413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the...
Transcript of 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the...
![Page 1: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/1.jpg)
© 2015 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.
#WWDC15
Advanced Debugging and the Address SanitizerFinding your undocumented features
Mike Swingler Xcode UI InfrastructureAnna Zaks LLVM Program Analysis
Developer Tools
Session 413
![Page 2: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/2.jpg)
Overview
![Page 3: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/3.jpg)
Overview
View Debugger
![Page 4: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/4.jpg)
Overview
View DebuggerAdvanced Breakpoint Actions
![Page 5: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/5.jpg)
Overview
View DebuggerAdvanced Breakpoint ActionsAddress Sanitizer
![Page 6: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/6.jpg)
Overview
View DebuggerAdvanced Breakpoint ActionsAddress Sanitizer
View DebuggerAdvanced Breakpoint Actions
![Page 7: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/7.jpg)
DemoView Debugger and Advanced Breakpoints
Mike Swingler Xcode UI Infrastructure
![Page 8: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/8.jpg)
Summary
![Page 9: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/9.jpg)
Summary
View Debugger• Focus on troublesome views• Visualize your constraints
![Page 10: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/10.jpg)
Summary
View Debugger• Focus on troublesome views• Visualize your constraints
Advanced Breakpoint Actions• Catch exceptions at throw, print message• Print expressions without adding clutter
![Page 11: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/11.jpg)
Summary
View Debugger• Focus on troublesome views• Visualize your constraints
Advanced Breakpoint Actions• Catch exceptions at throw, print message• Print expressions without adding clutter
Address Sanitizer
![Page 12: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/12.jpg)
Address Sanitizer
Anna Zaks LLVM Program Analysis
![Page 13: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/13.jpg)
Memory Corruption
![Page 14: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/14.jpg)
Memory Corruption
![Page 15: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/15.jpg)
Memory Corruption Is Hard to Debug
Hard to consistently reproduceThe source of error is often far from its manifestation
![Page 16: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/16.jpg)
Language Memory Safety
![Page 17: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/17.jpg)
Language Memory Safety
Less error prone• Swift• Objective-C Automatic Reference Counting
![Page 18: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/18.jpg)
Language Memory Safety
Less error prone• Swift• Objective-C Automatic Reference Counting
More susceptible to memory issues• Direct memory manipulation• Code that interoperates with C/C++
![Page 19: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/19.jpg)
Language Memory Safety
Less error prone• Swift• Objective-C Automatic Reference Counting
More susceptible to memory issues• Direct memory manipulation• Code that interoperates with C/C++
More susceptible to memory issues• Direct memory manipulation• Code that interoperates with C/C++
![Page 20: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/20.jpg)
What Is Address Sanitizer?
Similar to Guard Malloc and ValgrindFinds memory corruption at run timeLess overheadIntegrated into Debug NavigatorWorks on OS X, iOS (simulator and device)
![Page 21: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/21.jpg)
Analyze Memory Corruption
Use after freeHeap buffer overflowStack buffer overflowGlobal variable overflowOverflows in C++ containersUse after return
![Page 22: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/22.jpg)
Analyze Memory Corruption
Use after freeHeap buffer overflowStack buffer overflowGlobal variable overflowOverflows in C++ containersUse after return
Stack buffer overflowGlobal variable overflowOverflows in C++ containersUse after return
![Page 23: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/23.jpg)
DemoUsing Address Sanitizer from Xcode
Anna Zaks LLVM Program Analysis
![Page 24: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/24.jpg)
Demo Recap
1. Edit Scheme – Diagnostics tab2. “Enable Address Sanitizer” checkbox3. Build and Run
![Page 25: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/25.jpg)
When to Use Address Sanitizer
Investigating memory corruptionManual testingContinuous integration
![Page 26: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/26.jpg)
Continuous Integration
Enable Sanitization in yournon-performance tests
In Xcode1. Edit Scheme – Test – Diagnostics tab2. “Enable Address Sanitizer” checkbox3. Build and Test
![Page 27: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/27.jpg)
Continuous Integration
Enable Sanitization in yournon-performance tests
In Xcode1. Edit Scheme – Test – Diagnostics tab2. “Enable Address Sanitizer” checkbox3. Build and Test
Command Line$ xcodebuild -scheme "Jogr" test -enableAddressSanitizer YES
![Page 28: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/28.jpg)
Compiler Optimization Level
