Stay organized with collections
Save and categorize content based on your preferences.
The Android NDK supports Address Sanitizer (also known as ASan) beginning
with API level 27 (Android O MR 1).
ASan is a fast compiler-based tool for detecting memory bugs in native code.
ASan detects:
Stack and heap buffer overflow/underflow
Heap use after free
Stack use outside scope
Double free/wild free
ASan's CPU overhead is roughly 2x, code size overhead is between 50% and 2x,
and the memory overhead is large (dependent on your allocation patterns, but on
the order of 2x).
To build your app's native (JNI) code with Address Sanitizer, do the
following:
ndk-build
In your Application.mk:
APP_STL:=c++_shared# Or system, or none.APP_CFLAGS:=-fsanitize=address-fno-omit-frame-pointer
APP_LDFLAGS:=-fsanitize=address
For each module in your Android.mk:
LOCAL_ARM_MODE:=arm
CMake
In your module's build.gradle:
android {
defaultConfig {
externalNativeBuild {
cmake {
// Can also use system or none as ANDROID_STL.
arguments "-DANDROID_ARM_MODE=arm", "-DANDROID_STL=c++_shared"
}
}
}
}
Beginning with Android O MR1 (API level 27) an application can provide a
wrap shell script that can wrap or replace the application process. This allows
a debuggable application to customize their application startup, which enables
using ASan on production devices.
Add android:debuggable to the application manifest.
Address Sanitizer needs to unwind the stack on every malloc/realloc/free
call. There are two options here:
A "fast" frame pointer-based unwinder. This is what is used by following the
instructions in the building section.
A "slow" CFI unwinder. In this mode ASan uses _Unwind_Backtrace. It
requires only -funwind-tables, which is normally enabled by default.
The fast unwinder is the default for malloc/realloc/free. The slow unwinder is
the default for fatal stack traces. The slow unwinder can be enabled for all
stack traces by adding fast_unwind_on_malloc=0 to the ASAN_OPTIONS variable
in your wrap.sh.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2023-08-03 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2023-08-03 UTC."],[],[],null,["# Address Sanitizer\n\n| **Note:** This document covers running Android applications built with the NDK under [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer). For information about using [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) on Android platform components, see the [AOSP documentation](https://source.android.com/devices/tech/debug/asan.html).\n| **Deprecated:** As of 2023, ASan is unsupported. It is recommended to use [HWASan](/ndk/guides/hwasan) instead. HWASan can be used on ARM64 devices running Android 14 (API level 34) or newer; or on Pixel devices running Android 10 (API level 29) by flashing a [special system image](/ndk/guides/hwasan#setup). ASan may still be used but might have bugs.\n| **Important:** Asan is one of many tools available for memory debugging and mitigation. See [Memory error debugging and mitigation](/ndk/guides/memory-debug) for an overview of all the tools.\n\nThe Android NDK supports [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) (also known as ASan) beginning\nwith API level 27 (Android O MR 1).\n\nASan is a fast compiler-based tool for detecting memory bugs in native code.\nASan detects:\n\n- Stack and heap buffer overflow/underflow\n- Heap use after free\n- Stack use outside scope\n- Double free/wild free\n\nASan's CPU overhead is roughly 2x, code size overhead is between 50% and 2x,\nand the memory overhead is large (dependent on your allocation patterns, but on\nthe order of 2x).\n\nSample App\n----------\n\nA [sample app](https://github.com/android/ndk-samples/tree/main/sanitizers)\nshows how to configure a [build variant](/studio/build/build-variants) for asan.\n\nBuild\n-----\n\nTo build your app's native (JNI) code with [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer), do the\nfollowing: \n\n### ndk-build\n\nIn your Application.mk: \n\n APP_STL := c++_shared # Or system, or none.