Proposal for first review - Just the "back end" of the sanitizer

clang/include/clang/Basic/Sanitizers.def

@@ -37,6 +37,9 @@
 #endif
 
 
+// RealtimeSanitizer
+SANITIZER("realtime", Realtime)
+
 // AddressSanitizer
 SANITIZER("address", Address)
 

clang/include/clang/Driver/SanitizerArgs.h

@@ -79,6 +79,7 @@ class SanitizerArgs {
   bool needsStableAbi() const { return StableABI; }
 
   bool needsMemProfRt() const { return NeedsMemProfRt; }
+  bool needsRadsanRt() const { return Sanitizers.has(SanitizerKind::Realtime); }
   bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); }
   bool needsHwasanRt() const {
     return Sanitizers.has(SanitizerKind::HWAddress);

clang/lib/Driver/ToolChains/CommonArgs.cpp

@@ -1357,6 +1357,8 @@ collectSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
       if (!Args.hasArg(options::OPT_shared))
         HelperStaticRuntimes.push_back("hwasan-preinit");
     }
+    if (SanArgs.needsRadsanRt() && SanArgs.linkRuntimes())
+      SharedRuntimes.push_back("radsan");
   }
 
   // The stats_client library is also statically linked into DSOs.
@@ -1382,6 +1384,10 @@ collectSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
       StaticRuntimes.push_back("asan_cxx");
   }
 
+  if (!SanArgs.needsSharedRt() && SanArgs.needsRadsanRt() && SanArgs.linkRuntimes()) {
+    StaticRuntimes.push_back("radsan");
+  }
+
   if (!SanArgs.needsSharedRt() && SanArgs.needsMemProfRt()) {
     StaticRuntimes.push_back("memprof");
     if (SanArgs.linkCXXRuntimes())

clang/lib/Driver/ToolChains/Darwin.cpp

@@ -1487,6 +1487,8 @@ void DarwinClang::AddLinkRuntimeLibArgs(const ArgList &Args,
     const char *sanitizer = nullptr;
     if (Sanitize.needsUbsanRt()) {
       sanitizer = "UndefinedBehaviorSanitizer";
+    } else if (Sanitize.needsRadsanRt()) {
+      sanitizer = "RealtimeSanitizer";
     } else if (Sanitize.needsAsanRt()) {
       sanitizer = "AddressSanitizer";
     } else if (Sanitize.needsTsanRt()) {
@@ -1509,6 +1511,11 @@ void DarwinClang::AddLinkRuntimeLibArgs(const ArgList &Args,
         AddLinkSanitizerLibArgs(Args, CmdArgs, "asan");
       }
     }
+    if(Sanitize.needsRadsanRt())
+    {
+      assert(Sanitize.needsSharedRt() && "Static sanitizer runtimes not supported");
+      AddLinkSanitizerLibArgs(Args, CmdArgs, "radsan");
+    }
     if (Sanitize.needsLsanRt())
       AddLinkSanitizerLibArgs(Args, CmdArgs, "lsan");
     if (Sanitize.needsUbsanRt()) {
@@ -3393,6 +3400,7 @@ SanitizerMask Darwin::getSupportedSanitizers() const {
   const bool IsAArch64 = getTriple().getArch() == llvm::Triple::aarch64;
   SanitizerMask Res = ToolChain::getSupportedSanitizers();
   Res |= SanitizerKind::Address;
+  Res |= SanitizerKind::Realtime;
   Res |= SanitizerKind::PointerCompare;
   Res |= SanitizerKind::PointerSubtract;
   Res |= SanitizerKind::Leak;

clang/lib/Driver/ToolChains/Linux.cpp

@@ -799,6 +799,7 @@ SanitizerMask Linux::getSupportedSanitizers() const {
   const bool IsHexagon = getTriple().getArch() == llvm::Triple::hexagon;
   SanitizerMask Res = ToolChain::getSupportedSanitizers();
   Res |= SanitizerKind::Address;
+  Res |= SanitizerKind::Realtime;
   Res |= SanitizerKind::PointerCompare;
   Res |= SanitizerKind::PointerSubtract;
   Res |= SanitizerKind::Fuzzer;

