15 files changed, 1403 insertions, 0 deletions
diff --git a/lib/gwp_asan/definitions.h b/lib/gwp_asan/definitions.h
new file mode 100644
index 000000000000..1190adbd4f4f
--- /dev/null
+++ b/lib/gwp_asan/definitions.h
@@ -0,0 +1,29 @@
+//===-- gwp_asan_definitions.h ----------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_DEFINITIONS_H_
+#define GWP_ASAN_DEFINITIONS_H_
+
+#define TLS_INITIAL_EXEC __thread __attribute__((tls_model("initial-exec")))
+
+#ifdef LIKELY
+# undef LIKELY
+#endif // defined(LIKELY)
+#define LIKELY(X) __builtin_expect(!!(X), 1)
+
+#ifdef UNLIKELY
+# undef UNLIKELY
+#endif // defined(UNLIKELY)
+#define UNLIKELY(X) __builtin_expect(!!(X), 0)
+
+#ifdef ALWAYS_INLINE
+# undef ALWAYS_INLINE
+#endif // defined(ALWAYS_INLINE)
+#define ALWAYS_INLINE inline __attribute__((always_inline))
+
+#endif // GWP_ASAN_DEFINITIONS_H_
diff --git a/lib/gwp_asan/guarded_pool_allocator.cpp b/lib/gwp_asan/guarded_pool_allocator.cpp
new file mode 100644
index 000000000000..7e3628eba6ff
--- /dev/null
+++ b/lib/gwp_asan/guarded_pool_allocator.cpp
@@ -0,0 +1,510 @@
+//===-- guarded_pool_allocator.cpp ------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "gwp_asan/guarded_pool_allocator.h"
+
+#include "gwp_asan/options.h"
+
+// RHEL creates the PRIu64 format macro (for printing uint64_t's) only when this
+// macro is defined before including <inttypes.h>.
+#ifndef __STDC_FORMAT_MACROS
+  #define __STDC_FORMAT_MACROS 1
+#endif
+
+#include <assert.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+using AllocationMetadata = gwp_asan::GuardedPoolAllocator::AllocationMetadata;
+using Error = gwp_asan::GuardedPoolAllocator::Error;
+
+namespace gwp_asan {
+namespace {
+// Forward declare the pointer to the singleton version of this class.
+// Instantiated during initialisation, this allows the signal handler
+// to find this class in order to deduce the root cause of failures. Must not be
+// referenced by users outside this translation unit, in order to avoid
+// init-order-fiasco.
+GuardedPoolAllocator *SingletonPtr = nullptr;
+
+class ScopedBoolean {
+public:
+  ScopedBoolean(bool &B) : Bool(B) { Bool = true; }
+  ~ScopedBoolean() { Bool = false; }
+
+private:
+  bool &Bool;
+};
+
+void defaultPrintStackTrace(uintptr_t *Trace, options::Printf_t Printf) {
+  if (Trace[0] == 0)
+    Printf("  <unknown (does your allocator support backtracing?)>\n");
+
+  for (size_t i = 0; Trace[i] != 0; ++i) {
+    Printf("  #%zu 0x%zx in <unknown>\n", i, Trace[i]);
+  }
+  Printf("\n");
+}
+} // anonymous namespace
+
+// Gets the singleton implementation of this class. Thread-compatible until
+// init() is called, thread-safe afterwards.
+GuardedPoolAllocator *getSingleton() { return SingletonPtr; }
+
+void GuardedPoolAllocator::AllocationMetadata::RecordAllocation(
+    uintptr_t AllocAddr, size_t AllocSize, options::Backtrace_t Backtrace) {
+  Addr = AllocAddr;
+  Size = AllocSize;
+  IsDeallocated = false;
+
+  // TODO(hctim): Ask the caller to provide the thread ID, so we don't waste
+  // other thread's time getting the thread ID under lock.
+  AllocationTrace.ThreadID = getThreadID();
+  DeallocationTrace.ThreadID = kInvalidThreadID;
+  if (Backtrace)
+    Backtrace(AllocationTrace.Trace, kMaximumStackFrames);
+  else
+    AllocationTrace.Trace[0] = 0;
+  DeallocationTrace.Trace[0] = 0;
+}
+
+void GuardedPoolAllocator::AllocationMetadata::RecordDeallocation(
+    options::Backtrace_t Backtrace) {
+  IsDeallocated = true;
+  // Ensure that the unwinder is not called if the recursive flag is set,
+  // otherwise non-reentrant unwinders may deadlock.
+  if (Backtrace && !ThreadLocals.RecursiveGuard) {
+    ScopedBoolean B(ThreadLocals.RecursiveGuard);
+    Backtrace(DeallocationTrace.Trace, kMaximumStackFrames);
+  } else {
+    DeallocationTrace.Trace[0] = 0;
+  }
+  DeallocationTrace.ThreadID = getThreadID();
+}
+
+void GuardedPoolAllocator::init(const options::Options &Opts) {
+  // Note: We return from the constructor here if GWP-ASan is not available.
+  // This will stop heap-allocation of class members, as well as mmap() of the
+  // guarded slots.
+  if (!Opts.Enabled || Opts.SampleRate == 0 ||
+      Opts.MaxSimultaneousAllocations == 0)
+    return;
+
+  // TODO(hctim): Add a death unit test for this.
+  if (SingletonPtr) {
+    (*SingletonPtr->Printf)(
+        "GWP-ASan Error: init() has already been called.\n");
+    exit(EXIT_FAILURE);
+  }
+
+  if (Opts.SampleRate < 0) {
+    Opts.Printf("GWP-ASan Error: SampleRate is < 0.\n");
+    exit(EXIT_FAILURE);
+  }
+
+  if (Opts.SampleRate > INT32_MAX) {
+    Opts.Printf("GWP-ASan Error: SampleRate is > 2^31.\n");
+    exit(EXIT_FAILURE);
+  }
+
+  if (Opts.MaxSimultaneousAllocations < 0) {
+    Opts.Printf("GWP-ASan Error: MaxSimultaneousAllocations is < 0.\n");
+    exit(EXIT_FAILURE);
+  }
+
+  SingletonPtr = this;
+
+  MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations;
+
+  PageSize = getPlatformPageSize();
+
+  PerfectlyRightAlign = Opts.PerfectlyRightAlign;
+  Printf = Opts.Printf;
+  Backtrace = Opts.Backtrace;
+  if (Opts.PrintBacktrace)
+    PrintBacktrace = Opts.PrintBacktrace;
+  else
+    PrintBacktrace = defaultPrintStackTrace;
+
+  size_t PoolBytesRequired =
+      PageSize * (1 + MaxSimultaneousAllocations) +
+      MaxSimultaneousAllocations * maximumAllocationSize();
+  void *GuardedPoolMemory = mapMemory(PoolBytesRequired);
+
+  size_t BytesRequired = MaxSimultaneousAllocations * sizeof(*Metadata);
+  Metadata = reinterpret_cast<AllocationMetadata *>(mapMemory(BytesRequired));
+  markReadWrite(Metadata, BytesRequired);
+
+  // Allocate memory and set up the free pages queue.
