android 使用 build.gradle 的工作室地址消毒剂
android studio address sanitizer using build.gradle
我正在尝试使用此处描述的地址清理器构建(使用 clang)我的应用程序 (https://github.com/google/sanitizers/wiki/AddressSanitizer, more precisely here: https://github.com/google/sanitizers/wiki/AddressSanitizerOnAndroid),但我无法理解整个过程,尤其是使用 gradle.
看起来至少有 3 种启用方式:
1°) 在第一个 link 之后,t 表示你所要做的就是这样做:
将 -fsanitize=address 添加到 cppFlags + 可选的 -fno-omit-frame-pointer
将 -fsanitize=address 添加到 linker 标志(有必要吗?)
2°)继第二个link之后,看来你要做的是:
- 同第一个
- root 设备然后 运行 asan_device_setup 通过 adb
- 在某处添加一个
LD_PRELOAD=libclang_rt.asan-arm-android.so?我想它应该放在 gradle externalNativeBuild 的 'arguments' 部分?但是应用程序在哪里可以找到这个库?我必须自己 link 吗?或者它已经在设备上的某处?
3°) 我还找到了一种 "new" 的方法,它不应该需要 root 访问权限(的确如此,但它是一个错误,将在某些时候得到纠正):
https://virtualrealitypop.com/oreo-ndk-secrets-7d075a9b084
此方法实际上完成了第一点和第二点中所做的工作,加上 运行 通过启动 shell 导出一些值供 asan 工作的脚本的应用程序。
就我的调查而言,我对在我的 root 模拟器上运行完全净化的应用程序(带有静态 linked 库)的正确方法感到有点困惑。
我走得更远是实际构建和启动应用程序(使用 2°),但没有指定 LD_PRELOAD 标志),但是应用程序崩溃并在某些 eglMakeCurrent 函数中出现容器溢出甚至不是我代码的一部分,我也没有得到任何堆栈:
02-19 16:26:21.553 28771-28789/com.mycompany.myapp I/zygote: Background concurrent copying GC freed 10159(1175KB) AllocSpace objects, 12(304KB) LOS objects, 50% free, 2MB/4MB, paused 144.861ms total 1.252s
[ 02-19 16:26:21.554 28771:28956 I/ ]
=================================================================
[ 02-19 16:26:21.554 28771:28956 I/ ]
[ 02-19 16:26:21.557 28771:28956 I/ ]
[ 02-19 16:26:21.563 28771:28956 I/ ]
==28771==ERROR: AddressSanitizer: container-overflow on address 0xa136e990 at pc 0xa49849e2 bp 0x82e60558 sp 0x82e60128
[ 02-19 16:26:21.563 28771:28956 I/ ]
[ 02-19 16:26:21.565 28771:28956 I/ ]
[ 02-19 16:26:21.566 28771:28956 I/ ]
WRITE of size 2 at 0xa136e990 thread T334 (GLThread 337)
[ 02-19 16:26:21.566 28771:28956 I/ ]
我不确定这是不是真正的溢出,因为我不确定我所有的应用程序都是用消毒剂构建的(我已经用它构建了我的 so+ 我所有的静态数据,但足够了吗?),并且 https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow说如果你的整个应用程序不是用消毒剂构建的,你可能会得到误报。
所以我的问题是:
A°) 有没有人真的设法使用 android studio 构建了经过净化的应用程序?
B°) 如果是,正确的做法是什么(意思是将被支持的那个)?
