Annotation of wikisrc/users/kamil/sanitizers.mdwn, revision 1.1
1.1 ! kamil 1: Sanitizers for NetBSD
! 2:
! 3: # Current status
! 4:
! 5: Summary of the current status of sanitizers on a NetBSD host.
! 6:
! 7: # What are sanitizers?
! 8:
! 9: Sanitizer is a programming tool that detects computer program bugs such as buffer overflows, signed integer overflow, uninitialized memory read etc.
! 10:
! 11: Sanitizers are developed in LLVM, and a downstream port exists to GCC.
! 12:
! 13: # Types of sanitizers
! 14:
! 15: There are various types of sanitizers.
! 16:
! 17: A sanitizer is composed of an instrumentation part builtin into a compiler's code generation part.
! 18:
! 19: The instrumentation part emitted by a compiler requires a runtime library, that is shipped with compiler-rt.
! 20:
! 21: * Undefined Behavior Sanitizer (UBSan)
! 22: * Undefined Behavior with minimal runtime (UBSan_minimal)
! 23: * Address Sanitizer (ASan)
! 24: * Hardware Assisted Address Sanitizer (HWASan)
! 25: * Thread Sanitizer (TSan)
! 26: * Memory Sanitizer (MSan)
! 27: * Efficiency Sanitizer (ESan)
! 28: * Data Flow Sanitizer (DFSan)
! 29: * Leak Sanitizer (LSan)
! 30:
! 31: Additionally there are the following features shipped together with sanitizers:
! 32:
! 33: * profile
! 34: * SafeStack
! 35: * Control Flow Integrity
! 36: * Scudo Hardened Allocator
! 37: * XRay
! 38: * libFuzzer
! 39: * ShadowCallStack
! 40:
! 41: The compiler-rt package ships with libBlocksRuntime, builtins etc.
! 42:
! 43: As a NetBSD specific extension, there is a micro-UBSan runtime developed and maintained in the NetBSD source code.
! 44: It is designed to function inside libc (uUBSan - usermode-UBSan) and inside the kernel (kUBSan - kernel-UBSan).
! 45:
! 46: # Sanitizers in NetBSD
! 47:
! 48: Sanitizers in NetBSD are shipped with the following options:
! 49:
! 50: * together with the toolchain with the default compiler runtime (default),
! 51: * together with the MKSANITIZER option (build the userland with the default compiler sanitizer),
! 52: * together with the MKLIBCSANITIZER option (build the userland with a homegrown sanitizer runtime),
! 53: * together with the NetBSD kernel (build the kernel with a homegrown kernel sanitizer runtime).
! 54:
! 55: MKSANITIZER blog entry:
! 56:
! 57: http://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration
! 58:
! 59: MKLIBCSANITIZER and kernel sanitizer blog entry:
! 60:
! 61: http://blog.netbsd.org/tnf/entry/introduction_to_%C2%B5ubsan_a_clean
! 62:
! 63: # Support in NetBSD
! 64:
! 65: Currently the main focus is with LLVM and GCC.
! 66:
! 67: Generic TODO:
! 68:
! 69: * switch syscall(2)/__syscall(2) to libc calls
! 70: * upstream local patches / rebase to newly developed support in LLVM available in GCC 8.x and newer
! 71: * develop missing interceptors such as fts(3) (mostly MSan-centric)
! 72: * FILE and DIR sanitization (needed by at least: ESan, MSan)
! 73: * improve the framework for ioctl(2) database and handle special cases when a part of a struct can be uninitialized and passed to the kernel (MSan)
! 74: * finish StopTheWorld() and upstream to LLVM
! 75: * port to !x86
! 76: * fixes with the signal code
! 77: * pkgsrc integration
! 78: * finish the support of float128 for Clang/LLVM/libstdc++/libgcc
! 79: * LLVM fixes for shared (dlopen(3)-powered) runtime
! 80: * fix other bugs.
! 81:
! 82: ## GCC
! 83:
! 84: The GCC compiler assumed the version in distribution.
! 85:
! 86: ### GCC with the default runtime
! 87:
! 88: Name | NetBSD status
! 89: ----------+---------------------------------
! 90: UBSan | mostly works with all ports
! 91: ASan | mostly works with amd64 and i386
! 92: LSan | might work with amd64 and i386
! 93:
! 94: ### GCC with MKSANITIZER
! 95:
! 96: Untested.
! 97:
! 98: ### GCC with MKLIBCSANITIZER
! 99:
! 100: Name | NetBSD status
! 101: ----------+---------------------------------
! 102: UBSan | works with micro-UBSan
! 103:
! 104: ### GCC with kernel sanitizers
! 105:
! 106: Name | NetBSD status
! 107: ----------+---------------------------------
! 108: UBSan | works with micro-UBSan
! 109:
! 110: ## LLVM
! 111:
! 112: The LLVM support is available only with the HEAD version of the toolchain and not shipped in the base distribution.
! 113:
! 114: ### LLVM with the default runtime
! 115:
! 116: Name | NetBSD status
! 117: ----------+---------------------------------
! 118: UBSan | works with all ports
! 119: ASan | works with amd64 and i386
! 120: MSan | works with amd64
! 121: TSan | works with amd64
! 122:
! 123: ### LLVM with MKSANITIZER
! 124:
! 125: Untested.
! 126:
! 127: ### LLVM with MKLIBCSANITIZER
! 128:
! 129: Name | NetBSD status
! 130: ----------+---------------------------------
! 131: UBSan | works with micro-UBSan
! 132:
! 133: ### LLVM with kernel sanitizers
! 134:
! 135: Name | NetBSD status
! 136: ----------+---------------------------------
! 137: UBSan | works with micro-UBSan
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to sanitizers.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / users / kamil