clang/runtime/CMakeLists.txt

@@ -150,6 +150,7 @@ if(LLVM_BUILD_EXTERNAL_COMPILER_RT AND EXISTS ${COMPILER_RT_SRC_ROOT}/)
         check-lsan
         check-msan
         check-profile
+        check-radsan
         check-safestack
         check-sanitizer
         check-tsan

compiler-rt/cmake/Modules/AllSupportedArchDefs.cmake

@@ -32,6 +32,9 @@ set(ALL_ASAN_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${RISCV64}
     ${LOONGARCH64})
 set(ALL_ASAN_ABI_SUPPORTED_ARCH ${X86_64} ${ARM64} ${ARM64_32})
 set(ALL_DFSAN_SUPPORTED_ARCH ${X86_64} ${MIPS64} ${ARM64} ${LOONGARCH64})
+set(ALL_RADSAN_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${RISCV64}
+    ${MIPS32} ${MIPS64} ${PPC64} ${S390X} ${SPARC} ${SPARCV9} ${HEXAGON}
+    ${LOONGARCH64})
 
 if(ANDROID)
   set(OS_NAME "Android")

compiler-rt/cmake/config-ix.cmake

@@ -611,6 +611,9 @@ if(APPLE)
   list_intersect(ASAN_SUPPORTED_ARCH
     ALL_ASAN_SUPPORTED_ARCH
     SANITIZER_COMMON_SUPPORTED_ARCH)
+  list_intersect(RADSAN_SUPPORTED_ARCH
+    ALL_RADSAN_SUPPORTED_ARCH
+    SANITIZER_COMMON_SUPPORTED_ARCH)
   list_intersect(DFSAN_SUPPORTED_ARCH
     ALL_DFSAN_SUPPORTED_ARCH
     SANITIZER_COMMON_SUPPORTED_ARCH)
@@ -674,6 +677,7 @@ else()
   filter_available_targets(UBSAN_COMMON_SUPPORTED_ARCH
     ${SANITIZER_COMMON_SUPPORTED_ARCH})
   filter_available_targets(ASAN_SUPPORTED_ARCH ${ALL_ASAN_SUPPORTED_ARCH})
+  filter_available_targets(RADSAN_SUPPORTED_ARCH ${ALL_RADSAN_SUPPORTED_ARCH})
   filter_available_targets(FUZZER_SUPPORTED_ARCH ${ALL_FUZZER_SUPPORTED_ARCH})
   filter_available_targets(DFSAN_SUPPORTED_ARCH ${ALL_DFSAN_SUPPORTED_ARCH})
   filter_available_targets(LSAN_SUPPORTED_ARCH ${ALL_LSAN_SUPPORTED_ARCH})
@@ -726,7 +730,7 @@ if(COMPILER_RT_SUPPORTED_ARCH)
 endif()
 message(STATUS "Compiler-RT supported architectures: ${COMPILER_RT_SUPPORTED_ARCH}")
 
-set(ALL_SANITIZERS asan;dfsan;msan;hwasan;tsan;safestack;cfi;scudo_standalone;ubsan_minimal;gwp_asan;asan_abi)
+set(ALL_SANITIZERS asan;radsan;dfsan;msan;hwasan;tsan;safestack;cfi;scudo_standalone;ubsan_minimal;gwp_asan;asan_abi)
 set(COMPILER_RT_SANITIZERS_TO_BUILD all CACHE STRING
     "sanitizers to build if supported on the target (all;${ALL_SANITIZERS})")
 list_replace(COMPILER_RT_SANITIZERS_TO_BUILD all "${ALL_SANITIZERS}")
@@ -757,6 +761,12 @@ else()
   set(COMPILER_RT_HAS_ASAN FALSE)
 endif()
 
