Address Sanitizer

AddressSanitizer or ASan is a tool that detects memory corruption bugs and leaks at runtime. ASan is a modern faster alternative to Valgrind. It's based on compiler instrumentation.

Prerequisites

clang >= 3.9 is necessary. Although Clang supports ASan since version 3.1, fiber support was first introduced only in 3.9.

Debian and Ubuntu

Debian Stretch, Debian Sid Ubuntu Yakkety and Ubuntu Zesty already have clang-3.9 package in their main archives. To get the latest version of clang for older versions of Debian/Ubuntu distributions, please visit apt.llvm.org. It may be necessary to enable LLVM project's repository in apt settings.

Install required packages:

sudo apt-get install clang-3.9 llvm-3.9 llvm-3.9-dev

To get symbol names please create a symbolic link to llvm-symbolizer. Without it, ASan will still work, but won't print symbol names:

sudo ln -s llvm-symbolizer-3.9 /usr/bin/llvm-symbolizer

macOS

XCode 8.2.1 or newer is recommended. Run the following command to make sure that clang bundled with XCode is at least 3.9:

$ clang --version
clang version 3.9.1-svn281634-1~exp1 (branches/release_39)

Symbolication /mapping PC to function name/ works out of the box.

Usage

In order to enable ASAN during Tarantool build, pass the following options to cmake:

cd path/to/tarantool
make distclean
CC=clang-3.9 CXX=clang++-3.9 cmake . -DENABLE_ASAN=ON
make

That's it. Now in case ASan detects a memory corruption bug or leak when tarantool is running, it will spit a warning to stderr.

Numerous leaks occur during Tarantool initialization, and ASAN errors on them. Later we will explicitly mark these leaks as benign. Until suppressions are done, we suggest turning off leak checking with the following environment variable:

ASAN_OPTIONS=detect_leaks=0

Make sure llvm-symbolizer tool is present to get function names instead of raw addresses (see prerequisites).

Example Output

tarantool> =================================================================
==22124==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900001f280 at pc 0x000000ccf415 bp 0x7ffd83557df0 sp 0x7ffd83557de8
READ of size 8 at 0x61900001f280 thread T0
    #0 0xccf414 in rlist_first /home/roman/tarantool/1.7/src/lib/small/small/rlist.h:122:15
    #1 0xccf2f8 in mempool_destroy /home/roman/tarantool/1.7/src/lib/small/small/mempool.c:172:2
    #2 0x687678 in vy_cache_env_destroy /home/roman/tarantool/1.7/src/box/vy_cache.c:59:2
    #3 0x5feb8f in vy_env_delete /home/roman/tarantool/1.7/src/box/vinyl.c:6740:2
    #4 0x5d7748 in VinylEngine::~VinylEngine() /home/roman/tarantool/1.7/src/box/vinyl_engine.cc:76:3
    #5 0x5d77b8 in VinylEngine::~VinylEngine() /home/roman/tarantool/1.7/src/box/vinyl_engine.cc:74:1
    #6 0x5b831b in engine_shutdown() /home/roman/tarantool/1.7/src/box/engine.cc:256:3
    #7 0x6ef0a1 in box_free /home/roman/tarantool/1.7/src/box/box.cc:1277:3
    #8 0x51167a in tarantool_free() /home/roman/tarantool/1.7/src/main.cc:474:2
    #9 0x7f746463391f  (/lib/x86_64-linux-gnu/libc.so.6+0x3591f)
    #10 0x7f7464633979 in exit (/lib/x86_64-linux-gnu/libc.so.6+0x35979)
    #11 0x7f746461e2b7 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b7)
    #12 0x4256c9 in _start (/home/roman/tarantool/1.7/src/tarantool+0x4256c9)

0x61900001f280 is located 768 bytes inside of 960-byte region [0x61900001ef80,0x61900001f340)
freed by thread T0 here:
    #0 0x4d4e00 in __interceptor_cfree.localalias.1 (/home/roman/tarantool/1.7/src/tarantool+0x4d4e00)
    #1 0x5feb7c in vy_env_delete /home/roman/tarantool/1.7/src/box/vinyl.c:6739:2
    #2 0x5d7748 in VinylEngine::~VinylEngine() /home/roman/tarantool/1.7/src/box/vinyl_engine.cc:76:3
    #3 0x5d77b8 in VinylEngine::~VinylEngine() /home/roman/tarantool/1.7/src/box/vinyl_engine.cc:74:1
    #4 0x5b831b in engine_shutdown() /home/roman/tarantool/1.7/src/box/engine.cc:256:3
    #5 0x6ef0a1 in box_free /home/roman/tarantool/1.7/src/box/box.cc:1277:3
    #6 0x51167a in tarantool_free() /home/roman/tarantool/1.7/src/main.cc:474:2
    #7 0x7f746463391f  (/lib/x86_64-linux-gnu/libc.so.6+0x3591f)