This is an archive of the discontinued LLVM Phabricator instance.

[safestack] Turn the OS X SafeStack runtime into a dynamic library
AcceptedPublic

Authored by kubamracek on Dec 3 2015, 7:49 AM.

Download Raw Diff

Details

Reviewers

kcc
glider
samsonov
eugenis
pcc

Summary

On OS X, the are two huge drawbacks to having a static library (.a) as a runtime:

Interceptors don't work -- and SafeStack relies on intercepting pthread_create.
Having multiple instrumented modules (frameworks, dylibs, bundles) in a single process is problematic and requires special care when building each module.

Let's make the runtime a dynamic library, just like the other sanitizers (ASan, TSan).

Diff Detail

Event Timeline

kubamracek updated this revision to Diff 41756.Dec 3 2015, 7:49 AM

kubamracek retitled this revision from to [safestack] Turn the OS X SafeStack runtime into a dynamic library.

kubamracek updated this object.

kubamracek added reviewers: eugenis, pcc, kcc, samsonov.

kubamracek added subscribers: llvm-commits, zaks.anna.

kubamracek added a reviewer: glider.Dec 3 2015, 8:27 AM

samsonov added inline comments.Dec 3 2015, 10:48 AM

tools/clang/lib/Driver/Tools.cpp
6963	How do you address this now?

kubamracek added inline comments.Dec 3 2015, 10:52 AM

tools/clang/lib/Driver/Tools.cpp
6963	We link against the SafeStack dylib (we depend on it), so its constructors will be run before any constructors of the instrumented module. This is only an issue with a static library, where the __safestack_init constructor is in the same module as instrumented code.

I'm in favor of this change, but will let Peter or Evgeniy sign this off.

I'm fine with this.

This revision is now accepted and ready to land.Dec 3 2015, 10:56 AM

jevinskie added a subscriber: jevinskie.Dec 3 2015, 12:09 PM

Looks like patch was not committed.

Revision Contents

Path

Size

projects/

compiler-rt/

lib/

safestack/

CMakeLists.txt

4 lines

tools/

clang/

lib/

Driver/

ToolChains.cpp

2 lines

Tools.cpp

9 lines

Diff 41756

projects/compiler-rt/lib/safestack/CMakeLists.txt

	add_custom_target(safestack)			add_custom_target(safestack)

	set(SAFESTACK_SOURCES safestack.cc)			set(SAFESTACK_SOURCES safestack.cc)

	include_directories(..)			include_directories(..)

	set(SAFESTACK_CFLAGS ${SANITIZER_COMMON_CFLAGS})			set(SAFESTACK_CFLAGS ${SANITIZER_COMMON_CFLAGS})

	if(APPLE)			if(APPLE)
	# Build universal binary on APPLE.			# Build universal binary on APPLE.
	add_compiler_rt_runtime(clang_rt.safestack			add_compiler_rt_runtime(clang_rt.safestack
	STATIC			SHARED
	OS osx			OS osx
	ARCHS ${SAFESTACK_SUPPORTED_ARCH}			ARCHS ${SAFESTACK_SUPPORTED_ARCH}
	SOURCES ${SAFESTACK_SOURCES}			SOURCES ${SAFESTACK_SOURCES}
	$<TARGET_OBJECTS:RTInterception.osx>			$<TARGET_OBJECTS:RTInterception.osx>
	$<TARGET_OBJECTS:RTSanitizerCommon.osx>			$<TARGET_OBJECTS:RTSanitizerCommon.osx>
	$<TARGET_OBJECTS:RTSanitizerCommonNoLibc.osx>			$<TARGET_OBJECTS:RTSanitizerCommonLibc.osx>
	CFLAGS ${SAFESTACK_CFLAGS}			CFLAGS ${SAFESTACK_CFLAGS}
	PARENT_TARGET safestack)			PARENT_TARGET safestack)
	else()			else()
	# Otherwise, build separate libraries for each target.			# Otherwise, build separate libraries for each target.
	foreach(arch ${SAFESTACK_SUPPORTED_ARCH})			foreach(arch ${SAFESTACK_SUPPORTED_ARCH})
	add_compiler_rt_runtime(clang_rt.safestack			add_compiler_rt_runtime(clang_rt.safestack
	STATIC			STATIC
	ARCHS ${arch}			ARCHS ${arch}
	SOURCES ${SAFESTACK_SOURCES}			SOURCES ${SAFESTACK_SOURCES}
	$<TARGET_OBJECTS:RTInterception.${arch}>			$<TARGET_OBJECTS:RTInterception.${arch}>
	$<TARGET_OBJECTS:RTSanitizerCommon.${arch}>			$<TARGET_OBJECTS:RTSanitizerCommon.${arch}>
	$<TARGET_OBJECTS:RTSanitizerCommonNoLibc.${arch}>			$<TARGET_OBJECTS:RTSanitizerCommonNoLibc.${arch}>
	CFLAGS ${SAFESTACK_CFLAGS}			CFLAGS ${SAFESTACK_CFLAGS}
	PARENT_TARGET safestack)			PARENT_TARGET safestack)
	endforeach()			endforeach()
	endif()			endif()

