This is an archive of the discontinued LLVM Phabricator instance.

Differential D44525

[sanitizer] Add a slim Scudo shared runtime
AbandonedPublic

Authored by cryptoad on Mar 15 2018, 10:03 AM.

Details

Reviewers
eugenis
alekseyshl
flowerhack
phosek
mcgrathr
Summary

So I am actually not sure what would be the prefered way to do that from a
Sanitizer perspective, so here is one way that works, but feel free to point me
in another direction.

Fuchsia would like a standalone slim Scudo shared library, without C++
dependencies and with as few extras as possible. Right now, we bundle RTUBsan
because we want to cover the case -fsanitize=scudo,undefined, which has some
C++ runtime dependencies. So this new slim Scudo runtime will be UBSan free.

But then the other issue is that there is a whole lot of public functions that
are exported by default in sanitizer_common that pull in stuff like the
symbolizer or stacktraces modules that Scudo has no use for. This ends up
pulling in the internal allocator which has a 512kB memory footprint in the
bss section for example. So I defined a minimal set of files from
sanitizer_common needed by Scudo to get rid of all the extras.

The last thing was to override __sanitizer_sandbox_on_notify which was
pulling in the symbolizer has well.

This would also allow to add nostdlib++ and nostdinc++ to the minimal
runtime.

Here are a few binary sizes with different compilations options:

  • a build with gcc: lib/clang/7.0.0/lib/linux/libclang_rt.scudo-x86_64.so 2777112 lib/clang/7.0.0/lib/linux/libclang_rt.scudo_minimal-x86_64.so 1608024
  • a build with clang: lib/clang/7.0.0/lib/linux/libclang_rt.scudo-x86_64.so 469392 lib/clang/7.0.0/lib/linux/libclang_rt.scudo_minimal-x86_64.so 238432

Let me know what you think, or if there is another way to achieve this.

Diff Detail

Event Timeline

cryptoad created this revision.Mar 15 2018, 10:03 AM
Herald added subscribers: Restricted Project, llvm-commits, delcypher and 2 others. · View Herald TranscriptMar 15 2018, 10:03 AM
cryptoad added inline comments.Mar 15 2018, 10:10 AM
lib/sanitizer_common/CMakeLists.txt
234

So this is not entirely correct as this should probably be SCUDO_SUPPORTED_ARCH, but I am not sure I want to mix in both.

phosek added a reviewer: mcgrathr.Mar 15 2018, 3:15 PM
eugenis added a subscriber: pcc.Mar 16 2018, 11:41 AM
eugenis added inline comments.
lib/sanitizer_common/CMakeLists.txt
99

That's unfortunate that this is not a subset of any other source list. I'm worried that people will forget to update it, and would not know whether a new file belongs here or not. It's probably OK as long as scudo_minimal is built by default in compiler-rt.

AFAIR @pcc mentioned that _libcdep / _nolibc distinction can be deprecated. Is that true? If those are merged into a single source list, would this new SCUDO list be a subset of it?

234

This looks fine to me - this library should be buildable for all of $SANITIZER_COMMON_SUPPORTED_ARCH.

lib/scudo/scudo_override.cpp
22

#include "sanitizer_common/sanitizer_interface_internal.h" ?

cryptoad added inline comments.Mar 16 2018, 12:23 PM
lib/sanitizer_common/CMakeLists.txt
99

I am currently trying to do some splits locally, which would make more sense that this version.
The coverage related files can end up in their own RTSanitizerCommonCoverage rule so far successfully.
Right now I am battling with the symbolizer/stacktrace files that are more intertwined, trying to have them in a RTSanitizerCommonSymbolizer rule.
As far I can see, Safestack is the only consummer of the nolibc part, and is also part of the headache.

lib/scudo/scudo_override.cpp
22

IIRC I tried but said include defines __sanitizer_sandbox_on_notify as weak and it doesn't override the the function.
In my local copy I ended up with a void *args since it's extern "C" anyway.

cryptoad added a comment.Mar 16 2018, 1:06 PM

Here is a general idea for a split Coverage & Symbolizer/StackTraces: https://reviews.llvm.org/D44578
Still some minor changes to do for the less common sanitizers but tests for the main ones pass (on Linux).

cryptoad abandoned this revision.Mar 20 2018, 9:57 AM

Abandoning this, moving towards a split of Coverage & Symbolizer/StackTrace in SanitizerCommon that would end up with the same effect wrt Scudo.