所以经过一番努力,我使用了描述的方法
https://virtualrealitypop.com/oreo-ndk-secrets-7d075a9b084。我在我的 build.gradle 中添加了一个新的 sanitize_debug 目标,内容如下:
tasks.whenTaskAdded { task ->
if (task.name == 'generateSanitize_debugBuildConfig') {
task.dependsOn createWrapScriptAddDir
}
}
task deleteASAN(type: Delete) {
delete 'jni/sanitizer/'
}
static def writeWrapScriptToFullyCompileJavaApp(wrapFile, abi) {
if(abi == "armeabi" || abi == "armeabi-v7a")
abi = "arm"
if(abi == "arm64-v8a")
abi = "aarch64"
if (abi == "x86")
abi = "i686"
wrapFile.withWriter { writer ->
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "[=10=]")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=$HERE/libclang_rt.asan-${abi}-android.so\n")
writer.write('$@\n')
}
}
task copyASANLibs {
def libDirs = android.ndkDirectory.absolutePath + "/toolchains/llvm/prebuilt/"
for (String abi : rootProject.ext.abiFilters) {
def destDir = new File("wizards/src/sanitize_debug/jniLibs/" + abi)
destDir.mkdirs()
def renamedAbi = abi
if(abi == "armeabi-v7a" || abi == "armeabi")
renamedAbi = "arm"
if(abi == "arm64-v8a")
renamedAbi = "aarch64"
if (abi == "x86")
renamedAbi = "i686"
FileTree tree = fileTree(dir: libDirs).include("**/*asan*${renamedAbi}*.so")
tree.each { File file ->
copy {
from file
into destDir.absolutePath
}
}
}
}
task createWrapScriptAddDir(dependsOn: copyASANLibs) {
for (String abi : rootProject.ext.abiFilters) {
def dir = new File("wizards/src/sanitize_debug/resources/lib/" + abi)
dir.mkdirs()
def wrapFile = new File(dir, "wrap.sh")
wrapFile.setExecutable(true, false)
writeWrapScriptToFullyCompileJavaApp(wrapFile, abi)
}
}
需要改进的地方是
1°) 必须手动调用切换到未清理构建时的清理阶段,
2°)包装器脚本是为所有 arm 架构构建和打包的,这是一种解决方法,因为您无法轻松地为 wrap.sh scrip 指定目标架构(参见错误 https://issuetracker.google.com/issues/74058603)
为了也能进行调试,您可以调整 and tweak wrap.sh script, since the simple version of wrap.sh will prevent debugging ( from https://developer.android.com/ndk/guides/wrap-script 的答案):
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "[=10=]")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=$HERE/libclang_rt.asan-${abi}-android.so\n")
writer.write('cmd=\n')
writer.write('shift\n')
writer.write('os_version=$(getprop ro.build.version.sdk)\n')
writer.write('if [ "$os_version" -eq "27" ]; then\n')
writer.write('cmd="$cmd -Xrunjdwp:transport=dt_android_adb,suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('elif [ "$os_version" -eq "28" ]; then\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection -XjdwpOptions:suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('else\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection $@"\n')
writer.write('fi\n')
writer.write('exec $cmd\n')
我花了几个小时弄清楚如何仅在调试版本中启用清理程序。这是我的完整解决方案(基于 and JE42 - 谢谢):
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
project.ext {
ndkDir = properties.getProperty('ndk.dir')
}
task deleteASAN(type: Delete) {
delete 'app\src\sanitizer'
}
clean.dependsOn(deleteASAN)
static def writeWrapScriptToFullyCompileJavaApp(wrapFile, arch) {
wrapFile.withWriter { writer ->
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "[=10=]")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=$HERE/libclang_rt.asan-${arch}-android.so\n")
writer.write('cmd=\n')
writer.write('shift\n')
writer.write('os_version=$(getprop ro.build.version.sdk)\n')
writer.write('if [ "$os_version" -eq "27" ]; then\n')
writer.write('cmd="$cmd -Xrunjdwp:transport=dt_android_adb,suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('elif [ "$os_version" -eq "28" ]; then\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection -XjdwpOptions:suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('else\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection $@"\n')
writer.write('fi\n')
writer.write('exec $cmd\n')
}
}
def copySanitizerLibAndWrapScript(ndkdir) {
def sanitizerLibDir = new File(ndkdir).absolutePath + "\toolchains\llvm\prebuilt\"
for (String abi in ['armeabi-v7a', 'arm64-v8a', 'x86', 'x86_64']) {
def arch = abi
if (abi == "armeabi-v7a") {
arch = "arm"
} else if (abi == 'arm64-v8a') {
arch = "aarch64"
} else if (abi == "x86") {
arch = "i686"
} else if (abi == "x86_64") {
arch = "x86_64"
}
def sanitizerLibAbiDir = new File("app\src\sanitizer\jniLibs\" + abi)
sanitizerLibAbiDir.mkdirs()
FileTree sanitizerLibAbiFileTree = fileTree(dir: sanitizerLibDir).include("**\*asan*${arch}*.so")
sanitizerLibAbiFileTree.each { File file ->
copy {
from file
into sanitizerLibAbiDir.absolutePath
}
}
def wrapScriptAbiDir = new File("app\src\sanitizer\resources\lib\" + abi)
wrapScriptAbiDir.mkdirs()
def wrapFile = new File(wrapScriptAbiDir, "wrap.sh")
wrapFile.setExecutable(true, false)
writeWrapScriptToFullyCompileJavaApp(wrapFile, arch)
}
}
gradle.taskGraph.whenReady { if (it.hasTask(generateDebugBuildConfig)) {
copySanitizerLibAndWrapScript(rootProject.ext.ndkDir)
} }
我正在尝试使用此处描述的地址清理器构建(使用 clang)我的应用程序 (https://github.com/google/sanitizers/wiki/AddressSanitizer, more precisely here: https://github.com/google/sanitizers/wiki/AddressSanitizerOnAndroid),但我无法理解整个过程,尤其是使用 gradle.
