fix: disable unsigned integer overflow sanitization (#4785)

* fix: disable unsigned integer overflow sanitization in build configurations

FYI: from https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

`-fsanitize=unsigned-integer-overflow`: Unsigned integer overflow, where the result of an unsigned integer computation cannot be represented in its type. Unlike signed integer overflow, this is not undefined behavior, but it is often unintentional. This sanitizer does not check for lossy implicit conversions performed before such a computation.

It brings a more common question: which is better, pre-additional-check or post-additional-check to fix a potential unsigned integer overflow? A pre-additional-check involves using a check to prevent integer overflow from the very beginning. A post-additional-check involves using a check after addition to see if there is an overflow.

In this project, post-additional-checking is widely used. let's follow the routine.

for performance sensitive logic, use __builtin_add_overflow etc. provide something like https://github.com/yamt/toywasm/blob/9a5622791e99395e26e6e96cef830af3d91a1685/lib/platform.h#L176-L191 and encourage the use of them.

ref. https://github.com/bytecodealliance/wasm-micro-runtime/pull/4549#issuecomment-3218687294

* fix: ensure proper definition checks for build options in CMakeLists of wasm-mutator
* optimize how to involve sanitizer flags
* fix: update LLVM branch and refine sanitizer flags in CMake configurations
* fix: add requests package to development requirements

.devcontainer/requirements.txt

@@ -2,3 +2,4 @@ black
 nose
 pycparser
 pylint
+requests

build-scripts/build_llvm.py

@@ -304,7 +304,7 @@ def main():
         "default": {
             "repo": "https://github.com/llvm/llvm-project.git",
             "repo_ssh": "git@github.com:llvm/llvm-project.git",
-            "branch": "release/18.x",
+            "branch": "llvmorg-18.1.8",
         },
     }
 

build-scripts/config_common.cmake

@@ -196,7 +196,10 @@ if (NOT WAMR_BUILD_SANITIZER STREQUAL "")
     message(FATAL_ERROR "Unsupported sanitizers: ${INVALID_SANITIZERS}")
   endif()
   # common flags for all sanitizers
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 -fno-omit-frame-pointer -fno-sanitize-recover=all")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 -fno-omit-frame-pointer -fno-sanitize-recover=all -fno-sanitize=alignment")
+  if(CMAKE_C_COMPILER_ID MATCHES ".*Clang")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize=unsigned-integer-overflow")
+  endif()
   if(SANITIZER_FLAGS)
     string(REPLACE ";" "," SANITIZER_FLAGS_STR "${SANITIZER_FLAGS}")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=${SANITIZER_FLAGS_STR}")

build-scripts/unsupported_combination.cmake

@@ -61,7 +61,6 @@ endfunction()
 # Below are the unsupported combinations checks
 # Please keep this list in sync with tests/unit/unsupported-features/CMakeLists.txt
 # and tests/wamr-test-suites/test_wamr.sh
-cmake_print_variables(WAMR_BUILD_INTERP WAMR_BUILD_FAST_INTERP WAMR_BUILD_JIT WAMR_BUILD_EXCE_HANDLING)
 
 if(WAMR_BUILD_EXCE_HANDLING EQUAL 1)
   check_aot_mode_error("Unsupported build configuration: EXCE_HANDLING + AOT")

tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt

@@ -172,21 +172,19 @@ set(IWASM_DIR ${REPO_ROOT_DIR}/core/iwasm)
 # Global setting
 add_compile_options(-Wno-unused-command-line-argument)
 
-# Enable fuzzer
-add_definitions(-DWASM_ENABLE_FUZZ_TEST=1)
-# '-fsanitize=vptr' not allowed with '-fno-rtti
-# But, LLVM by default, disables the use of `rtti` in the compiler
-add_compile_options(-fsanitize=fuzzer -fno-sanitize=vptr)
-add_link_options(-fsanitize=fuzzer -fno-sanitize=vptr)
-
 # Enable sanitizers if not in oss-fuzz environment
 set(CFLAGS_ENV $ENV{CFLAGS})
-string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" FUZZ_POS)
+  string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" FUZZ_POS)
 if (FUZZ_POS GREATER -1)
   set(IN_OSS_FUZZ 1)
 else()
   set(IN_OSS_FUZZ 0)
 endif()
 
+# Enable fuzzer
+add_definitions(-DWASM_ENABLE_FUZZ_TEST=1)
+
+include(${CMAKE_CURRENT_LIST_DIR}/sanitizer_flags.cmake)
+
 add_subdirectory(aot-compiler)
 add_subdirectory(wasm-mutator)

tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt

@@ -67,17 +67,5 @@ target_link_directories(aotclib PUBLIC ${LLVM_LIBRARY_DIR})
 
 target_link_libraries(aotclib PUBLIC ${REQUIRED_LLVM_LIBS})
 