+  BytesRequired = MaxSimultaneousAllocations * sizeof(*FreeSlots);
+  FreeSlots = reinterpret_cast<size_t *>(mapMemory(BytesRequired));
+  markReadWrite(FreeSlots, BytesRequired);
+
+  // Multiply the sample rate by 2 to give a good, fast approximation for (1 /
+  // SampleRate) chance of sampling.
+  if (Opts.SampleRate != 1)
+    AdjustedSampleRate = static_cast<uint32_t>(Opts.SampleRate) * 2;
+  else
+    AdjustedSampleRate = 1;
+
+  GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory);
+  GuardedPagePoolEnd =
+      reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired;
+
+  // Ensure that signal handlers are installed as late as possible, as the class
+  // is not thread-safe until init() is finished, and thus a SIGSEGV may cause a
+  // race to members if recieved during init().
+  if (Opts.InstallSignalHandlers)
+    installSignalHandlers();
+}
+
+void *GuardedPoolAllocator::allocate(size_t Size) {
+  // GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall
+  // back to the supporting allocator.
+  if (GuardedPagePoolEnd == 0)
+    return nullptr;
+
+  // Protect against recursivity.
+  if (ThreadLocals.RecursiveGuard)
+    return nullptr;
+  ScopedBoolean SB(ThreadLocals.RecursiveGuard);
+
+  if (Size == 0 || Size > maximumAllocationSize())
+    return nullptr;
+
+  size_t Index;
+  {
+    ScopedLock L(PoolMutex);
+    Index = reserveSlot();
+  }
+
+  if (Index == kInvalidSlotID)
+    return nullptr;
+
+  uintptr_t Ptr = slotToAddr(Index);
+  Ptr += allocationSlotOffset(Size);
+  AllocationMetadata *Meta = addrToMetadata(Ptr);
+
+  // If a slot is multiple pages in size, and the allocation takes up a single
+  // page, we can improve overflow detection by leaving the unused pages as
+  // unmapped.
+  markReadWrite(reinterpret_cast<void *>(getPageAddr(Ptr)), Size);
+
+  Meta->RecordAllocation(Ptr, Size, Backtrace);
+
+  return reinterpret_cast<void *>(Ptr);
+}
+
+void GuardedPoolAllocator::deallocate(void *Ptr) {
+  assert(pointerIsMine(Ptr) && "Pointer is not mine!");
+  uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr);
+  uintptr_t SlotStart = slotToAddr(addrToSlot(UPtr));
+  AllocationMetadata *Meta = addrToMetadata(UPtr);
+  if (Meta->Addr != UPtr) {
+    reportError(UPtr, Error::INVALID_FREE);
+    exit(EXIT_FAILURE);
+  }
+
+  // Intentionally scope the mutex here, so that other threads can access the
+  // pool during the expensive markInaccessible() call.
+  {
+    ScopedLock L(PoolMutex);
+    if (Meta->IsDeallocated) {
+      reportError(UPtr, Error::DOUBLE_FREE);
+      exit(EXIT_FAILURE);
+    }
+
+    // Ensure that the deallocation is recorded before marking the page as
+    // inaccessible. Otherwise, a racy use-after-free will have inconsistent
+    // metadata.
+    Meta->RecordDeallocation(Backtrace);
+  }
+
+  markInaccessible(reinterpret_cast<void *>(SlotStart),
+                   maximumAllocationSize());
+
+  // And finally, lock again to release the slot back into the pool.
+  ScopedLock L(PoolMutex);
+  freeSlot(addrToSlot(UPtr));
+}
+
+size_t GuardedPoolAllocator::getSize(const void *Ptr) {
+  assert(pointerIsMine(Ptr));
+  ScopedLock L(PoolMutex);
+  AllocationMetadata *Meta = addrToMetadata(reinterpret_cast<uintptr_t>(Ptr));
+  assert(Meta->Addr == reinterpret_cast<uintptr_t>(Ptr));
+  return Meta->Size;
+}
+
+size_t GuardedPoolAllocator::maximumAllocationSize() const { return PageSize; }
+
+AllocationMetadata *GuardedPoolAllocator::addrToMetadata(uintptr_t Ptr) const {
+  return &Metadata[addrToSlot(Ptr)];
+}
+
+size_t GuardedPoolAllocator::addrToSlot(uintptr_t Ptr) const {
+  assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
+  size_t ByteOffsetFromPoolStart = Ptr - GuardedPagePool;
+  return ByteOffsetFromPoolStart / (maximumAllocationSize() + PageSize);
+}
+
+uintptr_t GuardedPoolAllocator::slotToAddr(size_t N) const {
+  return GuardedPagePool + (PageSize * (1 + N)) + (maximumAllocationSize() * N);
+}
+
+uintptr_t GuardedPoolAllocator::getPageAddr(uintptr_t Ptr) const {
+  assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
+  return Ptr & ~(static_cast<uintptr_t>(PageSize) - 1);
+}
+
+bool GuardedPoolAllocator::isGuardPage(uintptr_t Ptr) const {
+  assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
+  size_t PageOffsetFromPoolStart = (Ptr - GuardedPagePool) / PageSize;
+  size_t PagesPerSlot = maximumAllocationSize() / PageSize;
+  return (PageOffsetFromPoolStart % (PagesPerSlot + 1)) == 0;
+}
+
+size_t GuardedPoolAllocator::reserveSlot() {
+  // Avoid potential reuse of a slot before we have made at least a single
+  // allocation in each slot. Helps with our use-after-free detection.
+  if (NumSampledAllocations < MaxSimultaneousAllocations)
+    return NumSampledAllocations++;
+
+  if (FreeSlotsLength == 0)
+    return kInvalidSlotID;
+
+  size_t ReservedIndex = getRandomUnsigned32() % FreeSlotsLength;
+  size_t SlotIndex = FreeSlots[ReservedIndex];
+  FreeSlots[ReservedIndex] = FreeSlots[--FreeSlotsLength];
+  return SlotIndex;
+}
+
+void GuardedPoolAllocator::freeSlot(size_t SlotIndex) {
+  assert(FreeSlotsLength < MaxSimultaneousAllocations);
+  FreeSlots[FreeSlotsLength++] = SlotIndex;
+}
+
+uintptr_t GuardedPoolAllocator::allocationSlotOffset(size_t Size) const {
+  assert(Size > 0);
+
+  bool ShouldRightAlign = getRandomUnsigned32() % 2 == 0;
+  if (!ShouldRightAlign)
+    return 0;
+
+  uintptr_t Offset = maximumAllocationSize();
+  if (!PerfectlyRightAlign) {
+    if (Size == 3)
+      Size = 4;
+    else if (Size > 4 && Size <= 8)
+      Size = 8;
+    else if (Size > 8 && (Size % 16) != 0)
+      Size += 16 - (Size % 16);
+  }
+  Offset -= Size;
+  return Offset;
+}
+
+void GuardedPoolAllocator::reportError(uintptr_t AccessPtr, Error E) {
+  if (SingletonPtr)
+    SingletonPtr->reportErrorInternal(AccessPtr, E);
+}
+
+size_t GuardedPoolAllocator::getNearestSlot(uintptr_t Ptr) const {
+  if (Ptr <= GuardedPagePool + PageSize)
+    return 0;
+  if (Ptr > GuardedPagePoolEnd - PageSize)
+    return MaxSimultaneousAllocations - 1;
+
+  if (!isGuardPage(Ptr))
+    return addrToSlot(Ptr);
+
+  if (Ptr % PageSize <= PageSize / 2)
+    return addrToSlot(Ptr - PageSize); // Round down.