None [-O0] is recommended
Fast [-O1] is supported
Higher optimization is not supported
![Page 29: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/29.jpg)
Under the HoodHow Address Sanitizer works
![Page 30: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/30.jpg)
How Address Sanitizer Works
![Page 31: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/31.jpg)
How Address Sanitizer Works
clang
![Page 32: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/32.jpg)
How Address Sanitizer Works
clang
![Page 33: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/33.jpg)
How Address Sanitizer Works
clang -fsanitize=address
![Page 34: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/34.jpg)
How Address Sanitizer Works
clang -fsanitize=address
![Page 35: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/35.jpg)
How Address Sanitizer Works
clang -fsanitize=address
asan dylib
![Page 36: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/36.jpg)
Shadow Mapping
![Page 37: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/37.jpg)
Process memory
Shadow Mapping
Allocated objects
![Page 38: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/38.jpg)
Process memory
Shadow Mapping
Shadow memory
![Page 39: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/39.jpg)
Process memory
Shadow Mapping
Redzones
Shadow memory
![Page 40: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/40.jpg)
if (IsPoisoned(p)) Crash(); *p = 0xb00;
Shadow Mapping
*p = 0xb00;
![Page 41: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/41.jpg)
Shadow Mappingif (IsPoisoned(p)) Crash(); *p = 0xb00;
Shadow memoryProcess memory
![Page 42: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/42.jpg)
Shadow Mappingif (IsPoisoned(p)) Crash(); *p = 0xb00;
Shadow memoryProcess memory
p IsPoisoned(p)
![Page 43: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/43.jpg)
Shadow memoryProcess memory
Shadow Mappingif (IsPoisoned(p)) Crash(); *p = 0xb00;
p IsPoisoned(p)
![Page 44: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/44.jpg)
Shadow memoryProcess memory
Shadow Mappingif (IsPoisoned(p)) Crash(); *p = 0xb00;
0xb00
p IsPoisoned(p)
![Page 45: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/45.jpg)
Shadow memoryProcess memory
Shadow Mappingif (IsPoisoned(p)) Crash(); *p = 0xb00;
![Page 46: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/46.jpg)
Shadow memoryProcess memory
Shadow Mappingif (IsPoisoned(p)) Crash(); *p = 0xb00;
p IsPoisoned(p)
![Page 47: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/47.jpg)
Shadow memoryProcess memory
if (IsPoisoned(p)) Crash(); *p = 0xb00;
Shadow Mapping
p IsPoisoned(p)
![Page 48: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/48.jpg)
Shadow Mapping
IsPoisoned needs to be fast 1/8 of the address spacemmap’d at launch
0x7fffffffffff
0x200000000000
0x0fffffffffff 0x000000000000
0x1fffffffffff
Shadow Region
0x100000000000
![Page 49: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/49.jpg)
Shadow Mapping
IsPoisoned needs to be fast 1/8 of the address spacemmap’d at launch
bool IsPoisoned(Addr) { Shadow = Addr >> 3 }
+ Offset
return (*Shadow) != 0
0x7fffffffffff
0x200000000000
0x0fffffffffff 0x000000000000
0x1fffffffffff
Shadow Region
0x100000000000
![Page 50: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/50.jpg)
Default Malloc Implementation
![Page 51: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/51.jpg)
Default Malloc Implementation
allocations
![Page 52: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/52.jpg)
Default Malloc Implementation
allocations
1 2 3 4 5
![Page 53: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/53.jpg)
Custom Malloc Implementation
1 2 3 4 5
![Page 54: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/54.jpg)
Poisoned
2 3 4 5
Valid
Custom Malloc Implementation
1 2 3 4 5
1
![Page 55: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/55.jpg)
Poisoned
2 3 4 5
Valid
Custom Malloc Implementation
2 3 4 5
1
![Page 56: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/56.jpg)
Poisoned
2 3 4 5
Valid
Custom Malloc Implementation
2 3 4 5
![Page 57: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/57.jpg)
Custom Malloc Implementation
![Page 58: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/58.jpg)
Custom Malloc Implementation
Inserts poisoned “red zones” around allocations• Heap underflows/overflows
![Page 59: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/59.jpg)
Custom Malloc Implementation
Inserts poisoned “red zones” around allocations• Heap underflows/overflows
Delays reuse of freed memory• Use-after-free, double free
![Page 60: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/60.jpg)
Custom Malloc Implementation
Inserts poisoned “red zones” around allocations• Heap underflows/overflows
Delays reuse of freed memory• Use-after-free, double free
Collects stack traces for allocations and frees• Comprehensive error reports
![Page 61: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/61.jpg)
Compiler Instrumentation of the Stack
… buffer
number
void foo() { char buffer[16]; int number;
buffer[16] = ‘\0’; }
![Page 62: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/62.jpg)
Compiler Instrumentation of the Stack
buffer
number
void foo() { char buffer[16]; int number;
