Debugging 使用AddressSanitizer输出获取行号?
我试图让AddressSanitizer在堆栈跟踪中生成行号。我用Mac和Fedora19系统进行了测试,结果也差不多 下面是一个简单的程序:Debugging 使用AddressSanitizer输出获取行号?,debugging,address-sanitizer,Debugging,Address Sanitizer,我试图让AddressSanitizer在堆栈跟踪中生成行号。我用Mac和Fedora19系统进行了测试,结果也差不多 下面是一个简单的程序: #include <cstdio> #include <cstdlib> int main(int argc,char **argv) { char *buf = (char *)malloc(5); free(buf); puts("get ready"); buf[4] = '3';
#include <cstdio>
#include <cstdlib>
int main(int argc,char **argv)
{
char *buf = (char *)malloc(5);
free(buf);
puts("get ready");
buf[4] = '3';
puts("done");
return(0);
}
我运行它(llvm符号器在我的路径中):
如你所见,我有符号,但没有行号。如何获取行号
回答一个问题,下面是objdump-hx
:
$ objdump -h x
x: file format elf64-x86-64
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 0000001c 0000000000400238 0000000000400238 00000238 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 0000000000400254 0000000000400254 00000254 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 0000000000400274 0000000000400274 00000274 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.hash 0000003c 0000000000400298 0000000000400298 00000298 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .dynsym 000001b0 00000000004002d8 00000000004002d8 000002d8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynstr 00000141 0000000000400488 0000000000400488 00000488 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .gnu.version 00000024 00000000004005ca 00000000004005ca 000005ca 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version_r 00000020 00000000004005f0 00000000004005f0 000005f0 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rela.dyn 00000018 0000000000400610 0000000000400610 00000610 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rela.plt 000000d8 0000000000400628 0000000000400628 00000628 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .init 0000001a 0000000000400700 0000000000400700 00000700 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .plt 000000a0 0000000000400720 0000000000400720 00000720 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .text 00000224 00000000004007c0 00000000004007c0 000007c0 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .fini 00000009 00000000004009e4 00000000004009e4 000009e4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .rodata 000000bc 0000000000400a00 0000000000400a00 00000a00 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
15 .eh_frame_hdr 00000044 0000000000400abc 0000000000400abc 00000abc 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .eh_frame 00000134 0000000000400b00 0000000000400b00 00000b00 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
17 .preinit_array 00000008 0000000000600d98 0000000000600d98 00000d98 2**3
CONTENTS, ALLOC, LOAD, DATA
18 .init_array 00000010 0000000000600da0 0000000000600da0 00000da0 2**3
CONTENTS, ALLOC, LOAD, DATA
19 .fini_array 00000010 0000000000600db0 0000000000600db0 00000db0 2**3
CONTENTS, ALLOC, LOAD, DATA
20 .jcr 00000008 0000000000600dc0 0000000000600dc0 00000dc0 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .dynamic 00000230 0000000000600dc8 0000000000600dc8 00000dc8 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .got 00000008 0000000000600ff8 0000000000600ff8 00000ff8 2**3
CONTENTS, ALLOC, LOAD, DATA
23 .got.plt 00000060 0000000000601000 0000000000601000 00001000 2**3
CONTENTS, ALLOC, LOAD, DATA
24 .data 00000070 0000000000601060 0000000000601060 00001060 2**5
CONTENTS, ALLOC, LOAD, DATA
25 .bss 00000008 00000000006010d0 00000000006010d0 000010d0 2**2
ALLOC
26 .comment 00000058 0000000000000000 0000000000000000 000010d0 2**0
CONTENTS, READONLY
27 .debug_aranges 00000050 0000000000000000 0000000000000000 00001128 2**0
CONTENTS, READONLY, DEBUGGING
28 .debug_info 00001041 0000000000000000 0000000000000000 00001178 2**0
CONTENTS, READONLY, DEBUGGING
29 .debug_abbrev 0000038e 0000000000000000 0000000000000000 000021b9 2**0
CONTENTS, READONLY, DEBUGGING
30 .debug_line 00000239 0000000000000000 0000000000000000 00002547 2**0
CONTENTS, READONLY, DEBUGGING
