Sanitizers for NetBSD
Current status
Summary of the current status of sanitizers on a NetBSD host.
What are sanitizers?
Sanitizer is a programming tool that detects computer program bugs such as buffer overflows, signed integer overflow, uninitialized memory read etc.
Sanitizers are developed in LLVM, and a downstream port exists to GCC.
Types of sanitizers
There are various types of sanitizers.
A sanitizer is composed of an instrumentation part builtin into a compiler's code generation part.
The instrumentation part emitted by a compiler requires a runtime library, that is shipped with compiler-rt.
- Undefined Behavior Sanitizer (UBSan)
- Undefined Behavior with minimal runtime (UBSan_minimal)
- Address Sanitizer (ASan)
- Hardware Assisted Address Sanitizer (HWASan)
- Thread Sanitizer (TSan)
- Memory Sanitizer (MSan)
- Efficiency Sanitizer (ESan)
- Data Flow Sanitizer (DFSan)
- Leak Sanitizer (LSan)
Additionally there are the following features shipped together with sanitizers:
- profile
- SafeStack
- Control Flow Integrity
- Scudo Hardened Allocator
- XRay
- libFuzzer
- ShadowCallStack
The compiler-rt package ships with libBlocksRuntime, builtins etc.
As a NetBSD specific extension, there is a micro-UBSan runtime developed and maintained in the NetBSD source code. It is designed to function inside libc (uUBSan - usermode-UBSan) and inside the kernel (kUBSan - kernel-UBSan).
Types of runtimes
There are two types of sanitizer runtimes:
- dynamically linked ones (default in GCC)
- statically linked ones (default in Clang)
Base GCC/NetBSD works with the former, upstream HEAD version of LLVM/NetBSD works with the latter.
Both compilers should support both of them, but the other options (GCC/NetBSD & static runtime, LLVM/NetBSD & dynamic runtime) are to be done.
Sanitizers in NetBSD
Sanitizers in NetBSD are shipped with the following options:
- together with the toolchain with the default compiler runtime (default),
- together with the MKSANITIZER option (build the userland with the default compiler sanitizer),
- together with the MKLIBCSANITIZER option (build the userland with a homegrown sanitizer runtime),
- together with the NetBSD kernel (build the kernel with a homegrown kernel sanitizer runtime).
MKSANITIZER blog entry:
http://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration
MKLIBCSANITIZER and kernel sanitizer blog entry:
http://blog.netbsd.org/tnf/entry/introduction_to_%C2%B5ubsan_a_clean
Support in NetBSD
Currently the main focus is with LLVM and GCC.
Generic TODO:
- switch syscall(2)/__syscall(2) to libc calls
- upstream local patches / rebase to newly developed support in LLVM available in GCC 8.x and newer
- develop missing interceptors such as fts(3) (mostly MSan-centric)
- FILE and DIR sanitization (needed by at least: ESan, MSan)
- improve the framework for ioctl(2) database and handle special cases when a part of a struct can be uninitialized and passed to the kernel (MSan)
- finish StopTheWorld() and upstream to LLVM
- port to !x86
- fixes with the signal code
- pkgsrc integration
- finish the support of float128 for Clang/LLVM/libstdc++/libgcc
- LLVM fixes for shared (dlopen(3)-powered) runtime
- fix other bugs.
GCC
The GCC compiler assumed the version in distribution.
GCC with the default runtime
| Name | NetBSD status |
|---|---|
| UBSan | mostly works with all ports |
| ASan | mostly works with amd64 and i386 |
| LSan | might work with amd64 and i386 |
GCC with MKSANITIZER
Untested.
GCC with MKLIBCSANITIZER
| Name | NetBSD status |
|---|---|
| UBSan | works with micro-UBSan |
GCC with kernel sanitizers
| Name | NetBSD status |
|---|---|
| UBSan | works with micro-UBSan |
LLVM
The LLVM support is available only with the HEAD version of the toolchain and not shipped in the base distribution.
LLVM with the default runtime
| Name | NetBSD status |
|---|---|
| UBSan | mostly works with all LLVM ports |
| ASan | mostly works with amd64 and i386 |
| MSan | mostly works with amd64 |
| TSan | mostly works with amd64 |
LLVM with MKSANITIZER
| Name | NetBSD status |
|---|---|
| UBSan | mostly works with all LLVM ports |
| ASan | mostly works with amd64 and i386 |
LLVM with MKLIBCSANITIZER
| Name | NetBSD status |
|---|---|
| UBSan | works with micro-UBSan |
LLVM with kernel sanitizers
| Name | NetBSD status |
|---|---|
| UBSan | works with micro-UBSan |