[wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Tobias Burnus]

[-- Attachment #1: Type: text/plain, Size: 381 bytes --]

Dear all,

attached is a first draft for -faddress-sanitizer in the release notes.

I am aware that some changes are imminent,* but I want make a start.
Comments?

Tobias

* For instance:
- PowerPC/PowerPC64 Linux support
- Renaming to -fsanitizer=address
- Addition of -fsanitizer=thread
- libsanitizer builds with sparc (but ASAN_SHADOW_SHIFT is missing?)
- Darwin nearly works?

[-- Attachment #2: one.diff --]
[-- Type: text/x-patch, Size: 935 bytes --]

Index: changes.html
===================================================================
RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-4.8/changes.html,v
retrieving revision 1.58
diff -p -u -r1.58 changes.html
--- changes.html	19 Nov 2012 15:23:15 -0000	1.58
+++ changes.html	19 Nov 2012 18:34:22 -0000
@@ -101,6 +101,13 @@ by this change.</p>
 	 inlining decisions (for example in the case of Fortran
 	 array descriptors) and devirtualization.</li>
     </ul></li>
+    <li><a href="http://code.google.com/p/address-sanitizer/">AddressSanitizer
+	</a>, a fast memory error detector, has been added and can be
+	enabled via <code>-faddress-sanitizer</code>. Memory access
+	instructions will be instrumented to detect out-of-bounds,
+	use-after-free, stack overflow and global overflow bugs. To get
+	nicer stacktraces, use <code>-fno-omit-frame-pointer</code>. The
+	AddressSanitizer is available on IA-32/x86-64/x32 Linux.</li>
   </ul>
 
 

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Konstantin Serebryany]

On Mon, Nov 19, 2012 at 10:44 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Dear all,
>
> attached is a first draft for -faddress-sanitizer in the release notes.
>
> I am aware that some changes are imminent,* but I want make a start.
> Comments?

stack overflow is something different, I guess we want to say "stack
buffer overflow".
I typically write something like "heap-, stack-, and global- buffer
overflow as well as use-after-free bugs".

I also suggest adding "use -O1 or higher for better performance"
because otherwise "fast memory error detector" is not really true.


>
> Tobias
>
> * For instance:
> - PowerPC/PowerPC64 Linux support
> - Renaming to -fsanitizer=address
-fsanitize=address (no 'r')

Thanks!


> - Addition of -fsanitizer=thread
> - libsanitizer builds with sparc (but ASAN_SHADOW_SHIFT is missing?)
> - Darwin nearly works?

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Tobias Burnus]

[-- Attachment #1: Type: text/plain, Size: 829 bytes --]

Konstantin Serebryany wrote:
> On Mon, Nov 19, 2012 at 10:44 PM, Tobias Burnus <burnus@net-b.de> wrote:
>> attached is a first draft for -faddress-sanitizer in the release notes.
> stack overflow is something different, I guess we want to say "stack
> buffer overflow". I typically write something like "heap-, stack-, and global- buffer
> overflow as well as use-after-free bugs".

Fixed. See attached updated patch.

> I also suggest adding "use -O1 or higher for better performance"
> because otherwise "fast memory error detector" is not really true.

Is that needed? I think that's obvious that -O0 is not that fast.


Notes: I didn't mention Sparc, PowerPC, and Darwin as those aren't yet 
available. I kept the current wording for ASAN even though global and 
stack overflow are to my knowledge not yet available.

Tobias

[-- Attachment #2: changes.diff --]
[-- Type: text/x-patch, Size: 1228 bytes --]

Index: changes.html
===================================================================
RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-4.8/changes.html,v
retrieving revision 1.63
diff -u -p -r1.63 changes.html
--- changes.html	21 Nov 2012 10:19:27 -0000	1.63
+++ changes.html	23 Nov 2012 11:21:19 -0000
@@ -110,6 +110,18 @@ by this change.</p>
 	 inlining decisions (for example in the case of Fortran
 	 array descriptors) and devirtualization.</li>
     </ul></li>
+    <li><a href="https://code.google.com/p/address-sanitizer/">AddressSanitizer
+	</a>, a fast memory error detector, has been added and can be
+	enabled via <code>-fsanitize=address</code>. Memory access
+	instructions will be instrumented to detect heap-, stack-, and
+	global-buffer overflow as well as use-after-free bugs. To get
+	nicer stacktraces, use <code>-fno-omit-frame-pointer</code>. The
+	AddressSanitizer is available on IA-32/x86-64/x32 Linux.</li>
+    <li><a href="https://code.google.com/p/data-race-test/wiki/ThreadSanitizer"
+	>ThreadSanitizer</a> has been added and can be enabled via
+	<code>-fsanitize=thread</code>. Instructions will be instrumented to
+	detect data races. The ThreadSanitizer is available on x86-64
+	Linux.</li>
   </ul>
 
 

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Konstantin Serebryany]

Looks good.

