On Fri, Jun 9, 2017 at 4:52 PM, 'Evgenii Stepanov' via address-sanitizer < address-sanitizer@googlegroups.com> wrote:
> On Fri, Jun 9, 2017 at 4:26 PM, hariri via address-sanitizer > <address-sanitizer@googlegroups.com> wrote: > > Thanks for your reply Evgeniy. > > > >> It could be possible > > to hack something, but it does not sound easy > > > > Could you please give me some pointers into what needs to be hacked to > make > > this possible? > > A few problems come to mind: > 1. Shadow mappings of asan and dfsan probably overlap. ASan has a mode > where shadow address is detemined at run time, it might help. > 2. runtime libraries for asan and dfsan include the same code from > lib/sanitizer_common. They must learn to share. See lib/lsan in > compiler-rt for an example of a tool that can work either on its own, > or with asan. This will also need build system changes to create a > combined runtime library (asan + dfsan + sanitizer_common), and clang > frontend changes to link it when necessary. > 3. Do something about the interceptors. DFsan uses __dfsw_ -prefixed > wrappers that update labels for some libc functions; need to make sure > that asan interceptors (in lib/asan/asan_interceptors.cc) also run. It > may just work out of the box. > > > > >> it's not clear to > > me how one would tie them together. > > > > The scenario is the following: I am using libFuzzer to fuzz a library, > and > > libFuzzer works best > > with a sanitizer like asan (as recommended by the documentation). What I > > would like to do is > > use taint information from the dataflow sanitizer to make fuzzing more > > efficient and focus on > > interesting parts of the input. > > The easiest way is to run two separate builds over the same corpus. > +1 We actually had some code in libFuzzer to work with dfsan and the idea was to run with dfsan to increase the coverage and separately run with asan to catch bugs. I then deleted all this code from libFuzzer because it was a) not used and b) made it much harder to do refactoring. I still hope to get dfsan support back in at some point though -- data-flow-based mutations are too attractive. I do not recommend you to invest time into running asan and dfsan in one process -- simply too much work. --kcc > > > > > On Friday, June 9, 2017 at 2:41:57 PM UTC-7, Evgeniy Stepanov wrote: > >> > >> Hi, > >> > >> these tools were not designed to work together. It could be possible > >> to hack something, but it does not sound easy. In particular, they use > >> different techniques for intercepting libc calls and it's not clear to > >> me how one would tie them together. > >> > >> > >> On Fri, Jun 9, 2017 at 8:52 AM, hariri via address-sanitizer > >> <address-...@googlegroups.com> wrote: > >> > Hi, > >> > > >> > I am trying to use the dataflow sanitizer with the address sanitizer, > >> > but > >> > they clash together giving me a long sequence of errors due to > multiple > >> > definitions in both sanitizers: > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.dfsan-x86_64.a(interception_linux.cc.o): > >> > In function `__interception::GetRealFunctionAddress(char const*, \ > >> > > >> > unsigned long*, unsigned long, unsigned long)': > >> > > >> > > >> > clang-llvm/llvm/projects/compiler-rt/lib/interception/ > interception_linux.cc:22: > >> > multiple definition of `__interception::GetRealFunctionAddress(char > >> > const*, > >> > unsigned long*, u\ > >> > > >> > nsigned long, unsigned long)' > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.asan-x86_64.a(interception_linux.cc.o): > clang-llvm/llvm/projects/compiler-rt/\ > >> > > >> > lib/interception/interception_linux.cc:22: first defined here > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.dfsan-x86_64.a(interception_linux.cc.o): > >> > In function `__interception::GetFuncAddrVer(char const*, char con\ > >> > > >> > st*)': > >> > > >> > > >> > clang-llvm/llvm/projects/compiler-rt/lib/interception/ > interception_linux.cc:28: > >> > multiple definition of `__interception::GetFuncAddrVer(char const*, > char > >> > const*)' > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.asan-x86_64.a(interception_linux.cc.o): > clang-llvm/llvm/projects/compiler-rt/\ > >> > > >> > lib/interception/interception_linux.cc:28: first defined here > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.dfsan-x86_64.a(sanitizer_allocator.cc.o): > >> > In function `atomic_load<__sanitizer::atomic_uint8_t>': > >> > > >> > > >> > clang-llvm/llvm/projects/compiler-rt/lib/sanitizer_ > common/sanitizer_atomic_clang_x86.h:47: > >> > multiple definition of `__sanitizer::internal_allocator()' > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.asan-x86_64.a(sanitizer_allocator.cc.o): > clang-llvm/llvm/projects/compiler-rt\ > >> > > >> > /lib/sanitizer_common/sanitizer_atomic_clang_x86.h:47: first defined > >> > here > >> > > >> > > >> > clang-llvm/ninja-build-clang/lib/clang/5.0.0/lib/linux/ > libclang_rt.dfsan-x86_64.a(sanitizer_allocator.cc.o): > >> > In function `__sanitizer::LowLevelAllocator::Allocate(unsigned l\ > >> > > >> > ong)': > >> > > >> > > >> > The simplest stripped example is compiling any cpp file for example: > >> > > >> > // simple.cc > >> > > >> > int main() { > >> > > >> > return 0; > >> > > >> > } > >> > > >> > > >> > with the command: > >> > > >> > clang++ simple.cc -fsanitize=address,dataflow > >> > > >> > > >> > Thanks, > >> > > >> > Farah > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "address-sanitizer" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to address-saniti...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "address-sanitizer" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to address-sanitizer+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to address-sanitizer+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to address-sanitizer+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.