Note: ASAN-- based on LLVM-12 is preliminary and not mature. If you want to run ASan-- as a baseline, please use the LLVM-4-based version.
AddressSanitizer (ASan) is a powerful memory error detector. It can detect various errors ranging from spatial issues like out-of-bound accesses to temporal issues like use-after-free. However, ASan has the major drawback of high runtime overhead. In order to reduce the overhead, we propose ASan--, a tool assembling a group of optimizations to reduce (or “debloat”) sanitizer checks and improve ASan’s efficiency without harming the capability, scalability, or usability.
You can find the source code to implement each of our optimizations below:
Removing Unsatisfiable Checks
Removing Recurring Checks [src]
Optimizing Neighbor Checks [src]
Optimizing Checks in Loops [src]
ASan-- is supported by different Ubuntu versions. For reproductive experiments, we recommend you to build ASan-- on Ubuntu 18.04 LTS 64bit (a virtual machine is fine). To support the benchmarks testing Chromium, we suggest you to install the desktop version of Ubuntu.
Before you can compile ASAN--, you will need to install the following dependencies:
$ sudo apt-get install cmake
$ sudo apt-get install git
$ sudo apt-get install wget
$ sudo apt-get install tar
$ git clone && cd ASAN--
$ cd llvm-4.0.0-project
$ mkdir ASan--Build && cd ASan--Build
$ cmake -DLLVM_ENABLE_PROJECTS="clang;compiler-rt" -G "Unix Makefiles" ../llvm
$ make -j
In case you want to run the original LLVM-4.0.0 for comparison, please run:
$ cd vanilla_llvm
$ mkdir ASan_Build && cd ASan_Build
$ cmake -DLLVM_ENABLE_PROJECTS="clang;compiler-rt" -G "Unix Makefiles" ../llvm
$ make -j
For evaluation part, we used SPEC CPU2006 Benchmark and Chromium Project to evaluate the runtime performance, then utilized Juliet Test Suite and Linux Flaw Project to evaluate the bug detection capability.
For more details, please refer to Section 5 "Implementation and Evaluation" in our paper.
- Please see SPEC CPU2006
- Please see Chromium Project
- Please see Juliet Test Suite
- Please see Linux Flaw Project
For fuzzing part, we implemented two versions. ASan-- integrating FuZZan version and only ASan-- version. Please run patches below separately before starting each fuzzing process:
$ patch -p1 < patch_ASan--FuZZan
$ cd llvm-4.0.0-project
$ mkdir ASan--Build && cd ASan--Build
$ cmake -DLLVM_ENABLE_PROJECTS="clang;compiler-rt" -G "Unix Makefiles" ../llvm
$ make -j
$ patch -p1 < patch_ASan--
$ cd llvm-4.0.0-project
$ mkdir ASan--Build && cd ASan--Build
$ cmake -DLLVM_ENABLE_PROJECTS="clang;compiler-rt" -G "Unix Makefiles" ../llvm
$ make -j
Please see Fuzzing for detailed fuzzing instructions.
We also include the comparison between ASan-- and SanRazor on SPEC CPU2006 in our evaluation.
Please see SanRazor for detailed building instructions.
Ubuntu 18.04 Docker:
$ docker build -f Dockerfile_1804 -t asanopt:latest --shm-size=100g .
$ docker run -it asanopt:latest
asanopt latest 8d74111c5249 About an hour ago 55.4GB
Ubuntu 16.04 Docker(For building Chromium):
$ docker build -f Dockerfile_1604 -t optasan-1604:latest --shm-size=100g .
$ docker run -it optasan-1604:latest
optasan-1604 latest de02e86743ea About an hour ago 55.4GB
Location of ASan--:
Location of Self-Built LLVM/Clang:
Location of Pre-Built LLVM/Clang:
We also provided the testcases inside Docker.
- Location of SPEC CPU2006
To reproduce, please follow the instructions here
- Location of Chromium Project
To reproduce, please follow the instructions here
- Location of Juliet Test Suite:
To reproduce, please follow the instructions here
- Location of Linux Flaw Project:
To reproduce, please follow the instructions here
Please note the docker image is publicly available, and it contains prebuilt ASAN-- and testcases. To build it from scratch, you can use Dockerfile_ASAN-- with commands below:
$ docker build -f Dockerfile_ASAN-- -t asanopt:latest --shm-size=100g .
$ docker run -it asanopt:latest