Commit graph

12 commits

Author SHA1 Message Date
Tim Schumacher
678db534ff LibC: Properly implement stack protectors
The shared parts are now firmly compiled into LibC instead of being
defined as a static library and then being copied over manually.
The non-shared ("local") parts are kept as a static library that is
linked into each binary on demand.

This finally allows us to support linking with the -fstack-protector
flag, which now replaces the `ssp` target being linked into each binary
accidentally via CMake.
2022-11-01 14:49:09 +00:00
sin-ack
3f3f45580a Everywhere: Add sv suffix to strings relying on StringView(char const*)
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).

No functional changes.
2022-07-12 23:11:35 +02:00
sin-ack
c70f45ff44 Everywhere: Explicitly specify the size in StringView constructors
This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
2022-07-12 23:11:35 +02:00
Andrew Kaster
5120b39d0e Meta+Userland: Add ENABLE_USERSPACE_COVERAGE_COLLECTION CMake option
This option sets -fprofile-instr-generate -fcoverage-mapping for Clang
builds only on almost all of Userland. Loader and LibTimeZone are
exempt. This can be used for generating code coverage reports, or even
PGO in the future.
2022-05-02 01:46:18 +02:00
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
Andreas Kling
e86ab57078 AK+Kernel+LibSanitizer: Store "ubsan-is-deadly" flag as Atomic<bool> 2022-02-03 16:11:26 +01:00
Andrew Kaster
7e04160b0b LibSanitizer: Log UBSAN errors in red text to the debug console
This makes them harder to miss for spammy apps when UBSAN is not deadly.

Don't commit to making the warnln red at the momment, because that would
probably be a nuisance if stderr is not a tty.
2021-12-15 10:30:32 -08:00
Andrew Kaster
db33cdbc2f AK+LibSanitizer: Add method to zero out a UBSAN SourceLocation
This is the same strategy that LLVM's compiler-rt uses to make sure that
each UBSAN error is only reported once, when UBSAN is *not* deadly.

Otherwise, each time we head through a UB codepath, we will log the same
error over and over. That behavior just adds noise to the logs and makes
it nearly impossible to run binaires that have some common code path
with flagged UB in them.

compiler-rt goes the extra step to make sure the "clear" action is
atomic, but we don't really have that many multi-threaded apps gettting
tested with UBSAN yet, so we can add that later.
2021-12-15 10:30:32 -08:00
Andrew Kaster
3e9fb9f23c LibSanitizer: Check for halt_on_error=0 in $UBSAN_OPTIONS
This allows a developer to set the g_ubsan_is_deadly flag to true by
default and still disable UBSAN for certain applications.
2021-12-15 10:30:32 -08:00
Daniel Bertalan
653d22e21f LibSanitizer+AK: Add float cast overflow handler
This is not enabled by default in GCC, but is in Clang.
2021-08-08 10:55:36 +02:00
Andrew Kaster
882002c566 LibSantizer: Read $UBSAN_OPTIONS to set deadliness on first print
The first time we want to print a UBSAN violation, the UBSAN runtime
in userspace will get the UBSAN_OPTIONS environment variable to check if
it contains the string "halt_on_error=1". This is clearly not robust to
invalid options or adding more options, but it gets the job done at the
moment. :^)
2021-06-29 07:17:34 +04:30
Andrew Kaster
4a5a1e8648 Userland: Port UBSAN implementation to userspace
Take Kernel/UBSanitizer.cpp and make a copy in LibSanitizer.

We can use LibSanitizer to hold other sanitizers as people implement
them :^).

To enable UBSAN for LibC, DynamicLoader, and other low level system
libraries, LibUBSanitizer is built as a serenity_libc, and has a static
version for LibCStatic to use. The approach is the same as that taken in

Note that this means now UBSAN is enabled for code generators, Lagom,
Kernel, and Userspace with -DENABLE_UNDEFINED_SANTIZER=ON. In userspace
however, UBSAN is not deadly (yet).

Co-authored-by: ForLoveOfCats <ForLoveOfCats@vivaldi.net>
2021-05-27 15:18:03 +02:00