Re: Having problems when trying to instrument all code of a specific UEFI driver (including the library code)

Andrew Fish

On Apr 10, 2021, at 1:31 PM, wrote:

Hi Andrew,

I'm trying to enable MemorySanitizer/AddressSanitizer for SMM drivers in TianoCore, so I will use it for dynamic analysis. To do this, I want to use LLVM to instrument the SMM drivers when they are built. but since the libraries are built separately and later linked with the compiled source files of the corresponding .inf file, these library files will not be instrumented.

I can now instrument the source files, for instance with "-fsanitize=memory", but the library code (LibraryClasses) for VariableSmm.efi will not be instrumented, as the library code is not recompiled for VariableSmm.efi, but only compiled once at the start and then linked repeatedly with the various drivers (this is what I assume). So, ideally, I would like to recompile the library code for VariableSmm.efi with "-fsanitize=memory", but only do this for VariableSmm.efi, not for other UEFI drivers.

There is the concept of override of things per single INF file entry in the DSC [1]. This syntax include <BuildOptions> and pointing at alternate libraries for just those drivers. If you have common libs that you need 2
flavors of you could fork a copy and point to those from the per driver entries in the DSC, for the drivers that you care about
I think this is what I need, but from your example, it seems that a library is not replaced, it is only appended (UefiShellNetwork2CommandsLib.inf is either included or not) or does the code you provide overwrite the whole LibraryClasses section for a specific driver? I think I'm misunderstanding something, but what you say seems to be what I'm looking for.

To be more specific, here either UefiShellNetwork2CommandsLib.inf is included or not, UefiShellNetwork2CommandsLib.inf does not overwrite a certain library, or does the overwriting of libraries (to use either library A or library B for the same functionality) happen somewhere else?

I hope I explained my problem clearly, if not, please say so! I also appreciate the brainstorming, it allows me to learn more about the project :).

Thanks that is a clear explanation.

Sorry I picked a bad example as a NULL library class means force link the library even if it is not listed in the drivers INF file. Examples of NULL would be a compiler intrinsic lib, or a library (that calls another EFI or lib API) to register services.

You should be able to do something like

ShellPkg/Application/Shell/Shell.inf {

So basically in every library instance you car about you clone the INF file to the *.sanitize.inf version and flip the compiler flags. Then you can point sanitized drivers at the sanitized lib. You can also use the NULL library if you need to inject some intrinsics for the sanitizer runtime (unless you just had it compile traps).

If you look in the Build output you will notice there are 2 levels that often have the same, or similar, name [1], I think you will find the 2nd name is the INF file name so it should be possible

[1] Build//OvmfX64/DEBUG_XCODE5/X64/OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib/


Andrew Fish

Kind regards,


Join to automatically receive all group messages.