+  return addrToSlot(Ptr + PageSize);   // Round up.
+}
+
+Error GuardedPoolAllocator::diagnoseUnknownError(uintptr_t AccessPtr,
+                                                 AllocationMetadata **Meta) {
+  // Let's try and figure out what the source of this error is.
+  if (isGuardPage(AccessPtr)) {
+    size_t Slot = getNearestSlot(AccessPtr);
+    AllocationMetadata *SlotMeta = addrToMetadata(slotToAddr(Slot));
+
+    // Ensure that this slot was allocated once upon a time.
+    if (!SlotMeta->Addr)
+      return Error::UNKNOWN;
+    *Meta = SlotMeta;
+
+    if (SlotMeta->Addr < AccessPtr)
+      return Error::BUFFER_OVERFLOW;
+    return Error::BUFFER_UNDERFLOW;
+  }
+
+  // Access wasn't a guard page, check for use-after-free.
+  AllocationMetadata *SlotMeta = addrToMetadata(AccessPtr);
+  if (SlotMeta->IsDeallocated) {
+    *Meta = SlotMeta;
+    return Error::USE_AFTER_FREE;
+  }
+
+  // If we have reached here, the error is still unknown. There is no metadata
+  // available.
+  *Meta = nullptr;
+  return Error::UNKNOWN;
+}
+
+namespace {
+// Prints the provided error and metadata information.
+void printErrorType(Error E, uintptr_t AccessPtr, AllocationMetadata *Meta,
+                    options::Printf_t Printf, uint64_t ThreadID) {
+  // Print using intermediate strings. Platforms like Android don't like when
+  // you print multiple times to the same line, as there may be a newline
+  // appended to a log file automatically per Printf() call.
+  const char *ErrorString;
+  switch (E) {
+  case Error::UNKNOWN:
+    ErrorString = "GWP-ASan couldn't automatically determine the source of "
+                  "the memory error. It was likely caused by a wild memory "
+                  "access into the GWP-ASan pool. The error occured";
+    break;
+  case Error::USE_AFTER_FREE:
+    ErrorString = "Use after free";
+    break;
+  case Error::DOUBLE_FREE:
+    ErrorString = "Double free";
+    break;
+  case Error::INVALID_FREE:
+    ErrorString = "Invalid (wild) free";
+    break;
+  case Error::BUFFER_OVERFLOW:
+    ErrorString = "Buffer overflow";
+    break;
+  case Error::BUFFER_UNDERFLOW:
+    ErrorString = "Buffer underflow";
+    break;
+  }
+
+  constexpr size_t kDescriptionBufferLen = 128;
+  char DescriptionBuffer[kDescriptionBufferLen];
+  if (Meta) {
+    if (E == Error::USE_AFTER_FREE) {
+      snprintf(DescriptionBuffer, kDescriptionBufferLen,
+               "(%zu byte%s into a %zu-byte allocation at 0x%zx)",
+               AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s",
+               Meta->Size, Meta->Addr);
+    } else if (AccessPtr < Meta->Addr) {
+      snprintf(DescriptionBuffer, kDescriptionBufferLen,
+               "(%zu byte%s to the left of a %zu-byte allocation at 0x%zx)",
+               Meta->Addr - AccessPtr, (Meta->Addr - AccessPtr == 1) ? "" : "s",
+               Meta->Size, Meta->Addr);
+    } else if (AccessPtr > Meta->Addr) {
+      snprintf(DescriptionBuffer, kDescriptionBufferLen,
+               "(%zu byte%s to the right of a %zu-byte allocation at 0x%zx)",
+               AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s",
+               Meta->Size, Meta->Addr);
+    } else {
+      snprintf(DescriptionBuffer, kDescriptionBufferLen,
+               "(a %zu-byte allocation)", Meta->Size);
+    }
+  }
+
+  // Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add
+  // a null terminator, and round to the nearest 8-byte boundary.
+  constexpr size_t kThreadBufferLen = 24;
+  char ThreadBuffer[kThreadBufferLen];
+  if (ThreadID == GuardedPoolAllocator::kInvalidThreadID)
+    snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>");
+  else
+    snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64, ThreadID);
+
+  Printf("%s at 0x%zx %s by thread %s here:\n", ErrorString, AccessPtr,
+         DescriptionBuffer, ThreadBuffer);
+}
+
+void printAllocDeallocTraces(uintptr_t AccessPtr, AllocationMetadata *Meta,
+                             options::Printf_t Printf,
+                             options::PrintBacktrace_t PrintBacktrace) {
+  assert(Meta != nullptr && "Metadata is non-null for printAllocDeallocTraces");
+
+  if (Meta->IsDeallocated) {
+    if (Meta->DeallocationTrace.ThreadID ==
+        GuardedPoolAllocator::kInvalidThreadID)
+      Printf("0x%zx was deallocated by thread <unknown> here:\n", AccessPtr);
+    else
+      Printf("0x%zx was deallocated by thread %zu here:\n", AccessPtr,
+             Meta->DeallocationTrace.ThreadID);
+
+    PrintBacktrace(Meta->DeallocationTrace.Trace, Printf);
+  }
+
+  if (Meta->AllocationTrace.ThreadID == GuardedPoolAllocator::kInvalidThreadID)
+    Printf("0x%zx was allocated by thread <unknown> here:\n", Meta->Addr);
+  else
+    Printf("0x%zx was allocated by thread %zu here:\n", Meta->Addr,
+           Meta->AllocationTrace.ThreadID);
+
+  PrintBacktrace(Meta->AllocationTrace.Trace, Printf);
+}
+
+struct ScopedEndOfReportDecorator {
+  ScopedEndOfReportDecorator(options::Printf_t Printf) : Printf(Printf) {}
+  ~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); }
+  options::Printf_t Printf;
+};
+} // anonymous namespace
+
+void GuardedPoolAllocator::reportErrorInternal(uintptr_t AccessPtr, Error E) {
+  if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr))) {
+    return;
+  }
+
+  // Attempt to prevent races to re-use the same slot that triggered this error.
+  // This does not guarantee that there are no races, because another thread can
+  // take the locks during the time that the signal handler is being called.
