Android SDK build script: HWAsan support added #25718
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
asmorkalov
approved these changes
Jun 11, 2024
| hwasan_flags = "-fno-omit-frame-pointer -fsanitize=hwaddress" | ||
| cmake_vars['CMAKE_CXX_FLAGS_DEBUG'] = hwasan_flags | ||
| cmake_vars['CMAKE_C_FLAGS_DEBUG'] = hwasan_flags | ||
| cmake_vars['CMAKE_LINKER_FLAGS_DEBUG'] = hwasan_flags |
Contributor
Author
There was a problem hiding this comment.
Added release mode flags in #25746
I think the only sense of HWASan in Release mode is to die instead of doing some insecure memory operation like buffer overflow.
I don' see a lot of sense in HWASan reports in Release mode since there's no symbols and no proper stack trace is produced. For example, here's the log for the issue #25735 with Release mode on:
HWASan report
==29605==ERROR: HWAddressSanitizer: tag-mismatch on address 0x003e2df44c60 at pc 0x005c2e8578c0
WRITE of size 8 at 0x003e2df44c60 tags: 0b/07(0b) (ptr/mem) in thread T0
Invalid access starting at offset 7
#0 opencv_test::(anonymous namespace)::BufferArea_basic_Test::Body() in ??:0:0
#1 opencv_test::(anonymous namespace)::BufferArea_basic_Test::TestBody() in ??:0:0
#2 void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) in ??:0:0
#3 testing::Test::Run() in ??:0:0
#4 testing::TestInfo::Run() in ??:0:0
#5 testing::TestCase::Run() in ??:0:0
#6 testing::internal::UnitTestImpl::RunAllTests() in ??:0:0
#7 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) in ??:0:0
#8 testing::UnitTest::Run() in ??:0:0
#9 main in ??:0:0
#10 0x7df38b98f0 (/apex/com.android.runtime/lib64/bionic/hwasan/libc.so+0x5b8f0) (BuildId: a345f50b7faa262077e8d08a5acbfaa7)
[0x003e2df44c40,0x003e2df44c80) is a small allocated heap chunk; size: 64 offset: 32
Cause: heap-buffer-overflow
0x003e2df44c60 is located 32 bytes inside a 39-byte region [0x003e2df44c40,0x003e2df44c67)
allocated here:
#0 0x7ded168698 (/apex/com.android.runtime/lib64/bionic/libclang_rt.hwasan-aarch64-android.so+0x23698) (BuildId: 558b5c131872716737ddc0a62f3382dd3df70b9a)
#1 0x7df38ad36c (/apex/com.android.runtime/lib64/bionic/hwasan/libc.so+0x4f36c) (BuildId: a345f50b7faa262077e8d08a5acbfaa7)
#2 cv::fastMalloc(unsigned long) in ??:0:0
#3 cv::utils::BufferArea::commit() in ??:0:0
#4 opencv_test::(anonymous namespace)::BufferArea_basic_Test::Body() in ??:0:0
#5 opencv_test::(anonymous namespace)::BufferArea_basic_Test::TestBody() in ??:0:0
#6 void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) in ??:0:0
#7 testing::Test::Run() in ??:0:0
#8 testing::TestInfo::Run() in ??:0:0
#9 testing::TestCase::Run() in ??:0:0
#10 testing::internal::UnitTestImpl::RunAllTests() in ??:0:0
#11 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) in ??:0:0
#12 testing::UnitTest::Run() in ??:0:0
#13 main in ??:0:0
#14 0x7df38b98f0 (/apex/com.android.runtime/lib64/bionic/hwasan/libc.so+0x5b8f0) (BuildId: a345f50b7faa262077e8d08a5acbfaa7)
#15 _start_main in ??:0:0
Thread: T0 0x007400002000 stack: [0x007ff253b000,0x007ff2d3b000) sz: 8388608 tls: [0x007df6f06000,0x007df6f09000)
Memory tags around the buggy address (one tag corresponds to 16 bytes):
0x003e2df44400: aa aa aa aa 34 34 34 34 63 63 63 63 9b 9b 9b 9b
0x003e2df44500: c8 c8 c8 c8 20 20 20 20 24 24 24 24 bc bc bc bc
0x003e2df44600: a3 a3 a3 a3 cc cc cc cc f2 f2 f2 f2 e4 e4 e4 e4
0x003e2df44700: 4c 4c 4c 4c d4 d4 d4 d4 a5 a5 a5 a5 d5 d5 d5 d5
0x003e2df44800: b4 b4 b4 b4 1a 1a 1a 1a e4 e4 e4 e4 89 89 89 89
