Sanitizer support

[novafacing]

Sanitizer support is tricky, because it depends on the operating system, which UEFI/BIOS doesn't have. Some testing and some possible implementation steps:

• [ ] Try and build an edk2 UEFI app with ASAN, see if it works out of the box
• [ ] If it doesn't see if it works with the hooks defined to send a harness/magic instruction to the simulator
• [ ] If that still doesn't work, try and implement our own pass

[cglosner]

I have been working on this recently. There is a branch based off of https://github.com/shijunjing/edk2/tree/sanitizer2 that utilizes ASan within UEFI for QEMU, but based off of how it works it has a set region within memory that it allocates for the ASan memory, which conflicts when running in Simics because Simics utilizes the same memory region for miscellaneous MMIO address. I found a different region in memory that is large enough, so temporarily I have something working by hardcoding a free memory region past MMIO regions and before UEFI code regions, but I am working I getting the ASan memory region to be dynamically allocated.

[novafacing]

Interesting! I've been following the branch you linked for a while. I tried it with SIMICS and it didn't work, although I didn't get as far as figuring out what the error was, so thank you for explaining it!

Let me know what I can do to help, whether by testing your branch or something else :)

[cglosner]

Sorry for the very late reply, I got side tracked and didn't get around to porting it right away. Below are the repos that have all of the necessary code:

https://github.com/cglosner/edk2-platforms/tree/simics-sanitizer
https://github.com/cglosner/edk2/tree/simics-sanitizer
https://github.com/cglosner/edk2-non-osi/tree/simics-sanitizer
https://github.com/cglosner/FSP/tree/simics-sanitizer

It has all been test and works. I moved the memory region and had to disable smm restricted memory accesses to allow for using shadow mem with asan. It does take a long time to boot up though, which makes sense so don't lose hope if it takes a few minutes. To build use the toolchain:

python build_bios.py -p BoardX58Ich10 -t CLANGSAN

[novafacing]

Wow, this is absolutely fantastic! Thank you, I'll test it soon and close this when I have a tutorial :)

[cglosner]

A couple things I noticed when running my own tests that may help you out.

1. it takes about 550 seconds to get to the boot menu so for the auto login in script I did 550 seconds for the first boot and 10 seconds for the rest of them.
2. You'll need to use a x86QSP2 processor not a x86QSP1.
3. I was able to boot just fine when using the configurations from qsp-clear-linux.simics, but for some reason the auto login script is failing so it just hits the end of the BDS phase.

I am going to keep messing around with the last one, but I'm not sure why it is failing so I may try something else.