+  PoolMutex.tryLock();
+  ThreadLocals.RecursiveGuard = true;
+
+  Printf("*** GWP-ASan detected a memory error ***\n");
+  ScopedEndOfReportDecorator Decorator(Printf);
+
+  AllocationMetadata *Meta = nullptr;
+
+  if (E == Error::UNKNOWN) {
+    E = diagnoseUnknownError(AccessPtr, &Meta);
+  } else {
+    size_t Slot = getNearestSlot(AccessPtr);
+    Meta = addrToMetadata(slotToAddr(Slot));
+    // Ensure that this slot has been previously allocated.
+    if (!Meta->Addr)
+      Meta = nullptr;
+  }
+
+  // Print the error information.
+  uint64_t ThreadID = getThreadID();
+  printErrorType(E, AccessPtr, Meta, Printf, ThreadID);
+  if (Backtrace) {
+    static constexpr unsigned kMaximumStackFramesForCrashTrace = 128;
+    uintptr_t Trace[kMaximumStackFramesForCrashTrace];
+    Backtrace(Trace, kMaximumStackFramesForCrashTrace);
+
+    PrintBacktrace(Trace, Printf);
+  } else {
+    Printf("  <unknown (does your allocator support backtracing?)>\n\n");
+  }
+
+  if (Meta)
+    printAllocDeallocTraces(AccessPtr, Meta, Printf, PrintBacktrace);
+}
+
+TLS_INITIAL_EXEC
+GuardedPoolAllocator::ThreadLocalPackedVariables
+    GuardedPoolAllocator::ThreadLocals;
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/guarded_pool_allocator.h b/lib/gwp_asan/guarded_pool_allocator.h
new file mode 100644
index 000000000000..28a41110faed
--- /dev/null
+++ b/lib/gwp_asan/guarded_pool_allocator.h
@@ -0,0 +1,265 @@
+//===-- guarded_pool_allocator.h --------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
+#define GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
+
+#include "gwp_asan/definitions.h"
+#include "gwp_asan/mutex.h"
+#include "gwp_asan/options.h"
+#include "gwp_asan/random.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+namespace gwp_asan {
+// This class is the primary implementation of the allocator portion of GWP-
+// ASan. It is the sole owner of the pool of sequentially allocated guarded
+// slots. It should always be treated as a singleton.
+
+// Functions in the public interface of this class are thread-compatible until
+// init() is called, at which point they become thread-safe (unless specified
+// otherwise).
+class GuardedPoolAllocator {
+public:
+  static constexpr uint64_t kInvalidThreadID = UINT64_MAX;
+
+  enum class Error {
+    UNKNOWN,
+    USE_AFTER_FREE,
+    DOUBLE_FREE,
+    INVALID_FREE,
+    BUFFER_OVERFLOW,
+    BUFFER_UNDERFLOW
+  };
+
+  struct AllocationMetadata {
+    // Maximum number of stack trace frames to collect for allocations + frees.
+    // TODO(hctim): Implement stack frame compression, a-la Chromium.
+    static constexpr size_t kMaximumStackFrames = 64;
+
+    // Records the given allocation metadata into this struct.
+    void RecordAllocation(uintptr_t Addr, size_t Size,
+                          options::Backtrace_t Backtrace);
+
+    // Record that this allocation is now deallocated.
+    void RecordDeallocation(options::Backtrace_t Backtrace);
+
+    struct CallSiteInfo {
+      // The backtrace to the allocation/deallocation. If the first value is
+      // zero, we did not collect a trace.
+      uintptr_t Trace[kMaximumStackFrames] = {};
+      // The thread ID for this trace, or kInvalidThreadID if not available.
+      uint64_t ThreadID = kInvalidThreadID;
+    };
+
+    // The address of this allocation.
+    uintptr_t Addr = 0;
+    // Represents the actual size of the allocation.
+    size_t Size = 0;
+
+    CallSiteInfo AllocationTrace;
+    CallSiteInfo DeallocationTrace;
+
+    // Whether this allocation has been deallocated yet.
+    bool IsDeallocated = false;
+  };
+
+  // During program startup, we must ensure that memory allocations do not land
+  // in this allocation pool if the allocator decides to runtime-disable
+  // GWP-ASan. The constructor value-initialises the class such that if no
+  // further initialisation takes place, calls to shouldSample() and
+  // pointerIsMine() will return false.
+  constexpr GuardedPoolAllocator(){};
+  GuardedPoolAllocator(const GuardedPoolAllocator &) = delete;
+  GuardedPoolAllocator &operator=(const GuardedPoolAllocator &) = delete;
+
+  // Note: This class is expected to be a singleton for the lifetime of the
+  // program. If this object is initialised, it will leak the guarded page pool
+  // and metadata allocations during destruction. We can't clean up these areas
+  // as this may cause a use-after-free on shutdown.
+  ~GuardedPoolAllocator() = default;
+
+  // Initialise the rest of the members of this class. Create the allocation
+  // pool using the provided options. See options.inc for runtime configuration
+  // options.
+  void init(const options::Options &Opts);
+
+  // Return whether the allocation should be randomly chosen for sampling.
+  ALWAYS_INLINE bool shouldSample() {
+    // NextSampleCounter == 0 means we "should regenerate the counter".
+    //                   == 1 means we "should sample this allocation".
+    if (UNLIKELY(ThreadLocals.NextSampleCounter == 0))
+      ThreadLocals.NextSampleCounter =
+          (getRandomUnsigned32() % AdjustedSampleRate) + 1;
+
+    return UNLIKELY(--ThreadLocals.NextSampleCounter == 0);
+  }
+
+  // Returns whether the provided pointer is a current sampled allocation that
+  // is owned by this pool.
+  ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const {
+    uintptr_t P = reinterpret_cast<uintptr_t>(Ptr);
+    return GuardedPagePool <= P && P < GuardedPagePoolEnd;
+  }
+
+  // Allocate memory in a guarded slot, and return a pointer to the new
+  // allocation. Returns nullptr if the pool is empty, the requested size is too
+  // large for this pool to handle, or the requested size is zero.
+  void *allocate(size_t Size);
+
+  // Deallocate memory in a guarded slot. The provided pointer must have been
+  // allocated using this pool. This will set the guarded slot as inaccessible.
+  void deallocate(void *Ptr);
+
+  // Returns the size of the allocation at Ptr.
+  size_t getSize(const void *Ptr);
+
+  // Returns the largest allocation that is supported by this pool. Any
+  // allocations larger than this should go to the regular system allocator.
+  size_t maximumAllocationSize() const;
+
+  // Dumps an error report (including allocation and deallocation stack traces).
+  // An optional error may be provided if the caller knows what the error is
+  // ahead of time. This is primarily a helper function to locate the static
+  // singleton pointer and call the internal version of this function. This
+  // method is never thread safe, and should only be called when fatal errors
+  // occur.
