Error with address of parenthesized member function
                            
                                How do i write a pointer-to-member-function with std::function?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

Meaningful stack traces for address sanitizer in GCC

Tags:

c++

memory

gcc

stack-trace

address-sanitizer

clstaudt

People also ask

3 Answers

iluvatar

jww

Gayan Pathirage

Recent Activity

Donate For Us