[webkit-help] build webkit with ASAN on osx (mavericks 10.9.5)
sean jinu
jinuseantellme at gmail.com
Mon Apr 20 05:08:57 PDT 2015
hello,
I'd like to build webkit with ASAN on osx (mavericks 10.9.5)
I followed instructions in wiki(https://trac.webkit.org/wiki/ASanWebKit),
but it didn't work.
These below are all steps I did.
1) Install Xcode 6.1 (I also tried other versions like 6.0.1, 5.1.1, 5.0.1)
2) Make a copy of the XcodeDefault.xctoolchain and call it ASAN.xctoolchain:
sudo ditto
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain
3) Edit ASAN.xctoolchain/ToolchainInfo.plist to change the Identifier
string from com.apple.dt.toolchain.XcodeDefault to
com.apple.dt.toolchain.ASAN.
sudo vi
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/ToolchainInfo.plist
4) download a prebuilt binary from this page (
http://commondatastorage.googleapis.com/chromium-browser-clang/index.html?path=Mac/
)
5) Ditto the clang/llvm build output into
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain to
replace the version of clang/llvm in the original toolchain
sudo ditto ~/Downloads/clang-218707/
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/
6) Fix the ID of libclang_rt.asan_osx_dynamic.dylib to its installation
path using the install_name_tool
sudo xcrun install_name_tool -id
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
7) Copy libclang_rt.asan_osx_dynamic.dylib into your WebKitBuild/Release
directory
ditto
/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
WebKitBuild/Release/
8) build
make release ARGS="-xcconfig $PWD/Tools/asan/asan.xcconfig
ASAN_IGNORE=$PWD/Tools/asan/webkit-asan-ignore.txt
TOOLCHAINS=com.apple.dt.toolchain.ASAN"
9) run
ASAN_OPTIONS="replace_intrin=0:abort_on_error=1:handle_segv=0"
./Tools/Scripts/run-safari --release --no-saved-state
building and run was successful. but, ASAN didn't catch any kind of memory
corruptions.
for the test, I inserted the use-after-free triggering code in
JSString::toNumber() before building webkit like below.
double JSString::toNumber(ExecState* exec) const
{
char *test = (char *)malloc(1024);
free(test);
strcpy(test, "AAAAAAAAAAAAAA"); // use-after-free
printf("hello\n");
return jsToNumber(value(exec));
}
and for hitting JSString::toNumber() I wrote test.html like this.
<script>
var s = '1234';
var i = Number(s);
</script>
when webkit opens test.html, it would say "use-after-free happened" if it
works, but it printed nothing except "hello".
any missing or wrong commands i did?
thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-help/attachments/20150420/e811eddb/attachment.html>
More information about the webkit-help
mailing list