When LLVM was updated to a new enough release to have GWP-Asan, we
started getting probabilistic test failures, as the double-free would
sometimes be caught by GWP-Asan (odds are about 1/5000).
We should tolerate either output.
LLVM ships a hardened memory allocator called Scudo:
https://llvm.org/docs/ScudoHardenedAllocator.html. This allocator
provides additional mitigations against heap-based vulnerabilities, but
retains sufficient performance to be safely run in production
applications.
While ideal Swift applications are obviously written in pure Swift, in
practice most applications contain some amount of code written in
less-safe languages. Additionally, plenty of Swift programs themselves
contain unsafe code, particularly when attempting to implement
high-performance data structures. These sources of unsafety introduce
the risk of memory issues, and having the option to use the Scudo
allocator is a useful defense-in-depth tool.
This patch enables `-sanitize=scudo` as an extra `swiftc` flag. This
sanitizer is only supported on Linux, so no further work is required to
enable it on Windows or Apple platforms. As this "sanitizer" is only a
runtime component, we do not require any wider changes to instrument
code. This is similar to clang's `-fsanitize=scudo` flag.
The Swift driver rejects platforms that don't support Scudo using an
existing mechanism in the Driver that is not part of this patch. This
mechanism is in swift::parseSanitizerArgValues(...)
(lib/Option/SanitizerOptions.cpp). The mechanism determines if a
sanitizer is supported by checking for the existence of the
corresponding sanitizer runtime library in the compiler's resource
directory. The Scudo runtime library currently only exists in the
Linux compiler resource directory. This results in the driver only
allowing Scudo when targeting Linux.
