The ASan Nightly Project involves building a Firefox Nightly browser with the popular AddressSanitizer tool and enhancing it with remote crash reporting capabilities for any errors detected.
The purpose of the project is to find subtle memory corruptions occurring during regular browsing that would either not crash at all or crash in a way that we cannot figure out what the exact problem is just from the crash dump. We have a lot of inactionable crash reports and AddressSanitizer traces are usually a lot more actionable on their own (especially use-after-free traces). Part of this project is to figure out if and how many actionable crash reports ASan can give us just by surfing around. The success of the project of course also depends on the number of participants.
You can download the latest build here. The builds are self-updating daily like regular nightly builds (like with regular builds, you can go to "Help" → "About Nightly" to force an update check or confirm that you run the latest version).
If you came here looking for regular ASan builds (e.g. for fuzzing or as a developer to reproduce a crash), you should probably go here instead.
Current requirements are:
- Linux-based Operating System
- 16 GB of RAM recommended
- Special ASan Nightly Firefox Build
If you are already using regular Nightly, it should be safe to share the profile with the regular Nightly instance. If you normally use a beta or release build (and you would like to be able to switch back to these), you should consider using a second profile.
If you run in an environment with any sorts of additional security restrictions (e.g. custom process sandboxing), please make sure that your /tmp directory is writable and the shipped
llvm-symbolizer binary is executable from within the Firefox process.
If you wish for your crash report to be identifiable, you can go to
about:config and set the
asanreporter.clientid to your valid email address. This isn't mandatory, you can of course report crash traces anonymously. If you decide to send reports with your email address and you have a Bugzilla account, consider using the same email as your Bugzilla account uses. We will then Cc you on any bugs filed from your crash reports.
What additional data is collected?
The project only collects ASan traces and (if you set it in the preferences) your email address. We don't collect any other browser data, in particular not the sites you were visiting or page contents. It is really just crash traces submitted to a remote location.
The ASan Nightly browser also still has all the data collection capabilities of a regular Nightly browser. The answer above only refers to what this project collects in addition to what the regular Nightly browser can collect.
What's the performance impact?
The ASan Nightly build only comes with a slight slowdown at startup and browsing, sometimes it is not even noticeable. The RAM consumption however is much higher than with a regular build. Be prepared to restart your browser sometimes, especially if you use a lot of tabs at once. Also, the updates are larger than the regular ones, so download times for updates will be higher, especially if you have a slower internet connection.
What about stability?
The browser is as stable as a regular Nightly build. Various people have been surfing around with it for their daily work for weeks now and we have barely received any crash reports.
How do I confirm that I'm running the correct build?
If you open
about:support and scroll down to the "Nightly Features" section, then you should see "ASan Crash Reporter" in that feature list. This is the component responsible for collecting the ASan traces and reporting it back to our server-side infrastructure.
Will there be support for Mac or Windows?
In order to get more resources to support Mac or Windows, we first require some preliminary results from the Linux builds that would justify extending to other OSes. If you work on Release Engineering and would like to help make e.g. Mac happen earlier, feel free to contact me.