+if (COMPILER_RT_HAS_SANITIZER_COMMON AND RADSAN_SUPPORTED_ARCH)
+  set(COMPILER_RT_HAS_RADSAN TRUE)
+else()
+  set(COMPILER_RT_HAS_RADSAN FALSE)
+endif()
+
 if (OS_NAME MATCHES "Linux|FreeBSD|Windows|NetBSD|SunOS")
   set(COMPILER_RT_ASAN_HAS_STATIC_RUNTIME TRUE)
 else()

compiler-rt/lib/radsan/CMakeLists.txt

@@ -0,0 +1,92 @@
+include_directories(..)
+
+set(RADSAN_CXX_SOURCES
+  radsan.cpp
+  radsan_context.cpp
+  radsan_stack.cpp
+  radsan_interceptors.cpp)
+
+set(RADSAN_PREINIT_SOURCES
+  radsan_preinit.cpp)
+
+set(RADSAN_HEADERS
+  radsan.h
+  radsan_context.h
+  radsan_stack.h)
+
+set(RADSAN_DEPS)
+
+set(RADSAN_CFLAGS
+  ${COMPILER_RT_COMMON_CFLAGS}
+  ${COMPILER_RT_CXX_CFLAGS}
+  -DSANITIZER_COMMON_NO_REDEFINE_BUILTINS)
+set(RADSAN_LINK_FLAGS ${COMPILER_RT_COMMON_LINK_FLAGS})
+set(RADSAN_LINK_LIBS
+  ${COMPILER_RT_UNWINDER_LINK_LIBS}
+  ${COMPILER_RT_CXX_LINK_LIBS})
+
+if(APPLE)
+  add_compiler_rt_object_libraries(RTRadsan
+    OS ${SANITIZER_COMMON_SUPPORTED_OS}
+    ARCHS ${RADSAN_SUPPORTED_ARCH}
+    SOURCES ${RADSAN_CXX_SOURCES}
+    ADDITIONAL_HEADERS ${RADSAN_HEADERS}
+    CFLAGS ${RADSAN_CFLAGS}
+    DEPS ${RADSAN_DEPS})
+else()
+  add_compiler_rt_object_libraries(RTRadsan
+    ARCHS ${RADSAN_SUPPORTED_ARCH}
+    SOURCES ${RADSAN_CXX_SOURCES}
+    ADDITIONAL_HEADERS ${RADSAN_HEADERS}
+    CFLAGS ${RADSAN_CFLAGS}
+    DEPS ${RADSAN_DEPS})
+  add_compiler_rt_object_libraries(RTRadsan_preinit
+    ARCHS ${RADSAN_SUPPORTED_ARCH}
+    SOURCES ${RADSAN_PREINIT_SOURCES}
+    ADDITIONAL_HEADERS ${RADSAN_HEADERS}
+    CFLAGS ${RADSAN_CFLAGS})
+endif()
+
+set(RADSAN_COMMON_RUNTIME_OBJECT_LIBS
+  RTInterception
+  RTSanitizerCommon
+  RTSanitizerCommonLibc
+  RTSanitizerCommonCoverage
+  RTSanitizerCommonSymbolizer)
+
+append_list_if(COMPILER_RT_HAS_LIBDL dl RADSAN_LINK_LIBS)
+append_list_if(COMPILER_RT_HAS_LIBRT rt RADSAN_LINK_LIBS)
+append_list_if(COMPILER_RT_HAS_LIBM m RADSAN_LINK_LIBS)
+append_list_if(COMPILER_RT_HAS_LIBPTHREAD pthread RADSAN_LINK_LIBS)
+append_list_if(COMPILER_RT_HAS_LIBLOG log RADSAN_LINK_LIBS)
+
+add_compiler_rt_component(radsan)
+
+if (APPLE)
+  add_weak_symbols("sanitizer_common" WEAK_SYMBOL_LINK_FLAGS)
+  set(RADSAN_LINK_FLAGS ${RADSAN_LINK_FLAGS} ${WEAK_SYMBOL_LINK_FLAGS})
+
+  add_compiler_rt_runtime(clang_rt.radsan
+    SHARED
+    OS ${SANITIZER_COMMON_SUPPORTED_OS}
+    ARCHS ${RADSAN_SUPPORTED_ARCH}
+    OBJECT_LIBS RTRadsan
+                ${RADSAN_COMMON_RUNTIME_OBJECT_LIBS}
+    LINK_FLAGS ${RADSAN_LINK_FLAGS}
+    LINK_LIBS ${RADSAN_LINK_LIBS}
+    PARENT_TARGET radsan)
+else()
+  add_compiler_rt_runtime(clang_rt.radsan
+    STATIC
+    ARCHS ${RADSAN_SUPPORTED_ARCH}
+    OBJECT_LIBS RTRadsan_preinit
+                RTRadsan
+                ${RADSAN_COMMON_RUNTIME_OBJECT_LIBS}
+    LINK_FLAGS ${RADSAN_LINK_FLAGS}
+    CFLAGS ${RADSAN_CFLAGS}
+    PARENT_TARGET radsan)
+endif()
+
+if(COMPILER_RT_INCLUDE_TESTS)
+  add_subdirectory(tests)
+endif()

