VPP添加Address Sanitizer内存检测
原文地址:https://www.cnblogs.com/liqinglucky/p/address-sanitizer-in-vpp.html
在VPP的源码CMakeLists.txt中已经有address sanitizer的编译参数只是默认是OFF的。只要改为ON就可以在VPP代码启用内存检测功能。
一 添加编译参数
改动很简单,只需在VPP的CMakeLists.txt中使能address sanitizer编译参数
在src/CMakeLists.txt加上编译参数
option(VPP_ENABLE_SANITIZE_ADDR "Enable Address Sanitizer" ON)
如果没有生效就clean编译。
为了查看检测效果可以加些测试代码
diff --git a/src/vpp/vnet/main.c b/src/vpp/vnet/main.c
index 723eaa756..e9cef5e76 100644
--- a/src/vpp/vnet/main.c
+++ b/src/vpp/vnet/main.c
@@ -162,8 +162,7 @@ main (int argc, char *argv[])
fp = fopen (argv[2], "r");
if (fp == NULL)
{
+ int aa[10]={0};
+ fprintf (stderr, "open configuration file '%s' failed a11:%d\n",argv[2],aa[11]);
- fprintf (stderr, "open configuration file '%s' failed\n", argv[2]);
return 1;
}
argv_ = calloc (1, sizeof (char *));
然后编译。
二 测试内存检测功能
如果运行提示没有libasan5依赖就安装依赖库
apt-get install libasan5
测试日志如下:
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffe4e923fc at pc 0x55c6e52e5d08 bp 0x7fffe4e921c0 sp 0x7fffe4e921b0
READ of size 4 at 0x7fffe4e923fc thread T0
#0 0x55c6e52e5d07 in main /vpp/src/vpp/vnet/main.c:166
#1 0x7f096b4b9082 in __libc_start_main ../csu/libc-start.c:308
#2 0x55c6e52e366d in _start (/bin/vpp+0x1a66d)
Address 0x7fffe4e923fc is located in stack of thread T0 at offset 380 in frame
#0 0x55c6e52e5727 in main /vpp/src/vpp/vnet/main.c:105
This frame has 10 object(s):
[48, 52) 'main_heap_log2_page_sz' (line 111)
[64, 68) 'default_log2_hugepage_sz' (line 112)
[80, 88) 'main_heap_size' (line 108)
[112, 120) 's' (line 114)
[144, 152) 'v' (line 114)
[176, 216) 'input' (line 113)
[256, 296) 'sub_input' (line 113)
[336, 376) 'aa' (line 165) <== Memory access at offset 380 overflows this variable
[416, 544) 'cpuset' (line 116)
[576, 4672) 'inbuf' (line 156)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /vpp/src/vpp/vnet/main.c:166 in main
Shadow bytes around the buggy address:
0x10007c9ca420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007c9ca430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007c9ca440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007c9ca450: f1 f1 f1 f1 f1 f1 04 f2 00 00 00 f2 00 00 00 f2
0x10007c9ca460: 00 00 00 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2 f2
=>0x10007c9ca470: 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00[f2]
0x10007c9ca480: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
0x10007c9ca490: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00
0x10007c9ca4a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007c9ca4b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007c9ca4c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1==ABORTING
AddressSanitizer:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.
同时也会产生corefile。VPP启用Address Sanitizer成功。