Revision Contents

PathSize
lib/
sanitizer_common/
27 lines
scudo/
15 lines
26 lines

Diff 138578

lib/sanitizer_common/CMakeLists.txt

Show First 20 LinesShow All 71 Lines▼ Show 20 Linesset(SANITIZER_LIBCDEP_SOURCES
sanitizer_mac_libcdep.cc sanitizer_mac_libcdep.cc
sanitizer_posix_libcdep.cc sanitizer_posix_libcdep.cc
sanitizer_stacktrace_libcdep.cc sanitizer_stacktrace_libcdep.cc
sanitizer_stoptheworld_linux_libcdep.cc sanitizer_stoptheworld_linux_libcdep.cc
sanitizer_symbolizer_libcdep.cc sanitizer_symbolizer_libcdep.cc
sanitizer_symbolizer_posix_libcdep.cc sanitizer_symbolizer_posix_libcdep.cc
sanitizer_unwind_linux_libcdep.cc) sanitizer_unwind_linux_libcdep.cc)
set(SANITIZER_SCUDO_SOURCES
sanitizer_allocator.cc
sanitizer_allocator_checks.cc
sanitizer_common.cc
sanitizer_common_libcdep.cc
sanitizer_errno.cc
sanitizer_file.cc
sanitizer_flags.cc
sanitizer_flag_parser.cc
sanitizer_fuchsia.cc
sanitizer_libc.cc
sanitizer_linux.cc
sanitizer_linux_libcdep.cc
sanitizer_platform_limits_linux.cc
sanitizer_platform_limits_posix.cc
sanitizer_posix.cc
sanitizer_posix_libcdep.cc
sanitizer_printf.cc
sanitizer_procmaps_common.cc
sanitizer_procmaps_linux.cc)
eugenisUnsubmitted
Not Done
ReplyInline Actions

That's unfortunate that this is not a subset of any other source list. I'm worried that people will forget to update it, and would not know whether a new file belongs here or not. It's probably OK as long as scudo_minimal is built by default in compiler-rt.

AFAIR @pcc mentioned that _libcdep / _nolibc distinction can be deprecated. Is that true? If those are merged into a single source list, would this new SCUDO list be a subset of it?

eugenis: That's unfortunate that this is not a subset of any other source list. I'm worried that people…
cryptoadAuthorUnsubmitted
Not Done
ReplyInline Actions

I am currently trying to do some splits locally, which would make more sense that this version.
The coverage related files can end up in their own RTSanitizerCommonCoverage rule so far successfully.
Right now I am battling with the symbolizer/stacktrace files that are more intertwined, trying to have them in a RTSanitizerCommonSymbolizer rule.
As far I can see, Safestack is the only consummer of the nolibc part, and is also part of the headache.

cryptoad: I am currently trying to do some splits locally, which would make more sense that this version.
# Explicitly list all sanitizer_common headers. Not all of these are # Explicitly list all sanitizer_common headers. Not all of these are
# included in sanitizer_common source files, but we need to depend on # included in sanitizer_common source files, but we need to depend on
# headers when building our custom unit tests. # headers when building our custom unit tests.
set(SANITIZER_HEADERS set(SANITIZER_HEADERS
sanitizer_addrhashmap.h sanitizer_addrhashmap.h
sanitizer_allocator.h sanitizer_allocator.h
sanitizer_allocator_bytemap.h sanitizer_allocator_bytemap.h
sanitizer_allocator_combined.h sanitizer_allocator_combined.h
▲ Show 20 LinesShow All 115 Lines▼ Show 20 Linesadd_compiler_rt_object_libraries(RTSanitizerCommonNoLibc
CFLAGS ${SANITIZER_CFLAGS} CFLAGS ${SANITIZER_CFLAGS}
DEFS ${SANITIZER_COMMON_DEFINITIONS}) DEFS ${SANITIZER_COMMON_DEFINITIONS})
add_compiler_rt_object_libraries(RTSanitizerCommonLibc add_compiler_rt_object_libraries(RTSanitizerCommonLibc
${OS_OPTION} ${OS_OPTION}
ARCHS ${SANITIZER_COMMON_SUPPORTED_ARCH} ARCHS ${SANITIZER_COMMON_SUPPORTED_ARCH}
SOURCES ${SANITIZER_LIBCDEP_SOURCES} SOURCES ${SANITIZER_LIBCDEP_SOURCES}
CFLAGS ${SANITIZER_CFLAGS} CFLAGS ${SANITIZER_CFLAGS}
DEFS ${SANITIZER_COMMON_DEFINITIONS}) DEFS ${SANITIZER_COMMON_DEFINITIONS})
add_compiler_rt_object_libraries(RTSanitizerCommonScudo
${OS_OPTION}
ARCHS ${SANITIZER_COMMON_SUPPORTED_ARCH}
cryptoadAuthorUnsubmitted
Not Done
ReplyInline Actions

