hello, I'd like to build webkit with ASAN on osx (mavericks 10.9.5)
I followed instructions in wiki(https://trac.webkit.org/wiki/ASanWebKit), but it didn't work. These below are all steps I did. 1) Install Xcode 6.1 (I also tried other versions like 6.0.1, 5.1.1, 5.0.1) 2) Make a copy of the XcodeDefault.xctoolchain and call it ASAN.xctoolchain: sudo ditto /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain 3) Edit ASAN.xctoolchain/ToolchainInfo.plist to change the Identifier string from com.apple.dt.toolchain.XcodeDefault to com.apple.dt.toolchain.ASAN. sudo vi /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/ToolchainInfo.plist 4) download a prebuilt binary from this page ( http://commondatastorage.googleapis.com/chromium-browser-clang/index.html?path=Mac/ ) 5) Ditto the clang/llvm build output into /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain to replace the version of clang/llvm in the original toolchain sudo ditto ~/Downloads/clang-218707/ /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/ 6) Fix the ID of libclang_rt.asan_osx_dynamic.dylib to its installation path using the install_name_tool sudo xcrun install_name_tool -id /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib 7) Copy libclang_rt.asan_osx_dynamic.dylib into your WebKitBuild/Release directory ditto /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib WebKitBuild/Release/ 8) build make release ARGS="-xcconfig $PWD/Tools/asan/asan.xcconfig ASAN_IGNORE=$PWD/Tools/asan/webkit-asan-ignore.txt TOOLCHAINS=com.apple.dt.toolchain.ASAN" 9) run ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-safari --release --no-saved-state building and run was successful. but, ASAN didn't catch any kind of memory corruptions. for the test, I inserted the use-after-free triggering code in JSString::toNumber() before building webkit like below. double JSString::toNumber(ExecState* exec) const { char *test = (char *)malloc(1024); free(test); strcpy(test, "AAAAAAAAAAAAAA"); // use-after-free printf("hello\n"); return jsToNumber(value(exec)); } and for hitting JSString::toNumber() I wrote test.html like this. <script> var s = '1234'; var i = Number(s); </script> when webkit opens test.html, it would say "use-after-free happened" if it works, but it printed nothing except "hello". any missing or wrong commands i did? thanks.
_______________________________________________ webkit-help mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-help
