Cheng Shao pushed to branch wip/terrorjack/asan at Glasgow Haskell Compiler / GHC Commits: 70d366c7 by Cheng Shao at 2025-12-17T00:39:47+01:00 hadrian: add support for building with AddressSanitizer This patch adds a +asan flavour transformer to hadrian to build all stage1+ C/C++ code with AddressBehaviorSanitizer. This is particularly useful to catch potential out-of-bounds and use-after-free bugs in the RTS codebase. - - - - - eff6cc25 by Cheng Shao at 2025-12-17T00:39:51+01:00 ci: add ubsan+asan job We now have a `x86_64-linux-fedora43-validate+debug_info+ubsan+asan` validate/nightly job with both UBSan/ASan enabled. - - - - - d43effd3 by Cheng Shao at 2025-12-17T00:39:51+01:00 rts: add ASAN poisoning to mblock allocator - - - - - 12 changed files: - .gitlab/generate-ci/gen_ci.hs - .gitlab/jobs.yaml - hadrian/doc/flavours.md - hadrian/src/Flavour.hs - rts/include/Stg.h - + rts/include/rts/ASANUtils.h - rts/rts.cabal - rts/sm/MBlock.c - testsuite/driver/testglobals.py - testsuite/driver/testlib.py - testsuite/tests/rts/T18623/all.T - testsuite/tests/rts/all.T Changes: ===================================== .gitlab/generate-ci/gen_ci.hs ===================================== @@ -162,6 +162,7 @@ data BuildConfig , tablesNextToCode :: Bool , threadSanitiser :: Bool , ubsan :: Bool + , asan :: Bool , noSplitSections :: Bool , validateNonmovingGc :: Bool , textWithSIMDUTF :: Bool @@ -173,7 +174,7 @@ configureArgsStr :: BuildConfig -> String configureArgsStr bc = unwords $ ["--enable-unregisterised"| unregisterised bc ] ++ ["--disable-tables-next-to-code" | not (tablesNextToCode bc) ] - ++ ["--with-intree-gmp" | Just _ <- pure (crossTarget bc) ] + ++ ["--with-intree-gmp" | isJust (crossTarget bc) || ubsan bc || asan bc ] ++ ["--with-system-libffi" | crossTarget bc == Just "wasm32-wasi" ] ++ ["--enable-ipe-data-compression" | withZstd bc ] ++ ["--enable-strict-ghc-toolchain-check"] @@ -188,6 +189,7 @@ mkJobFlavour BuildConfig{..} = Flavour buildFlavour opts [HostFullyStatic | hostFullyStatic] ++ [ThreadSanitiser | threadSanitiser] ++ [UBSan | ubsan] ++ + [ASan | asan] ++ [NoSplitSections | noSplitSections, buildFlavour == Release ] ++ [BootNonmovingGc | validateNonmovingGc ] ++ [TextWithSIMDUTF | textWithSIMDUTF] @@ -201,6 +203,7 @@ data FlavourTrans = | HostFullyStatic | ThreadSanitiser | UBSan + | ASan | NoSplitSections | BootNonmovingGc | TextWithSIMDUTF @@ -230,6 +233,7 @@ vanilla = BuildConfig , tablesNextToCode = True , threadSanitiser = False , ubsan = False + , asan = False , noSplitSections = False , validateNonmovingGc = False , textWithSIMDUTF = False @@ -283,8 +287,8 @@ llvm = vanilla { llvmBootstrap = True } tsan :: BuildConfig tsan = vanilla { threadSanitiser = True } -enableUBSan :: BuildConfig -enableUBSan = vanilla { withDwarf = True, ubsan = True } +enableUBSanASan :: BuildConfig +enableUBSanASan = vanilla { withDwarf = True, ubsan = True, asan = True } noTntc :: BuildConfig noTntc = vanilla { tablesNextToCode = False } @@ -381,6 +385,7 @@ flavourString (Flavour base trans) = base_string base ++ concatMap (("+" ++) . f flavour_string HostFullyStatic = "host_fully_static" flavour_string ThreadSanitiser = "thread_sanitizer_cmm" flavour_string UBSan = "ubsan" + flavour_string ASan = "asan" flavour_string NoSplitSections = "no_split_sections" flavour_string BootNonmovingGc = "boot_nonmoving_gc" flavour_string TextWithSIMDUTF = "text_simdutf" @@ -1213,15 +1218,24 @@ fedora_x86 = , hackage_doc_job (disableValidate (standardBuildsWithConfig Amd64 (Linux Fedora43) releaseConfig)) , disableValidate (standardBuildsWithConfig Amd64 (Linux Fedora43) dwarf) , disableValidate (standardBuilds Amd64 (Linux Fedora43)) - -- For UBSan