Annotation of wikisrc/users/kamil/sanitizers.mdwn, revision 1.4
1.1 kamil 1: Sanitizers for NetBSD
2:
3: # Current status
4:
5: Summary of the current status of sanitizers on a NetBSD host.
6:
7: # What are sanitizers?
8:
9: Sanitizer is a programming tool that detects computer program bugs such as buffer overflows, signed integer overflow, uninitialized memory read etc.
10:
11: Sanitizers are developed in LLVM, and a downstream port exists to GCC.
12:
13: # Types of sanitizers
14:
15: There are various types of sanitizers.
16:
17: A sanitizer is composed of an instrumentation part builtin into a compiler's code generation part.
18:
19: The instrumentation part emitted by a compiler requires a runtime library, that is shipped with compiler-rt.
20:
21: * Undefined Behavior Sanitizer (UBSan)
22: * Undefined Behavior with minimal runtime (UBSan_minimal)
23: * Address Sanitizer (ASan)
24: * Hardware Assisted Address Sanitizer (HWASan)
25: * Thread Sanitizer (TSan)
26: * Memory Sanitizer (MSan)
27: * Efficiency Sanitizer (ESan)
28: * Data Flow Sanitizer (DFSan)
29: * Leak Sanitizer (LSan)
30:
31: Additionally there are the following features shipped together with sanitizers:
32:
33: * profile
34: * SafeStack
35: * Control Flow Integrity
36: * Scudo Hardened Allocator
37: * XRay
38: * libFuzzer
39: * ShadowCallStack
40:
41: The compiler-rt package ships with libBlocksRuntime, builtins etc.
42:
43: As a NetBSD specific extension, there is a micro-UBSan runtime developed and maintained in the NetBSD source code.
44: It is designed to function inside libc (uUBSan - usermode-UBSan) and inside the kernel (kUBSan - kernel-UBSan).
45:
46: # Sanitizers in NetBSD
47:
48: Sanitizers in NetBSD are shipped with the following options:
49:
50: * together with the toolchain with the default compiler runtime (default),
51: * together with the MKSANITIZER option (build the userland with the default compiler sanitizer),
52: * together with the MKLIBCSANITIZER option (build the userland with a homegrown sanitizer runtime),
53: * together with the NetBSD kernel (build the kernel with a homegrown kernel sanitizer runtime).
54:
55: MKSANITIZER blog entry:
56:
57: http://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration
58:
59: MKLIBCSANITIZER and kernel sanitizer blog entry:
60:
61: http://blog.netbsd.org/tnf/entry/introduction_to_%C2%B5ubsan_a_clean
62:
63: # Support in NetBSD
64:
65: Currently the main focus is with LLVM and GCC.
66:
67: Generic TODO:
68:
69: * switch syscall(2)/__syscall(2) to libc calls
70: * upstream local patches / rebase to newly developed support in LLVM available in GCC 8.x and newer
71: * develop missing interceptors such as fts(3) (mostly MSan-centric)
72: * FILE and DIR sanitization (needed by at least: ESan, MSan)
73: * improve the framework for ioctl(2) database and handle special cases when a part of a struct can be uninitialized and passed to the kernel (MSan)
74: * finish StopTheWorld() and upstream to LLVM
75: * port to !x86
76: * fixes with the signal code
77: * pkgsrc integration
78: * finish the support of float128 for Clang/LLVM/libstdc++/libgcc
79: * LLVM fixes for shared (dlopen(3)-powered) runtime
80: * fix other bugs.
81:
82: ## GCC
83:
84: The GCC compiler assumed the version in distribution.
85:
86: ### GCC with the default runtime
87:
88: Name | NetBSD status
1.2 kamil 89: ----------|---------------------------------
1.1 kamil 90: UBSan | mostly works with all ports
91: ASan | mostly works with amd64 and i386
92: LSan | might work with amd64 and i386
93:
94: ### GCC with MKSANITIZER
95:
96: Untested.
97:
98: ### GCC with MKLIBCSANITIZER
99:
100: Name | NetBSD status
1.2 kamil 101: ----------|---------------------------------
1.1 kamil 102: UBSan | works with micro-UBSan
103:
104: ### GCC with kernel sanitizers
105:
106: Name | NetBSD status
1.2 kamil 107: ----------|---------------------------------
1.1 kamil 108: UBSan | works with micro-UBSan
109:
110: ## LLVM
111:
112: The LLVM support is available only with the HEAD version of the toolchain and not shipped in the base distribution.
113:
114: ### LLVM with the default runtime
115:
116: Name | NetBSD status
1.2 kamil 117: ----------|---------------------------------
1.4 ! kamil 118: UBSan | mostly works with all LLVM ports
! 119: ASan | mostly works with amd64 and i386
! 120: MSan | mostly works with amd64
! 121: TSan | mostly works with amd64
1.1 kamil 122:
123: ### LLVM with MKSANITIZER
124:
1.3 kamil 125: Name | NetBSD status
126: ----------|---------------------------------
1.4 ! kamil 127: UBSan | mostly works with all LLVM ports
! 128: ASan | mostly works with amd64 and i386
1.1 kamil 129:
130: ### LLVM with MKLIBCSANITIZER
131:
132: Name | NetBSD status
1.2 kamil 133: ----------|---------------------------------
1.1 kamil 134: UBSan | works with micro-UBSan
135:
136: ### LLVM with kernel sanitizers
137:
138: Name | NetBSD status
1.2 kamil 139: ----------|---------------------------------
1.1 kamil 140: UBSan | works with micro-UBSan
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to sanitizers.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / users / kamil