\n APP_CFLAGS := -fsanitize=address -fno-omit-frame-pointer\n APP_LDFLAGS := -fsanitize=address\n\nFor each module in your Android.mk: \n\n LOCAL_ARM_MODE := arm\n\n### CMake\n\nIn your module's build.gradle: \n\n android {\n defaultConfig {\n externalNativeBuild {\n cmake {\n // Can also use system or none as ANDROID_STL.\n arguments \"-DANDROID_ARM_MODE=arm\", \"-DANDROID_STL=c++_shared\"\n }\n }\n }\n }\n\nFor each target in your CMakeLists.txt: \n\n target_compile_options(${TARGET} PUBLIC -fsanitize=address -fno-omit-frame-pointer)\n set_target_properties(${TARGET} PROPERTIES LINK_FLAGS -fsanitize=address)\n\n| **Caution:** ASan is currently incompatible with C++ exception handling when using `libc++_static`. Apps using `libc++_shared` or not using exception handling are either unaffected or have workarounds available. See [Issue 988](https://github.com/android-ndk/ndk/issues/988) for more details.\n\nRun\n---\n\nBeginning with Android O MR1 (API level 27) an application can provide a\n[wrap shell script](/ndk/guides/wrap-script) that can wrap or replace the application process. This allows\na debuggable application to customize their application startup, which enables\nusing ASan on production devices.\n| **Note:** The following instructions describe how to use ASan with an Android Studio project. For a non-Android Studio project, refer to the [wrap shell script](/ndk/guides/wrap-script) documentation.\n\n1. Add `android:debuggable` to the application manifest.\n2. Set [`useLegacyPackaging`](/reference/tools/gradle-api/7.1/com/android/build/api/dsl/JniLibsPackagingOptions#uselegacypackaging) to `true` in your app's `build.gradle` file. See the [wrap shell script](/ndk/guides/wrap-script) guide for more information.\n3. Add the ASan runtime library to your app module's `jniLibs`.\n4. Add `wrap.sh` files with the following contents to each directory in your\n `src/main/resources/lib` directory.\n\n #!/system/bin/sh\n HERE=\"$(cd \"$(dirname \"$0\")\" && pwd)\"\n export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1\n ASAN_LIB=$(ls $HERE/libclang_rt.asan-*-android.so)\n if [ -f \"$HERE/libc++_shared.so\" ]; then\n # Workaround for https://github.com/android-ndk/ndk/issues/988.\n export LD_PRELOAD=\"$ASAN_LIB $HERE/libc++_shared.so\"\n else\n export LD_PRELOAD=\"$ASAN_LIB\"\n fi\n \"$@\"\n\n| **Note:** The NDK contains a recommended wrap.sh file for ASan [here](https://android.googlesource.com/platform/ndk/+/refs/heads/master/wrap.sh/asan.sh).\n\nAssuming your project's application module is named `app`, your final directory\nstructure should include the following: \n\n \u003cproject root\u003e\n └── app\n └── src\n └── main\n ├── jniLibs\n │ ├── arm64-v8a\n │ │ └── libclang_rt.asan-aarch64-android.so\n │ ├── armeabi-v7a\n │ │ └── libclang_rt.asan-arm-android.so\n │ ├── x86\n │ │ └── libclang_rt.asan-i686-android.so\n │ └── x86_64\n │ └── libclang_rt.asan-x86_64-android.so\n └── resources\n └── lib\n ├── arm64-v8a\n │ └── wrap.sh\n ├── armeabi-v7a\n │ └── wrap.sh\n ├── x86\n │ └── wrap.sh\n └── x86_64\n └── wrap.sh\n\nStack traces\n------------\n\n[Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) needs to unwind the stack on every `malloc`/`realloc`/`free`\ncall. There are two options here:\n\n1. A \"fast\" frame pointer-based unwinder. This is what is used by following the\n instructions in the [building section](#building).\n\n2. A \"slow\" CFI unwinder. In this mode ASan uses `_Unwind_Backtrace`. It\n requires only `-funwind-tables`, which is normally enabled by default.\n\n | **Caution:** the \"slow\" unwinder is **slow** (10x or more, depending on how often you call `malloc`/`free`).\n\nThe fast unwinder is the default for malloc/realloc/free. The slow unwinder is\nthe default for fatal stack traces. The slow unwinder can be enabled for all\nstack traces by adding `fast_unwind_on_malloc=0` to the `ASAN_OPTIONS` variable\nin your wrap.sh."]]
