gccllvmsanitizeraddress-sanitizer

Can Address Sanitizer abort immediately after an error is detected?


I am using a syscall checker in combination with -fsanitize=address and when ASAN finds a bug, it calls some syscalls (ioctl(ISATTY), etc) when printing out the report. The syscall checker interrupts ASAN's ioctls and the error report is not collected properly.

What I would like is for ASAN to simply abort without printing the report, or failing that, a way to determine (using a libasan4 API call maybe) that ASAN found an error, so I can stop the syscall checker from intercepting syscalls.

Unfortunately __asan_error_report, __sanitizer_set_death_callback and __asan_set_error_report_callback from libasan4 all kick in after ASAN has collected the report:

0 __asan_error_report()
1 syscall_checker()
2 ioctl(ISATTY)
3 asan::PrintReport()
4 app_code_that_crashes()

And the syscall checker does not handle ASAN's ioctl() calls properly, so it exit()s normally, while I am hoping to keep ASAN's behavior of abort()ing.


Solution

  • You should be able to intercept before report is printed by overriding __asan_on_error (declared in asan_interface.h, empty by default):

    // User may provide function that would be called right when ASan detects
    // an error. This can be used to notice cases when ASan detects an error, but
    // the program crashes before ASan report is printed.
    void __asan_on_error();
    

    Note that due to weird Asan callback interface you'd better implement this callback in main binary (definitions in shared libraries are likely to be unable to intercept default definition from libasan.a).