On Fri, Nov 23, 2012 at 3:27 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Konstantin Serebryany wrote:
>>
>> On Mon, Nov 19, 2012 at 10:44 PM, Tobias Burnus <burnus@net-b.de> wrote:
>>>
>>> attached is a first draft for -faddress-sanitizer in the release notes.
>>
>> stack overflow is something different, I guess we want to say "stack
>>
>> buffer overflow". I typically write something like "heap-, stack-, and
>> global- buffer
>> overflow as well as use-after-free bugs".
>
>
> Fixed. See attached updated patch.
>
>
>> I also suggest adding "use -O1 or higher for better performance"
>> because otherwise "fast memory error detector" is not really true.
>
>
> Is that needed? I think that's obvious that -O0 is not that fast.

asan at O0 is *really* slow, and for some users it may be non-obvious.
but I don't insist because your patch give the links to the detailed docs.


>
>
> Notes: I didn't mention Sparc, PowerPC, and Darwin

Darwin works fine with clang, but not yet in gcc.

> as those aren't yet
> available. I kept the current wording for ASAN even though global and stack
> overflow are to my knowledge not yet available.

at least simple tests for stack- and global- buffer overflows seem to work.

Thanks!

--kcc

>
> Tobias

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Tobias Burnus]

Konstantin Serebryany wrote:
> Looks good.

And now available at http://gcc.gnu.org/gcc-4.8/changes.html

>> Notes: I didn't mention Sparc, PowerPC, and Darwin
> Darwin works fine with clang, but not yet in gcc.

I know – and actually it is a bit unclear to me what's the review status 
of Jack Howarth's patch.

> at least simple tests for stack- and global- buffer overflows seem to 
> work.

I think the man page should be then updated. (I think it used to mention 
stack and global buffer overflow; in any case, the the current version 
doesn't.)

Tobias

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Konstantin Serebryany]

On Fri, Nov 23, 2012 at 5:22 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Konstantin Serebryany wrote:
>>
>> Looks good.
>
>
> And now available at http://gcc.gnu.org/gcc-4.8/changes.html

Cool!

>
>
>>> Notes: I didn't mention Sparc, PowerPC, and Darwin
>>
>> Darwin works fine with clang, but not yet in gcc.
>
>
> I know – and actually it is a bit unclear to me what's the review status of
> Jack Howarth's patch.

I think it needs the LICENSE file (mach_override has a separate license).

>
>
>> at least simple tests for stack- and global- buffer overflows seem to
>> work.
>
>
> I think the man page should be then updated.

man page?


> (I think it used to mention
> stack and global buffer overflow; in any case, the the current version
> doesn't.)
>
> Tobias

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Tobias Burnus]

Konstantin Serebryany wrote:
>> >I think the man page should be then updated.
> man page?

I mean gcc/doc/invoke.texi, which is available as "man gcc" and also 
part of the GCC Manual (http://gcc.gnu.org/onlinedocs/). It currently 
contains:

@item -fsanitize=address
Enable AddressSanitizer, a fast memory error detector.
Memory access instructions will be instrumented to detect
out-of-bounds and use-after-free bugs. So far only heap bugs will be 
detected.
See @uref{http://code.google.com/p/address-sanitizer/} for more details.


Tobias

Re: [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

[Konstantin Serebryany]

On Fri, Nov 23, 2012 at 5:30 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Konstantin Serebryany wrote:
>>>
>>> >I think the man page should be then updated.
>>
>> man page?
>
>
> I mean gcc/doc/invoke.texi, which is available as "man gcc" and also part of
> the GCC Manual (http://gcc.gnu.org/onlinedocs/). It currently contains:
>
> @item -fsanitize=address
> Enable AddressSanitizer, a fast memory error detector.
> Memory access instructions will be instrumented to detect
> out-of-bounds and use-after-free bugs. So far only heap bugs will be
> detected.

I guess we can remove this: "So far only heap bugs will be detected."

--kcc

> See @uref{http://code.google.com/p/address-sanitizer/} for more details.
>
>
> Tobias