0x003e2df44900: e3 e3 e3 e3 76 76 76 76 5a 5a 5a 5a 35 35 35 35
0x003e2df44a00: dc dc dc dc ed ed ed ed 2d 2d 2d 2d 56 56 56 56
0x003e2df44b00: d2 d2 d2 d2 7f 7f 7f 7f b4 b4 b4 b4 5c 5c 5c 5c
=>0x003e2df44c00: 4c 4c 4c 4c 0b 0b [07] bc e4 e4 e4 e4 b6 76 76 76
0x003e2df44d00: 13 13 13 13 60 60 60 60 fb fb fb fb c9 c9 08 8b
0x003e2df44e00: bc bc bc bc a9 a9 a9 a9 0f 0f 0f 0f 5c 5c 5c 5c
0x003e2df44f00: c4 c4 c4 c4 9d 9d 9d 9d bb bb bb bb 81 81 81 81
0x003e2df45000: d7 d7 d7 d7 83 83 83 83 6e 6e 6e 6e 17 17 17 d7
0x003e2df45100: 24 24 24 24 c6 c6 c6 c6 41 41 41 41 b7 b7 b7 b7
0x003e2df45200: 1b 1b 1b 1b ce ce ce ce 52 52 52 52 f1 f1 f1 f1
0x003e2df45300: 73 73 73 73 13 13 13 13 de de de de ea ea ea ea
0x003e2df45400: e1 e1 e1 e1 75 75 75 75 65 65 65 65 4f 4f 4f 4f
Tags for short granules around the buggy address (one tag corresponds to 16 bytes):
0x003e2df44b00: .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
=>0x003e2df44c00: .. .. .. .. 00 40 [0b] .. .. .. .. .. .. .. .. ..
0x003e2df44d00: .. .. .. .. .. .. .. .. .. .. .. .. .. .. c9 ..
See https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html#short-granules for a description of short granule tags
Registers where the failure occurred (pc 0x005c2e8578c0):
x0 0b00003e2df44c60 x1 3900007ff2d38c60 x2 7900007ff2d38c50 x3 e60000402dee27d0
x4 0000007ff253b000 x5 0000000000000014 x6 0000007ff253b000 x7 0000000000000001
x8 0b00003e2df44c50 x9 0200007500000000 x10 4008000000000000 x11 0000000000000008
x12 0000000000000003 x13 00000007ff2d3884 x14 00000007ff2d3882 x15 00000007ff2d3884
x16 0000007ded194918 x17 0000007ded16e330 x18 0000007df7538000 x19 0200007500000000
x20 6700007ff2d38a60 x21 d900007ff2d38c70 x22 f900007ff2d38ac0 x23 7900007ff2d38c50
x24 0040000e80000311 x25 0040000e80000305 x26 0040000e80000361 x27 0040000e80000319
x28 3900007ff2d38c60 x29 0000007ff2d38cf0 x30 0000005c2e8578c4 sp 0000007ff2d38950
Learn more about HWASan reports: https://source.android.com/docs/security/test/memory-safety/hwasan-reports
SUMMARY: HWAddressSanitizer: tag-mismatch (/data/local/tmp/release/opencv_test_core+0x9688c0) (BuildId: f9512eec121c1d87878200bcdd8dc9dc4b4573d1)
==29605==WARNING: HWASan is ignoring requested __hwasan_handle_longjmp: stack top: 0x007ff2d372f0; target 0x000000000000; distance: 0xffffff800d2c8d10 (8748369168516010610)
False positive error reports may follow
Segmentation fault
6 tasks
Merged
asmorkalov
pushed a commit
that referenced
this pull request
Jun 18, 2024
Android SDK build script: HWAsan flags added for release mode #25746 A quick fix for #25718 ### Pull Request Readiness Checklist See details at https://github.com/opencv/opencv/wiki/How_to_contribute#making-a-good-pull-request - [x] I agree to contribute to the project under Apache 2 License. - [x] To the best of my knowledge, the proposed patch is not based on a code under GPL or another license that is incompatible with OpenCV - [x] The PR is proposed to the proper branch - [x] There is a reference to the original bug report and related work - [x] There is accuracy test, performance test and test data in opencv_extra repository, if applicable Patch to opencv_extra has the same branch name. - [x] The feature is well documented and sample code can be built with the project CMake
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Readiness Checklist
See details at https://github.com/opencv/opencv/wiki/How_to_contribute#making-a-good-pull-request
Patch to opencv_extra has the same branch name.