+  static void reportError(uintptr_t AccessPtr, Error E = Error::UNKNOWN);
+
+  // Get the current thread ID, or kInvalidThreadID if failure. Note: This
+  // implementation is platform-specific.
+  static uint64_t getThreadID();
+
+private:
+  static constexpr size_t kInvalidSlotID = SIZE_MAX;
+
+  // These functions anonymously map memory or change the permissions of mapped
+  // memory into this process in a platform-specific way. Pointer and size
+  // arguments are expected to be page-aligned. These functions will never
+  // return on error, instead electing to kill the calling process on failure.
+  // Note that memory is initially mapped inaccessible. In order for RW
+  // mappings, call mapMemory() followed by markReadWrite() on the returned
+  // pointer.
+  void *mapMemory(size_t Size) const;
+  void markReadWrite(void *Ptr, size_t Size) const;
+  void markInaccessible(void *Ptr, size_t Size) const;
+
+  // Get the page size from the platform-specific implementation. Only needs to
+  // be called once, and the result should be cached in PageSize in this class.
+  static size_t getPlatformPageSize();
+
+  // Install the SIGSEGV crash handler for printing use-after-free and heap-
+  // buffer-{under|over}flow exceptions. This is platform specific as even
+  // though POSIX and Windows both support registering handlers through
+  // signal(), we have to use platform-specific signal handlers to obtain the
+  // address that caused the SIGSEGV exception.
+  static void installSignalHandlers();
+
+  // Returns the index of the slot that this pointer resides in. If the pointer
+  // is not owned by this pool, the result is undefined.
+  size_t addrToSlot(uintptr_t Ptr) const;
+
+  // Returns the address of the N-th guarded slot.
+  uintptr_t slotToAddr(size_t N) const;
+
+  // Returns a pointer to the metadata for the owned pointer. If the pointer is
+  // not owned by this pool, the result is undefined.
+  AllocationMetadata *addrToMetadata(uintptr_t Ptr) const;
+
+  // Returns the address of the page that this pointer resides in.
+  uintptr_t getPageAddr(uintptr_t Ptr) const;
+
+  // Gets the nearest slot to the provided address.
+  size_t getNearestSlot(uintptr_t Ptr) const;
+
+  // Returns whether the provided pointer is a guard page or not. The pointer
+  // must be within memory owned by this pool, else the result is undefined.
+  bool isGuardPage(uintptr_t Ptr) const;
+
+  // Reserve a slot for a new guarded allocation. Returns kInvalidSlotID if no
+  // slot is available to be reserved.
+  size_t reserveSlot();
+
+  // Unreserve the guarded slot.
+  void freeSlot(size_t SlotIndex);
+
+  // Returns the offset (in bytes) between the start of a guarded slot and where
+  // the start of the allocation should take place. Determined using the size of
+  // the allocation and the options provided at init-time.
+  uintptr_t allocationSlotOffset(size_t AllocationSize) const;
+
+  // Returns the diagnosis for an unknown error. If the diagnosis is not
+  // Error::INVALID_FREE or Error::UNKNOWN, the metadata for the slot
+  // responsible for the error is placed in *Meta.
+  Error diagnoseUnknownError(uintptr_t AccessPtr, AllocationMetadata **Meta);
+
+  void reportErrorInternal(uintptr_t AccessPtr, Error E);
+
+  // Cached page size for this system in bytes.
+  size_t PageSize = 0;
+
+  // A mutex to protect the guarded slot and metadata pool for this class.
+  Mutex PoolMutex;
+  // The number of guarded slots that this pool holds.
+  size_t MaxSimultaneousAllocations = 0;
+  // Record the number allocations that we've sampled. We store this amount so
+  // that we don't randomly choose to recycle a slot that previously had an
+  // allocation before all the slots have been utilised.
+  size_t NumSampledAllocations = 0;
+  // Pointer to the pool of guarded slots. Note that this points to the start of
+  // the pool (which is a guard page), not a pointer to the first guarded page.
+  uintptr_t GuardedPagePool = UINTPTR_MAX;
+  uintptr_t GuardedPagePoolEnd = 0;
+  // Pointer to the allocation metadata (allocation/deallocation stack traces),
+  // if any.
+  AllocationMetadata *Metadata = nullptr;
+
+  // Pointer to an array of free slot indexes.
+  size_t *FreeSlots = nullptr;
+  // The current length of the list of free slots.
+  size_t FreeSlotsLength = 0;
+
+  // See options.{h, inc} for more information.
+  bool PerfectlyRightAlign = false;
+
+  // Printf function supplied by the implementing allocator. We can't (in
+  // general) use printf() from the cstdlib as it may malloc(), causing infinite
+  // recursion.
+  options::Printf_t Printf = nullptr;
+  options::Backtrace_t Backtrace = nullptr;
+  options::PrintBacktrace_t PrintBacktrace = nullptr;
+
+  // The adjusted sample rate for allocation sampling. Default *must* be
+  // nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++)
+  // before GPA::init() is called. This would cause an error in shouldSample(),
+  // where we would calculate modulo zero. This value is set UINT32_MAX, as when
+  // GWP-ASan is disabled, we wish to never spend wasted cycles recalculating
+  // the sample rate.
+  uint32_t AdjustedSampleRate = UINT32_MAX;
+
+  // Pack the thread local variables into a struct to ensure that they're in
+  // the same cache line for performance reasons. These are the most touched
+  // variables in GWP-ASan.
+  struct alignas(8) ThreadLocalPackedVariables {
+    constexpr ThreadLocalPackedVariables() {}
+    // Thread-local decrementing counter that indicates that a given allocation
+    // should be sampled when it reaches zero.
+    uint32_t NextSampleCounter = 0;
+    // Guard against recursivity. Unwinders often contain complex behaviour that
+    // may not be safe for the allocator (i.e. the unwinder calls dlopen(),
+    // which calls malloc()). When recursive behaviour is detected, we will
+    // automatically fall back to the supporting allocator to supply the
+    // allocation.
+    bool RecursiveGuard = false;
+  };
+  static TLS_INITIAL_EXEC ThreadLocalPackedVariables ThreadLocals;
+};
+} // namespace gwp_asan
+
+#endif // GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
diff --git a/lib/gwp_asan/mutex.h b/lib/gwp_asan/mutex.h
new file mode 100644
index 000000000000..c29df4cde164
--- /dev/null
+++ b/lib/gwp_asan/mutex.h
@@ -0,0 +1,50 @@
+//===-- mutex.h -------------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_MUTEX_H_
+#define GWP_ASAN_MUTEX_H_
+
+#ifdef __unix__
+#include <pthread.h>
+#else
+#error "GWP-ASan is not supported on this platform."
+#endif
+
+namespace gwp_asan {
+class Mutex {
+public:
+  constexpr Mutex() = default;
+  ~Mutex() = default;
+  Mutex(const Mutex &) = delete;
+  Mutex &operator=(const Mutex &) = delete;
+  // Lock the mutex.
