[WIP][ASan] Interceptors for WASI

Author: kateinoigakukun

compiler-rt/lib/asan/CMakeLists.txt

@@ -29,7 +29,10 @@ set(ASAN_SOURCES
   asan_stats.cpp
   asan_suppressions.cpp
   asan_thread.cpp
+  asan_wasi.cpp
   asan_win.cpp
+  wasi/memset.c
+  wasi/memcpy.c
   )
 
 if (NOT WIN32 AND NOT APPLE)

compiler-rt/lib/asan/asan_interceptors.cpp

@@ -27,10 +27,10 @@
 #include "sanitizer_common/sanitizer_internal_defs.h"
 #include "sanitizer_common/sanitizer_libc.h"
 
-// There is no general interception at all on Fuchsia.
+// There is no general interception at all on Fuchsia and WASI.
 // Only the functions in asan_interceptors_memintrinsics.cpp are
 // really defined to replace libc functions.
-#if !SANITIZER_FUCHSIA
+#if !SANITIZER_FUCHSIA && !SANITIZER_WASI
 
 #  if SANITIZER_POSIX
 #    include "sanitizer_common/sanitizer_posix.h"

compiler-rt/lib/asan/asan_interceptors.h

@@ -33,7 +33,7 @@ void InitializePlatformInterceptors();
 
 // Use macro to describe if specific function should be
 // intercepted on a given platform.
-#if !SANITIZER_WINDOWS
+#if !SANITIZER_WINDOWS && !SANITIZER_WASI
 # define ASAN_INTERCEPT__LONGJMP 1
 # define ASAN_INTERCEPT_INDEX 1
 # define ASAN_INTERCEPT_PTHREAD_CREATE 1

compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp

@@ -71,7 +71,7 @@ void *__asan_memmove(void *to, const void *from, uptr size) {
   ASAN_MEMMOVE_IMPL(nullptr, to, from, size);
 }
 
-#if SANITIZER_FUCHSIA
+#if SANITIZER_FUCHSIA || SANITIZER_WASI
 
 // Fuchsia doesn't use sanitizer_common_interceptors.inc, but
 // the only things there it wants are these three.  Just define them

compiler-rt/lib/asan/asan_malloc_linux.cpp

@@ -15,7 +15,7 @@
 
 #include "sanitizer_common/sanitizer_platform.h"
 #if SANITIZER_FREEBSD || SANITIZER_FUCHSIA || SANITIZER_LINUX || \
-    SANITIZER_NETBSD || SANITIZER_SOLARIS
+    SANITIZER_NETBSD || SANITIZER_SOLARIS || SANITIZER_WASI
 
 #  include "asan_allocator.h"
 #  include "asan_interceptors.h"
@@ -83,6 +83,12 @@ INTERCEPTOR(void*, realloc, void *ptr, uptr size) {
   return asan_realloc(ptr, size, &stack);
 }
 
+#if SANITIZER_WASI
+extern "C" void *__libc_malloc(uptr) __attribute__((alias("malloc")));
+extern "C" void __libc_free(void *) __attribute__((alias("free")));
+extern "C" void *__libc_calloc(uptr nmemb, uptr size) __attribute__((alias("calloc")));
+#endif
+
 #if SANITIZER_INTERCEPT_REALLOCARRAY
 INTERCEPTOR(void*, reallocarray, void *ptr, uptr nmemb, uptr size) {
   AsanInitFromRtl();

compiler-rt/lib/asan/asan_mapping.h

@@ -272,6 +272,8 @@ extern uptr kHighMemEnd, kMidMemBeg, kMidMemEnd;  // Initialized in __asan_init.
 
 #  if defined(__sparc__) && SANITIZER_WORDSIZE == 64
 #    include "asan_mapping_sparc64.h"
+#  elif SANITIZER_WASI
+#    include "asan_mapping_wasi.h"
 #  else
 #    define MEM_TO_SHADOW(mem) \
       (((mem) >> ASAN_SHADOW_SCALE) + (ASAN_SHADOW_OFFSET))