31 .debug_str 00000a9a 0000000000000000 0000000000000000 00002780 2**0
CONTENTS, READONLY, DEBUGGING
$
$objdump-hx
x:文件格式elf64-x86-64
部分:
Idx名称大小VMA LMA文件关闭Algn
0.interp 000000 1C 0000000000 4002380000000000 40023800000238 2**0
内容、分配、加载、只读、数据
1.注:ABI-tag 000000 20 0000000000 400254 0000000000 400254 00000254 2**2
内容、分配、加载、只读、数据
2.note.gnu.build-id 00000024 0000000000 400274 0000000000 400274 00000 274 2**2
内容、分配、加载、只读、数据
3.gnu.hash 0000003C0000000000 400298 0000000000 400298 00000298 2**3
内容、分配、加载、只读、数据
4.dynsym 000001B0000000000004002D8 000000000004002D8 000002d8 2**3
内容、分配、加载、只读、数据
5.dynstr 00000141 0000000000 400488 0000000000 400488 00000488 2**0
内容、分配、加载、只读、数据
6.gnu.version 000000 24 0000000000 4005CA 0000000000 4005CA 000005ca 2**1
内容、分配、加载、只读、数据
7.gnu.version_r 000000 20 0000000000 4005F00000000000 4005F0000005F0 2**3
内容、分配、加载、只读、数据
8.rela.dyn 000000 18 0000000000 400610 0000000000 400610 00000 2**3
内容、分配、加载、只读、数据
9.rela.plt 000000 D8 0000000000 400628 0000000000 400628 00000628 2**3
内容、分配、加载、只读、数据
10.初始0000001a 0000000000 4007000000000000 400700000002**2
内容、分配、加载、只读、代码
11.plt 000000 A0 0000000000 4007200000000000 400720000007202**4
内容、分配、加载、只读、代码
12.文本000002240000000000 4007C00000000000 4007C0000007C0 2**4
内容、分配、加载、只读、代码
13.fini 0000000 9 0000000000 4009E4 0000000000 4009E4 000009e4 2**2
内容、分配、加载、只读、代码
14.罗达达000000 BC 0000000000 400A00000000000 400A000000A00 2**5
内容、分配、加载、只读、数据
15.eh_框架\u hdr 000000 44 0000000000 400ABC 0000000000 400ABC 00000 ABC 2**2
内容、分配、加载、只读、数据
16.eh_框架00000 134 0000000000 400B00 0000000000 400B00 00000b00 2**3
内容、分配、加载、只读、数据
17.预初始化数组0000000 8 0000000000 600D98 0000000000 600D98 00000d98 00000d98 2**3
内容、分配、加载、数据
18.初始化数组000000 1000000000 600DA0 0000000000 600DA0 00000 2**3
内容、分配、加载、数据
19.fini_数组000000 1000000000 600DB0 0000000000 600DB0 00000db0 2**3
内容、分配、加载、数据
20.jcr 0000000 8 0000000000 600DC0 0000000000 600DC0 00000dc0 2**3
内容、分配、加载、数据
21.动态00000230 0000000000 600DC8 0000000000 600DC8 00000dc8 2**3
内容、分配、加载、数据
22.获得0000000 800000000 6000FF8 0000000000 6000FF8 00000ff8 2**3
内容、分配、加载、数据
23.got.plt 000000 60 0000000000 601000 0000000000 601000 000000 2**3
内容、分配、加载、数据
24.数据00000070 0000000000 601060 0000000000 601060 000010600 2**5
内容、分配、加载、数据
25.bss 00000008 0000000000 6010D00000000000 6010D0000010D0 2**2
阿洛克
26.意见000000 58 000000000000000000000000000000000000000000000010D0 2**0
内容,只读
27.调试参数000000 50 00000000000000000000000000000000001128 2**0
内容,只读,调试
28.调试信息0000104100000000000000000000000000000000001178 2**0
内容,只读,调试
29.调试abbrev 0000038e 000000000000000000000000000021B9 2**0
内容,只读,调试
30.调试行00000239 0000000000000000 0000000000000000 00002547 2**0
内容,只读,调试
31.调试字符串00000a9a 00000000000000000000000000000000002780 2**0
内容,只读,调试
$
答案张贴在
您需要使用
llvm符号器
或addr2line
GCC优于Clang的一个优点是,它附带了一个基于libbacktrace的良好内置符号。因此,只需去掉ASAN_符号路径
和ASAN_选项
,即可享受用户友好的输出:
$ g++ -g -fsanitize=address tmp.c && ./a.out
get ready
=================================================================
==30328==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000eff4 at pc 0x000000400985 bp 0x7fffeafad920 sp 0x7fffeafad918
WRITE of size 1 at 0x60200000eff4 thread T0
#0 0x400984 in main /home/iuriig/tmp.c:9
#1 0x7f1f99850f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#2 0x400848 (/home/iuriig/a.out+0x400848)
0x60200000eff4 is located 4 bytes inside of 5-byte region [0x60200000eff0,0x60200000eff5)
freed by thread T0 here:
#0 0x7f1f9a5548a0 in __interceptor_free /home/iuriig/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:45
#1 0x40093e in main /home/iuriig/tmp.c:7
#2 0x7f1f99850f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
