wasi-sdk icon indicating copy to clipboard operation
wasi-sdk copied to clipboard
verified publisher icon WebAssembly

SDK should support Address Sanitizer

Open whitequark opened this issue 4 months ago • 9 comments

Per https://github.com/llvm/llvm-project/issues/151015#issuecomment-3130203774.

Right now, it is just disabled:

$ /opt/wasi-sdk/bin/clang -fsanitize=address test.c
clang: error: unsupported option '-fsanitize=address' for target 'wasm32-unknown-wasi'

Personally, I don't really know how ASan would work, since I believe it relies on a block of shadow memory somewhere high in address space normally. Would that be just a new linear memory just for that purpose? I'm not familiar with ASan implementation, I assume @sbc100 knows how it is supposed to work.

whitequark avatar Jul 30 '25 09:07 whitequark

Would that be just a new linear memory just for that purpose?

I believe the way it works in Emscripten is by reserving the first ~1/8 of the linear memory (as if there was a very large static data block): https://github.com/emscripten-core/emscripten/blob/be3fe6b97b358a389bfa8a9745c5c7f94a4eb293/tools/link.py#L1626-L1653.

SingleAccretion avatar Jul 30 '25 10:07 SingleAccretion

It sounds like my idea would be both a lot more efficient (since you could grow the second region alongside the first instead of reserving 512 MB if you want to be able to grow to 4 GB) and impossible to overwrite if you have a write-what-where primitive.

whitequark avatar Jul 30 '25 10:07 whitequark

I have been working on porting ASan for WASI as a part of Swift project. I've already upstreamed some of the changes. You can find more details here: https://github.com/swiftwasm/swift/issues/5609

kateinoigakukun avatar Jul 30 '25 12:07 kateinoigakukun

Oh, brilliant! I'll leave it to you then.

whitequark avatar Jul 30 '25 12:07 whitequark

@kateinoigakukun Have you solved a problem where sanitizer_redefine_builtins.h crashes Clang in WasmObjectWriter::writeOneObject?

whitequark avatar Jul 30 '25 14:07 whitequark

@whitequark Yeap, I just excluded the inline asm block, and it was enough to make it work. I haven't took a closer look at the reason for the inline asm though.

https://github.com/kateinoigakukun/llvm-project/commit/81a04b47efc198de06016361dac2e17121b4d202

kateinoigakukun avatar Jul 30 '25 14:07 kateinoigakukun

@kateinoigakukun This will cause problems: the compiler will generate calls to memcpy within the sanitizer itself, which may be intercepted and incorrectly treated as application code. You'd have to teach it to pass -fno-builtins or -mllvm -disable-simpilfy-libcalls to the compiler when building for Wasm.

How did you redefine GET_CALLER_PC()?

whitequark avatar Jul 30 '25 14:07 whitequark

Yeah, that's definitely not a proper solution; we need to find a way to work around it.

For GET_CALLER_PC(), I just redefined it to return 0 https://github.com/kateinoigakukun/llvm-project/commit/1fa0b8de956f2f9991a9554d2c2740621210fd8b

kateinoigakukun avatar Aug 02 '25 14:08 kateinoigakukun

Redefining it to return 0 hides all of the reports.

whitequark avatar Aug 03 '25 09:08 whitequark