Reviving TypeSanitizer - a sanitizer to catch type-based aliasing violations

Hi,

A while ago, @hfinkel proposed a new sanitizer for type-based aliasing violations. He also shared an initial implementation as well:

Recently I spent some time rebasing the patches, ported them to current main and also made them work in macOS.

At the moment, there are a few key limitations on type-based aliasing in LLVM/Clang and one factor blocking progress in that area is concerns for correctness; in particular the fact that we don’t have a way to check a program is free of type-based aliasing violations makes it difficult the determine if a mis-compile is caused by a new bug in the TBAA implementation or UB in the source.

Therefore I propose to revive the type sanitizer patches and try to get an initial version submitted. To do that I would need help, especially on the sanitizer runtime side. At the moment, the all tysan tests added in the runtime patch work on macOS, but it would be great if someone could give it a try on Linux as well.

Please let me know if you are interested in helping out, there certainly are many areas that would need further tuning and testing.

cc’ing some of the people on the original review on discourse: @jdoerfert @kcc

9 Likes

Hi @fhahn, I’m familiar with ASan and TSan but not familiar with TySan. I’m very interested in helping this.

Glad to see this is getting picked up again. We had this on queue as an intern project. What kind of help would you need landing these patches?

Thanks both @Enna1 & @leonardchan!

I think one of the main things is that I am only able to test this on macOS so far. Any help with checking the tests (in particular the end-to-end tests in compiler-rt) on Linux would be great. Then there’s the technical review of the implementation.

It would also be great if we could collect additional test cases for violations we want to detect or should not detect.

Finally, performance is also an area that will likely need improvements. Both that and increasing the test coverage is probably easier done once we have a baseline in tree.

Hi @fhahn, I tried TypeSanitizer on my Linux environment, I think I make TySan build and tests passed on Linux.
Should I update the diff in the initial implementation patch or send a new patch( ⚙ D137414 [TySan] Fix Type Sanitizer build on Linux)?
Thanks!

1 Like

That’s great, thank you very much!

I think I’ll commandeer the reviews and restart the reviews.

3 Likes