-if(NOT IN_OSS_FUZZ)
-  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for aotclib")
-  target_compile_options(aotclib PUBLIC
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  target_link_options(aotclib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
-endif()
-
 add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc)
 target_link_libraries(aot_compiler_fuzz PRIVATE stdc++ aotclib)

tests/fuzz/wasm-mutator-fuzz/sanitizer_flags.cmake

@@ -0,0 +1,30 @@
+if(NOT IN_OSS_FUZZ)
+  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for vmlib")
+
+  add_compile_options(-fprofile-instr-generate -fcoverage-mapping)
+
+  #
+  # Sync up with the content of infra/base-images/base-builder/Dockerfile in oss-fuzz
+  #
+
+  # SANITIZER_FLAGS_address
+  add_compile_options(-fsanitize=address -fsanitize-address-use-after-scope)
+
+  # SANITIZER_FLAGS_undefined
+  add_compile_options(
+    -fsanitize=array-bounds,bool,builtin,enum,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr
+    -fno-sanitize-recover=array-bounds,bool,builtin,enum,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr
+  )
+
+  add_link_options(-fsanitize=address,undefined -fprofile-instr-generate)
+endif()
+
+# Always disable unsigned-integer-overflow 
+if(CMAKE_C_COMPILER_ID MATCHES ".*Clang")
+  add_compile_options(-fno-sanitize=unsigned-integer-overflow)
+endif()
+
+# '-fsanitize=vptr' not allowed with '-fno-rtti
+# But, LLVM by default, disables the use of `rtti` in the compiler
+add_compile_options(-fsanitize=fuzzer -fno-sanitize=vptr)
+add_link_options(-fsanitize=fuzzer -fno-sanitize=vptr)

tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt

@@ -6,43 +6,46 @@ if(CUSTOM_MUTATOR EQUAL 1)
 endif()
 
 # Set default build options with the ability to override from the command line
-if(NOT WAMR_BUILD_INTERP)
+if(NOT DEFINED WAMR_BUILD_INTERP)
   set(WAMR_BUILD_INTERP 1)
 endif()
 
-if(NOT WAMR_BUILD_AOT)
+if(NOT DEFINED WAMR_BUILD_AOT)
   set(WAMR_BUILD_AOT 1)
 endif()
 
-if(NOT WAMR_BUILD_JIT)
+if(NOT DEFINED WAMR_BUILD_JIT)
   set(WAMR_BUILD_JIT 0)
 endif()
 
-if(NOT WAMR_BUILD_LIBC_BUILTIN)
+if(NOT DEFINED WAMR_BUILD_LIBC_BUILTIN)
   set(WAMR_BUILD_LIBC_BUILTIN 0)
 endif()
 
-if(NOT WAMR_BUILD_LIBC_WASI)
+if(NOT DEFINED WAMR_BUILD_LIBC_WASI)
   set(WAMR_BUILD_LIBC_WASI 1)
 endif()
 
-if(NOT WAMR_BUILD_FAST_INTERP)
+if(NOT DEFINED WAMR_BUILD_FAST_INTERP)
   set(WAMR_BUILD_FAST_INTERP 1)
 endif()
 
-if(NOT WAMR_BUILD_MULTI_MODULE)
+if(NOT DEFINED WAMR_BUILD_MULTI_MODULE)
   set(WAMR_BUILD_MULTI_MODULE 0)
 endif()
 
-if(NOT WAMR_BUILD_LIB_PTHREAD)
+if(NOT DEFINED WAMR_BUILD_LIB_PTHREAD)
   set(WAMR_BUILD_LIB_PTHREAD 0)
 endif()
 
-if(NOT WAMR_BUILD_MINI_LOADER)
+if(NOT DEFINED WAMR_BUILD_MINI_LOADER)
   set(WAMR_BUILD_MINI_LOADER 0)
 endif()
 
-set(WAMR_BUILD_SIMD 1)
+if(NOT DEFINED WAMR_BUILD_SIMD)
+  set(WAMR_BUILD_SIMD 1)
+endif()
+
 set(WAMR_BUILD_REF_TYPES 1)
 set(WAMR_BUILD_GC 1)
 
@@ -56,15 +59,3 @@ target_link_libraries(vmlib PUBLIC ${REQUIRED_LLVM_LIBS})
 
 add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
 target_link_libraries(wasm_mutator_fuzz PRIVATE vmlib m)
-
-if(NOT IN_OSS_FUZZ)
-  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for vmlib")
-  target_compile_options(vmlib PUBLIC
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  target_link_options(vmlib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
-endif()