Skip to content

Commit

Permalink
@make.sh CXX_FLAGS="-fsanitize= on g++ / clang++
Browse files Browse the repository at this point in the history 
Includes most of https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind https://clang.llvm.org/docs/MemorySanitizer.html
, such as
```
CXX_FLAGS="-fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment"
export ASAN_OPTIONS=abort_on_error=1:fast_unwind_on_malloc=0:detect_leaks=0 UBSAN_OPTIONS=print_stacktrace=1
CXX_FLAGS+="-fno-omit-frame-pointer" #/* from https://clang.llvm.org/docs/MemorySanitizer.html */
CXX_FLAGS+="-g" #/* gives variables+linenums to stacktraces */
```
which produces stackktraces such as
```
~/SubStack $ ./a.out
cxx/Macros.hxx: pass
cxx/VirusAnalysis.hxx: pass
AddressSanitizer:DEADLYSIGNAL
=================================================================
==355==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x007958880050 bp 0x007fed4ad6f0 sp 0x007fed4acee0 T0)
==355==The signal is caused by a READ memory access.
==355==Hint: address points to the zero page.
libunwind: unsupported .eh_frame_hdr version: 127 at 795cd30000
    #0 0x7958880050 in __strlen_aarch64 libc_init_dynamic.cpp
    #1 0x795a4be864 in strlen out/lib/compiler-rt-aarch64/out/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc
    #2 0x59a56172b0 in std::__ndk1::__constexpr_strlen[abi:v170000](char const*) /data/data/com.termux/files/usr/include/c++/v1/cstring:114:10
    #3 0x59a5617270 in std::__ndk1::char_traits<char>::length(char const*) /data/data/com.termux/files/usr/include/c++/v1/__string/char_traits.h:220:12
    #4 0x59a55e0c8c in std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>::basic_string[abi:v170000]<std::nullptr_t>(char const*) /data/data/com.termux/files/usr/include/c++/v1/string:882:17
    #5 0x59a5639018 in Susuwu::questionsResponsesFromHosts(Susuwu::ResultList&, Susuwu::ResultList&, std::__ndk1::vector<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, std::__ndk1::allocator<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>>> const&) /data/data/com.termux/files/home/SubStack/./cxx/ConversationCns.cxx:54:68
    #6 0x59a5638870 in Susuwu::conversationCnsTestsThrows() /data/data/com.termux/files/home/SubStack/./cxx/ConversationCns.cxx:32:2
    #7 0x59a56431bc in Susuwu::testHarnesses() /data/data/com.termux/files/home/SubStack/./cxx/main.cxx:21:5
    #8 0x59a56431f8 in main /data/data/com.termux/files/home/SubStack/./cxx/main.cxx:28:9
    #9 0x795887ee18 in __libc_init (/apex/com.android.runtime/lib64/bionic/libc.so+0x56e18) (BuildId: 33ad5959e2b38fc822cda3c642e16c94)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libc_init_dynamic.cpp in __strlen_aarch64
==355==ABORTING
Aborted
~/SubStack $
```
`GXX` -> `CXX` for compiler executable (more consistant)

@posts/VirusAnalysis.md "callgraphs" -> "stacktraces". Give comparisons of `-fsanitize` vs _static analysis_
  • Loading branch information
@SwuduSusuwu
SwuduSusuwu committed Jun 15, 2024
1 parent 4fd0cd3 commit f57e789
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 15 deletions.
32 changes: 20 additions & 12 deletions make.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,26 +4,34 @@ echo '/* Dual licenses: choose "Creative Commons" or "Apache 2" (allows all uses
sSRC="./cxx/"
#INCLUDES="${sSRC}"
#export CXX_FLAGS="-I${INCLUDES}"
CXX_FLAGS_DEBUG="-fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment" #/* supports `g++`/`clang++`: https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind#tldr */
export ASAN_OPTIONS=abort_on_error=1:fast_unwind_on_malloc=0:detect_leaks=0 UBSAN_OPTIONS=print_stacktrace=1 #/* "For LLDB/GDB and to prevent very short stack traces and usually false leaks detection" */
CXX_FLAGS_DEBUG="${CXX_FLAGS_DEBUG} -fno-omit-frame-pointer" #/* thus optimization won't remove stacktraces: https://stackoverflow.com/questions/48234575/g-will-fno-omit-frame-pointer-be-effective-if-specified-before-o2-or-o3 https://clang.llvm.org/docs/MemorySanitizer.html */
CXX_FLAGS_DEBUG="${CXX_FLAGS_DEBUG} -g" #/* gives line numbers, + arguments, to stacktraces */
#CXX_FLAGS_DEBUG="${CXX_FLAGS_DEBUG} -fno-optimize-sibling-calls" #/* Don't inline functions. Does extra stacktraces. */
#CXX_FLAGS_DEBUG="${CXX_FLAGS_DEBUG} -fsanitize=undefined" #/* causes 'cannot locate symbol "__ubsan_handle_function_type_mismatch_abort"' */
if command -v ctags; then
ctags -R
fi
if command -v clang++; then
GXX="clang++"
CXX="clang++"
elif command -v g++; then
GXX="g++"
CXX="g++"
else
echo "Error: no clang++, no g++. `apt install clang` or `apt install gcc`"
exit 1
fi
rm *.o
$GXX -x c -c ${sSRC}/../c/rfc6234/sha1.c
$GXX -x c -c ${sSRC}/../c/rfc6234/sha224-256.c
$GXX -x c -c ${sSRC}/../c/rfc6234/sha384-512.c
$GXX -c ${sSRC}/ClassSha2.cxx
$GXX -c ${sSRC}/ClassResultList.cxx
$GXX -c ${sSRC}/ClassCns.cxx
$GXX -c ${sSRC}/VirusAnalysis.cxx
$GXX -c ${sSRC}/ConversationCns.cxx
$GXX -c ${sSRC}/main.cxx
$GXX sha1.o sha224-256.o sha384-512.o ClassSha2.o ClassResultList.o ClassCns.o VirusAnalysis.o ConversationCns.o main.o
CXX_FLAGS="${CXX_FLAGS} ${CXX_FLAGS_DEBUG}" #/* comment this to disable sanitizers/stacktraces (if you want to run fast) */
CXX="${CXX} ${CXX_FLAGS}"
$CXX -x c -c ${sSRC}/../c/rfc6234/sha1.c
$CXX -x c -c ${sSRC}/../c/rfc6234/sha224-256.c
$CXX -x c -c ${sSRC}/../c/rfc6234/sha384-512.c
$CXX -c ${sSRC}/ClassSha2.cxx
$CXX -c ${sSRC}/ClassResultList.cxx
$CXX -c ${sSRC}/ClassCns.cxx
$CXX -c ${sSRC}/VirusAnalysis.cxx
$CXX -c ${sSRC}/ConversationCns.cxx
$CXX -c ${sSRC}/main.cxx
$CXX sha1.o sha224-256.o sha384-512.o ClassSha2.o ClassResultList.o ClassCns.o VirusAnalysis.o ConversationCns.o main.o

4 changes: 1 addition & 3 deletions posts/VirusAnalysis.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -852,9 +852,7 @@ which show how to use hex dumps (or disassembled sources) of the apps/SW (execut
Static analysis (such as Clang/LLVM has) just checks programs for accidental security threats (such as buffer overruns/underruns, or null-pointer-dereferences,) but could act as a basis,
if you add a few extra checks for deliberate vulnerabilities/signs of infection (these are heuristics, so the user should have a choice to quarantine and submit for review, or continue launch of this).
https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer
is part of Clang/LLVM (license is FLOSS,) does static analysis (produces full graphs of each function the SW uses,
plus arguments passed to thus,
so that if the executable violates security, the analysis shows this to you and asks you what to do.)
is part of Clang/LLVM (license is FLOSS,) does static analysis (emulation produces inputs to functions, formulas analyze stacktraces (+ heap/stack uses) to produce lists of possible unwanted side effects to warn you of); versus [`-fsanitize`](https://github.com/SwuduSusuwu/SubStack/issues/5), do not have to recompile to do static analysis. `-fsanitize` requires you to produce inputs, static analysis does this for you.
LLVM is lots of files, Phasar is just it’s static analysis:
https://github.com/secure-software-engineering/phasar

Expand Down

0 comments on commit f57e789

Please sign in to comment.