<div dir="ltr"><div>hello,</div><div><br></div><div>I&#39;d like to build webkit with ASAN on osx (mavericks 10.9.5)</div><div><br></div><div>I followed instructions in wiki(<a href="https://trac.webkit.org/wiki/ASanWebKit">https://trac.webkit.org/wiki/ASanWebKit</a>), but it didn&#39;t work.</div><div><br></div><div>These below are all steps I did.</div><div><br></div><div>1) Install Xcode 6.1 (I also tried other versions like 6.0.1, 5.1.1, 5.0.1)</div><div>2) Make a copy of the XcodeDefault.xctoolchain and call it ASAN.xctoolchain:</div><div>sudo ditto /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain</div><div>3) Edit ASAN.xctoolchain/ToolchainInfo.plist to change the Identifier string from com.apple.dt.toolchain.XcodeDefault to com.apple.dt.toolchain.ASAN.</div><div>sudo vi /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/ToolchainInfo.plist</div><div>4) download a prebuilt binary from this page (<a href="http://commondatastorage.googleapis.com/chromium-browser-clang/index.html?path=Mac/">http://commondatastorage.googleapis.com/chromium-browser-clang/index.html?path=Mac/</a>)</div><div>5) Ditto the clang/llvm build output into /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain to replace the version of clang/llvm in the original toolchain</div><div>sudo ditto ~/Downloads/clang-218707/ /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/</div><div>6) Fix the ID of libclang_rt.asan_osx_dynamic.dylib to its installation path using the install_name_tool</div><div>sudo xcrun install_name_tool -id /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib</div><div>7) Copy libclang_rt.asan_osx_dynamic.dylib into your WebKitBuild/Release directory</div><div>ditto /Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib WebKitBuild/Release/</div><div>8) build</div><div>make release ARGS=&quot;-xcconfig $PWD/Tools/asan/asan.xcconfig ASAN_IGNORE=$PWD/Tools/asan/webkit-asan-ignore.txt TOOLCHAINS=com.apple.dt.toolchain.ASAN&quot;</div><div>9) run</div><div>ASAN_OPTIONS=&quot;replace_intrin=0:abort_on_error=1:handle_segv=0&quot; ./Tools/Scripts/run-safari --release --no-saved-state</div><div><br></div><div><br></div><div>building and run was successful. but, ASAN didn&#39;t catch any kind of memory corruptions.</div><div><br></div><div>for the test, I inserted the use-after-free triggering code in JSString::toNumber() before building webkit like below.</div><div><br></div><div><span class="" style="white-space:pre">        </span>double JSString::toNumber(ExecState* exec) const</div><div><span class="" style="white-space:pre">        </span>{</div><div><span class="" style="white-space:pre">                </span>char *test = (char *)malloc(1024);</div><div><span class="" style="white-space:pre">                </span>free(test);</div><div><span class="" style="white-space:pre">                </span>strcpy(test, &quot;AAAAAAAAAAAAAA&quot;);<span class="" style="white-space:pre">        </span>// use-after-free</div><div><br></div><div><span class="" style="white-space:pre">                </span>printf(&quot;hello\n&quot;);</div><div><br></div><div><span class="" style="white-space:pre">                </span>return jsToNumber(value(exec));</div><div><span class="" style="white-space:pre">        </span>}</div><div><br></div><div>and for hitting JSString::toNumber() I wrote test.html like this.</div><div><br></div><div>&lt;script&gt;</div><div>var s = &#39;1234&#39;;</div><div>var i = Number(s);</div><div>&lt;/script&gt;</div><div><br></div><div>when webkit opens test.html, it would say &quot;use-after-free happened&quot; if it works, but it printed nothing except &quot;hello&quot;.</div><div><br></div><div>any missing or wrong commands i did?</div><div><br></div><div>thanks.</div></div>