什么是 ASan
ASan 是 Address Sanitizer 簡(jiǎn)稱胎食,它是是一種基于編譯器用于快速檢測(cè)原生代碼中內(nèi)存錯(cuò)誤的工具怠惶。
簡(jiǎn)而言之,ASan 就是一個(gè)用于快速檢測(cè)內(nèi)存錯(cuò)誤的工具。這里很多朋友有誤解奸例,ASan 其實(shí)并不能用于內(nèi)存泄漏檢測(cè),Android 平臺(tái)內(nèi)存泄漏檢測(cè)推薦 MallocDebug 哈误。
另外需要注意的是 Android O(API >= 27)及以上版本才支持 ASan 哩至,NDK 需要選用 r20 及以上版本躏嚎。
ASan 可以檢測(cè)到內(nèi)存錯(cuò)誤類型如下:
- Stack and heap buffer overflow/underflow 棧和堆緩沖區(qū)上溢/下溢;
- Heap use after free 堆內(nèi)存被釋放之后還在使用其指針菩貌;
- Stack use outside scope 在某個(gè)局部變量的作用域之外卢佣,使用其指針;
- Double free/wild free 指針重復(fù)釋放的情況箭阶。
ASan 支持 arm 和 x86 平臺(tái)虚茶,使用 ASan 時(shí),APP 性能會(huì)變慢且內(nèi)存占用會(huì)飆升仇参。針對(duì) arm64 平臺(tái)嘹叫,Android 官方推薦使用 HWAddress Sanitizer (HWASan),后面會(huì)介紹诈乒。
關(guān)于 ASan 的原理本文不做深入討論罩扇,該文章的主要目的是幫助開(kāi)發(fā)者快速上手 ASan 的使用。
這里感性地介紹下 ASan 的工作原理:ASan 相當(dāng)于接管了內(nèi)存的分配怕磨,當(dāng)分配一塊內(nèi)存時(shí)喂饥,會(huì)在這塊內(nèi)存的前后添加"標(biāo)志位",然后再次使用該內(nèi)存的時(shí)候檢查"標(biāo)志位"是否被修改肠鲫,當(dāng)發(fā)現(xiàn)"標(biāo)志位"被修改時(shí)员帮,判斷出現(xiàn)內(nèi)存錯(cuò)誤。
怎么使用 ASan
之所以寫這篇文件导饲,就是因?yàn)榘l(fā)現(xiàn)一些文章介紹 ASan 使用方法搞得非常復(fù)雜捞高,不易上手。
其實(shí) Android 官方的使用說(shuō)明非常簡(jiǎn)潔渣锦,就是復(fù)制黏貼硝岗,添加兩行代碼就搞定。
官方文檔:developer.android.com/ndk/guides/…
修改編譯腳本
CMake
APP 下面的 build.gradle 添加:
android {
defaultConfig {
externalNativeBuild {
cmake {
# Can also use system or none as ANDROID_STL.
arguments "-DANDROID_ARM_MODE=arm", "-DANDROID_STL=c++_shared"
}
}
}
}
復(fù)制代碼
CMakeLists.txt 腳本添加:
target_compile_options(${libname} PUBLIC -fsanitize=address -fno-omit-frame-pointer)
set_target_properties(${libname} PROPERTIES LINK_FLAGS -fsanitize=address)
復(fù)制代碼
NDK-BUILD
Application.mk 文件添加:
APP_STL := c++_shared # Or system, or none.
APP_CFLAGS := -fsanitize=address -fno-omit-frame-pointer
APP_LDFLAGS := -fsanitize=address
復(fù)制代碼
Android.mk 文件添加:
APP_STL := c++_shared # Or system, or none.
APP_CFLAGS := -fsanitize=address -fno-omit-frame-pointer
APP_LDFLAGS := -fsanitize=address
復(fù)制代碼
拷貝 Asan 庫(kù)到 jniLibs 目錄下
Asan 庫(kù)位于下面路徑下:
android-ndk-r21\toolchains\llvm\prebuilt\windows-x86_64\lib64\clang\9.0.8\lib\linux
復(fù)制代碼
64 位 libclang_rt.asan-aarch64-android.so , 32 位 libclang_rt.asan-arm-android.so 泡挺,分別拷貝兩個(gè)庫(kù)到 jniLibs 相應(yīng)的目錄下辈讶。
新建 wrap.sh 文件,拷貝下面內(nèi)容到文件中:
#!/system/bin/sh
HERE="$(cd "$(dirname "$0")" && pwd)"
export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1
ASAN_LIB=$(ls $HERE/libclang_rt.asan-*-android.so)
