wiki:ASanWebKit

Version 3 (modified by ddkilzer@webkit.org, 10 years ago) (diff)

Add Step 11 for filing security bugs. Added nice descriptions for raw URLs.

  1. Building WebKit with Clang Address Sanitizer (ASan)
    1. Building the Apple Mac OS X port with ASan

Building WebKit with Clang Address Sanitizer (ASan)

This page describes how to build WebKit with the clang Address Sanitizer (ASan) for various ports.

Building the Apple Mac OS X port with ASan

Building the Apple Mac OS X port with the clang Address Sanitizer currently requires a custom build of trunk clang, plus an Xcode toolchain derived from OSX10.9.xctoolchain.

NOTE: These instructions are currently an untested work-in-progress, but we hope to automate it with tools soon.

  1. Install Mac OS X 10.9.1 (Mavericks) on a Mac. Don't use 10.9 as it contains a bug that causes a crash on every HTTP redirect.
  2. Install Xcode developer tools, including the Mac OS X 10.9 SDK. These instructions assume the 10.9 SDK is located here: 
    /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.9.xctoolchain/
  3. Make a copy of the OSX10.9.xctoolchain and call it ASAN.xctoolchain: 
    sudo ditto /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.9.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain
  4. Edit ASAN.xctoolchain/ToolchainInfo.plist to change the Identifier string from com.apple.dt.toolchain.OSX10_9 to com.apple.dt.toolchain.ASAN. 
    sudo vi /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/ToolchainInfo.plist
  5. Build trunk clang/llvm. The address sanitizer should be built by default for Mac OS X. See LLVM Docs for details. Subversion revision r204316 of clang/llvm is known to build WebKit for Mac OS X. Newer versions may introduce new warnings or compiler bugs that must be fixed before proceeding. Alternatively, you can download a prebuilt binary from the Chromium Browser Clang page.
  6. Ditto the clang/llvm build output into /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain to replace the version of clang/llvm in the original toolchain. 
    TBD
  7. Fix the ID of libclang_rt.asan_osx_dynamic.dylib to its installation path using the install_name_tool: 
    sudo xcrun install_name_tool -id /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
  8. Copy libclang_rt.asan_osx_dynamic.dylib into your WebKitBuild/Release directory: 
    ditto /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib WebKitBuild/Release/
  9. Build WebKit with additional xcodebuild arguments to load asan.xcconfig, find the ASan ignore list, and build with the new compiler: 
    make release ARGS="-xcconfig $PWD/Tools/asan/asan.xcconfig ASAN_IGNORE=$PWD/Tools/asan/webkit-asan-ignore.txt TOOLCHAINS=com.apple.dt.toolchain.ASAN"
  10. When running apps that load WebKit built with ASan, the ASAN_OPTIONS environment variable needs to be set to make sure the app crashes when you hit an issue, and to prevent false-positives for some intrinsics Mac OS X (e.g., memcpy and memmove are the same function). For example, to launch Safari: 
    ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-safari --release --no-saved-state
    You should also be able to run DumpRenderTree and WebKitTestRunner in a similar fashion: 
    ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-webkit-tests --release --no-build
  11. Please use New WebKit Security Bug link to file new bugs for crashes with ASan builds.