compiler-rt/lib/radsan/radsan.cpp

@@ -0,0 +1,32 @@
+/**
+    This file is part of the RealtimeSanitizer (RADSan) project.
+    https://github.com/realtime-sanitizer/radsan
+
+    Copyright 2023 David Trevelyan & Alistair Barker
+    Subject to GNU General Public License (GPL) v3.0
+*/
+
+#include <radsan/radsan.h>
+#include <radsan/radsan_context.h>
+#include <radsan/radsan_interceptors.h>
+#include <unistd.h>
+
+extern "C" {
+RADSAN_EXPORT void radsan_init() { radsan::initialiseInterceptors(); }
+
+RADSAN_EXPORT void radsan_realtime_enter() {
+  radsan::getContextForThisThread().realtimePush();
+}
+
+RADSAN_EXPORT void radsan_realtime_exit() {
+  radsan::getContextForThisThread().realtimePop();
+}
+
+RADSAN_EXPORT void radsan_off() {
+  radsan::getContextForThisThread().bypassPush();
+}
+
+RADSAN_EXPORT void radsan_on() {
+  radsan::getContextForThisThread().bypassPop();
+}
+}

compiler-rt/lib/radsan/radsan.h

@@ -0,0 +1,73 @@
+/**
+    This file is part of the RealtimeSanitizer (RADSan) project.
+    https://github.com/realtime-sanitizer/radsan
+
+    Copyright 2023 David Trevelyan & Alistair Barker
+    Subject to GNU General Public License (GPL) v3.0
+*/
+
+#pragma once
+
+#define RADSAN_EXPORT __attribute__((visibility("default")))
+
+extern "C" {
+
+/**
+    Initialise radsan interceptors. A call to this method is added to the
+    preinit array on Linux systems.
+
+    @warning Do not call this method as a user.
+*/
+RADSAN_EXPORT void radsan_init();
+
+/** Enter real-time context.
+
+    When in a real-time context, RADSan interceptors will error if realtime
+    violations are detected. Calls to this method are injected at the code
+    generation stage when RADSan is enabled.
+
+    @warning Do not call this method as a user
+*/
+RADSAN_EXPORT void radsan_realtime_enter();
+
+/** Exit the real-time context.
+
+    When not in a real-time context, RADSan interceptors will simply forward
+    intercepted method calls to the real methods.
+
+    @warning Do not call this method as a user
+*/
+RADSAN_EXPORT void radsan_realtime_exit();
+
+/** Disable all RADSan error reporting.
+
+    This method might be useful to you if RADSan is presenting you with an error
+    for some code you are confident is realtime safe. For example, you might
+    know that a mutex is never contested, and that locking it will never block
+    on your particular system. Be careful!
+
+    A call to `radsan_off()` MUST be paired with a corresponding `radsan_on()`
+    to reactivate interception after the code in question. If you don't, radsan
+    will cease to work.
+
+    Example:
+
+        float process (float x) [[clang::nonblocking]] 
+        {
+            auto const y = 2.0f * x;
+
+            radsan_off();
+            i_know_this_method_is_realtime_safe_but_radsan_complains_about_it();
+            radsan_on();
+        }
+
+*/
+RADSAN_EXPORT void radsan_off();
+
+/** Re-enable all RADSan error reporting.
+
+    The counterpart to `radsan_off`. See the description for `radsan_off` for
+    details about how to use this method.
+*/
+RADSAN_EXPORT void radsan_on();
+}