So this is not entirely correct as this should probably be SCUDO_SUPPORTED_ARCH, but I am not sure I want to mix in both.

cryptoad: So this is not entirely correct as this should probably be `SCUDO_SUPPORTED_ARCH`, but I am not…
eugenisUnsubmitted
Not Done
ReplyInline Actions

This looks fine to me - this library should be buildable for all of $SANITIZER_COMMON_SUPPORTED_ARCH.

eugenis: This looks fine to me - this library should be buildable for all of…
SOURCES ${SANITIZER_SCUDO_SOURCES}
CFLAGS ${SANITIZER_CFLAGS}
DEFS ${SANITIZER_COMMON_DEFINITIONS})
set(SANITIZER_NO_WEAK_HOOKS_CFLAGS ${SANITIZER_CFLAGS}) set(SANITIZER_NO_WEAK_HOOKS_CFLAGS ${SANITIZER_CFLAGS})
list(APPEND SANITIZER_NO_WEAK_HOOKS_CFLAGS "-DSANITIZER_SUPPORTS_WEAK_HOOKS=0") list(APPEND SANITIZER_NO_WEAK_HOOKS_CFLAGS "-DSANITIZER_SUPPORTS_WEAK_HOOKS=0")
add_compiler_rt_object_libraries(RTSanitizerCommonNoHooks add_compiler_rt_object_libraries(RTSanitizerCommonNoHooks
${OS_OPTION} ${OS_OPTION}
ARCHS ${SANITIZER_COMMON_SUPPORTED_ARCH} ARCHS ${SANITIZER_COMMON_SUPPORTED_ARCH}
SOURCES ${SANITIZER_SOURCES} SOURCES ${SANITIZER_SOURCES}
CFLAGS ${SANITIZER_NO_WEAK_HOOKS_CFLAGS} CFLAGS ${SANITIZER_NO_WEAK_HOOKS_CFLAGS}
▲ Show 20 LinesShow All 93 LinesShow Last 20 Lines

