wiki:ASanWebKit

Version 4 (modified by Bem Jones-Bey, 10 years ago) ( diff )

Update with my learnings

  1. Building WebKit with Clang Address Sanitizer (ASan)
    1. Building the Apple Mac OS X port with ASan

Building WebKit with Clang Address Sanitizer (ASan)

This page describes how to build WebKit with the clang Address Sanitizer (ASan) for various ports.

Building the Apple Mac OS X port with ASan

Building the Apple Mac OS X port with the clang Address Sanitizer currently requires a custom build of trunk clang, plus an Xcode toolchain derived from OSX10.9.xctoolchain.

NOTE: These instructions are currently an untested work-in-progress, but we hope to automate it with tools soon.

  1. Install Mac OS X 10.9.1 (Mavericks) on a Mac. Don't use 10.9 as it contains a bug that causes a crash on every HTTP redirect.
  2. Install Xcode developer tools, including the Mac OS X 10.9 SDK. These instructions assume the 10.9 SDK is located here: 
    /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.9.xctoolchain/
    With Xcode 6.1 on 10.9.5, the SDK is in: 
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/
  3. Make a copy of the OSX10.9.xctoolchain(or XcodeDefault.xctoolchain) and call it ASAN.xctoolchain: 
    sudo ditto /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.9.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain
  4. Edit ASAN.xctoolchain/ToolchainInfo.plist to change the Identifier string from com.apple.dt.toolchain.OSX10_9 to com.apple.dt.toolchain.ASAN. (with Xcode 6.1 on 10.9.5, the Identifier is com.apple.dt.toolchain.XcodeDefault) 
    sudo vi /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/ToolchainInfo.plist
  5. Build trunk clang/llvm. The address sanitizer should be built by default for Mac OS X. See LLVM Docs for details. Subversion revision r204316 of clang/llvm is known to build WebKit for Mac OS X. Newer versions may introduce new warnings or compiler bugs that must be fixed before proceeding. Alternatively, you can download a prebuilt binary from the Chromium Browser Clang page.
  6. Ditto the clang/llvm build output into /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain to replace the version of clang/llvm in the original toolchain. If you downloaded a build from the Chromium Browser Clang page, then it should be as simple as: 
    sudo ditto ~/Downloads/clang-218707/ /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/
    Replacing ~/Downloads/clang-218707/ with the location you extracted the clang archive to. Note that the trailing / on the path is important!
  7. Fix the ID of libclang_rt.asan_osx_dynamic.dylib to its installation path using the install_name_tool: 
    sudo xcrun install_name_tool -id /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
    You may have to change the 3.5.0 in the paths to match the version of clang you are using, especially if you download a build from the Chromium Browser Clang page..
  8. Copy libclang_rt.asan_osx_dynamic.dylib into your WebKitBuild/Release directory: 
    ditto /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib WebKitBuild/Release/
    You may have to change the 3.5.0 in the paths to match the version of clang you are using, especially if you download a build from the Chromium Browser Clang page.
  9. Build WebKit with additional xcodebuild arguments to load asan.xcconfig, find the ASan ignore list, and build with the new compiler: 
    make release ARGS="-xcconfig $PWD/Tools/asan/asan.xcconfig ASAN_IGNORE=$PWD/Tools/asan/webkit-asan-ignore.txt TOOLCHAINS=com.apple.dt.toolchain.ASAN"
  10. When running apps that load WebKit built with ASan, the ASAN_OPTIONS environment variable needs to be set to make sure the app crashes when you hit an issue, and to prevent false-positives for some intrinsics Mac OS X (e.g., memcpy and memmove are the same function). For example, to launch Safari: 
    ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-safari --release --no-saved-state
    You should also be able to run DumpRenderTree and WebKitTestRunner in a similar fashion: 
    ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0" ./Tools/Scripts/run-webkit-tests --release --no-build
  11. Please use New WebKit Security Bug link to file new bugs for crashes with ASan builds.
Note: See TracWiki for help on using the wiki.