Regular question, not an issue - regarding wrap.sh and using sanitizers

[nikoladsp]

For some time I am trying to solve a bug in our native C++ shared library using traces but it is not easily reproducable (multithreading/networking involved). We have Android (Java) code instantiating C++ over JNI. This C++ code then in turn calls Java networking in separate thread, scan network interfaces, do some logic and return results using JNI back to Android. I know this might sound odd, but its old architecture we can not change, at least not easily. On ARM64 platforms there is an occasional Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x493e000000002 in tid 21973 (myapp), pid 21973 (myap). Not always on the same address though, but often it is the same address.

I tried to use sanitizers to track down the root cause. After some experimenting (since it was new to me) and evaluating NDK sample I manage to run our unit test app for android with address sanitizers on. However, it reported a problem in our libjingle wrapper (in second line, GetEnv) and did not progress further (so it basically did not get to the real issue):

void* jni = NULL;
jint status = g_jvm->GetEnv(&jni, JNI_VERSION_1_6); // here!

With the following report:

01-09 21:13:15.469 26761 26761 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
01-09 21:13:15.470 26761 26761 F DEBUG   : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
01-09 21:13:15.470 26761 26761 F DEBUG   : Abort message: '=================================================================
01-09 21:13:15.470 26761 26761 F DEBUG   : ==26092==ERROR: AddressSanitizer: SEGV on unknown address 0x1680001f89a932a8 (pc 0x007a6fa365c8 bp 0x007ffaa76ed0 sp 0x007ffaa76e90 T0)
01-09 21:13:15.470 26761 26761 F DEBUG   : ==26092==The signal is caused by a READ memory access.

and stack trace where it fails:

Abort message: '=================================================================
#0 0x29bb25c8 /data/app/~~jBYt60JYrcx_vZkc_7_yBg==/com.test.demo.app-d3ECb5onsDtPo9mfifbLnA==/lib/arm64/libmynative.so
_JavaVM::GetEnv(void**, int)

Here are the most important compiler flags:--target=aarch64-none-linux-android26 --sysroot=/Users/nikola/Library/Android/sdk/ndk/android-ndk-r23/toolchains/llvm/prebuilt/darwin-x86_64/sysroot -DANDROID_LANGUAGE_WRAPPER -DANDROID_STL=c++_shared -DTARGET_OS_ANDROID -DANDROID -fdata-sections -ffunction-sections -funwind-tables -fstack-protector-strong -no-canonical-prefixes -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fexceptions -frtti -stdlib=libc++ -fsanitize-address-use-after-scope -fsanitize-recover=address -fno-optimize-sibling-calls -fsanitize=address,null -fno-omit-frame-pointer -g -fno-limit-debug-info -std=c++17 -fPIC -fvisibility=hidden -fvisibility-inlines-hidden.

We have an ant build that creates/compiles native code, creates a folder for *.so files in Android app sample and copy resulting files in it.

Now, my questions are as follows:

1. what is the difference between -fsanitize=address and -fsanitize=address,null
2. I did not use wrap.sh in our gradle/groovy android project, but I still see sanitizers work. Is this because I manually copied files like libc++_shared.so, libclang_rt.asan-aarch64-android.so, libmytests.so and libmynative.so? I think libmytests and libmynative are compiled with a bit different flags, but still having -g and -fsanitize=address (note - not -fsanitize=address,null but only -fsanitize=address)
3. I presumed LD_PRELOAD had to be set and I tried to make wrap.sh but it did not end up in apk resulting file. I am very unsure where in build.gradle file I shall reference it. Maybe I am not putting file to the right place - I put it in libs/arm64-v8a alongside before mentioned *.so files
4. How can I chek if wrap.sh is actually called on device/emulator