From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16550 invoked by alias); 22 Apr 2014 17:35:05 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 16509 invoked by uid 48); 22 Apr 2014 17:35:01 -0000 From: "timurrrr at google dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/60924] New: __attribute__((no_sanitize_address)) and friends should (only?) be allowed at function definitions Date: Tue, 22 Apr 2014 17:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: timurrrr at google dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-04/txt/msg01614.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60924 Bug ID: 60924 Summary: __attribute__((no_sanitize_address)) and friends should (only?) be allowed at function definitions Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: timurrrr at google dot com I believe __attribute__((no_sanitize_address)) should only be allowed at function/method definitions. Consider a code like this: --- x.h --- #define NO_ASAN __attribute__((no_sanitize_address)) class X { void f(); NO_ASAN void g(); }; ----------- -- x.cpp -- #include "x.h" NO_ASAN void X::f() { ... } void X::g() { ... } ----------- I've spent half a day analyzing a file like x.cpp before I looked at x.h and realized a function should not be address-sanitized. [I was getting an ASan report because the NO_ASAN macro wasn't defined due to code misconfiguration] I think we should disallow __attribute__((no_sanitize_address)) at declarations because: 1) it's more consistent 2) it's much more readable, there's no "implicit attribute applied somewhere else" when looking at the code of a function/method. 3) the no_sanitize_address is basically an implementation detail rather than a public contract, as opposed to say thiscall/noreturn/nothrow 4) applying/removing the attribute would usually result in fewer recompilations (2000+ TUs in my case) http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html says: "The keyword __attribute__ allows you to specify special attributes when making a declaration." That probably means that attributes applied to definitions are kind of "undocumented but seem work". The following code indeed shows that both declaration-level attributes and definition-level attributes work with gcc 4.8.2: === test.cpp === class X { void f(int *p); __attribute__((no_sanitize_address)) void g(int *p); }; __attribute__((no_sanitize_address)) void X::f(int *p) { *p = 42; } void X::g(int *p) { *p = 42; } ===== EOF ===== $ g++ -fsanitize=address -S -o - test.cpp | grep asan_report -> empty I think GCC should explicitly allow select attributes (including no_sanitize_address) to be applied to definitions and deprecate some of them (including no_sanitize_address) when applied to declarations.