compiler-rt/lib/asan/asan_mapping_wasi.h

@@ -0,0 +1,86 @@
+//===-- asan_mapping_wasi.h ----------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// WASI-specific definitions for ASan memory mapping.
+//===----------------------------------------------------------------------===//
+
+#ifndef ASAN_MAPPING_WASI_H
+#define ASAN_MAPPING_WASI_H
+
+extern char __global_base;
+
+#define kLowMemBeg     ((uptr) &__global_base)
+#define kLowMemEnd     ((kLowShadowBeg << ASAN_SHADOW_SCALE) - 1)
+
+#define kLowShadowBeg  0
+#define kLowShadowEnd  ((uptr) &__global_base - 1)
+
+#define kHighMemBeg    0
+
+#define kHighShadowBeg 0
+#define kHighShadowEnd 0
+
+#define kMidShadowBeg  0
+#define kMidShadowEnd  0
+
+#define kShadowGapBeg  (kLowMemEnd + 1)
+#define kShadowGapEnd  0xFFFFFFFF
+
+#define kShadowGap2Beg 0
+#define kShadowGap2End 0
+
+#define kShadowGap3Beg 0
+#define kShadowGap3End 0
+
+// The first 1/8 of the shadow memory space is shadowing itself.
+// This allows attempted accesses into the shadow memory, as well as null
+// pointer dereferences, to be detected properly.
+// The shadow memory of the shadow memory is poisoned.
+#define MEM_TO_SHADOW(mem) ((mem) >> ASAN_SHADOW_SCALE)
+#define SHADOW_TO_MEM(mem) ((mem) << ASAN_SHADOW_SCALE)
+
+namespace __asan {
+
+static inline bool AddrIsInLowMem(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return a >= kLowMemBeg && a <= kLowMemEnd;
+}
+
+static inline bool AddrIsInLowShadow(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return a >= kLowShadowBeg && a <= kLowShadowEnd;
+}
+
+static inline bool AddrIsInMidMem(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return false;
+}
+
+static inline bool AddrIsInMidShadow(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return false;
+}
+
+static inline bool AddrIsInHighMem(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return false;
+}
+
+static inline bool AddrIsInHighShadow(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return false;
+}
+
+static inline bool AddrIsInShadowGap(uptr a) {
+  PROFILE_ASAN_MAPPING();
+  return a >= kShadowGapBeg;
+}
+
+}  // namespace __asan
+
+#endif  // ASAN_MAPPING_WASI_H

compiler-rt/lib/asan/asan_poisoning.h

@@ -51,6 +51,7 @@ ALWAYS_INLINE void FastPoisonShadow(uptr aligned_beg, uptr aligned_size,
   // probably provide higher-level interface for these operations.
   // For now, just memset on Windows.
   if (value || SANITIZER_WINDOWS == 1 ||
+      SANITIZER_WASI == 1 ||
       shadow_end - shadow_beg < common_flags()->clear_shadow_mmap_threshold) {
     REAL(memset)((void*)shadow_beg, value, shadow_end - shadow_beg);
   } else {

compiler-rt/lib/asan/asan_shadow_setup.cpp

@@ -14,7 +14,7 @@
 #include "sanitizer_common/sanitizer_platform.h"
 
 // asan_fuchsia.cpp has their own InitializeShadowMemory implementation.
-#if !SANITIZER_FUCHSIA
+#if !SANITIZER_FUCHSIA && !SANITIZER_WASI
 
 #  include "asan_internal.h"
 #  include "asan_mapping.h"

compiler-rt/lib/asan/asan_wasi.cpp

@@ -0,0 +1,80 @@
+//===-- asan_wasi.cpp -----------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// This file is a part of AddressSanitizer, an address sanity checker.
+//
+// WASI-specific details.
+//===----------------------------------------------------------------------===//
+
+#include "sanitizer_common/sanitizer_platform.h"
+#include "sanitizer_common/sanitizer_internal_defs.h"
+
+#if SANITIZER_WASI
+
+#include "asan/asan_poisoning.h"
+#include "asan_interceptors.h"
+#include "asan_internal.h"
+
+namespace __asan {
+
+void InitializeShadowMemory() {
+  // Poison the shadow memory itself to catch invalid shadow accesses and
+  // also to catch null pointer dereferences.
+  FastPoisonShadow(kLowShadowBeg, kLowShadowEnd - kLowShadowBeg, kAsanGlobalRedzoneMagic);
+}
+
+void InitializePlatformInterceptors() {}
+void InitializePlatformExceptionHandlers() {}
+
+void AsanCheckDynamicRTPrereqs() {}
+void AsanCheckIncompatibleRT() {}
+void InitializeAsanInterceptors() {}
+
+void AsanOnDeadlySignal(int signo, void *siginfo, void *context) {
+  UNIMPLEMENTED();
+}
+
+bool PlatformUnpoisonStacks() { return false; }
+
+// Simple thread local storage implementation for WASI
+static thread_local void *per_thread;
+
+void *AsanTSDGet() { return per_thread; }
+
+void AsanTSDSet(void *tsd) { per_thread = tsd; }
+
+void AsanTSDInit(void (*destructor)(void *tsd)) {
+  DCHECK(destructor == &PlatformTSDDtor);
+}
+
+void PlatformTSDDtor(void *tsd) { UNREACHABLE(__func__); }
+
+void AsanApplyToGlobals(globals_op_fptr op, const void *needle) {
+  UNIMPLEMENTED();
+}
+
+void InstallAtForkHandler() {
+  // WASI doesn't support fork
+}
+
+void FlushUnneededASanShadowMemory(uptr p, uptr size) {
+  // No-op as madvise is not supported on WASI
+}
+
+// On WASI, leak detection is not supported yet
+void InstallAtExitCheckLeaks() {}
+
+// On WASI Preview 1, dlopen is not supported
+bool HandleDlopenInit() { return false; }
+
+// WASI does not support ASLR
+void TryReExecWithoutASLR() {}
+
+}  // namespace __asan
+
+#endif // SANITIZER_WASI

