7

I'm developing a static freestanding nolibc/nostdlib program for Linux and would like to use the C compiler's memory, address and undefined behavior sanitizers to improve my code.

I couldn't get it to work when I tried it though:

clang -static -ffreestanding -nostdlib -fno-omit-frame-pointer -fsanitize=undefined -g -o program program.c

This causes the compiler to emit instrumentation code that calls functions such as __ubsan_handle_type_mismatch_v1@plt. It compiles and links successfully but the program segfaults near those references when run. More specifically, in my memory allocator:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) up
(gdb) disas
Dump of assembler code for function lone_reallocate:
...
   0x00000000002116d0 <+160>:   bl      0x206470 <__ubsan_handle_pointer_overflow@plt>
=> 0x00000000002116d4 <+164>:   b       0x2116d8 <lone_reallocate+168>
   0x00000000002116d8 <+168>:   ldur    x8, [x29, #-72]
...

I assume these functions are missing due to the lack of libc support. When I tried to use the -static-libsan option, I got numerous undefined sybol errors:

error: undefined symbol: __aarch64_cas8_acq_rel
error: undefined symbol: pthread_self
error: undefined symbol: dl_iterate_phdr
error: undefined symbol: abort
...

How can I make this work? Do I have to implement those functions? If so, how? I couldn't find any documentation on this matter.

Can operating systems and kernels use these sanitizers? If they can, then whatever method they use would also be applicable to my use case.

Improve this question
8
  • 3
    Make separate builds for your project. One uses the sanitizers in a hosted program calling your functions compiled for a hosted environment. The other builds freestanding versions. Commented Dec 19, 2023 at 23:19
  • 2
    Consider the question from a different perspective for a moment. What do you expect the instrumentation actually to do if it detects a memory-use issue or undefined behavior? There are no standard I/O functions in a freestanding environment, and not even a standard means to terminate execution. How is the instrumentation going to tell you about what it discovered? Commented Dec 19, 2023 at 23:19
  • Yes, you could conceivably implement your own versions of all the functions the instrumentation requires, but that would be a major project of its own. Commented Dec 19, 2023 at 23:23
  • @JohnBollinger I have full access to Linux system calls, I can use write and exit. I have also written my own I/O functions. I suppose I can use these to report errors and kill the program. Commented Dec 19, 2023 at 23:24
  • 2
    I didn't say it was unsafe to use system calls if they are in fact available to you. I said that a C program running on a freestanding implementation ordinarily does not have any system calls available to draw on, except to the extent that it implements them itself. And I said that you can neither expect the sanitizer tooling to make direct system calls, nor to have any syscall wrapper functions available to it other than those you provide yourself. Commented Dec 20, 2023 at 2:25
Related questions
1458
What does "static" mean in C?
676
"static const" vs "#define" vs "enum"
710
Difference between static and shared libraries?
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.