Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: Disable _FORTIFY_SOURCE if using MSan #30140

Closed
wants to merge 2 commits into from
Closed

build: Disable _FORTIFY_SOURCE if using MSan #30140

wants to merge 2 commits into from

Conversation

hebasto
Copy link
Member

@hebasto hebasto commented May 18, 2024

This PR shifts responsibility to disable _FORTIFY_SOURCE from the user to the build system, which:

  • improves usability
  • simplifies the CI and OSS-Fuzz scripts
  • is useful for CMake migration as it removes the need to use non-standard APPEND_CPPFLAGS in such a corner case

@DrahtBot
Copy link
Contributor

DrahtBot commented May 18, 2024
edited

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type Reviewers
Concept NACK fanquake

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

@fanquake
Copy link
Member

Concept NACK. If anything should be changed, it would be the implementation of applying the hardening flags in the CMake branch, so it's possible to override them using standard CMake variables. Not push more complexity into the build system, and hardcode specific things.

Removing APPEND_*FLAGS shouldn't be a goal, as it needs to exist, to do what it exists for (actually give a mechanism for always overriding a flag, regardless of what CMake try's to do). Otherwise in future, if we (or any other user) needs to do something, there may not be a (easy, working) way to do so, depending on the implementation details of the CMake build system.

@hebasto
Copy link
Member Author

hebasto commented May 18, 2024

Concept NACK. If anything should be changed, it would be the implementation of applying the hardening flags in the CMake branch, so it's possible to override them using standard CMake variables.

I disagree. The current implementation is undocumented and error-prone on the user side.

Not push more complexity into the build system, and hardcode specific things.

This statement seems quite arbitrary. Considering that the build system is full of "hardcode specific things" that "push more complexity into", what are explicit criteria for such a reasoning?

Removing APPEND_*FLAGS shouldn't be a goal

It is not a goal of this PR. Rather removing the need to use them when building with MSan.

@fanquake
Copy link
Member

I disagree. The current implementation is undocumented and error-prone on the user side.

In the CMake branch? If this is the case, then it needs to be reworked anyway...?

Another reason undefining a flag like this needs to be easily possible, is if you want to set the fortify level to anything other than what we pick, it needs to be undefined first. So this all needs to be possible outside of MSAN. Given that, we should also use the same mechanisms, rather than hardcoding things here.

@hebasto
Copy link
Member Author

hebasto commented May 18, 2024

I disagree. The current implementation is undocumented and error-prone on the user side.

In the CMake branch? If this is the case, then it needs to be reworked anyway...?

In the master branch.

./configure CC=clang CXX=clang++ --with-sanitizers=memory just leads to MSan warnings forcing the user for further actions.

@fanquake
Copy link
Member

./configure CC=clang CXX=clang++ --with-sanitizers=memory just leads to MSan warnings forcing the user for further actions.

Your PR here doesn't change that. Anyone wanting to use MSAN needs to do extensive setup, and build a fully instrumented toolchain. It can't be expected to work out of the box.

@hebasto
Copy link
Member Author

hebasto commented May 18, 2024

Anyone wanting to use MSAN needs to do extensive setup, and build a fully instrumented toolchain. It can't be expected to work out of the box.

Right. I didn't mean the latter. Just quoted the main system configuration stage for brevity.

Your PR here doesn't change that.

It does. The second commit proves it, doesn't it?

@fanquake
Copy link
Member

It does. The second commit proves it, doesn't it?

No. I don't see how that commit sets up a fully instrumented MSAN toolchain.

@hebasto
Copy link
Member Author

hebasto commented May 18, 2024

It does. The second commit proves it, doesn't it?

No. I don't see how that commit sets up a fully instrumented MSAN toolchain.

Sure. It "shifts responsibility to disable _FORTIFY_SOURCE from the user to the build system".

@fanquake
Copy link
Member

Sure. It "shifts responsibility to disable _FORTIFY_SOURCE from the user to the build system".

Setting a single preprocessor flag isn't instrumenting a toolchain?

I still haven't seen a good reason to not use the mechanisms that exist to set flags, given those mechanisms need to exist (i.e undefining and redefining fortify source), and should be tested so they are known to be working.

@hebasto hebasto closed this May 18, 2024
@hebasto hebasto mentioned this pull request May 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Build system Tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hebasto @DrahtBot @fanquake