How to analyze application memory in android (12)
The previous article introduced ASan, this time we introduce the enhanced version of ASan, HWASan.
Use of HWASan
Starting with NDK r21 and Android 10, Android supports HWAsan. HWAsan only supports arm64 architecture devices.
System level preparation
HWASan requires system support, so the system image needs to be recompiled. It can be an android emulator or a real phone.
For this experiment, a real Pixel 3 phone was chosen as a demonstration. The android-12.0.0_r34 branch is also used.
Step 1: Initialize the repo
mkdir ~/bin
PATH=~/bin:$PATH
curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
chmod a+x ~/bin/repo
Step 2: Synchronize the code, as follows:
repo init -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest -b android-12.0.0_r34
repo sync -j32
Tsinghua mirror station is used here. You can refer to: https://mirrors.tuna.tsinghua.edu.cn/help/AOSP/
Step 3: Download device-related drivers, download address: https://developers.google.cn/android/drivers?hl=zh-cn
## 在aosp的根目录下创建一个vendor目录
mkdir vendor
## 解压下载的文件
cd vendor
tar -xzvf ../google_devices-blueline-sp1a.210812.016.c2-47172864.tgz
## 运行解压之后的脚本
./extract-google_devices-blueline.sh
Step 4: Start compilation and turn on the compilation switch of HWASan
## 初始化环境
. build//envsetup.sh
## 选择编译的目标
lunch aosp_blueline-userdebug
## 打开HWASan开关
export SANITIZE_TARGET=hwaddress
## 开始编译
m -j32
Note: This is just for demonstration. If you are developing, you can refer to the following link for file configuration: https://cs.android.com/android/platform/superproject/+/master:device/google/coral/ aosp_coral_hwasan.mk?hl=zh-cn
Step 5: Download the compiled image to your phone
## 进入bootloader模式.或者长按电源键和音量下键进入bootloader模式
adb reboot bootloader
## 使用fastboot 刷入
fastboot flashall -w
After everything is ok, restart the phone and check whether the phone is flashed normally. as follows
Note: If an error occurs: "No valid slot to boot". Please perform the third step
System-level preparation (non-self-compilation)
In addition to compiling the aosp image yourself, you can also use the already compiled image. Visit the following URL https://flash.android.com/
and then allow "allow adb access".
Then select aosp_blueline_hwasan-userdebug. Screenshot below
EnableHWASan
Just like ASan, you just need to change the compilation options. as follows
APP_STL := c++_shared # Or system, or none, but not c++_static.
APP_CFLAGS := -fsanitize=hwaddress -fno-omit-frame-pointer
APP_LDFLAGS := -fsanitize=hwaddress
Or do the following configuration in cmake
target_compile_options(test_malloc PUBLIC -fsanitize=hwaddress -g -O0 -fno-omit-frame-pointer)
set_target_properties(test_malloc PROPERTIES LINK_FLAGS -fsanitize=hwaddress )
Their configuration is almost identical to that of ASan.
Just pay attention to the name after -fsanitize.
However, it should be noted that when using Cmakefile.txt, you need to make the following configuration in the build.gradle file
android {
defaultConfig {
externalNativeBuild {
cmake {
# Can also use system or none as ANDROID_STL, but not c++_static.
arguments "-DANDROID_STL=c++_shared"
}
}
}
}
Why configure -DANDROID_STL=c++_shared
Set Android's STL to c++_shared. If not set, Android will use the default STL, which usually does not have a stack frame pointer when compiled.
Note: Just like ASan configuration, HWASan also needs to put the corresponding runtime library into the project. It is the same location as the ASan runtime library.
test
In the test code, add the following error usage:
//分配一个int大小的空间
volatile int * pInt = (volatile int *)malloc(sizeof(int));
//访问的时候,超出这个int大小的空间
*(pInt+6) = 12345;
You will see the following test results
analyze
From the above log output, parse the following stack frame
#0 0x7909126710 (/data/app/~~KRSuefEcZY9JtCH0m729KA==/com.example.test_malloc-NzWK4ADc7lagct58AY6Qnw==/lib/arm64/libtest_malloc.so+0x4710)
The parsing process is as follows.
You can see that the problem occurs in line 219 and column 15 of native-lib.cpp.
HWASan ignores errors and continues running
Add -fsanitize-recover=hwaddress to the compilation options and halt_on_error=0 to the runtime options
as follows:
HWASanView all supported options
In the runtime options, add help=1 as follows:
export HWASAN_OPTIONS=allow_user_segv_handler=1,halt_on_error=0,help=1
The remaining options are similar to ASan and will not be introduced too much. You can refer to the previous article: How to analyze application memory in android (11) - ASan
Like the previous article, when doing memory leak detection, it failed, so it is not listed. It may be added later.
It is true that this article and the previous article have left the scope of memory analysis and turned to the scope of pointer error use. However, considering the completeness of the entire knowledge framework, it is still listed. If any readers can find better information in the future, thank you for sharing~
At this point, the introduction of HWASan is completed. Originally, this part should be written more. The extra content should be on the compilation of aosp, but considering that this is an article introducing memory, I will not introduce the compilation of aosp in too much, but only describe the compilation process that needs to be used.
The following is the last part of native, the use of perfetto