search

vusec / safeinit

SafeInit protects software from uninitialized read vulnerabilities - code released for NDSS 2017
Apache License 2.0
24 stars 4 forks source link

Build fails on Ubuntu 18.04 #1

Open mrigger opened 5 years ago

mrigger commented 5 years ago

Hi, we've tried to build SafeInit, but the build failed with an error.

To reproduce the issue, you can create a Docker image from a Dockerfile with the following content:

FROM ubuntu:18.04
RUN apt-get update && apt-get install -y --no-install-recommends git clang libomp-dev libc++1 cmake ca-certificates python3
RUN git clone --single-branch https://github.com/vusec/safeinit
RUN cd safeinit/llvm && mkdir build && cd build && cmake .. -DCMAKE_C_COMPILER=/usr/bin/clang && make -j4

This is the error we got:

[ 11%] Building CXX object projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/sanitizer_stoptheworld_linux_libcdep.cc.o
Scanning dependencies of target RTInterception.x86_64
/safeinit/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc:276:22: error: variable has incomplete type 'struct sigaltstack'
  struct sigaltstack handler_stack;
                     ^
/safeinit/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_linux.h:24:8: note: forward declaration of 'sigaltstack'
struct sigaltstack;
       ^
1 error generated.
[ 11%] Building CXX object projects/compiler-rt/lib/interception/CMakeFiles/RTInterception.x86_64.dir/interception_linux.cc.o
projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/build.make:206: recipe for target 'projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/sanitizer_stoptheworld_linux_libcdep.cc.o' failed
make[2]: *** [projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/sanitizer_stoptheworld_linux_libcdep.cc.o] Error 1
make[2]: *** Waiting for unfinished jobs....
[ 11%] Building CXX object projects/compiler-rt/lib/interception/CMakeFiles/RTInterception.x86_64.dir/interception_mac.cc.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/InfoStream.cpp.o
[ 11%] Building CXX object projects/compiler-rt/lib/interception/CMakeFiles/RTInterception.x86_64.dir/interception_win.cc.o
make[1]: *** [projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
CMakeFiles/Makefile2:12720: recipe for target 'projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/all' failed
[ 11%] Building CXX object projects/compiler-rt/lib/interception/CMakeFiles/RTInterception.x86_64.dir/interception_type_test.cc.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/MappedBlockStream.cpp.o
[ 11%] Built target RTInterception.x86_64
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/ModInfo.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/ModStream.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/NameHashTable.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/NameMap.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/PDBFile.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/PublicsStream.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/RawError.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/RawSession.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/StreamReader.cpp.o
[ 11%] Building CXX object lib/DebugInfo/PDB/CMakeFiles/LLVMDebugInfoPDB.dir/Raw/TpiStream.cpp.o
[ 11%] Linking CXX static library ../../libLLVMDebugInfoPDB.a
[ 11%] Built target LLVMDebugInfoPDB
Makefile:151: recipe for target 'all' failed
make: *** [all] Error 2

Do you have any idea what went wrong?

noopwafel commented 5 years ago

This (old) version of LLVM doesn't build as-is against a modern libc. I collected a couple of upstream patches for this at http://noopwafel.net/old_llvm_mrigger/ - I didn't test them against SafeInit, but maybe they help?

BTW if you're interested in using this in practice, I have not been updating this and I don't plan to port to modern LLVM due to lack of time, sorry :( But happily there is some support for automatic variable initialization in upstream LLVM/clang, see https://reviews.llvm.org/rL349442 and I can answer questions if anyone wants to reimplement any other parts.

mrigger commented 5 years ago

Thanks a lot for your quick response and sorry for my delayed one. Applying LLVM-fix-sanitizer-build-with-modern-glibc.txt solved the build issue that I encountered. Thanks! However, I encountered another build error:

/safeinit/llvm/tools/clang/lib/CodeGen/CGDecl.cpp:929:8: error: reference to non-static member function must be called; did you mean to call it with no arguments?
  if (!getLangOpts.Sanitize.has(SanitizerKind::SafeInit) && CGM.getCodeGenOpts().OptimizationLevel == 0)
       ^~~~~~~~~~~
                  ()
1 error generated.
tools/clang/lib/CodeGen/CMakeFiles/clangCodeGen.dir/build.make:374: recipe for target 'tools/clang/lib/CodeGen/CMakeFiles/clangCodeGen.dir/CGDecl.cpp.o' failed
make[2]: *** [tools/clang/lib/CodeGen/CMakeFiles/clangCodeGen.dir/CGDecl.cpp.o] Error 1
CMakeFiles/Makefile2:21357: recipe for target 'tools/clang/lib/CodeGen/CMakeFiles/clangCodeGen.dir/all' failed
make[1]: *** [tools/clang/lib/CodeGen/CMakeFiles/clangCodeGen.dir/all] Error 2

Here is the updated Dockerfile:

FROM ubuntu:18.04
RUN apt-get update && apt-get install -y --no-install-recommends git clang libomp-dev libc++1 cmake ca-certificates python3 make wget
RUN git clone --single-branch https://github.com/vusec/safeinit
RUN cd safeinit/llvm/projects/compiler-rt/ && cat lib/sanitizer_common/sanitizer_linux.cc
RUN wget -O - http://noopwafel.net/old_llvm_mrigger/LLVM-fix-sanitizer-build-with-modern-glibc.txt | git apply -v --directory safeinit/llvm/projects/compiler-rt
# failed to apply: RUN wget -O - http://noopwafel.net/old_llvm_mrigger/LLVM-fix-sanitizer-build-with-modern-glibc-2.txt | git apply -v --directory safeinit/llvm/projects/compiler-rt/

RUN cd safeinit/llvm && mkdir build && cd build && cmake .. -DCMAKE_C_COMPILER=/usr/bin/clang
RUN cd safeinit/llvm/build && make -j4

I have been working on a new benchmarking suite, and a container-based benchmarking methodology, which is why I'm interested in SafeInit (see https://github.com/jku-ssw/cicro-benchmarks/tree/master/docker).