+  void lock();
+  // Nonblocking trylock of the mutex. Returns true if the lock was acquired.
+  bool tryLock();
+  // Unlock the mutex.
+  void unlock();
+
+private:
+#ifdef __unix__
+  pthread_mutex_t Mu = PTHREAD_MUTEX_INITIALIZER;
+#endif // defined(__unix__)
+};
+
+class ScopedLock {
+public:
+  explicit ScopedLock(Mutex &Mx) : Mu(Mx) { Mu.lock(); }
+  ~ScopedLock() { Mu.unlock(); }
+  ScopedLock(const ScopedLock &) = delete;
+  ScopedLock &operator=(const ScopedLock &) = delete;
+
+private:
+  Mutex &Mu;
+};
+} // namespace gwp_asan
+
+#endif // GWP_ASAN_MUTEX_H_
diff --git a/lib/gwp_asan/optional/backtrace.h b/lib/gwp_asan/optional/backtrace.h
new file mode 100644
index 000000000000..2700970e5e8e
--- /dev/null
+++ b/lib/gwp_asan/optional/backtrace.h
@@ -0,0 +1,23 @@
+//===-- backtrace.h ---------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_OPTIONAL_BACKTRACE_H_
+#define GWP_ASAN_OPTIONAL_BACKTRACE_H_
+
+#include "gwp_asan/options.h"
+
+namespace gwp_asan {
+namespace options {
+// Functions to get the platform-specific and implementation-specific backtrace
+// and backtrace printing functions.
+Backtrace_t getBacktraceFunction();
+PrintBacktrace_t getPrintBacktraceFunction();
+} // namespace options
+} // namespace gwp_asan
+
+#endif // GWP_ASAN_OPTIONAL_BACKTRACE_H_
diff --git a/lib/gwp_asan/optional/backtrace_linux_libc.cpp b/lib/gwp_asan/optional/backtrace_linux_libc.cpp
new file mode 100644
index 000000000000..f20a3100927e
--- /dev/null
+++ b/lib/gwp_asan/optional/backtrace_linux_libc.cpp
@@ -0,0 +1,64 @@
+//===-- backtrace_linux_libc.cpp --------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include <assert.h>
+#include <execinfo.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "gwp_asan/optional/backtrace.h"
+#include "gwp_asan/options.h"
+
+namespace {
+void Backtrace(uintptr_t *TraceBuffer, size_t Size) {
+  // Grab (what seems to be) one more trace than we need. TraceBuffer needs to
+  // be null-terminated, but we wish to remove the frame of this function call.
+  static_assert(sizeof(uintptr_t) == sizeof(void *), "uintptr_t is not void*");
+  int NumTraces =
+      backtrace(reinterpret_cast<void **>(TraceBuffer), Size);
+
+  // Now shift the entire trace one place to the left and null-terminate.
+  memmove(TraceBuffer, TraceBuffer + 1, NumTraces * sizeof(void *));
+  TraceBuffer[NumTraces - 1] = 0;
+}
+
+static void PrintBacktrace(uintptr_t *Trace,
+                           gwp_asan::options::Printf_t Printf) {
+  size_t NumTraces = 0;
+  for (; Trace[NumTraces] != 0; ++NumTraces) {
+  }
+
+  if (NumTraces == 0) {
+    Printf("  <not found (does your allocator support backtracing?)>\n\n");
+    return;
+  }
+
+  char **BacktraceSymbols =
+      backtrace_symbols(reinterpret_cast<void **>(Trace), NumTraces);
+
+  for (size_t i = 0; i < NumTraces; ++i) {
+    if (!BacktraceSymbols)
+      Printf("  #%zu %p\n", i, Trace[i]);
+    else
+      Printf("  #%zu %s\n", i, BacktraceSymbols[i]);
+  }
+
+  Printf("\n");
+  if (BacktraceSymbols)
+    free(BacktraceSymbols);
+}
+} // anonymous namespace
+
+namespace gwp_asan {
+namespace options {
+Backtrace_t getBacktraceFunction() { return Backtrace; }
+PrintBacktrace_t getPrintBacktraceFunction() { return PrintBacktrace; }
+} // namespace options
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp b/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp
new file mode 100644
index 000000000000..7d17eec0da2f
--- /dev/null
+++ b/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp
@@ -0,0 +1,69 @@
+//===-- backtrace_sanitizer_common.cpp --------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include <assert.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "gwp_asan/optional/backtrace.h"
+#include "gwp_asan/options.h"
+#include "sanitizer_common/sanitizer_stacktrace.h"
+
+void __sanitizer::BufferedStackTrace::UnwindImpl(uptr pc, uptr bp,
+                                                 void *context,
+                                                 bool request_fast,
+                                                 u32 max_depth) {
+  if (!StackTrace::WillUseFastUnwind(request_fast)) {
+    return Unwind(max_depth, pc, bp, context, 0, 0, request_fast);
+  }
+  Unwind(max_depth, pc, 0, context, 0, 0, false);
+}
+
+namespace {
+void Backtrace(uintptr_t *TraceBuffer, size_t Size) {
+  __sanitizer::BufferedStackTrace Trace;
+  Trace.Reset();
+  if (Size > __sanitizer::kStackTraceMax)
+    Size = __sanitizer::kStackTraceMax;
+
+  Trace.Unwind((__sanitizer::uptr)__builtin_return_address(0),
+               (__sanitizer::uptr)__builtin_frame_address(0),
+               /* ucontext */ nullptr,
+               /* fast unwind */ true, Size - 1);
+
+  memcpy(TraceBuffer, Trace.trace, Trace.size * sizeof(uintptr_t));
+  TraceBuffer[Trace.size] = 0;
+}
+
+static void PrintBacktrace(uintptr_t *Trace,
+                           gwp_asan::options::Printf_t Printf) {
+  __sanitizer::StackTrace StackTrace;
+  StackTrace.trace = reinterpret_cast<__sanitizer::uptr *>(Trace);
+
+  for (StackTrace.size = 0; StackTrace.size < __sanitizer::kStackTraceMax;
+       ++StackTrace.size) {
+    if (Trace[StackTrace.size] == 0)
+      break;
+  }
+
+  if (StackTrace.size == 0) {
+    Printf("  <unknown (does your allocator support backtracing?)>\n\n");
+    return;
+  }
+
+  StackTrace.Print();
+}
+} // anonymous namespace
+
+namespace gwp_asan {
+namespace options {
+Backtrace_t getBacktraceFunction() { return Backtrace; }
+PrintBacktrace_t getPrintBacktraceFunction() { return PrintBacktrace; }
+} // namespace options
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/optional/options_parser.cpp b/lib/gwp_asan/optional/options_parser.cpp
new file mode 100644
index 000000000000..6c2167288d6c
--- /dev/null
+++ b/lib/gwp_asan/optional/options_parser.cpp
@@ -0,0 +1,93 @@
+//===-- options_parser.cpp --------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "gwp_asan/optional/options_parser.h"
+
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "gwp_asan/options.h"
+#include "sanitizer_common/sanitizer_common.h"
+#include "sanitizer_common/sanitizer_flag_parser.h"
+#include "sanitizer_common/sanitizer_flags.h"
+
+namespace gwp_asan {
+namespace options {
+namespace {
+void registerGwpAsanFlags(__sanitizer::FlagParser *parser, Options *o) {
+#define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description)                 \
+  RegisterFlag(parser, #Name, Description, &o->Name);
+#include "gwp_asan/options.inc"
+#undef GWP_ASAN_OPTION
+}
+
+const char *getCompileDefinitionGwpAsanDefaultOptions() {
+#ifdef GWP_ASAN_DEFAULT_OPTIONS
+  return SANITIZER_STRINGIFY(GWP_ASAN_DEFAULT_OPTIONS);
+#else
+  return "";
+#endif
+}
+
+const char *getGwpAsanDefaultOptions() {
+  return (__gwp_asan_default_options) ? __gwp_asan_default_options() : "";
+}
+
+Options *getOptionsInternal() {
+  static Options GwpAsanFlags;
+  return &GwpAsanFlags;
+}
+} // anonymous namespace
+
+void initOptions() {
+  __sanitizer::SetCommonFlagsDefaults();
+
+  Options *o = getOptionsInternal();
+  o->setDefaults();
+
+  __sanitizer::FlagParser Parser;
+  registerGwpAsanFlags(&Parser, o);
+
+  // Override from compile definition.