tools/clang/lib/Driver/ToolChains.cpp

Show First 20 Lines • Show All 407 Lines • ▼ Show 20 Lines	void DarwinClang::AddLinkRuntimeLibArgs(const ArgList &Args,

const SanitizerArgs &Sanitize = getSanitizerArgs();		const SanitizerArgs &Sanitize = getSanitizerArgs();
if (Sanitize.needsAsanRt())		if (Sanitize.needsAsanRt())
AddLinkSanitizerLibArgs(Args, CmdArgs, "asan");		AddLinkSanitizerLibArgs(Args, CmdArgs, "asan");
if (Sanitize.needsUbsanRt())		if (Sanitize.needsUbsanRt())
AddLinkSanitizerLibArgs(Args, CmdArgs, "ubsan");		AddLinkSanitizerLibArgs(Args, CmdArgs, "ubsan");
if (Sanitize.needsTsanRt())		if (Sanitize.needsTsanRt())
AddLinkSanitizerLibArgs(Args, CmdArgs, "tsan");		AddLinkSanitizerLibArgs(Args, CmdArgs, "tsan");
		if (Sanitize.needsSafeStackRt())
		AddLinkSanitizerLibArgs(Args, CmdArgs, "safestack");

// Otherwise link libSystem, then the dynamic runtime library, and finally any		// Otherwise link libSystem, then the dynamic runtime library, and finally any
// target specific static runtime library.		// target specific static runtime library.
CmdArgs.push_back("-lSystem");		CmdArgs.push_back("-lSystem");

// Select the dynamic runtime library and the target specific static library.		// Select the dynamic runtime library and the target specific static library.
if (isTargetWatchOSBased()) {		if (isTargetWatchOSBased()) {
// We currently always need a static runtime library for watchOS.		// We currently always need a static runtime library for watchOS.
▲ Show 20 Lines • Show All 4,125 Lines • Show Last 20 Lines

tools/clang/lib/Driver/Tools.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 6,952 Lines • ▼ Show 20 Lines	if (Args.hasArg(options::OPT_ObjC) \|\| Args.hasArg(options::OPT_ObjCXX))
CmdArgs.push_back("-ObjC");		CmdArgs.push_back("-ObjC");

CmdArgs.push_back("-o");		CmdArgs.push_back("-o");
CmdArgs.push_back(Output.getFilename());		CmdArgs.push_back(Output.getFilename());

if (!Args.hasArg(options::OPT_nostdlib, options::OPT_nostartfiles))		if (!Args.hasArg(options::OPT_nostdlib, options::OPT_nostartfiles))
getMachOToolChain().addStartObjectFileArgs(Args, CmdArgs);		getMachOToolChain().addStartObjectFileArgs(Args, CmdArgs);

// SafeStack requires its own runtime libraries
// These libraries should be linked first, to make sure the
// __safestack_init constructor executes before everything else
samsonovUnsubmitted Not Done Reply Inline Actions How do you address this now? samsonov: How do you address this now?
kubamracekAuthorUnsubmitted Not Done Reply Inline Actions We link against the SafeStack dylib (we depend on it), so its constructors will be run before any constructors of the instrumented module. This is only an issue with a static library, where the __safestack_init constructor is in the same module as instrumented code. kubamracek: We link against the SafeStack dylib (we depend on it), so its constructors will be run before…
if (getToolChain().getSanitizerArgs().needsSafeStackRt()) {
getMachOToolChain().AddLinkRuntimeLib(Args, CmdArgs,
"libclang_rt.safestack_osx.a",
/AlwaysLink=/true);
}

Args.AddAllArgs(CmdArgs, options::OPT_L);		Args.AddAllArgs(CmdArgs, options::OPT_L);

AddLinkerInputs(getToolChain(), Inputs, Args, CmdArgs);		AddLinkerInputs(getToolChain(), Inputs, Args, CmdArgs);
// Build the input file for -filelist (list of linker input files) in case we		// Build the input file for -filelist (list of linker input files) in case we
// need it later		// need it later
for (const auto &II : Inputs) {		for (const auto &II : Inputs) {
if (!II.isFilename()) {		if (!II.isFilename()) {
// This is a linker input argument.		// This is a linker input argument.
▲ Show 20 Lines • Show All 3,382 Lines • Show Last 20 Lines