[llvm-branch-commits] [Clang] Introduce -fsanitize=alloc-token (PR #156844)

[Marco Elver via llvm-branch-commits]

https://github.com/melver created https://github.com/llvm/llvm-project/pull/156844

Introduce the `-fsanitize=alloc-token` command-line option, hooking up
the AllocToken pass -- it provides allocation tokens to compatible
runtime allocators, enabling different heap organization strategies,
e.g. hardening schemes based on heap partitioning.

The instrumentation rewrites standard allocation calls into variants
that accept an additional `uint64_t token_id` argument. For example,
calls to `malloc(size)` become `__alloc_token_malloc(size, token_id)`,
and a C++ `new MyType` expression will call `__alloc_token_Znwm(size,
token_id)`.

Currently untyped allocation calls do not yet have `!alloc_token_hint`
metadata, and therefore receive the fallback token only. This will be
fixed in subsequent changes through best-effort type-inference.

One benefit of the instrumentation approach is that it can be applied
transparently to large codebases, and scales in deployment as other
sanitizers.

Similarly to other sanitizers, instrumentation can selectively be
controlled using `__attribute__((no_sanitize("alloc-token")))`. Support
for sanitizer ignorelists to disable instrumentation for specific
functions or source files is implemented.

See clang/docs/AllocToken.rst for more usage instructions.

Link: https://discourse.llvm.org/t/rfc-a-framework-for-allocator-partitioning-hints/87434