buffer[16] = ‘\0’; }
if (IsPoisoned(&buffer[16])) Crash();
![Page 63: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/63.jpg)
Compiler Instrumentation of Globals
int array[] = {1, 2, 3};
void foo() {
int x = array[3]; }
![Page 64: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/64.jpg)
Compiler Instrumentation of Globals
int array[] = {1, 2, 3};
void foo() {
int x = array[3]; }
char poisoned_redzone1[16];
char poisoned_redzone2[16];
if (IsPoisoned(&array[3])) Crash();
![Page 65: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/65.jpg)
Catching C++ Container Overflows
std::vector<T> v;
v.begin() v.end() v.begin() + v.capacity()
![Page 66: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/66.jpg)
Catching C++ Container Overflows
std::vector<T> v;
v.begin() v.end() v.begin() + v.capacity()
![Page 67: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/67.jpg)
Catching C++ Container Overflows
std::vector<int> V(8); V.resize(5); return V.data()[5];
std::vector<T> v;
v.begin() v.end() v.begin() + v.capacity()
![Page 68: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/68.jpg)
Catching C++ Container Overflows
std::vector<int> V(8); V.resize(5); return V.data()[5];
std::vector<T> v;
v.begin() v.end() v.begin() + v.capacity()
container-overflow
![Page 69: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/69.jpg)
Runtime Function Interposition
![Page 70: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/70.jpg)
Runtime Function Interposition
Wraps memcpy, memset, strcpy, strlen, fwrite, printf, getline, …Extended with extra memory checksThese checks work even in non-instrumented code
![Page 71: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/71.jpg)
Runtime Function Interposition
wrap_memcpy(dest, src, n) { ASSERT_MEMORY_READABLE(src, n) ASSERT_MEMORY_WRITABLE(dest, n) return orig_memcpy(dest, src, n) }
Wraps memcpy, memset, strcpy, strlen, fwrite, printf, getline, …Extended with extra memory checksThese checks work even in non-instrumented code
![Page 72: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/72.jpg)
Small Performance Overhead
![Page 73: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/73.jpg)
Small Performance Overhead
CPU slowdown usually between 2x–5x
![Page 74: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/74.jpg)
Small Performance Overhead
CPU slowdown usually between 2x–5xMemory overhead 2x–3x
![Page 75: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/75.jpg)
Small Performance Overhead
CPU slowdown usually between 2x–5xMemory overhead 2x–3x
![Page 76: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/76.jpg)
Address Sanitizer
![Page 77: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/77.jpg)
![Page 78: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/78.jpg)
Complementary ToolsGuard Malloc
Finds heap overruns and use-after-freeAdds guard pages before and after allocationsDoes not require recompilationSupported on OS X and in iOS simulator Misses some bugs that Address Sanitizer finds
![Page 79: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/79.jpg)
Complementary ToolsNSZombie
Catches Objective-C object over-releasesReplaces deallocated objects with “zombie” objects that trap“Enable Zombie Objects” in XcodeZombies Instrument
![Page 80: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/80.jpg)
Complementary ToolsMalloc Scribble
Helps detecting uninitialized variablesFills allocated memory with 0xAA Fills deallocated memory with 0x55
![Page 81: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/81.jpg)
Complementary ToolsLeaks Instrument
Helps detecting leaks • Retain cycles• Abandoned memory
![Page 82: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/82.jpg)
Summary
![Page 83: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/83.jpg)
Summary
View Debugger
![Page 84: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/84.jpg)
Summary
View DebuggerAdvanced Breakpoint Actions
![Page 85: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/85.jpg)
Summary
View DebuggerAdvanced Breakpoint ActionsAddress Sanitizer
![Page 86: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/86.jpg)
More Information
DocumentationXcode Debugginghttp://developer.apple.com/support/technical/debugging/
Address Sanitizerhttp://clang.llvm.org/docs/AddressSanitizer.html
Apple Developer Forumsdeveloper.apple.com/forums
Stefan LesserDeveloper Technologies [email protected]
![Page 87: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/87.jpg)
Related Sessions
What’s New in LLDB Nob Hill Tuesday 2:30PM
UI Testing in Xcode Nob Hill Wednesday 11:00AM
Implementing UI Designs in Interface Builder Pacific Hights Wednesday 1:30PM
Continuous Integration and Code Coverage in Xcode Presidio Thursday 10:00AM
Profiling in Depth Mission Thursday 3:30PM
![Page 88: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/88.jpg)
Labs
Instruments and Debugging Developer Tools Lab B Friday 9:00AM
Xcode Open Hours Developer Tools Lab B Friday 1:00PM
![Page 89: 413 Advanced Debugging and the Address Sanitizer 03 D · 2016-07-08 · Advanced Debugging and the Address Sanitizer Finding your undocumented features ... Under the Hood How Address](https://reader036.fdocuments.us/reader036/viewer/2022081607/5ec4620809f7e84ebd2eb209/html5/thumbnails/89.jpg)