[llvm-dev] A libc in LLVM
Shawn Webb via llvm-dev
llvm-dev at lists.llvm.org
Mon Jun 24 17:28:37 PDT 2019
HardenedBSD is a derivative of FreeBSD that aims to perform a
clean-room reimplementation of the publicly-documented bits of the
grsecurity patchset. We're extremely interested in llvm's CFI to fill
the gap of PaX's/grsecurity's patented/GPLv3'd excellent RAP
implementation. We've made measurable and tangible progress in
researching and integrating Cross-DSO CFI (even producing a pre-alpha
Call-For-Testing of Cross-DSO CFI in HardenedBSD base).
One hard problem I need to solve is tight integration of the sanitizer
library into both our libc and our RTLD while also attempting to keep
diffs minimal with our upstream FreeBSD.
Having a libc that was sanitizer-centric (or, at least, aware) and
could serve as a drop-in replacement for our libc would be a major
win and would even enable quicker development of novel security
technologies in the future.
On Mon, Jun 24, 2019 at 03:23:20PM -0700, Siva Chandra via llvm-dev wrote:
> Hello LLVM Developers,
> Within Google, we have a growing range of needs that existing libc
> implementations don't quite address. This is pushing us to start working on
> a new libc implementation.
> Informal conversations with others within the LLVM community has told us
> that a libc in LLVM is actually a broader need, and we are increasingly
> consolidating our toolchains around LLVM. Hence, we wanted to see if the
> LLVM project would be interested in us developing this upstream as part of
> the project.
> To be very clear: we don't expect our needs to exactly match everyone
> else's -- part of our impetus is to simplify things wherever we can, and
> that may not quite match what others want in a libc. That said, we do
> believe that the effort will still be directly beneficial and usable for
> the broader LLVM community, and may serve as a starting point for others in
> the community to flesh out an increasingly complete set of libc
> We are still in the early stages, but we do have some high-level goals and
> guiding principles of the initial scope we are interested in pursuing:
> The project should mesh with the "as a library" philosophy of the LLVM
> project: even though "the C Standard Library" is nominally "a library,"
> most implementations are, in practice, quite monolithic.
> The libc should support static non-PIE and static-PIE linking. This
> means, providing the CRT (the C runtime) and a PIE loader for static
> non-PIE and static-PIE linked executables.
Having a portable, permissively-licensed CSU/CRT that supports static
PIE would be a very welcomed project, especially if HardenedBSD could
make use of it.
> If there is a specification, we should follow it. The scope that we need
> includes most of the C Standard Library; POSIX additions; and some
> necessary, system-specific extensions. This does not mean we should (or
> can) follow the entire specification -- there will be some parts which
> simply aren't worth implementing, and some parts which cannot be safely
> used in modern coding practice.
> Vendor extensions must be considered very carefully, and only admitted
> when necessary. Similar to Clang and libc++, it does seem inevitable that
> we will need to provide some level of compatibility with other vendors'
> The project should be an exemplar of developing with LLVM tooling. Two
> examples are fuzz testing from the start, and sanitizer-supported testing.
> There are also few areas which we do not intend to invest in at this point:
> Implement dynamic loading and linking support.
That is correct. Implementing a runtime linker (RTLD) is orthogonal.
However, it seems to be the next logical (and welcomed!) step. Not
within scope of a libc implementation, though.
> Support for more architectures (we'll start with just x86-64 for
> For these areas, the community is of course free to contribute. Our hope is
> that, preserving the "as a library" design philosophy will make such
> extensions easy, and allow retaining the simplicity when these features
> aren't needed.
> We intend to build the new libc in a gradual manner. To begin with, the
> new libc will be a layer sitting between the application and the system
> libc. Eventually, when the implementation is sufficiently complete, it will
> be able to replace the system libc at least for some use cases and contexts.
> So, what do you think about incorporating this new libc under the LLVM
Even if the new libc isn't merged into llvm, it would be very
interesting to collaborate on. I would hope that Google would remain
interested in keeping in open sourced, and perhaps maintained in a
fashion that multiple OS vendors can adopt.
Cofounder / Security Engineer
Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: lattera at is.a.hacker.sx
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the llvm-dev