+  Parser.ParseString(getCompileDefinitionGwpAsanDefaultOptions());
+
+  // Override from user-specified string.
+  Parser.ParseString(getGwpAsanDefaultOptions());
+
+  // Override from environment.
+  Parser.ParseString(__sanitizer::GetEnv("GWP_ASAN_OPTIONS"));
+
+  __sanitizer::InitializeCommonFlags();
+  if (__sanitizer::Verbosity())
+    __sanitizer::ReportUnrecognizedFlags();
+
+  if (!o->Enabled)
+    return;
+
+  // Sanity checks for the parameters.
+  if (o->MaxSimultaneousAllocations <= 0) {
+    __sanitizer::Printf("GWP-ASan ERROR: MaxSimultaneousAllocations must be > "
+                        "0 when GWP-ASan is enabled.\n");
+    exit(EXIT_FAILURE);
+  }
+
+  if (o->SampleRate < 1) {
+    __sanitizer::Printf(
+        "GWP-ASan ERROR: SampleRate must be > 0 when GWP-ASan is enabled.\n");
+    exit(EXIT_FAILURE);
+  }
+
+  o->Printf = __sanitizer::Printf;
+}
+
+Options &getOptions() { return *getOptionsInternal(); }
+
+} // namespace options
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/optional/options_parser.h b/lib/gwp_asan/optional/options_parser.h
new file mode 100644
index 000000000000..7a6bfaf0ce3e
--- /dev/null
+++ b/lib/gwp_asan/optional/options_parser.h
@@ -0,0 +1,31 @@
+//===-- options_parser.h ----------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_OPTIONAL_OPTIONS_PARSER_H_
+#define GWP_ASAN_OPTIONAL_OPTIONS_PARSER_H_
+
+#include "gwp_asan/optional/backtrace.h"
+#include "gwp_asan/options.h"
+#include "sanitizer_common/sanitizer_common.h"
+
+namespace gwp_asan {
+namespace options {
+// Parse the options from the GWP_ASAN_FLAGS environment variable.
+void initOptions();
+// Returns the initialised options. Call initOptions() prior to calling this
+// function.
+Options &getOptions();
+} // namespace options
+} // namespace gwp_asan
+
+extern "C" {
+SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE const char *
+__gwp_asan_default_options();
+}
+
+#endif // GWP_ASAN_OPTIONAL_OPTIONS_PARSER_H_
diff --git a/lib/gwp_asan/options.h b/lib/gwp_asan/options.h
new file mode 100644
index 000000000000..6423e16526f4
--- /dev/null
+++ b/lib/gwp_asan/options.h
@@ -0,0 +1,59 @@
+//===-- options.h -----------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_OPTIONS_H_
+#define GWP_ASAN_OPTIONS_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+namespace gwp_asan {
+namespace options {
+// The function pointer type for printf(). Follows the standard format from the
+// sanitizers library. If the supported allocator exposes printing via a
+// different function signature, please provide a wrapper which has this
+// printf() signature, and pass the wrapper instead.
+typedef void (*Printf_t)(const char *Format, ...);
+
+// The function pointer type for backtrace information. Required to be
+// implemented by the supporting allocator. The callee should elide itself and
+// all frames below itself from TraceBuffer, i.e. the caller's frame should be
+// in TraceBuffer[0], and subsequent frames 1..n into TraceBuffer[1..n], where a
+// maximum of `MaximumDepth - 1` frames are stored. TraceBuffer should be
+// nullptr-terminated (i.e. if there are 5 frames; TraceBuffer[5] == nullptr).
+// If the allocator cannot supply backtrace information, it should set
+// TraceBuffer[0] == nullptr.
+typedef void (*Backtrace_t)(uintptr_t *TraceBuffer, size_t Size);
+typedef void (*PrintBacktrace_t)(uintptr_t *TraceBuffer, Printf_t Print);
+
+struct Options {
+  Printf_t Printf = nullptr;
+  Backtrace_t Backtrace = nullptr;
+  PrintBacktrace_t PrintBacktrace = nullptr;
+
+  // Read the options from the included definitions file.
+#define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description)                 \
+  Type Name = DefaultValue;
+#include "gwp_asan/options.inc"
+#undef GWP_ASAN_OPTION
+
+  void setDefaults() {
+#define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description)                 \
+  Name = DefaultValue;
+#include "gwp_asan/options.inc"
+#undef GWP_ASAN_OPTION
+
+    Printf = nullptr;
+    Backtrace = nullptr;
+    PrintBacktrace = nullptr;
+  }
+};
+} // namespace options
+} // namespace gwp_asan
+
+#endif // GWP_ASAN_OPTIONS_H_
diff --git a/lib/gwp_asan/options.inc b/lib/gwp_asan/options.inc
new file mode 100644
index 000000000000..9042b11895ae
--- /dev/null
+++ b/lib/gwp_asan/options.inc
@@ -0,0 +1,41 @@
+//===-- options.inc ---------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_OPTION
+#error "Define GWP_ASAN_OPTION prior to including this file!"
+#endif
+
+GWP_ASAN_OPTION(bool, Enabled, true, "Is GWP-ASan enabled? Defaults to true.")
+
+GWP_ASAN_OPTION(
+    bool, PerfectlyRightAlign, false,
+    "When allocations are right-aligned, should we perfectly align them up to "
+    "the page boundary? By default (false), we round up allocation size to the "
+    "nearest power of two (1, 2, 4, 8, 16) up to a maximum of 16-byte "
+    "alignment for performance reasons. Setting this to true can find single "
+    "byte buffer-overflows for multibyte allocations at the cost of "
+    "performance, and may be incompatible with some architectures.")
