You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We'd need to think about what precisely we'd want here, but I'd like to have some configuration knob for llvm-libc, for users that want additional hardening levels applied to their build.
For example, a bunch of the syscall wrappers take pointers. If we pass these to the Linux kernel, the kernel aught to flag this. But sometimes we use/trust those pointers, and that can lead to a bad time. As an example #86169 creates a reference from these pointers without checking for nullptr.
Should that be an LIBC_ASSERT? Should someone just enable assertions for their build of llvm-libc if they're paranoid? Do we need two different configs to distinguish between potentially expensive asserts vs hardening asserts?
This is probably worth an RFC, but filing a feature request for now.
The text was updated successfully, but these errors were encountered:
We'd need to think about what precisely we'd want here, but I'd like to have some configuration knob for llvm-libc, for users that want additional hardening levels applied to their build.
For example, a bunch of the syscall wrappers take pointers. If we pass these to the Linux kernel, the kernel aught to flag this. But sometimes we use/trust those pointers, and that can lead to a bad time. As an example #86169 creates a reference from these pointers without checking for nullptr.
Should that be an LIBC_ASSERT? Should someone just enable assertions for their build of llvm-libc if they're paranoid? Do we need two different configs to distinguish between potentially expensive asserts vs hardening asserts?
This is probably worth an RFC, but filing a feature request for now.
We'd need to think about what precisely we'd want here, but I'd like to have some configuration knob for llvm-libc, for users that want additional hardening levels applied to their build.
For example, a bunch of the syscall wrappers take pointers. If we pass these to the Linux kernel, the kernel aught to flag this. But sometimes we use/trust those pointers, and that can lead to a bad time. As an example #86169 creates a reference from these pointers without checking for nullptr.
Should that be an LIBC_ASSERT? Should someone just enable assertions for their build of llvm-libc if they're paranoid? Do we need two different configs to distinguish between potentially expensive asserts vs hardening asserts?
This is probably worth an RFC, but filing a feature request for now.
The text was updated successfully, but these errors were encountered: