How to make AddressSanitizer not check third party libraries












1















I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)

SET(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609






c++ gcc cmake address-sanitizer







share|improve this question

























  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.

    – John Murray
    Nov 20 '18 at 13:03













  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check

    – mascot
    Nov 22 '18 at 9:17


















1















I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)

SET(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609






c++ gcc cmake address-sanitizer







share|improve this question

























  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.

    – John Murray
    Nov 20 '18 at 13:03













  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check

    – mascot
    Nov 22 '18 at 9:17
















1












1








1








I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)

SET(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609






c++ gcc cmake address-sanitizer







share|improve this question
















I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)

SET(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609






c++ gcc cmake address-sanitizer




c++ gcc cmake address-sanitizer






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 15:09









yugr

7,11421442




7,11421442










asked Nov 20 '18 at 12:40









mascotmascot

113




113













  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.

    – John Murray
    Nov 20 '18 at 13:03













  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check

    – mascot
    Nov 22 '18 at 9:17





















  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.

    – John Murray
    Nov 20 '18 at 13:03













  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check

    – mascot
    Nov 22 '18 at 9:17



















Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.

– John Murray
Nov 20 '18 at 13:03







Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.

– John Murray
Nov 20 '18 at 13:03















There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check

– mascot
Nov 22 '18 at 9:17







There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check

– mascot
Nov 22 '18 at 9:17














1 Answer
1






active

oldest

votes


















2














AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer


























  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

    – yugr
    Nov 20 '18 at 15:07











  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

    – yugr
    Nov 20 '18 at 15:08











  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

    – w-m
    Nov 20 '18 at 15:47











  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

    – mascot
    Nov 22 '18 at 9:22











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393213%2fhow-to-make-addresssanitizer-not-check-third-party-libraries%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer


























  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

    – yugr
    Nov 20 '18 at 15:07











  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

    – yugr
    Nov 20 '18 at 15:08











  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

    – w-m
    Nov 20 '18 at 15:47











  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

    – mascot
    Nov 22 '18 at 9:22
















2














AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer


























  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

    – yugr
    Nov 20 '18 at 15:07











  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

    – yugr
    Nov 20 '18 at 15:08











  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

    – w-m
    Nov 20 '18 at 15:47











  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

    – mascot
    Nov 22 '18 at 9:22














2












2








2







AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer















AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 20 '18 at 15:45

























answered Nov 20 '18 at 13:10









w-mw-m

6,1592333




6,1592333













  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

    – yugr
    Nov 20 '18 at 15:07











  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

    – yugr
    Nov 20 '18 at 15:08











  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

    – w-m
    Nov 20 '18 at 15:47











  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

    – mascot
    Nov 22 '18 at 9:22



















  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

    – yugr
    Nov 20 '18 at 15:07











  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

    – yugr
    Nov 20 '18 at 15:08











  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

    – w-m
    Nov 20 '18 at 15:47











  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

    – mascot
    Nov 22 '18 at 9:22

















"most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

– yugr
Nov 20 '18 at 15:07





"most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.

– yugr
Nov 20 '18 at 15:07













"just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

– yugr
Nov 20 '18 at 15:08





"just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.

– yugr
Nov 20 '18 at 15:08













Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

– w-m
Nov 20 '18 at 15:47





Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.

– w-m
Nov 20 '18 at 15:47













@w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

– mascot
Nov 22 '18 at 9:22





@w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.

– mascot
Nov 22 '18 at 9:22




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393213%2fhow-to-make-addresssanitizer-not-check-third-party-libraries%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Image
3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
Read more

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

Image
up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
Read more

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Image
0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
Read more