AddressSanitizer (ASAN) is a tool for finding memory problems and has been used to find thousands of memory errors in Chromium over the last two years. These kinds of errors will typically lead to heap or data corruption and subsequent crashes in random, unrelated code, which make them quite challenging to find and fix without tools like ASAN. However, ASAN is built using LLVM/Clang and is limited to Mac and Linux builds of Chromium. To address the lack of coverage for Windows-only code, we built SyzyASAN.

SyzyASAN is built on top of the Syzygy toolchain and is an instrumentation-based clone of ASAN for detecting heap errors. It consists of three parts:

• An instrumenter that injects instrumentation into binaries produced by the Microsoft Visual Studio toolchain.
• A run-time library that replaces malloc, free, et al.
• An RPC-based logging server that receives information about detected errors. This lets us get information safely out of sandboxed processes, like Chromium’s renderer.

SyzyASAN operates nearly identically to ASAN, finding errors in the same manner and producing similar reports. SyzyASAN finds some of the hardest-to-locate memory bugs like use-after-free, buffer overruns, and underruns. Focusing on very common memory errors allows SyzyASAN to be relatively efficient.

Although Chrome with SyzyASAN is very usable, the penalties in speed – 4.7x on CPU intensive operations – and memory – a 25% increase plus a fixed 256MB increase in each process – are noticeable so we’ll confine these releases to our Canary channel for now. We’ve been releasing SyzyASAN-instrumented builds to the Windows Canary channel one day each week recently. One day with a little slowdown on the Canary channel gives us plenty of great data. In the last three weeks, we’ve found 150 new bugs in Chromium, several of which could lead to security vulnerabilities.

We’ve put together some instructions for instrumenting your local build and debugging issues. Try it out and help us squash more memory bugs. The Syzygy source code and binaries can be downloaded from our code site, and instructions for how to use it are on our wiki. If you have any questions, suggestions or contributions, feel free to contact [email protected]. If you’re using Syzygy or SyzyASAN with your project we’d love to hear about it!

Posted by Chris Hamilton, Sanitation Engineer

Read original post...

I’m trying to understand Google+ Hangouts. It’s supposed to replace products and features like Google Talk, Google Chat, Google+ Messenger and to become Google’s unified messaging service.

Let’s start with the name. It includes “Google+”, so it looks like a Google+ feature. The product actually borrows the name of Google+’s group video chat feature.

How can you use this product? There are 5 ways: inside Google+ (replaces the Google Chat box), inside Gmail (optionally replaces the Gmail Chat box), using a Chrome extension (has already replaced the Google Chat extension and it requires Google+), an Android app (gradually replacing the built-in Google Talk app) and an iOS app (entirely new, requires Google+).

As you can see, 3 of the 5 ways to use it require Google+. You can refuse to upgrade to Hangouts in Gmail, but the Gmail Chat feature will eventually be discontinued. Probably most Android users will upgrade from Google Talk to Google+ Hangouts. The only other Google Chat clients are the Google Talk app for Windows and the chat boxes from iGoogle and orkut.

Google+ Hangouts doesn’t require Google+, but most Google+ Hangouts clients require Google+. Actually there are 2 features that are somehow tied to Google+: sharing photos (they’re uploaded to Google+ photos) and group chat. Here’s what happens when you try to use them in Gmail, without joining Google+:

Google+ Hangouts has little in common with Google Chat/Talk, it’s actually an upgraded Google+ Messenger. Hangouts focuses on conversations, not people, that’s why you won’t see a long list of buddies. Ideally, Hangouts lets you communicate with anyone you’ve added to a Google+ circle or anyone else, if you know his email address or phone number. When you open mobile clients for the first time, Google asks you to verify your phone number and that’s optional.

Many people complain that Hangouts doesn’t show if someone is online. Google’s new service does away with busy/away/invisible/offline and has a different way to show if some is “connected”: a green bar under the photo if someone can reply immediately. It only shows up if someone actually uses the application.

Hangout’s tagline is “conversations come to life”. Maybe because there are hundreds of emojis you can add to your messages, maybe because there’s video chat, maybe because of the presence signals. “Hangouts inserts tiny little square avatars into the chat history, called ‘watermarks.’ These watermarks show when somebody else is typing, but they also indicate how far others have read in the conversation,” reports The Verge.

Google+ Hangouts lacks many features from Google Chat: voice chat, phone calls, sending SMS, formatting tricks. You can now use keyboard shortcuts, but only for the desktop clients. Hangouts has its own Easter Eggs and they’re really funny. Unfortunately, Hangouts drops support for server-to-server XMPP, it can’t interact with other XMPP apps/services. It still works with Gmail Chat and Google Talk, though.

So what’s Google+ Hangouts, after all? “The single communication app that we want our users to rely on,” says Nikhyl Singhal, from Google. “We don’t see Hangouts as a messaging product, we see it as a communication product,” says product manager Kate Cushing.

Hangouts lets you decide for each Google+ circle if you want to be added to a hangout by its members or if you want them to send a request. Notifications are supposed to be synchronized for all your devices, so you only see them once, but I got multiple notifications.

Google+ is about real-life sharing, so Hangouts is built on top of the original Hangouts and Messenger features. The initial name of Google+ Messenger was Huddle, which means “draw together for an informal, private conversation”.

The Talk era was about openness, the Chat era was about ubiquity, the Hangouts era is about Google+, the new Google that’s all about social and mobile. From OpenSocial to ClosedSocial, from OpenMessaging to ClosedMessaging, from idealism to realism.

Read original post...