| Hi Sean,
Generally, one does not need to rebuild any code that is being linked into sanitized code.
However, there is one corner case in C++ container overflow checking, where this might not always hold. Specifically, if libc++ containers cross from instrumented (rebuilt with ASan) to non-instrumented code, Address Sanitizer might report container overflow false positives. (Imagine two libraries, both using the same std::vector, only one of them is instrumented. Push_back from the non-instrumented module will not mark the memory for the newly added element as valid. Accessing the element from the instrumented code, would trigger a false positive report.) From: Sean McBride <email@hidden>
Date: January 22, 2016 at 8:26:00 AM PST
To: email@hidden
Subject: Address Sanitizer and out-of-project libraries
Hi all,
My understanding of ASan (from before Xcode finally included it) was that if you wanted to build with ASan, *all* the code you link to has to be built with it. Is that still the case?
My Xcode project contains most of my code, but also contains some .a and .dylib files build with cmake or autotools. Must I rebuild those with ASan too?
It doesn't seem to be required, but I am seeing freaky crashes in libc++ with ASan turned on via only Xcode's checkbox.
What do these crashes look like? Are they C++ container overflow reports?
Please, file a radar and provide us with more information about your project, the libraries you link against, and the crashes you are seeing. Attaching a project that would allow us to reproduce the issue would be the most helpful.
Thanks you! Anna.
Cheers,
--
____________________________________________________________
Sean McBride, B. Eng email@hidden
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
|