From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-377971-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 10056 invoked by alias); 18 Sep 2014 10:53:04 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 10045 invoked by uid 89); 18 Sep 2014 10:53:04 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 18 Sep 2014 10:53:03 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8IAr0ex029005	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);	Thu, 18 Sep 2014 06:53:00 -0400
Received: from tucnak.zalov.cz (ovpn-116-26.ams2.redhat.com [10.36.116.26])	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8IAqv4H027336	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);	Thu, 18 Sep 2014 06:52:59 -0400
Received: from tucnak.zalov.cz (localhost [127.0.0.1])	by tucnak.zalov.cz (8.14.8/8.14.7) with ESMTP id s8IAqthr019863;	Thu, 18 Sep 2014 12:52:56 +0200
Received: (from jakub@localhost)	by tucnak.zalov.cz (8.14.8/8.14.8/Submit) id s8IAqpsf019862;	Thu, 18 Sep 2014 12:52:51 +0200
Date: Thu, 18 Sep 2014 10:53:00 -0000
From: Jakub Jelinek <jakub@redhat.com>
To: Yury Gribov <y.gribov@samsung.com>,        "Joseph S. Myers" <joseph@codesourcery.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>,        Konstantin Serebryany <konstantin.s.serebryany@gmail.com>,        Dmitry Vyukov <dvyukov@google.com>,        Andrey Ryabinin <a.ryabinin@samsung.com>,        Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Subject: Re: [PATCH][PING] Enable -fsanitize-recover for KASan
Message-ID: <20140918105251.GD17454@tucnak.redhat.com>
Reply-To: Jakub Jelinek <jakub@redhat.com>
References: <54095E23.6050900@samsung.com> <5416B3A2.4050200@samsung.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5416B3A2.4050200@samsung.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-IsSubscribed: yes
X-SW-Source: 2014-09/txt/msg01452.txt.bz2

On Mon, Sep 15, 2014 at 01:38:42PM +0400, Yury Gribov wrote:
> --- a/gcc/builtins.def
> +++ b/gcc/builtins.def
> @@ -176,7 +176,7 @@ along with GCC; see the file COPYING3.  If not see
>    DEF_BUILTIN (ENUM, "__builtin_" NAME, BUILT_IN_NORMAL, TYPE, TYPE,    \
>  	       true, true, true, ATTRS, true, \
>  	      (flag_sanitize & (SANITIZE_ADDRESS | SANITIZE_THREAD \
> -				| SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT)))
> +				| SANITIZE_UNDEFINED | SANITIZE_UNDEFINED_NONDEFAULT)))

This is too long line after the change.

> --- a/gcc/gcc.c
> +++ b/gcc/gcc.c
> @@ -8236,7 +8236,7 @@ sanitize_spec_function (int argc, const char **argv)
>    if (strcmp (argv[0], "thread") == 0)
>      return (flag_sanitize & SANITIZE_THREAD) ? "" : NULL;
>    if (strcmp (argv[0], "undefined") == 0)
> -    return ((flag_sanitize & (SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT))
> +    return ((flag_sanitize & (SANITIZE_UNDEFINED | SANITIZE_UNDEFINED_NONDEFAULT))

Likewise.

> --- a/gcc/opts.c
> +++ b/gcc/opts.c
> @@ -1551,6 +1551,12 @@ common_handle_option (struct gcc_options *opts,
>  			     | SANITIZE_RETURNS_NONNULL_ATTRIBUTE))
>  	  opts->x_flag_delete_null_pointer_checks = 0;
>  
> +	/* UBSan and KASan enable recovery by default.  */
> +	opts->x_flag_sanitize_recover
> +	  = !!(flag_sanitize & (SANITIZE_UNDEFINED
> +				| SANITIZE_UNDEFINED_NONDEFAULT
> +				| SANITIZE_KERNEL_ADDRESS));
> +

Doesn't this override even user supplied -fsanitize-recover or
-fno-sanitize-recover ?  Have you tried both
-fno-sanitize-recover -fsanitize=kernel-address
and
-fsanitize=kernel-address -fno-sanitize-recover
option orders?

Seems for -fdelete-null-pointer-checks we got it wrong too,
IMHO for -fsanitize={null,{,returns-}nonnull-attribute,undefined}
we want to disable it unconditionally, regardless of whether
that option appears on the command line or not.
And we handle it right for 
-fdelete-null-pointer-checks -fsanitize=undefined
but not for
-fsanitize=undefined -fdelete-null-pointer-checks
Joseph, thoughts where to override it instead (I mean, after all
options are processed)?

In the -fsanitize-recover case, I'd on the other side think that
it should just override the default and not override explicit
user's decision.  Which could be done here, but supposedly guarded
with if (!opts_set->x_flag_sanitize_recover)?

I don't think your proposal will work properly though,
if one compiles with
-fsanitize=undefined -fsanitize=address
you'll just get userland asan with error recovery, which is highly
undesirable (not just that it changes the behavior from how it
behaved before, but especially because libasan doesn't contain
such entrypoints at all).
-fsanitize=undefined,address
or
-fsanitize=address,undefined
is normal supported mode and thus I think you either can't reuse
-fsanitize-recover option for what you want to do, or
asan.c needs to limit it to flag_sanitize & SANITIZE_KERNEL_ADDRESS
mode only.  Depends if you ever want to add recovery for userland
sanitization.

	Jakub