Some of our projects use gcc’s address sanitiser option.
When run using the build wrapper our integration tests fail due to the emission of spurious output:
==2982443==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
I can see that this is caused by the build wrapper injecting libinterceptor before asan so that it is no longer the first library loaded.
I’m not sure how to deal with this.
>../../../../target/sonar/build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir foo ldd ../../../../target/debug/test-install/opt/refcollect/bin/dateexpr --BAD
../../../../target/debug/test-install/opt/refcollect/bin/dateexpr:
linux-vdso.so.1 (0x00007ffc8a437000)
/home/brucea/work/git/refcollect/target/sonar/build-wrapper-linux-x86/libinterceptor-${PLATFORM}.so => /home/brucea/work/git/refcollect/target/sonar/build-wrapper-linux-x86/libinterceptor-haswell.so (0x00007fa089ab6000)
libasan.so.5 => /usr/lib64/libasan.so.5 (0x00007fa0888c4000)
>gcc --version
gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-10)
Copyright (C) 2018 Free Software Foundation, Inc.
>lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: RedHatEnterprise
Description: Red Hat Enterprise Linux release 8.6 (Ootpa)
Release: 8.6
Codename: Ootpa
build-wrapper, version 6.37 (linux-x86)
Copyright (C) 2014-2022 SonarSource SA, info@sonarsource.com
The sanitiser is easily enabled if using cmake via:
add_compile_options("-fsanitize=null,return,leak,address,undefined")
link_libraries("-fsanitize=null,return,leak,address,undefined")
There are two possible workarounds:
-
disable these options when building for sonar but ideally I would like to have a single build capable of using both analyses.
-
export ASAN_OPTIONS=verify_asan_link_order=0
“but you have to be sure that libraries from /etc/ld.so.preload do not intercept symbols important for Asan e.g. malloc, free, etc., otherwise things will start breaking” - (ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD. · Issue #796 · google/sanitizers · GitHub)
Could you ask your engineering team to confirm the best approach and maybe add an entry to FAQ for the build wrapper.
I am going with option 2 for now.