if [ -f "$HERE/libc++_shared.so" ]; then
# Workaround for https://github.com/android-ndk/ndk/issues/988.
export LD_PRELOAD="$ASAN_LIB $HERE/libc++_shared.so"
else
export LD_PRELOAD="$ASAN_LIB"
fi
"$@"
復(fù)制代碼
在 main 文件夾下新建目錄 resources\lib 然后將 wrap.sh 文件拷貝到相應(yīng)的目錄下面娄猫,最終的目錄結(jié)構(gòu)是這樣的:
<project root>
└── app
└── src
└── main
├── jniLibs
│ ├── arm64-v8a
│ │ └── libclang_rt.asan-aarch64-android.so
│ ├── armeabi-v7a
│ │ └── libclang_rt.asan-arm-android.so
│ ├── x86
│ │ └── libclang_rt.asan-i686-android.so
│ └── x86_64
│ └── libclang_rt.asan-x86_64-android.so
└── resources
└── lib
├── arm64-v8a
│ └── wrap.sh
├── armeabi-v7a
│ └── wrap.sh
├── x86
│ └── wrap.sh
└── x86_64
└── wrap.sh
復(fù)制代碼
自此 ASan 接入完成贱除,是不是很簡(jiǎn)單?
ASan 檢測(cè)內(nèi)存錯(cuò)誤
這一節(jié)我們?cè)诖a中故意設(shè)置一些常見(jiàn)的內(nèi)存錯(cuò)誤(內(nèi)存越界等)用來(lái)測(cè)試 ASan 檢測(cè)出來(lái)的結(jié)果是否正確媳溺。需要注意的是月幌,當(dāng) ASan 檢測(cè)出內(nèi)存錯(cuò)誤,程序就會(huì)立即 crash 悬蔽,不再往下執(zhí)行扯躺,log 中會(huì)出現(xiàn)關(guān)鍵字 AddressSanitizer 。
堆內(nèi)存溢出
static void HeapBufferOverflow() {
int *arr = new int[1024];
arr[0] = 11;
arr[1024] = 12;
LOGCATE("HeapBufferOverflow arr[0]=%d, arr[1024]",arr[0], arr[1024]);
}
復(fù)制代碼
ASan 檢測(cè)結(jié)果(crash log)中出現(xiàn)關(guān)鍵字 heap-buffer-overflow :
05-13 19:52:16.247 4194 4194 I com.byteflow.learnffmpeg: =================================================================
05-13 19:52:16.247 4194 4194 I com.byteflow.learnffmpeg: ==4194==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x004f0d5a8100 at pc 0x0074f822b648 bp 0x007ff0227a00 sp 0x007ff02279f8
05-13 19:52:16.247 4194 4194 I com.byteflow.learnffmpeg: WRITE of size 4 at 0x004f0d5a8100 thread T0
05-13 19:52:16.257 23334 23334 D Launcher_UnlockAnimationStateMachine: mResetIdleStateRunnable
05-13 19:52:16.265 4194 4194 I com.byteflow.learnffmpeg: #0 0x74f822b644 (/data/app/com.byteflow.learnffmpeg-mVg7CcQSTXVnJhfo7u0XLA==/lib/arm64/liblearn-ffmpeg.so+0x146644)
05-13 19:52:16.265 4194 4194 I com.byteflow.learnffmpeg: #1 0x74f8229b20 (/data/app/com.byteflow.learnffmpeg-mVg7CcQSTXVnJhfo7u0XLA==/lib/arm64/liblearn-ffmpeg.so+0x144b20)
05-13 19:52:16.265 4194 4194 I com.byteflow.learnffmpeg: #2 0x74f8229a7c (/data/app/com.byteflow.learnffmpeg-mVg7CcQSTXVnJhfo7u0XLA==/lib/arm64/liblearn-ffmpeg.so+0x144a7c)
05-13 19:52:16.265 4194 4194 I com.byteflow.learnffmpeg: #3 0x74fdaac0a0 (/data/app/com.byteflow.learnffmpeg-mVg7CcQSTXVnJhfo7u0XLA==/oat/arm64/base.odex+0xb0a0)
05-13 19:52:16.265 4194 4194 I com.byteflow.learnffmpeg: ........