lib/scudo/CMakeLists.txt

Show All 12 Lines
list(APPEND SCUDO_CFLAGS -ffunction-sections -fdata-sections) list(APPEND SCUDO_CFLAGS -ffunction-sections -fdata-sections)
list(APPEND SCUDO_DYNAMIC_LINK_FLAGS -Wl,--gc-sections) list(APPEND SCUDO_DYNAMIC_LINK_FLAGS -Wl,--gc-sections)
set(SCUDO_SOURCES set(SCUDO_SOURCES
scudo_allocator.cpp scudo_allocator.cpp
scudo_crc32.cpp scudo_crc32.cpp
scudo_flags.cpp scudo_flags.cpp
scudo_malloc.cpp scudo_malloc.cpp
scudo_override.cpp
scudo_termination.cpp scudo_termination.cpp
scudo_tsd_exclusive.cpp scudo_tsd_exclusive.cpp
scudo_tsd_shared.cpp scudo_tsd_shared.cpp
scudo_utils.cpp) scudo_utils.cpp)
set(SCUDO_CXX_SOURCES set(SCUDO_CXX_SOURCES
scudo_new_delete.cpp) scudo_new_delete.cpp)
# Enable the SSE 4.2 instruction set for scudo_crc32.cpp, if available. # Enable the SSE 4.2 instruction set for scudo_crc32.cpp, if available.
if (COMPILER_RT_HAS_MSSE4_2_FLAG) if (COMPILER_RT_HAS_MSSE4_2_FLAG)
set_source_files_properties(scudo_crc32.cpp PROPERTIES COMPILE_FLAGS -msse4.2) set_source_files_properties(scudo_crc32.cpp PROPERTIES COMPILE_FLAGS -msse4.2)
endif() endif()
# Enable the AArch64 CRC32 feature for scudo_crc32.cpp, if available. # Enable the AArch64 CRC32 feature for scudo_crc32.cpp, if available.
# Note that it is enabled by default starting with armv8.1-a. # Note that it is enabled by default starting with armv8.1-a.
if (COMPILER_RT_HAS_MCRC_FLAG) if (COMPILER_RT_HAS_MCRC_FLAG)
set_source_files_properties(scudo_crc32.cpp PROPERTIES COMPILE_FLAGS -mcrc) set_source_files_properties(scudo_crc32.cpp PROPERTIES COMPILE_FLAGS -mcrc)
endif() endif()
if(COMPILER_RT_HAS_SCUDO) if(COMPILER_RT_HAS_SCUDO)
set(SCUDO_DYNAMIC_LIBS ${SANITIZER_CXX_ABI_LIBRARY} set(SCUDO_DYNAMIC_LIBS ${SANITIZER_COMMON_LINK_LIBS})
${SANITIZER_COMMON_LINK_LIBS})
append_list_if(COMPILER_RT_HAS_LIBDL dl SCUDO_DYNAMIC_LIBS) append_list_if(COMPILER_RT_HAS_LIBDL dl SCUDO_DYNAMIC_LIBS)
append_list_if(COMPILER_RT_HAS_LIBRT rt SCUDO_DYNAMIC_LIBS) append_list_if(COMPILER_RT_HAS_LIBRT rt SCUDO_DYNAMIC_LIBS)
append_list_if(COMPILER_RT_HAS_LIBPTHREAD pthread SCUDO_DYNAMIC_LIBS) append_list_if(COMPILER_RT_HAS_LIBPTHREAD pthread SCUDO_DYNAMIC_LIBS)
append_list_if(COMPILER_RT_HAS_LIBLOG log SCUDO_DYNAMIC_LIBS) append_list_if(COMPILER_RT_HAS_LIBLOG log SCUDO_DYNAMIC_LIBS)
add_compiler_rt_runtime(clang_rt.scudo add_compiler_rt_runtime(clang_rt.scudo
STATIC STATIC
ARCHS ${SCUDO_SUPPORTED_ARCH} ARCHS ${SCUDO_SUPPORTED_ARCH}
Show All 19 Lines add_compiler_rt_runtime(clang_rt.scudo
SOURCES ${SCUDO_SOURCES} ${SCUDO_CXX_SOURCES} SOURCES ${SCUDO_SOURCES} ${SCUDO_CXX_SOURCES}
OBJECT_LIBS RTSanitizerCommonNoTermination OBJECT_LIBS RTSanitizerCommonNoTermination
RTSanitizerCommonLibc RTSanitizerCommonLibc
RTInterception RTInterception
RTUbsan RTUbsan
RTUbsan_cxx RTUbsan_cxx
CFLAGS ${SCUDO_CFLAGS} CFLAGS ${SCUDO_CFLAGS}
LINK_FLAGS ${SCUDO_DYNAMIC_LINK_FLAGS} LINK_FLAGS ${SCUDO_DYNAMIC_LINK_FLAGS}
LINK_LIBS ${SCUDO_DYNAMIC_LIBS} ${SANITIZER_CXX_ABI_LIBRARY}
PARENT_TARGET scudo)
add_compiler_rt_runtime(clang_rt.scudo_minimal
SHARED
ARCHS ${SCUDO_SUPPORTED_ARCH}
SOURCES ${SCUDO_SOURCES} ${SCUDO_CXX_SOURCES}
OBJECT_LIBS RTSanitizerCommonScudo
RTInterception
CFLAGS ${SCUDO_CFLAGS}
LINK_FLAGS ${SCUDO_DYNAMIC_LINK_FLAGS}
LINK_LIBS ${SCUDO_DYNAMIC_LIBS} LINK_LIBS ${SCUDO_DYNAMIC_LIBS}
PARENT_TARGET scudo) PARENT_TARGET scudo)
endif() endif()

lib/scudo/scudo_override.cpp

  • This file was added.
//===-- scudo_override.cpp --------------------------------------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
///
/// Strong definitions for some sanitizer_common weak interface functions that
/// Scudo doesn't need and that end up pulling a whole lot of dependencies in.
///
//===----------------------------------------------------------------------===//
#include "sanitizer_common/sanitizer_internal_defs.h"
extern "C" {
typedef struct {
int coverage_sandboxed;
__sanitizer::sptr coverage_fd;
unsigned int coverage_max_block_size;
} __sanitizer_sandbox_arguments;
eugenisUnsubmitted
Not Done
ReplyInline Actions

#include "sanitizer_common/sanitizer_interface_internal.h" ?

eugenis: #include "sanitizer_common/sanitizer_interface_internal.h" ?
cryptoadAuthorUnsubmitted
Not Done
ReplyInline Actions

IIRC I tried but said include defines __sanitizer_sandbox_on_notify as weak and it doesn't override the the function.
In my local copy I ended up with a void *args since it's extern "C" anyway.

cryptoad: IIRC I tried but said include defines __sanitizer_sandbox_on_notify as weak and it doesn't…
SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args) {}
}