compiler-rt/lib/asan/wasi/dlmalloc.c

@@ -0,0 +1,101 @@
+// This file is a wrapper around malloc.c, which is the upstream source file.
+// It sets configuration flags and controls which symbols are exported.
+
+#include <stddef.h>
+#include <malloc.h>
+
+// Define configuration macros for dlmalloc.
+
+// WebAssembly doesn't have mmap-style memory allocation.
+#define HAVE_MMAP 0
+
+// WebAssembly doesn't support shrinking linear memory.
+#define MORECORE_CANNOT_TRIM 1
+
+// Disable sanity checks to reduce code size.
+#define ABORT __builtin_unreachable()
+
+// If threads are enabled, enable support for threads.
+#ifdef _REENTRANT
+#define USE_LOCKS 1
+#endif
+
+// Make malloc deterministic.
+#define LACKS_TIME_H 1
+
+// Disable malloc statistics generation to reduce code size.
+#define NO_MALLINFO 1
+#define NO_MALLOC_STATS 1
+
+// Align malloc regions to 16, to avoid unaligned SIMD accesses.
+#define MALLOC_ALIGNMENT 16
+
+// Declare errno values used by dlmalloc. We define them like this to avoid
+// putting specific errno values in the ABI.
+extern const int __ENOMEM;
+#define ENOMEM __ENOMEM
+extern const int __EINVAL;
+#define EINVAL __EINVAL
+
+// Define USE_DL_PREFIX so that we leave dlmalloc's names prefixed with 'dl'.
+// We define them as "static", and we wrap them with public names below. This
+// serves two purposes:
+//
+// One is to make it easy to control which symbols are exported; dlmalloc
+// defines several non-standard functions and we wish to explicitly control
+// which functions are part of our public-facing interface.
+//
+// The other is to protect against compilers optimizing based on the assumption
+// that they know what functions with names like "malloc" do. Code in the
+// implementation will call functions like "dlmalloc" and assume it can use
+// the resulting pointers to access the metadata outside of the nominally
+// allocated objects. However, if the function were named "malloc", compilers
+// might see code like that and assume it has undefined behavior and can be
+// optimized away. By using "dlmalloc" in the implementation, we don't need
+// -fno-builtin to avoid this problem.
+#define USE_DL_PREFIX 1
+#define DLMALLOC_EXPORT extern "C"
+
+// This isn't declared with DLMALLOC_EXPORT so make it static explicitly.
+static size_t dlmalloc_usable_size(void*);
+
+// Include the upstream dlmalloc's malloc.c.
+#include "malloc.c"
+
+// Export the public names.
+
+#if 0
+void *malloc(size_t size) {
+    return dlmalloc(size);
+}
+
+void free(void *ptr) {
+    dlfree(ptr);
+}
+
+void *calloc(size_t nmemb, size_t size) {
+    return dlcalloc(nmemb, size);
+}
+
+void *realloc(void *ptr, size_t size) {
+    return dlrealloc(ptr, size);
+}
+
+int posix_memalign(void **memptr, size_t alignment, size_t size) {
+    return dlposix_memalign(memptr, alignment, size);
+}
+
+void* aligned_alloc(size_t alignment, size_t bytes) {
+    return dlmemalign(alignment, bytes);
+}
+
+size_t malloc_usable_size(void *ptr) {
+    return dlmalloc_usable_size(ptr);
+}
+
+// Define these to satisfy musl references.
+void *__libc_malloc(size_t) __attribute__((alias("malloc")));
+void __libc_free(void *) __attribute__((alias("free")));
+void *__libc_calloc(size_t nmemb, size_t size) __attribute__((alias("calloc")));
+
+#endif