復(fù)制代碼
棧內(nèi)存溢出
//stack-buffer-overflow
static void StackBufferOverflow() {
int arr[1024];
arr[0] = 11;
arr[1024] = 12;
LOGCATE("StackBufferOverflow arr[0]=%d, arr[1024]",arr[0], arr[1024]);
}
復(fù)制代碼
ASan 檢測(cè)結(jié)果(crash log)中出現(xiàn)關(guān)鍵字 stack-buffer-overflow :
05-13 19:54:30.371 5002 5002 I com.byteflow.learnffmpeg: =================================================================
05-13 19:54:30.371 5002 5002 I com.byteflow.learnffmpeg: ==5002==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x007ff02278c0 at pc 0x0074f8bd6640 bp 0x007ff0226890 sp 0x007ff0226888
05-13 19:54:30.372 5002 5002 I com.byteflow.learnffmpeg: WRITE of size 4 at 0x007ff02278c0 thread T0
05-13 19:54:30.389 5002 5002 I com.byteflow.learnffmpeg: #0 0x74f8bd663c (/data/app/com.byteflow.learnffmpeg-aaLGh4G_-2c2WC7sX0ibag==/lib/arm64/liblearn-ffmpeg.so+0x14663c)
05-13 19:54:30.389 5002 5002 I com.byteflow.learnffmpeg: #1 0x74f8bd4a20 (/data/app/com.byteflow.learnffmpeg-aaLGh4G_-2c2WC7sX0ibag==/lib/arm64/liblearn-ffmpeg.so+0x144a20)
05-13 19:54:30.389 5002 5002 I com.byteflow.learnffmpeg: #2 0x74f8bd497c (/data/app/com.byteflow.learnffmpeg-aaLGh4G_-2c2WC7sX0ibag==/lib/arm64/liblearn-ffmpeg.so+0x14497c)
......
復(fù)制代碼
使用已釋放的指針
//heap-use-after-free
static void UseAfterFree() {
int *arr = new int[1024];
arr[0] = 11;
delete [] arr;
LOGCATE("UseAfterFree arr[0]=%d, arr[1024]",arr[0], arr[1024]);
}
復(fù)制代碼
ASan 檢測(cè)結(jié)果(crash log)中出現(xiàn)關(guān)鍵字 heap-use-after-free :
05-13 19:56:44.430 5235 5235 I com.byteflow.learnffmpeg: =================================================================
05-13 19:56:44.430 5235 5235 I com.byteflow.learnffmpeg: ==5235==ERROR: AddressSanitizer: heap-use-after-free on address 0x004f0d5a7100 at pc 0x0074f7ac945c bp 0x007ff02279d0 sp 0x007ff02279c8
05-13 19:56:44.430 5235 5235 I com.byteflow.learnffmpeg: READ of size 4 at 0x004f0d5a7100 thread T0
05-13 19:56:44.447 5235 5235 I com.byteflow.learnffmpeg: #0 0x74f7ac9458 (/data/app/com.byteflow.learnffmpeg-w2WNuKKPLEj7i4_8_Oj3Sw==/lib/arm64/liblearn-ffmpeg.so+0x146458)
05-13 19:56:44.448 5235 5235 I com.byteflow.learnffmpeg: #1 0x74f7ac7920 (/data/app/com.byteflow.learnffmpeg-w2WNuKKPLEj7i4_8_Oj3Sw==/lib/arm64/liblearn-ffmpeg.so+0x144920)
05-13 19:56:44.448 5235 5235 I com.byteflow.learnffmpeg: #2 0x74f7ac787c (/data/app/com.byteflow.learnffmpeg-w2WNuKKPLEj7i4_8_Oj3Sw==/lib/arm64/liblearn-ffmpeg.so+0x14487c)
......