jobs, only enable for validate/nightly pipelines. - -- Also disable docs since it's not the point for UBSan jobs. + -- For UBSan/ASan jobs, only enable for validate/nightly + -- pipelines. Also disable docs since it's not the point for + -- UBSan/ASan jobs. + -- + -- See + -- https://github.com/llvm/llvm-project/blob/llvmorg-21.1.8/compiler-rt/lib/san... + -- for ASAN options help, for now these are required to pass the + -- testsuite , modifyJobs ( setVariable "HADRIAN_ARGS" "--docs=none" . addVariable "UBSAN_OPTIONS" "suppressions=$CI_PROJECT_DIR/rts/.ubsan-suppressions" + . addVariable + "ASAN_OPTIONS" + "detect_leaks=false:handle_segv=0:handle_sigfpe=0:verify_asan_link_order=false" ) - $ validateBuilds Amd64 (Linux Fedora43) enableUBSan + $ validateBuilds Amd64 (Linux Fedora43) enableUBSanASan ] where hackage_doc_job = rename (<> "-hackage") . modifyJobs (addVariable "HADRIAN_ARGS" "--haddock-for-hackage") ===================================== .gitlab/jobs.yaml ===================================== @@ -3195,7 +3195,7 @@ "XZ_OPT": "-9" } }, - "nightly-x86_64-linux-fedora43-validate+debug_info+ubsan": { + "nightly-x86_64-linux-fedora43-validate+debug_info+ubsan+asan": { "after_script": [ ".gitlab/ci.sh save_cache", ".gitlab/ci.sh save_test_output", @@ -3206,7 +3206,7 @@ "artifacts": { "expire_in": "8 weeks", "paths": [ - "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan.tar.xz", + "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan+asan.tar.xz", "junit.xml", "unexpected-test-output.tar.gz" ], @@ -3248,14 +3248,15 @@ "x86_64-linux" ], "variables": { + "ASAN_OPTIONS": "detect_leaks=false:handle_segv=0:handle_sigfpe=0:verify_asan_link_order=false", "BIGNUM_BACKEND": "gmp", - "BIN_DIST_NAME": "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan", - "BUILD_FLAVOUR": "validate+debug_info+ubsan", - "CONFIGURE_ARGS": "--enable-strict-ghc-toolchain-check", + "BIN_DIST_NAME": "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan+asan", + "BUILD_FLAVOUR": "validate+debug_info+ubsan+asan", + "CONFIGURE_ARGS": "--with-intree-gmp --enable-strict-ghc-toolchain-check", "HADRIAN_ARGS": "--docs=none", "INSTALL_CONFIGURE_ARGS": "--enable-strict-ghc-toolchain-check", "RUNTEST_ARGS": "", - "TEST_ENV": "x86_64-linux-fedora43-validate+debug_info+ubsan", + "TEST_ENV": "x86_64-linux-fedora43-validate+debug_info+ubsan+asan", "UBSAN_OPTIONS": "suppressions=$CI_PROJECT_DIR/rts/.ubsan-suppressions", "XZ_OPT": "-9" } @@ -7346,7 +7347,7 @@ "TEST_ENV": "x86_64-linux-fedora43-validate+debug_info" } }, - "x86_64-linux-fedora43-validate+debug_info+ubsan": { + "x86_64-linux-fedora43-validate+debug_info+ubsan+asan": { "after_script": [ ".gitlab/ci.sh save_cache", ".gitlab/ci.sh save_test_output", @@ -7357,7 +7358,7 @@ "artifacts": { "expire_in": "2 weeks", "paths": [ - "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan.tar.xz", + "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan+asan.tar.xz", "junit.xml", "unexpected-test-output.tar.gz" ], @@ -7383,7 +7384,7 @@ ], "rules": [ { - "if": "((($ONLY_JOBS) && ($ONLY_JOBS =~ /.*\\bx86_64-linux-fedora43-validate\\+debug_info\\+ubsan(\\s|$).*/)) || (($ONLY_JOBS == null) && ((($CI_MERGE_REQUEST_LABELS =~ /.*full-ci.*/) || ($CI_MERGE_REQUEST_LABELS =~ /.*marge_bot_batch_merge_job.*/) || ($CI_COMMIT_BRANCH == \"master\") || ($CI_COMMIT_BRANCH =~ /ghc-[0-9]+\\.[0-9]+/))))) && ($RELEASE_JOB != \"yes\") && ($NIGHTLY == null)", + "if": "((($ONLY_JOBS) && ($ONLY_JOBS =~ /.*\\bx86_64-linux-fedora43-validate\\+debug_info\\+ubsan\\+asan(\\s|$).*/)) || (($ONLY_JOBS == null) && ((($CI_MERGE_REQUEST_LABELS =~ /.*full-ci.*/) || ($CI_MERGE_REQUEST_LABELS =~ /.*marge_bot_batch_merge_job.