On Sat, Feb 05 2022, Greg Steuck <[email protected]> wrote: > Sweet, let's look at the two patches below. No sets yet. > > I tested on amd64 with the UBSan sample program and also with > games/battlestar. If somebody could repeat the steps I listed in the > previous email on a non-amd64 platform, that would be useful. > > Jeremie Courreges-Anglas <[email protected]> writes: > >> On Sat, Feb 05 2022, Jeremie Courreges-Anglas <[email protected]> wrote: >>> On Fri, Feb 04 2022, Greg Steuck <[email protected]> wrote: >>>> How do people feel about shipping the minimal UBSan runtime library[1] >>>> in the base system? It takes very little to build (Makefile + a few >>>> ifdefs that both jca@ and I hacked together). The library is tiny >> >> In case people wonder, the implementation is in >> gnu/llvm/compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp >> >> I suspect we should to ship a PIC/shared version of the library, along >> with /usr/lib/clang/13.0.0/lib/libclang_rt.ubsan_minimal.a but ENOTIME >> to look further right now. > > If you see enough value in that, by all means we can add this. I don't > know if clang has the necessary plumbing for easy choice between the .a > and .so here.
I didn't find such plumbing, even though ubsan_minimal/CMakeLists.txt mentions a shared version, maybe a red herring. Your Makefile proposal specifies -fPIC and that seems to work well in practice for static and static-no-pie code. >> Tentative proposal, maybe a bit premature >> >> Index: clang-local.1 >> =================================================================== >> RCS file: /home/cvs/src/share/man/man1/clang-local.1,v >> retrieving revision 1.22 >> diff -u -p -p -u -r1.22 clang-local.1 >> --- clang-local.1 7 Sep 2021 17:39:49 -0000 1.22 >> +++ clang-local.1 5 Feb 2022 17:11:48 -0000 >> @@ -93,6 +93,13 @@ option to treat signed integer overflows >> prevent dangerous optimizations which could remove security critical >> overflow >> checks. >> .It >> +Only ubsan_minimal support is shipped by the base system. >> +To make use of it, pass >> +.Nm clang >> +the following options: >> +.Fl fsanitize=undefined >> +.Fl fsanitize-minimal-runtime . I'm not 100% happy with this wording, I'll try to rework it. In the meantime... >> +.It >> The >> .Xr malloc 3 , >> .Xr calloc 3 , > > Excellent, I was looking for the right place to put this. > OK gnezdo@ once it works :) ... this seems to work pretty well here on amd64 and riscv64 (base-clang only archs) and sparc64 (base-gcc, but base-clang is available). I still think that this can and should be added to base. ok jca@ Minor spacing issue below, > From 46e3165e67b4e5b45e4a379abe4be2656fc8f81c Mon Sep 17 00:00:00 2001 > From: Greg Steuck <[email protected]> > Date: Sat, 5 Feb 2022 14:15:25 -0800 > Subject: [PATCH 1/2] Add ifdefs to build ubsan_minimal on OpenBSD > > --- > gnu/llvm/compiler-rt/lib/interception/interception.h | 4 ++-- > .../compiler-rt/lib/interception/interception_linux.h | 2 +- > .../compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp | 2 +- > .../compiler-rt/lib/sanitizer_common/sanitizer_linux.h | 2 +- > .../lib/sanitizer_common/sanitizer_platform.h | 9 ++++++++- > gnu/llvm/compiler-rt/lib/ubsan/ubsan_platform.h | 2 +- > 6 files changed, 14 insertions(+), 7 deletions(-) > > diff --git a/gnu/llvm/compiler-rt/lib/interception/interception.h > b/gnu/llvm/compiler-rt/lib/interception/interception.h > index d8dc092c45f..fb91a4cc32b 100644 > --- a/gnu/llvm/compiler-rt/lib/interception/interception.h > +++ b/gnu/llvm/compiler-rt/lib/interception/interception.h > @@ -18,7 +18,7 @@ > > #if !SANITIZER_LINUX && !SANITIZER_FREEBSD && !SANITIZER_MAC && \ > !SANITIZER_NETBSD && !SANITIZER_WINDOWS && !SANITIZER_FUCHSIA && \ > - !SANITIZER_SOLARIS > + !SANITIZER_OPENBSD && !SANITIZER_SOLARIS > # error "Interception doesn't work on this operating system." > #endif > > @@ -272,7 +272,7 @@ typedef unsigned long uptr; > #define INCLUDED_FROM_INTERCEPTION_LIB > > #if SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD || \ > - SANITIZER_SOLARIS > + SANITIZER_OPENBSD || SANITIZER_SOLARIS > > # include "interception_linux.h" > # define INTERCEPT_FUNCTION(func) INTERCEPT_FUNCTION_LINUX_OR_FREEBSD(func) > diff --git a/gnu/llvm/compiler-rt/lib/interception/interception_linux.h > b/gnu/llvm/compiler-rt/lib/interception/interception_linux.h > index a08f8cb98c4..b554b53d1dc 100644 > --- a/gnu/llvm/compiler-rt/lib/interception/interception_linux.h > +++ b/gnu/llvm/compiler-rt/lib/interception/interception_linux.h > @@ -12,7 +12,7 @@ > > //===----------------------------------------------------------------------===// > > #if SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD || \ > - SANITIZER_SOLARIS > + SANITIZER_OPENBSD || SANITIZER_SOLARIS > > #if !defined(INCLUDED_FROM_INTERCEPTION_LIB) > # error "interception_linux.h should be included from interception library > only" > diff --git a/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp > b/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp > index 9b7d87eb85e..369e5514e3f 100644 > --- a/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp > +++ b/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp > @@ -518,7 +518,7 @@ u64 NanoTime() { > // 'environ' array (on some others) and does not use libc. This function > // should be called first inside __asan_init. > const char *GetEnv(const char *name) { > -#if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_SOLARIS > +#if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_OPENBSD || > SANITIZER_SOLARIS > if (::environ != 0) { > uptr NameLen = internal_strlen(name); > for (char **Env = ::environ; *Env != 0; Env++) { > diff --git a/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.h > b/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.h > index 9a23fcfb3b9..8178d98f137 100644 > --- a/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.h > +++ b/gnu/llvm/compiler-rt/lib/sanitizer_common/sanitizer_linux.h > @@ -14,7 +14,7 @@ > > #include "sanitizer_platform.h" > #if SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD || > \ > - SANITIZER_SOLARIS > + SANITIZER_OPENBSD ||SANITIZER_SOLARIS ^^^ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
