Compile and Using MariaDB with Sanitizers (ASAN, UBSAN, TSAN, MSAN)

What are Sanitizers?

Sanitizers are open source runtime error detectors developed by Google that are enabled during the compile step. These sanitizers add extra code during compilation that will throw exceptions when certain errors are detected.

AddressSanitizer (aka ASAN) is a memory error detector for C/C++. It finds a lot of the same things as valgrind, but with a lot less overhead.

  • Use after free (dangling pointer dereference)
  • Heap buffer overflow
  • Stack buffer overflow
  • Global buffer overflow
  • Use after return
  • Use after scope
  • Initialization order bugs
  • Memory leaks

To use ASAN you need a gcc version that supports ASAN. gcc 4.8.5 and up are known to work.

In addition to ASAN there are sanitizers for Undefined Behaviour, Thread and Memory related errors.

UndefinedBehaviourSanitizer (aka UBSAN)

ThreadSanitizer (aka TSAN)

MemorySanitizer (aka MSAN)

How to Compile MariaDB with Sanitizers

Before using ASAN locally, please ensure that it is installed on the system:

yum install -y /usr/lib64/libasan.so.6.0.0

ASAN is supported in MariaDB 10.1 and up.

You can use one of the two following build commands:

cmake . -DWITH_ASAN=ON

or from MariaDB 10.2 and up:

./BUILD/compile-pentium64-asan-max

Additionally, UBSAN, TSAN, and MSAN can be enabled in a similar way:

UBSAN:

yum install -y /usr/lib64/libubsan.so.1.0.0
cmake . -DWITH_UBSAN=ON

TSAN:

yum install -y /usr/lib64/libtsan.so.0.0.0
cmake . -DWITH_TSAN=ON

MSAN:

Note: keep in mind that only clang supports MSAN, g++ or other compilers will not work.

cmake . -DWITH_MSAN=ON

Running an ASAN Build

To run mysqld with instrumentation you have to set the ASAN_OPTIONS environment variable before starting mysqld. Either in your shell or in your mysqld_safe script.

export ASAN_OPTIONS=abort_on_error=1

The above command will abort any instrumented executable if any errors are found, which is good for debugging. If you set abort_on_error=0 all server errors are logged to your error log file (mysqld.err).

To catch errors for other processes than the server, you can set more options, like this:

export ASAN_OPTIONS=abort_on_error=1:log_path=/tmp/asan

If you are seeing an incomplete stack trace for a memory allocation, you may rerun the failing test with

export ASAN_OPTIONS=abort_on_error=1:log_path=/tmp/asan:fast_unwind_on_malloc=0

To get core dumps of failures:

export ASAN_OPTIONS=abort_on_error=1:disable_coredump=0

To see all the options (or to check if an executable is instrumented), you may try the following:

ASAN_OPTIONS=help=1 extra/perror 0

Using Valgrind

The MariaDB test system can use Valgrind for finding memory leaks and wrong memory accesses. Valgrind is an instrumentation framework for building dynamic analysis tools. If Valgrind is installed on your system, you can simply use mysql-test-run --valgrind to run the test under Valgrind.

See Also

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.