woju
commented
3 years ago Jenkins, test Jenkins-Direct-Sanitizers, please
Closed pwmarcz closed 3 years ago
woju
commented
3 years ago Jenkins, test Jenkins-Direct-Sanitizers, please
woju
commented
3 years ago Jenkins, test Jenkins-SGX-Sanitizers, please
woju
commented
3 years ago Jenkins, test Jenkins-SGX-Sanitizers please
woju
commented
3 years ago Jenkins, test Jenkins-Direct-Sanitizers please
woju
commented
3 years ago Jenkins, test this please
woju
commented
3 years ago Jenkins, test Jenkins-SGX-Sanitizers please
woju
commented
3 years ago Jenkins, test Jenkins-SGX-Sanitizers please
woju
commented
3 years ago Jenkins, test this please
woju
commented
3 years ago Jenkins, test Jenkins-18.04 please
Tracking issue: #2106.
Fixes #1794 (Clang support: the last part missing was a Jenkins build).
Description of the changes
This enables UndefinedBehaviorSanitizer in more or less all of our code (Common, LibOS, PAL, outer PAL). See
ubsan.cfor the main part of implementation; everything else is glue.I wanted to have a regression test that checks if UBSan still works. This requires triggering some code inside LibOS. The initial idea was to define our own syscall, but it looks pretty hacky (inventing our own syscall number, making sure it doesn't collide with anything, making sure the syscall table is the right size, etc.)
Instead, I think we can use the same mechanism as we use for
register_library: make this a more general LibOS entry vector. I think the same mechanism can be used for other unit tests that we want to run inside Graphene (e.g. testing filesystem or IPC code).Why implement our own hooks?
The previous attempt (#2101) worked by importing the real
libubsanlibrary. However, that pulls in glibc and other libraries, and causes LibOS to be linked against these, which is probably not what we want and might cause weird side effects (since e.g. we have our own memory allocation). Also, this approach won't work anymore because we decided to remove dynamic linking support from LibOS.So instead I'm implementing our own hooks. They're quite simple: display a message, along with source position (fortunately the compiler provides file name and line number). To see more information (e.g. stack trace), you have to use gdb (you can break on
shim_abort/pal_abort).(There's an even cheaper option,
-fsanitize-trap, that emits trap instructions and doesn't require any hooks. But as you can see, the hooks can be rather simple).How to test this PR?
UBSan is not enabled on Jenkins yet, but you can compile the code yourself (see
building.rst) and play with it.(I am testing this on a separate branch, though, by overriding some existing Jenkins configurations).
This change is