+
+GWP_ASAN_OPTION(
+    int, MaxSimultaneousAllocations, 16,
+    "Number of usable guarded slots in the allocation pool. Defaults to 16.")
+
+GWP_ASAN_OPTION(int, SampleRate, 5000,
+                "The probability (1 / SampleRate) that an allocation is "
+                "selected for GWP-ASan sampling. Default is 5000. Sample rates "
+                "up to (2^31 - 1) are supported.")
+
+GWP_ASAN_OPTION(
+    bool, InstallSignalHandlers, true,
+    "Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This "
+    "allows better error reports by providing stack traces for allocation and "
+    "deallocation when reporting a memory error. GWP-ASan's signal handler "
+    "will forward the signal to any previously-installed handler, and user "
+    "programs that install further signal handlers should make sure they do "
+    "the same. Note, if the previously installed SIGSEGV handler is SIG_IGN, "
+    "we terminate the process after dumping the error report.")
diff --git a/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp b/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp
new file mode 100644
index 000000000000..8bc0aefeec44
--- /dev/null
+++ b/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp
@@ -0,0 +1,96 @@
+//===-- guarded_pool_allocator_posix.cpp ------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "gwp_asan/guarded_pool_allocator.h"
+
+#include <stdlib.h>
+#include <errno.h>
+#include <signal.h>
+#include <sys/mman.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+namespace gwp_asan {
+
+void *GuardedPoolAllocator::mapMemory(size_t Size) const {
+  void *Ptr =
+      mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+
+  if (Ptr == MAP_FAILED) {
+    Printf("Failed to map guarded pool allocator memory, errno: %d\n", errno);
+    Printf("  mmap(nullptr, %zu, ...) failed.\n", Size);
+    exit(EXIT_FAILURE);
+  }
+  return Ptr;
+}
+
+void GuardedPoolAllocator::markReadWrite(void *Ptr, size_t Size) const {
+  if (mprotect(Ptr, Size, PROT_READ | PROT_WRITE) != 0) {
+    Printf("Failed to set guarded pool allocator memory at as RW, errno: %d\n",
+           errno);
+    Printf("  mprotect(%p, %zu, RW) failed.\n", Ptr, Size);
+    exit(EXIT_FAILURE);
+  }
+}
+
+void GuardedPoolAllocator::markInaccessible(void *Ptr, size_t Size) const {
+  // mmap() a PROT_NONE page over the address to release it to the system, if
+  // we used mprotect() here the system would count pages in the quarantine
+  // against the RSS.
+  if (mmap(Ptr, Size, PROT_NONE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1,
+           0) == MAP_FAILED) {
+    Printf("Failed to set guarded pool allocator memory as inaccessible, "
+           "errno: %d\n",
+           errno);
+    Printf("  mmap(%p, %zu, NONE, ...) failed.\n", Ptr, Size);
+    exit(EXIT_FAILURE);
+  }
+}
+
+size_t GuardedPoolAllocator::getPlatformPageSize() {
+  return sysconf(_SC_PAGESIZE);
+}
+
+struct sigaction PreviousHandler;
+
+static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
+  gwp_asan::GuardedPoolAllocator::reportError(
+      reinterpret_cast<uintptr_t>(info->si_addr));
+
+  // Process any previous handlers.
+  if (PreviousHandler.sa_flags & SA_SIGINFO) {
+    PreviousHandler.sa_sigaction(sig, info, ucontext);
+  } else if (PreviousHandler.sa_handler == SIG_IGN ||
+             PreviousHandler.sa_handler == SIG_DFL) {
+    // If the previous handler was the default handler, or was ignoring this
+    // signal, install the default handler and re-raise the signal in order to
+    // get a core dump and terminate this process.
+    signal(SIGSEGV, SIG_DFL);
+    raise(SIGSEGV);
+  } else {
+    PreviousHandler.sa_handler(sig);
+  }
+}
+
+void GuardedPoolAllocator::installSignalHandlers() {
+  struct sigaction Action;
+  Action.sa_sigaction = sigSegvHandler;
+  Action.sa_flags = SA_SIGINFO;
+  sigaction(SIGSEGV, &Action, &PreviousHandler);
+}
+
+uint64_t GuardedPoolAllocator::getThreadID() {
+#ifdef SYS_gettid
+  return syscall(SYS_gettid);
+#else
+  return kInvalidThreadID;
+#endif
+}
+
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/platform_specific/mutex_posix.cpp b/lib/gwp_asan/platform_specific/mutex_posix.cpp
new file mode 100644
index 000000000000..8bd405e1074c
--- /dev/null
+++ b/lib/gwp_asan/platform_specific/mutex_posix.cpp
@@ -0,0 +1,30 @@
+//===-- mutex_posix.cpp -----------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "gwp_asan/mutex.h"
+
+#include <assert.h>
+#include <pthread.h>
+
+namespace gwp_asan {
+void Mutex::lock() {
+  int Status = pthread_mutex_lock(&Mu);
+  assert(Status == 0);
+  // Remove warning for non-debug builds.
+  (void)Status;
+}
+
+bool Mutex::tryLock() { return pthread_mutex_trylock(&Mu) == 0; }
+
+void Mutex::unlock() {
+  int Status = pthread_mutex_unlock(&Mu);
+  assert(Status == 0);
+  // Remove warning for non-debug builds.
+  (void)Status;
+}
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/random.cpp b/lib/gwp_asan/random.cpp
new file mode 100644
index 000000000000..90493da7e038
--- /dev/null
+++ b/lib/gwp_asan/random.cpp
@@ -0,0 +1,23 @@
+//===-- random.cpp ----------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "gwp_asan/random.h"
+#include "gwp_asan/guarded_pool_allocator.h"
+
+#include <time.h>
+
+namespace gwp_asan {
+uint32_t getRandomUnsigned32() {
+  thread_local uint32_t RandomState =
+      time(nullptr) + GuardedPoolAllocator::getThreadID();
+  RandomState ^= RandomState << 13;
+  RandomState ^= RandomState >> 17;
+  RandomState ^= RandomState << 5;
+  return RandomState;
+}
+} // namespace gwp_asan
diff --git a/lib/gwp_asan/random.h b/lib/gwp_asan/random.h
new file mode 100644
index 000000000000..5fcf30d557ee
--- /dev/null
+++ b/lib/gwp_asan/random.h
@@ -0,0 +1,20 @@
+//===-- random.h ------------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef GWP_ASAN_RANDOM_H_
+#define GWP_ASAN_RANDOM_H_
+
+#include <stdint.h>
+
+namespace gwp_asan {
+// xorshift (32-bit output), extremely fast PRNG that uses arithmetic operations
+// only. Seeded using walltime.
+uint32_t getRandomUnsigned32();
+} // namespace gwp_asan
+
+#endif // GWP_ASAN_RANDOM_H_