復(fù)制代碼
局部變量的作用域之外使用其指針
//stack-use-after-scope
static int *p;
static void UseAfterScope()
{
{
int a = 0;
p = &a;
}
*p = 1111;
LOGCATE("UseAfterScope *p=%d",*p);
}
復(fù)制代碼
ASan 檢測(cè)結(jié)果(crash log)中出現(xiàn)關(guān)鍵字 stack-use-after-scope :
https://developer.android.com/ndk/guides/asan#cmake05-13 20:01:19.447 5907 5907 I com.byteflow.learnffmpeg: =================================================================
05-13 20:01:19.447 5907 5907 I com.byteflow.learnffmpeg: ==5907==ERROR: AddressSanitizer: stack-use-after-scope on address 0x007ff02279a0 at pc 0x0074f8236438 bp 0x007ff0227970 sp 0x007ff0227968
05-13 20:01:19.448 5907 5907 I com.byteflow.learnffmpeg: WRITE of size 4 at 0x007ff02279a0 thread T0
05-13 20:01:19.462 23334 23334 D Launcher_UnlockAnimationStateMachine: mResetIdleStateRunnable
05-13 20:01:19.464 5907 5907 I com.byteflow.learnffmpeg: #0 0x74f8236434 (/data/app/com.byteflow.learnffmpeg-jx_Xi14rwGHag_VZ9KWXYA==/lib/arm64/liblearn-ffmpeg.so+0x146434)
05-13 20:01:19.465 5907 5907 I com.byteflow.learnffmpeg: #1 0x74f8234860 (/data/app/com.byteflow.learnffmpeg-jx_Xi14rwGHag_VZ9KWXYA==/lib/arm64/liblearn-ffmpeg.so+0x144860)
05-13 20:01:19.465 5907 5907 I com.byteflow.learnffmpeg: #2 0x74f82347bc (/data/app/com.byteflow.learnffmpeg-jx_Xi14rwGHag_VZ9KWXYA==/lib/arm64/liblearn-ffmpeg.so+0x1447bc)
05-13 20:01:19.465 5907 5907 I com.byteflow.learnffmpeg: #3 0x74fdabe0a0 (/data/app/com.byteflow.learnffmpeg-jx_Xi14rwGHag_VZ9KWXYA==/oat/arm64/base.odex+0xb0a0)
.....
復(fù)制代碼
重復(fù)釋放指針
//double-free
static void DoubleFree() {
int *arr = new int[1024];
arr[0] = 11;
delete [] arr;
delete [] arr;
LOGCATE("UseAfterFree arr[0]=%d",arr[0]);
}
復(fù)制代碼
ASan 檢測(cè)結(jié)果(crash log)中出現(xiàn)關(guān)鍵字 double-free :
05-13 20:02:16.474 6102 6102 I com.byteflow.learnffmpeg: =================================================================
05-13 20:02:16.475 6102 6102 I com.byteflow.learnffmpeg: ==6102==ERROR: AddressSanitizer: attempting double-free on 0x004f0d5a7100 in thread T0:
05-13 20:02:16.492 6102 6102 I com.byteflow.learnffmpeg: #0 0x74f9f2b7b0 (/data/app/com.byteflow.learnffmpeg-kjj44NZxl-eyA06gf3E2MA==/lib/arm64/libclang_rt.asan-aarch64-android.so+0xd57b0)
05-13 20:02:16.492 6102 6102 I com.byteflow.learnffmpeg: #1 0x74f88cd210 (/data/app/com.byteflow.learnffmpeg-kjj44NZxl-eyA06gf3E2MA==/lib/arm64/liblearn-ffmpeg.so+0x146210)
05-13 20:02:16.492 6102 6102 I com.byteflow.learnffmpeg: #2 0x74f88cb720 (/data/app/com.byteflow.learnffmpeg-kjj44NZxl-eyA06gf3E2MA==/lib/arm64/liblearn-ffmpeg.so+0x144720)
05-13 20:02:16.492 6102 6102 I com.byteflow.learnffmpeg: #3 0x74f88cb67c (/data/app/com.byteflow.learnffmpeg-kjj44NZxl-eyA06gf3E2MA==/lib/arm64/liblearn-ffmpeg.so+0x14467c)
......
復(fù)制代碼
ASan 基本上可以覆蓋到常見(jiàn)的內(nèi)存錯(cuò)誤問(wèn)題,還有其他 Case 就不一一展示了录语,
音視頻入門到精通在開(kāi)源項(xiàng)目:https://github.com/Android-Alvin/Android-LearningNotes中已收錄倍啥,里面還包含不同方向的自學(xué)編程路線、面試題集合/面經(jīng)澎埠、及系列技術(shù)文章等虽缕,資源持續(xù)更新中...
