mozilla

Revision 442971 of Building SpiderMonkey with UBSan

  • Revision slug: Building_SpiderMonkey_with_UBSan
  • Revision title: Building SpiderMonkey with UBSan
  • Revision id: 442971
  • Created:
  • Creator: Jesse
  • Is current revision? No
  • Comment

Revision Content

1. Compile a recent version of LLVM & Clang.

2. Save the following bash script, fixing LLVM_ROOT to point to your installation.

#! /bin/sh

if [ -z $1 ] ; then
    echo "usage: $0 <dirname>"
elif [ -d $1 ] ; then
    echo "directory $1 already exists"
else
    autoconf2.13
    autoconf213
    mkdir $1
    cd $1
    LLVM_ROOT="$HOME/llvm"
    SANFLAG="-fsanitize=undefined -fno-sanitize=alignment,float-divide-by-zero,vptr -Dxmalloc=myxmalloc" \
    CC="$LLVM_ROOT/build/Release+Asserts/bin/clang" \
    CXX="$LLVM_ROOT/build/Release+Asserts/bin/clang++" \
    CFLAGS="$SANFLAG" \
    CXXFLAGS="$SANFLAG" \
    MOZ_LLVM_HACKS=1 \
            ../configure --enable-debug --disable-optimize
    make -j 8
fi

3. Use the script to compile SpiderMonkey.

This enables all the cheap undefined behavior checks other than:

  • alignment, which hits known bugs in SpiderMonkey, and is more implementation-defined (slow on x86 / crash on ARM) than undefined behavior
  • float-divide-by-zero, which Jesse doesn't think is actually undefined behavior (aside from the question of whether CPU overflow flags are set)
  • vptr, a check that requires RTTI, which is disabled by default in SpiderMonkey

Known bugs. Please file new bugs with [-fsanitize=X] in the status whiteboard, where X is the relevant sanitize option.

Revision Source

<p>1. <a href="https://developer.mozilla.org/en-US/docs/Building_Firefox_with_Address_Sanitizer#LLVM.2FClang" title="https://developer.mozilla.org/en-US/docs/Building_Firefox_with_Address_Sanitizer#LLVM.2FClang">Compile a recent version of LLVM &amp; Clang</a>.</p>
<p>2. Save the following bash script, fixing LLVM_ROOT to point to your installation.</p>
<pre>
#! /bin/sh

if [ -z $1 ] ; then
    echo "usage: $0 &lt;dirname&gt;"
elif [ -d $1 ] ; then
    echo "directory $1 already exists"
else
    autoconf2.13
    autoconf213
    mkdir $1
    cd $1
    <strong>LLVM_ROOT="<span style="color:orange;">$HOME/llvm</span>"</strong>
    SANFLAG="<strong>-fsanitize=undefined -fno-sanitize=alignment,float-divide-by-zero,vptr</strong> -Dxmalloc=myxmalloc" \
    CC="$LLVM_ROOT/build/Release+Asserts/bin/clang" \
    CXX="$LLVM_ROOT/build/Release+Asserts/bin/clang++" \
    CFLAGS="$SANFLAG" \
    CXXFLAGS="$SANFLAG" \
    <strong>MOZ_LLVM_HACKS=1</strong> \
            ../configure --enable-debug --disable-optimize
    make -j 8
fi</pre>
<p>3. Use the script to compile SpiderMonkey.</p>
<p>This enables all the <strong><a href="http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation" title="http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation">cheap undefined behavior checks</a></strong> other than:</p>
<ul>
  <li><strong>alignment</strong>, which hits known bugs in SpiderMonkey, and is more implementation-defined (slow on x86 / crash on ARM) than undefined behavior</li>
  <li><strong>float-divide-by-zero</strong>, which Jesse doesn't think is actually undefined behavior (aside from the question of whether CPU overflow flags are set)</li>
  <li><strong>vptr</strong>, a check that requires RTTI, which is disabled by default in SpiderMonkey</li>
</ul>
<p><strong><a href="https://bugzilla.mozilla.org/buglist.cgi?quicksearch=sw%3A&quot;[-fsanitize&quot;" title="https://bugzilla.mozilla.org/buglist.cgi?quicksearch=sw%3A&quot;[-fsanitize&quot;">Known bugs</a></strong>. Please file new bugs with [-fsanitize=X] in the status whiteboard, where X is the relevant sanitize option.</p>
Revert to this revision