看起来至少有 3 种启用方式:
1°) 在第一个 link 之后,t 表示你所要做的就是这样做:
将
-fsanitize=address添加到 cppFlags + 可选的-fno-omit-frame-pointer将
-fsanitize=address添加到 linker 标志(有必要吗?)
2°)继第二个link之后,看来你要做的是:
- 同第一个
- root 设备然后 运行 asan_device_setup 通过 adb
- 在某处添加一个
LD_PRELOAD=libclang_rt.asan-arm-android.so?我想它应该放在 gradle externalNativeBuild 的 'arguments' 部分?但是应用程序在哪里可以找到这个库?我必须自己 link 吗?或者它已经在设备上的某处?
3°) 我还找到了一种 "new" 的方法,它不应该需要 root 访问权限(的确如此,但它是一个错误,将在某些时候得到纠正):
https://virtualrealitypop.com/oreo-ndk-secrets-7d075a9b084
此方法实际上完成了第一点和第二点中所做的工作,加上 运行 通过启动 shell 导出一些值供 asan 工作的脚本的应用程序。
就我的调查而言,我对在我的 root 模拟器上运行完全净化的应用程序(带有静态 linked 库)的正确方法感到有点困惑。
我走得更远是实际构建和启动应用程序(使用 2°),但没有指定 LD_PRELOAD 标志),但是应用程序崩溃并在某些 eglMakeCurrent 函数中出现容器溢出甚至不是我代码的一部分,我也没有得到任何堆栈:
02-19 16:26:21.553 28771-28789/com.mycompany.myapp I/zygote: Background concurrent copying GC freed 10159(1175KB) AllocSpace objects, 12(304KB) LOS objects, 50% free, 2MB/4MB, paused 144.861ms total 1.252s
[ 02-19 16:26:21.554 28771:28956 I/ ]
=================================================================
[ 02-19 16:26:21.554 28771:28956 I/ ]
[ 02-19 16:26:21.557 28771:28956 I/ ]
[ 02-19 16:26:21.563 28771:28956 I/ ]
==28771==ERROR: AddressSanitizer: container-overflow on address 0xa136e990 at pc 0xa49849e2 bp 0x82e60558 sp 0x82e60128
[ 02-19 16:26:21.563 28771:28956 I/ ]
[ 02-19 16:26:21.565 28771:28956 I/ ]
[ 02-19 16:26:21.566 28771:28956 I/ ]
WRITE of size 2 at 0xa136e990 thread T334 (GLThread 337)
[ 02-19 16:26:21.566 28771:28956 I/ ]
我不确定这是不是真正的溢出,因为我不确定我所有的应用程序都是用消毒剂构建的(我已经用它构建了我的 so+ 我所有的静态数据,但足够了吗?),并且 https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow说如果你的整个应用程序不是用消毒剂构建的,你可能会得到误报。
所以我的问题是:
A°) 有没有人真的设法使用 android studio 构建了经过净化的应用程序?
B°) 如果是,正确的做法是什么(意思是将被支持的那个)?