(以上内容是在Ubuntu 16 w/GCC 6.2.0上复制的)。GCC可以在没有外部帮助的情况下打印行号,前提是您使用调试信息构建。2014年,当我问这个问题时,它没有。@vy32很可能是这样,libbacktrace是在那个时候添加的。 $ objdump -h x x: file format elf64-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .interp 0000001c 0000000000400238 0000000000400238 00000238 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .note.ABI-tag 00000020 0000000000400254 0000000000400254 00000254 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .note.gnu.build-id 00000024 0000000000400274 0000000000400274 00000274 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .gnu.hash 0000003c 0000000000400298 0000000000400298 00000298 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .dynsym 000001b0 00000000004002d8 00000000004002d8 000002d8 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 5 .dynstr 00000141 0000000000400488 0000000000400488 00000488 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .gnu.version 00000024 00000000004005ca 00000000004005ca 000005ca 2**1 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .gnu.version_r 00000020 00000000004005f0 00000000004005f0 000005f0 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 8 .rela.dyn 00000018 0000000000400610 0000000000400610 00000610 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 9 .rela.plt 000000d8 0000000000400628 0000000000400628 00000628 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 10 .init 0000001a 0000000000400700 0000000000400700 00000700 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 11 .plt 000000a0 0000000000400720 0000000000400720 00000720 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 12 .text 00000224 00000000004007c0 00000000004007c0 000007c0 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 13 .fini 00000009 00000000004009e4 00000000004009e4 000009e4 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 14 .rodata 000000bc 0000000000400a00 0000000000400a00 00000a00 2**5 CONTENTS, ALLOC, LOAD, READONLY, DATA 15 .eh_frame_hdr 00000044 0000000000400abc 0000000000400abc 00000abc 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 16 .eh_frame 00000134 0000000000400b00 0000000000400b00 00000b00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 17 .preinit_array 00000008 0000000000600d98 0000000000600d98 00000d98 2**3 CONTENTS, ALLOC, LOAD, DATA 18 .init_array 00000010 0000000000600da0 0000000000600da0 00000da0 2**3 CONTENTS, ALLOC, LOAD, DATA 19 .fini_array 00000010 0000000000600db0 0000000000600db0 00000db0 2**3 CONTENTS, ALLOC, LOAD, DATA 20 .jcr 00000008 0000000000600dc0 0000000000600dc0 00000dc0 2**3 CONTENTS, ALLOC, LOAD, DATA 21 .dynamic 00000230 0000000000600dc8 0000000000600dc8 00000dc8 2**3 CONTENTS, ALLOC, LOAD, DATA 22 .got 00000008 0000000000600ff8 0000000000600ff8 00000ff8 2**3 CONTENTS, ALLOC, LOAD, DATA 23 .got.plt 00000060 0000000000601000 0000000000601000 00001000 2**3 CONTENTS, ALLOC, LOAD, DATA 24 .data 00000070 0000000000601060 0000000000601060 00001060 2**5 CONTENTS, ALLOC, LOAD, DATA 25 .bss 00000008 00000000006010d0 00000000006010d0 000010d0 2**2 ALLOC 26 .comment 00000058 0000000000000000 0000000000000000 000010d0 2**0 CONTENTS, READONLY 27 .debug_aranges 00000050 0000000000000000 0000000000000000 00001128 2**0 CONTENTS, READONLY, DEBUGGING 28 .debug_info 00001041 0000000000000000 0000000000000000 00001178 2**0 CONTENTS, READONLY, DEBUGGING 29 .debug_abbrev 0000038e 0000000000000000 0000000000000000 000021b9 2**0 CONTENTS, READONLY, DEBUGGING 30 .debug_line 00000239 0000000000000000 0000000000000000 00002547 2**0 CONTENTS, READONLY, DEBUGGING 31 .debug_str 00000a9a 0000000000000000 0000000000000000 00002780 2**0 CONTENTS, READONLY, DEBUGGING $
$ g++ -g -fsanitize=address tmp.c && ./a.out
get ready
=================================================================
==30328==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000eff4 at pc 0x000000400985 bp 0x7fffeafad920 sp 0x7fffeafad918
WRITE of size 1 at 0x60200000eff4 thread T0
#0 0x400984 in main /home/iuriig/tmp.c:9
#1 0x7f1f99850f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#2 0x400848 (/home/iuriig/a.out+0x400848)
0x60200000eff4 is located 4 bytes inside of 5-byte region [0x60200000eff0,0x60200000eff5)
freed by thread T0 here:
#0 0x7f1f9a5548a0 in __interceptor_free /home/iuriig/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:45
#1 0x40093e in main /home/iuriig/tmp.c:7
#2 0x7f1f99850f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)