How to make AddressSanitizer not check third party libraries











up vote
1
down vote

favorite












I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)
SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609










share|improve this question
























  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.
    – John Murray
    Nov 20 at 13:03












  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check
    – mascot
    Nov 22 at 9:17

















up vote
1
down vote

favorite












I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)
SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609










share|improve this question
























  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.
    – John Murray
    Nov 20 at 13:03












  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check
    – mascot
    Nov 22 at 9:17















up vote
1
down vote

favorite









up vote
1
down vote

favorite











I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)
SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609










share|improve this question















I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).



How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??



PS : Currently, I am using Address Sanitizer like below :



ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)
SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")


And I am using gcc with version :



gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609







c++ gcc cmake address-sanitizer






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 at 15:09









yugr

6,85221340




6,85221340










asked Nov 20 at 12:40









mascot

113




113












  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.
    – John Murray
    Nov 20 at 13:03












  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check
    – mascot
    Nov 22 at 9:17




















  • Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.
    – John Murray
    Nov 20 at 13:03












  • There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check
    – mascot
    Nov 22 at 9:17


















Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.
– John Murray
Nov 20 at 13:03






Not sure why you are using -fsanitize=address. It might be helpful to include more reasoning. The gcc documentation states Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs.. So, this is mainly a debugging option. Is your third-party library violating access rules? Can you just turn the flag off when you are not doing unit test on your own code? The questions may seem naive, but that is because we do not have a good explanation for what you are trying to accomplish.
– John Murray
Nov 20 at 13:03














There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check
– mascot
Nov 22 at 9:17






There are still a lot of memory bugs which gcc can't detect. AddressSanitizer is a tool specifically made for that purpose. So, I am trying to test my project for any kind of memory issues. Since my code uses a lot of third party code as well, the source files of which are directly accessed, I am getting a lot of bugs in those as well. So, I am looking for a way by which I can mention what part of code Address Sanitizer should not check
– mascot
Nov 22 at 9:17














1 Answer
1






active

oldest

votes

















up vote
2
down vote













AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer























  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
    – yugr
    Nov 20 at 15:07










  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
    – yugr
    Nov 20 at 15:08










  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
    – w-m
    Nov 20 at 15:47










  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
    – mascot
    Nov 22 at 9:22











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393213%2fhow-to-make-addresssanitizer-not-check-third-party-libraries%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote













AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer























  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
    – yugr
    Nov 20 at 15:07










  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
    – yugr
    Nov 20 at 15:08










  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
    – w-m
    Nov 20 at 15:47










  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
    – mascot
    Nov 22 at 9:22















up vote
2
down vote













AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer























  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
    – yugr
    Nov 20 at 15:07










  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
    – yugr
    Nov 20 at 15:08










  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
    – w-m
    Nov 20 at 15:47










  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
    – mascot
    Nov 22 at 9:22













up vote
2
down vote










up vote
2
down vote









AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.






share|improve this answer














AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.



Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.



As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.



In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 20 at 15:45

























answered Nov 20 at 13:10









w-m

6,0092233




6,0092233












  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
    – yugr
    Nov 20 at 15:07










  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
    – yugr
    Nov 20 at 15:08










  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
    – w-m
    Nov 20 at 15:47










  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
    – mascot
    Nov 22 at 9:22


















  • "most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
    – yugr
    Nov 20 at 15:07










  • "just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
    – yugr
    Nov 20 at 15:08










  • Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
    – w-m
    Nov 20 at 15:47










  • @w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
    – mascot
    Nov 22 at 9:22
















"most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
– yugr
Nov 20 at 15:07




"most third party libraries your code links to will be unaffected and not checked by AddressSanitizer" - if 3rd party calls standard function (memset, etc.) it'll still be checked.
– yugr
Nov 20 at 15:07












"just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
– yugr
Nov 20 at 15:08




"just add it to your local sanitize-blacklist file" - unfortunately OP uses gcc which does not support blacklists.
– yugr
Nov 20 at 15:08












Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
– w-m
Nov 20 at 15:47




Thanks for the corrections @yugr, I incorporated them into the answer. Feel free to edit the answer directly if you think it needs further improvement.
– w-m
Nov 20 at 15:47












@w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
– mascot
Nov 22 at 9:22




@w-m Thanks for your answer. I can see the problem. I am getting bugs in all those third party codes whose source files are directly accessed by my code. sanitize-blacklist seems like the option I am looking for. I will try this one.
– mascot
Nov 22 at 9:22


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393213%2fhow-to-make-addresssanitizer-not-check-third-party-libraries%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

TypeError: fit_transform() missing 1 required positional argument: 'X'