所以经过一番努力,我使用了描述的方法
https://virtualrealitypop.com/oreo-ndk-secrets-7d075a9b084。我在我的 build.gradle 中添加了一个新的 sanitize_debug 目标,内容如下:
tasks.whenTaskAdded { task ->
if (task.name == 'generateSanitize_debugBuildConfig') {
task.dependsOn createWrapScriptAddDir
}
}
task deleteASAN(type: Delete) {
delete 'jni/sanitizer/'
}
static def writeWrapScriptToFullyCompileJavaApp(wrapFile, abi) {
if(abi == "armeabi" || abi == "armeabi-v7a")
abi = "arm"
if(abi == "arm64-v8a")
abi = "aarch64"
if (abi == "x86")
abi = "i686"
wrapFile.withWriter { writer ->
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "[=10=]")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=$HERE/libclang_rt.asan-${abi}-android.so\n")
writer.write('$@\n')
}
}
task copyASANLibs {
def libDirs = android.ndkDirectory.absolutePath + "/toolchains/llvm/prebuilt/"
for (String abi : rootProject.ext.abiFilters) {
def destDir = new File("wizards/src/sanitize_debug/jniLibs/" + abi)
destDir.mkdirs()
def renamedAbi = abi
if(abi == "armeabi-v7a" || abi == "armeabi")
renamedAbi = "arm"
if(abi == "arm64-v8a")
renamedAbi = "aarch64"
if (abi == "x86")
renamedAbi = "i686"
FileTree tree = fileTree(dir: libDirs).include("**/*asan*${renamedAbi}*.so")
tree.each { File file ->
copy {
from file
into destDir.absolutePath
}
}
}
}
task createWrapScriptAddDir(dependsOn: copyASANLibs) {
for (String abi : rootProject.ext.abiFilters) {
def dir = new File("wizards/src/sanitize_debug/resources/lib/" + abi)
dir.mkdirs()
def wrapFile = new File(dir, "wrap.sh")
wrapFile.setExecutable(true, false)
writeWrapScriptToFullyCompileJavaApp(wrapFile, abi)
}
}
需要改进的地方是
1°) 必须手动调用切换到未清理构建时的清理阶段,
2°)包装器脚本是为所有 arm 架构构建和打包的,这是一种解决方法,因为您无法轻松地为 wrap.sh scrip 指定目标架构(参见错误 https://issuetracker.google.com/issues/74058603)
为了也能进行调试,您可以调整
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "[=10=]")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=$HERE/libclang_rt.asan-${abi}-android.so\n")
writer.write('cmd=\n')
writer.write('shift\n')
writer.write('os_version=$(getprop ro.build.version.sdk)\n')
writer.write('if [ "$os_version" -eq "27" ]; then\n')
writer.write('cmd="$cmd -Xrunjdwp:transport=dt_android_adb,suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('elif [ "$os_version" -eq "28" ]; then\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection -XjdwpOptions:suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('else\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection $@"\n')
writer.write('fi\n')
writer.write('exec $cmd\n')
我花了几个小时弄清楚如何仅在调试版本中启用清理程序。这是我的完整解决方案(基于
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
project.ext {
ndkDir = properties.getProperty('ndk.dir')
}
task deleteASAN(type: Delete) {
delete 'app\src\sanitizer'
}
clean.dependsOn(deleteASAN)
static def writeWrapScriptToFullyCompileJavaApp(wrapFile, arch) {
wrapFile.withWriter { writer ->
writer.write('#!/system/bin/sh\n')
writer.write('HERE="$(cd "$(dirname "[=10=]")" && pwd)"\n')
writer.write('export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n')
writer.write('export ASAN_ACTIVATION_OPTIONS=include_if_exists=/data/local/tmp/asan.options.b\n')
writer.write("export LD_PRELOAD=$HERE/libclang_rt.asan-${arch}-android.so\n")
writer.write('cmd=\n')
writer.write('shift\n')
writer.write('os_version=$(getprop ro.build.version.sdk)\n')
writer.write('if [ "$os_version" -eq "27" ]; then\n')
writer.write('cmd="$cmd -Xrunjdwp:transport=dt_android_adb,suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('elif [ "$os_version" -eq "28" ]; then\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection -XjdwpOptions:suspend=n,server=y -Xcompiler-option --debuggable $@"\n')
writer.write('else\n')
writer.write('cmd="$cmd -XjdwpProvider:adbconnection $@"\n')
writer.write('fi\n')
writer.write('exec $cmd\n')
}
}
def copySanitizerLibAndWrapScript(ndkdir) {
def sanitizerLibDir = new File(ndkdir).absolutePath + "\toolchains\llvm\prebuilt\"
for (String abi in ['armeabi-v7a', 'arm64-v8a', 'x86', 'x86_64']) {
def arch = abi
if (abi == "armeabi-v7a") {
arch = "arm"
} else if (abi == 'arm64-v8a') {
arch = "aarch64"
} else if (abi == "x86") {
arch = "i686"
} else if (abi == "x86_64") {
arch = "x86_64"
}
def sanitizerLibAbiDir = new File("app\src\sanitizer\jniLibs\" + abi)
sanitizerLibAbiDir.mkdirs()
FileTree sanitizerLibAbiFileTree = fileTree(dir: sanitizerLibDir).include("**\*asan*${arch}*.so")
sanitizerLibAbiFileTree.each { File file ->
copy {
from file
into sanitizerLibAbiDir.absolutePath
}
}
def wrapScriptAbiDir = new File("app\src\sanitizer\resources\lib\" + abi)
wrapScriptAbiDir.mkdirs()
def wrapFile = new File(wrapScriptAbiDir, "wrap.sh")
wrapFile.setExecutable(true, false)
writeWrapScriptToFullyCompileJavaApp(wrapFile, arch)
}
}
gradle.taskGraph.whenReady { if (it.hasTask(generateDebugBuildConfig)) {
copySanitizerLibAndWrapScript(rootProject.ext.ndkDir)
} }