build: Build with sanitizers #368

javierhonduco · 2022-04-21T14:27:05Z

As we use some C library wrappers and Golang can't prove the lifetime of objects at compile-time, it's possible that parca-agent is not memory safe.

It's very important that we have as many safeguards as possible as we run in privileged mode which we need to interact with the BPF subsystem.

Let's add memory sanitisers to parca-agent!

We can first start with dev builds with ASAN (will take a look at this)
Adding it in CI (for example integration tests) next

cc @Sylfrena

The text was updated successfully, but these errors were encountered:

javierhonduco · 2022-04-21T14:29:11Z

Trying now with

diff --git a/Makefile b/Makefile
index e00bbc8..e2cf2d5 100644
--- a/Makefile
+++ b/Makefile
@@ -77,7 +77,7 @@ go_env := GOOS=linux GOARCH=$(ARCH:x86_64=amd64) CC=$(CMD_CLANG) CGO_CFLAGS="-I
 ifndef DOCKER
 $(OUT_BIN): $(LIBBPF_HEADERS) $(LIBBPF_OBJ) $(filter-out *_test.go,$(GO_SRC)) $(BPF_BUNDLE) go/deps | $(OUT_DIR)
        find dist -exec touch -t 202101010000.00 {} +
-       $(go_env) go build -trimpath -v -o $(OUT_BIN) ./cmd/parca-agent
+       $(go_env) go build -asan -trimpath -v -o $(OUT_BIN) ./cmd/parca-agent
 else
 $(OUT_BIN): $(DOCKER_BUILDER) | $(OUT_DIR)
        $(call docker_builder_make,$@ VERSION=$(VERSION))
@@ -86,7 +86,7 @@ endif
 ifndef DOCKER
 $(OUT_BIN_DEBUG_INFO): go/deps
        find dist -exec touch -t 202101010000.00 {} +
-       go build -trimpath -v -o $(OUT_BIN_DEBUG_INFO) ./cmd/debug-info
+       go build -asan -trimpath -v -o $(OUT_BIN_DEBUG_INFO) ./cmd/debug-info
 else
 $(OUT_BIN_DEBUG_INFO): $(DOCKER_BUILDER) go/deps | $(OUT_DIR)
        $(call docker_builder_make,$@ VERSION=$(VERSION))

Reports:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==152265==ERROR: AddressSanitizer: BUS on unknown address (pc 0x000200800001 bp 0xffff88f9e530 sp 0xffff88f9e530 T2)
==152265==The signal is caused by a READ memory access.
==152265==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x200800001  (<unknown module>)
    #1 0x1f5ffac in _cgo_bf053d5b1c7b_Cfunc_bpf_link__destroy (/home/vagrant/work/parca-agent/dist/parca-agent+0x1f5ffac)
    #2 0x561678 in runtime.asmcgocall.abi0 runtime/asm_arm64.s:1060

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: BUS (<unknown module>)

This is likely the error we saw in #367. I should have started with enabling sanitisers 😁

javierhonduco mentioned this issue Apr 25, 2022

Makefile: add asan build flag #370

Merged

kakkoyun added enhancement New feature or request area/build-pipeline Something to do with CI and build pipeline labels Jun 8, 2022

javierhonduco mentioned this issue Jun 8, 2022

Add race detector #445

Closed

2 tasks

v-thakkar mentioned this issue Jun 15, 2022

ci: Improve/Add CI/CD checks #463

Open

3 tasks

kakkoyun added the area/quailty-assurance Quality matters label Jul 7, 2022

kakkoyun changed the title ~~Build with sanitizers~~ chore: Build with sanitizers Jul 7, 2022

kakkoyun changed the title ~~chore: Build with sanitizers~~ build: Build with sanitizers Aug 4, 2022

javierhonduco mentioned this issue Oct 19, 2022

releasing: Create a release with ASAN enabled #928

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: Build with sanitizers #368

build: Build with sanitizers #368

javierhonduco commented Apr 21, 2022 •

edited

Loading

javierhonduco commented Apr 21, 2022

build: Build with sanitizers #368

build: Build with sanitizers #368

Comments

javierhonduco commented Apr 21, 2022 • edited Loading

javierhonduco commented Apr 21, 2022

javierhonduco commented Apr 21, 2022 •

edited

Loading