wiki:ASanWebKit

Building WebKit with Clang Address Sanitizer (ASan)

This page describes how to build WebKit with the clang Address Sanitizer (ASan) for various ports.

Building the Apple Mac OS X port with ASan (Mac OS X 10.11 El Capitan and later)

To build with Xcode for 10.11, you simply pass in the --asan switch to set-webkit-configuration, then build. Note that you can include ASan support with either --release or --debug switches.

./Tools/Scripts/set-webkit-configuration --release --asan
./Tools/Scripts/build-webkit

To disable ASan builds once again, use the --no-asan switch with set-webkit-configuration.

Building the Apple Mac OS X port with ASan (prior to Mac OS X 10.11 El Capitan)

Building the Apple Mac OS X port with the clang Address Sanitizer currently requires a custom build of trunk clang, plus an Xcode toolchain derived from OSX10.9.xctoolchain.

NOTE: These instructions are currently an untested work-in-progress, but we hope to automate it with tools soon.

  1. Install Mac OS X 10.9.1 (Mavericks) on a Mac. Don't use 10.9 as it contains a bug that causes a crash on every HTTP redirect.
  2. Install Xcode developer tools, including the Mac OS X 10.9 SDK. These instructions assume the 10.9 SDK is located here:
    /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.9.xctoolchain/
    
    With Xcode 6.1 on 10.9.5, the SDK is in:
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/
    
  3. Make a copy of the OSX10.9.xctoolchain(or XcodeDefault.xctoolchain) and call it ASAN.xctoolchain:
    sudo ditto /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.9.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain
    
  4. Edit ASAN.xctoolchain/ToolchainInfo.plist to change the Identifier string from com.apple.dt.toolchain.OSX10_9 to com.apple.dt.toolchain.ASAN. (with Xcode 6.1 on 10.9.5, the Identifier is com.apple.dt.toolchain.XcodeDefault)
    sudo vi /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/ToolchainInfo.plist
    
  5. Build trunk clang/llvm. The address sanitizer should be built by default for Mac OS X. See LLVM Docs for details. Subversion revision r204316 of clang/llvm is known to build WebKit for Mac OS X. Newer versions may introduce new warnings or compiler bugs that must be fixed before proceeding. Alternatively, you can download a prebuilt binary from the Chromium Browser Clang page.
  6. Ditto the clang/llvm build output into /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain to replace the version of clang/llvm in the original toolchain. If you downloaded a build from the Chromium Browser Clang page, then it should be as simple as:
    sudo ditto ~/Downloads/clang-218707/ /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/    
    
    Replacing ~/Downloads/clang-218707/ with the location you extracted the clang archive to. Note that the trailing / on the path is important!
  7. Fix the ID of libclang_rt.asan_osx_dynamic.dylib to its installation path using the install_name_tool:
    sudo xcrun install_name_tool -id /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
    
    You may have to change the 3.5.0 in the paths to match the version of clang you are using, especially if you download a build from the Chromium Browser Clang page..
  8. Copy libclang_rt.asan_osx_dynamic.dylib into your WebKitBuild/Release directory:
    ditto /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib WebKitBuild/Release/
    
    You may have to change the 3.5.0 in the paths to match the version of clang you are using, especially if you download a build from the Chromium Browser Clang page.
  9. Build WebKit with additional xcodebuild arguments to load asan.xcconfig, find the ASan ignore list, and build with the new compiler:
    make release ARGS="-xcconfig $PWD/Tools/asan/asan.xcconfig ASAN_IGNORE=$PWD/Tools/asan/webkit-asan-ignore.txt TOOLCHAINS=com.apple.dt.toolchain.ASAN"
    
  10. When running apps that load WebKit built with ASan, the ASAN_OPTIONS environment variable needs to be set to make sure the app crashes when you hit an issue, and to prevent false-positives for some intrinsics Mac OS X (e.g., memcpy and memmove are the same function). For example, to launch Safari:
    ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-safari --release --no-saved-state
    
    You should also be able to run DumpRenderTree and WebKitTestRunner in a similar fashion:
    ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-webkit-tests --release --no-build
    
  11. Please use New WebKit Security Bug link to file new bugs for crashes with ASan builds.
Last modified 14 months ago Last modified on Feb 18, 2016 12:32:21 PM