使用 ASAN 时如何修复错误 "cannot run C compiled programs"

How to fix error "cannot run C compiled programs" when using ASAN

问题: 运行ning configure 脚本工作正常,可以使用 C 编译器和生成的程序 运行。一旦添加了 ASAN,配置脚本就会抱怨生成的程序不能 运行.

./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
...

对比

./configure CFLAGS="-fsanitize=address -fsanitize=undefined -fno-omit-frame-pointer -fstack-protector" LDFLAGS="-fsanitize=undefined -fsanitize=address" --enable-debug
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether CFLAGS can be modified... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... configure: error: in `/tmp/test-asan':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details

config.log 显示:

configure:3653: checking whether we are cross compiling
configure:3661: gcc -o conftest -fsanitize=address -fsanitize=undefined -fno-omit-frame-pointer -fstack-protector  -fsanitize=undefined -fsanitize=address conftest.c  >&5
configure:3665: $? = 0
configure:3672: ./conftest
==9941==LeakSanitizer has encountered a fatal error.
==9941==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==9941==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
configure:3676: $? = 1
configure:3683: error: in `/tmp/test-asan':
configure:3685: error: cannot run C compiled programs.

配置脚本的错误消息非常混乱(不涉及交叉编译),L​​eakSanitizer 的提示也好不到哪里去(我们不做任何调试)但包含一个重要的提示:ptrace。

正如 GDB + ptrace question the issue is that the Yama kernel security module 中所暗示的那样,已配置为防止 ASAN 使用 ptrace。

类似的,在 valgrind 中 运行ning 时可以看到稍微有用的消息:

error calling PR_SET_PTRACER, vgdb might block

要解决此问题:

  • 选项 1: 运行 提升的 shell 中的配置脚本(和后来的测试) (sudo bash)
  • 选项 2(在 local/secured 机器上 [可能是 VM/sandbox]: 允许每个人使用 ptrace
    echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

执行此操作时,配置脚本 运行 会按预期运行,如果清理程序发现任何错误,生成的程序会在退出时中止。

我 运行 在使用“podman build”(“docker build”有效)时遇到了同样的问题。添加 ptrace 作为功能可能是可行的。但另一种解决方法是设置 ASAN_OPTIONS=detect_leaks=0(在我的情况下为 ./configuremake test)。