*/) || ($CI_COMMIT_BRANCH == \"master\") || ($CI_COMMIT_BRANCH =~ /ghc-[0-9]+\\.[0-9]+/))))) && ($RELEASE_JOB != \"yes\") && ($NIGHTLY == null)", "when": "on_success" } ], @@ -7399,14 +7400,15 @@ "x86_64-linux" ], "variables": { + "ASAN_OPTIONS": "detect_leaks=false:handle_segv=0:handle_sigfpe=0:verify_asan_link_order=false", "BIGNUM_BACKEND": "gmp", - "BIN_DIST_NAME": "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan", - "BUILD_FLAVOUR": "validate+debug_info+ubsan", - "CONFIGURE_ARGS": "--enable-strict-ghc-toolchain-check", + "BIN_DIST_NAME": "ghc-x86_64-linux-fedora43-validate+debug_info+ubsan+asan", + "BUILD_FLAVOUR": "validate+debug_info+ubsan+asan", + "CONFIGURE_ARGS": "--with-intree-gmp --enable-strict-ghc-toolchain-check", "HADRIAN_ARGS": "--docs=none", "INSTALL_CONFIGURE_ARGS": "--enable-strict-ghc-toolchain-check", "RUNTEST_ARGS": "", - "TEST_ENV": "x86_64-linux-fedora43-validate+debug_info+ubsan", + "TEST_ENV": "x86_64-linux-fedora43-validate+debug_info+ubsan+asan", "UBSAN_OPTIONS": "suppressions=$CI_PROJECT_DIR/rts/.ubsan-suppressions" } }, ===================================== hadrian/doc/flavours.md ===================================== @@ -242,6 +242,10 @@ The supported transformers are listed below: <td><code>ubsan</code></td> <td>Build all stage1+ C/C++ code with UndefinedBehaviorSanitizer support</td> </tr> + <tr> + <td><code>asan</code></td> + <td>Build all stage1+ C/C++ code with AddressSanitizer support</td> + </tr> <tr> <td><code>llvm</code></td> <td>Use GHC's LLVM backend (`-fllvm`) for all stage1+ compilation.</td> ===================================== hadrian/src/Flavour.hs ===================================== @@ -8,6 +8,7 @@ module Flavour , splitSections , enableThreadSanitizer , enableUBSan + , enableASan , enableLateCCS , enableHashUnitIds , enableDebugInfo, enableTickyGhc @@ -56,6 +57,7 @@ flavourTransformers = M.fromList , "thread_sanitizer" =: enableThreadSanitizer False , "thread_sanitizer_cmm" =: enableThreadSanitizer True , "ubsan" =: enableUBSan + , "asan" =: enableASan , "llvm" =: viaLlvmBackend , "profiled_ghc" =: enableProfiledGhc , "no_dynamic_ghc" =: disableDynamicGhcPrograms @@ -303,6 +305,28 @@ enableUBSan = builder Testsuite ? arg "--config=have_ubsan=True" ] +-- | Build all stage1+ C/C++ code with AddressSanitizer support: +-- https://clang.llvm.org/docs/AddressSanitizer.html +enableASan :: Flavour -> Flavour +enableASan = + addArgs $ + notStage0 + ? mconcat + [ package rts + ? builder (Cabal Flags) + ? arg "+asan" + <> (needSharedLibSAN ? arg "+shared-libsan"), + builder (Ghc CompileHs) ? arg "-optc-fsanitize=address", + builder (Ghc CompileCWithGhc) ? arg "-optc-fsanitize=address", + builder (Ghc CompileCppWithGhc) ? arg "-optcxx-fsanitize=address", + builder (Ghc LinkHs) + ? arg "-optc-fsanitize=address" + <> arg "-optl-fsanitize=address" + <> (needSharedLibSAN ? arg "-optl-shared-libsan"), + builder (Cc CompileC) ? arg "-fsanitize=address", + builder Testsuite ? arg "--config=have_asan=True" + ] + -- | Use the LLVM backend in stages 1 and later. viaLlvmBackend :: Flavour -> Flavour viaLlvmBackend = addArgs $ notStage0 ? builder Ghc ? arg "-fllvm" ===================================== rts/include/Stg.h ===================================== @@ -335,6 +335,7 @@ external prototype return neither of these types to workaround #11395. #include "stg/MachRegsForHost.h" #include "stg/Regs.h" #include "stg/Ticky.h" +#include "rts/ASANUtils.h" #include "rts/TSANUtils.h" #if IN_STG_CODE ===================================== rts/include/rts/ASANUtils.h ===================================== @@ -0,0 +1,33 @@ +#pragma once + +#if defined(__SANITIZE_ADDRESS__) +#define ASAN_ENABLED +#elif defined(__has_feature) +#if __has_feature(address_sanitizer) +#define ASAN_ENABLED +#endif +#endif + +#if defined(ASAN_ENABLED) +#include +#define USED_IF_ASAN +#else +#include +#define USED_IF_ASAN __attribute__((unused)) +#endif + +static inline void +__ghc_asan_poison_memory_region(void const volatile *addr USED_IF_ASAN, + size_t size USED_IF_ASAN) { +#if defined(ASAN_ENABLED) + __asan_poison_memory_region(addr, size); +#endif +} + +static inline void +__ghc_asan_unpoison_memory_region(void const volatile *addr USED_IF_ASAN, + size_t size USED_IF_ASAN) { +#if defined(ASAN_ENABLED) + __asan_unpoison_memory_region(addr, size); +#endif +} ===================================== rts/rts.cabal ===================================== @@ -97,6 +97,12 @@ flag ubsan UndefinedBehaviorSanitizer. default: False manual: True +flag asan + description: + Link with -fsanitize=address, to be enabled when building with + AddressSanitizer. + default: False + manual: True flag shared-libsan description: Link with -shared-libsan, to guarantee only one copy of the @@ -216,6 +222,9 @@ library if flag(ubsan) ld-options: -fsanitize=undefined + if flag(asan) + ld-options: -fsanitize=address + if flag(shared-libsan) ld-options: -shared-libsan @@ -280,6 +289,7 @@ library -- ^ generated rts/ghc_ffi.h rts/Adjustor.h + rts/ASANUtils.h rts/ExecPage.h rts/BlockSignals.h rts/Bytecodes.h ===================================== rts/sm/MBlock.c ===================================== @@ -579,6 +579,8 @@ getMBlocks(uint32_t n) ret = getCommittedMBlocks(n); + __ghc_asan_unpoison_memory_region(ret, (W_)n * MBLOCK_SIZE); + debugTrace(DEBUG_gc, "allocated %d megablock(s) at %p",n,ret); mblocks_allocated += n; @@ -611,6 +613,8 @@ freeMBlocks(void *addr, uint32_t n) mblocks_allocated -= n; + __ghc_asan_poison_memory_region(addr, (W_)n * MBLOCK_SIZE); + decommitMBlocks(addr, n); } ===================================== testsuite/driver/testglobals.py ===================================== @@ -189,6 +189,9 @@ class TestConfig: # Are we running with UndefinedBehaviorSanitizer enabled? self.have_ubsan = False + # Are we running with AddressSanitizer enabled? + self.have_asan = False + # Do symbols use leading underscores? self.leading_underscore = False ===================================== testsuite/driver/testlib.py ===================================== @@ -1093,6 +1093,9 @@ def have_thread_sanitizer( ) -> bool: def have_ubsan( ) -> bool: return config.have_ubsan +def have_asan( ) -> bool: + return config.have_asan + def gcc_as_cmmp() -> bool: return config.cmm_cpp_is_gcc ===================================== testsuite/tests/rts/T18623/all.T ===================================== @@ -8,6 +8,8 @@ test('T18623', # Recent versions of osx report an error when running `ulimit -v` when(opsys('darwin'), skip), when(arch('powerpc64le'), skip), + # ASan can't allocate shadow memory + when(have_asan(), skip), cmd_prefix('ulimit -v ' + str(8 * 1024 ** 2) + ' && '), ignore_stdout], run_command, ===================================== testsuite/tests/rts/all.T ===================================== @@ -105,6 +105,8 @@ def remove_parenthesis(s): return re.sub(r'\s+\([^)]*\)', '', s) test('outofmem', [ when(opsys('darwin'), skip), + # ASan shadow memory allocation blows up + when(have_asan(), skip), # this is believed to cause other processes to die # that happen concurrently while the outofmem test # runs in CI. As such we'll need to disable it on View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/compare/02adcf979d688e37ae3976a5766ba72... -- View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/compare/02adcf979d688e37ae3976a5766ba72... You're receiving this email because of your account on gitlab.haskell.org.