This is an archive of the discontinued LLVM Phabricator instance.

[sanitizer] Add "mainfile" prefix to sanitizer special case list
ClosedPublic

Authored by MaskRay on Jul 14 2022, 9:48 PM.

Details

Summary

When an issue exists in the main file (caller) instead of an included file
(callee), using a src pattern applying to the included file may be
inappropriate if it's the caller's responsibility. Add mainfile prefix to check
the main filename.

For the example below, the issue may reside in a.c (foo should not be called
with a misaligned pointer or foo should switch to an unaligned load), but with
src we can only apply to the innocent callee a.h. With this patch we can use
the more appropriate mainfile:a.c.

//--- a.h
// internal linkage
static inline int load(int *x) { return *x; }

//--- a.c, -fsanitize=alignment
#include "a.h"
int foo(void *x) { return load(x); }

See updated clang/docs/SanitizerSpecialCaseList.rst for caveat using
mainfile due to C++ vague linkage functions.

Diff Detail

Event Timeline

MaskRay created this revision.Jul 14 2022, 9:48 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 14 2022, 9:48 PM
Herald added a subscriber: StephenFan. · View Herald Transcript
MaskRay requested review of this revision.Jul 14 2022, 9:48 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJul 14 2022, 9:48 PM
MaskRay edited the summary of this revision. (Show Details)Jul 14 2022, 9:49 PM
MaskRay edited the summary of this revision. (Show Details)

problem with included files that we don't know which non-inlined version of the function will endup in the binary
so using this option, user may unintentionally disable instrumentation on all included headers, even when included from a different place

problem with included files that we don't know which non-inlined version of the function will endup in the binary
so using this option, user may unintentionally disable instrumentation on all included headers, even when included from a different place

This argument applies to vague linkage functions which are deduplicated.
There are many internal linkage function use cases which can benefit this, e.g. static inline.
But thanks for the comment. Let me improve the summary.

problem with included files that we don't know which non-inlined version of the function will endup in the binary
so using this option, user may unintentionally disable instrumentation on all included headers, even when included from a different place

This argument applies to vague linkage functions which are deduplicated.
There are many internal linkage function use cases which can benefit this, e.g. static inline.
But thanks for the comment. Let me improve the summary.

I understand how it benefit static inclines, it still unintentionally regress instrumentation for other code.
we need at least a warning in documentation

Also if this is not widespread problem, I would prefer we don't do that.
Having mainsrc: in ignore list will complicate debugging false negatives.

MaskRay edited the summary of this revision. (Show Details)Jul 14 2022, 10:54 PM

mainsrc may still be useful, e.g. if a wildcard is used to ensure the prevailing one is ignored.

Not sure I understand, how can we make that? Usually it's hard to control what is included, especially indirectly.

MaskRay updated this revision to Diff 444882.Jul 14 2022, 11:07 PM

Warn mainsrc for C++ vague linkage functions

mainsrc may still be useful, e.g. if a wildcard is used to ensure the prevailing one is ignored.

Not sure I understand, how can we make that? Usually it's hard to control what is included, especially indirectly.

Elaborated in the updated clang/docs/SanitizerSpecialCaseList.rst

vitalybuka added inline comments.Jul 14 2022, 11:23 PM
clang/lib/CodeGen/CodeGenModule.cpp
2786

we search exactly the same MainFile.getName() in containsMainFile and containsFile ?

vitalybuka added inline comments.Jul 14 2022, 11:25 PM
clang/lib/CodeGen/CodeGenModule.cpp
2786

I see, it's some fallback branch

vitalybuka added inline comments.Jul 14 2022, 11:27 PM
clang/docs/SanitizerSpecialCaseList.rst
110–112

if this is transitionalt solution, would it be better just to use -fno-sanitize= on *.cpp file?

MaskRay marked 2 inline comments as done.Jul 14 2022, 11:36 PM
MaskRay added inline comments.
clang/docs/SanitizerSpecialCaseList.rst
108

Added: `(There is an action at a distance risk.)`

110–112

This provides a more convenient way than using -fno-sanitize= for a different set of files.

E.g. if a group wants to ignore a check for all `[a-m]* files, then can use mainsrc:[a-m]* instead of patching the build system.

MaskRay updated this revision to Diff 444892.Jul 14 2022, 11:39 PM

update doc

vitalybuka accepted this revision.Jul 15 2022, 2:21 AM

The patch is LGTM, but please consider to keep an ignorelist limited.

clang/docs/SanitizerSpecialCaseList.rst
110–112

Convenience of -fno-sanitize= approach that you make it visible to maintainer of component. Then it's their responsibility.
Ignore list is toolchain team debt.

This revision is now accepted and ready to land.Jul 15 2022, 2:21 AM
kstoimenov accepted this revision.Jul 15 2022, 9:06 AM

I think the name 'mainsrc' is slightly misleading because of the association with the 'main' function. Maybe something like primarysrc would be better to avoid this confusion?

The patch is LGTM, but please consider to keep an ignorelist limited.

Thanks!

I think the name 'mainsrc' is slightly misleading because of the association with the 'main' function. Maybe something like primarysrc would be better to avoid this confusion?

How about mainfile? Clang resources to the file as the main file. I picked src suffix just to be similar to src...

I guess Kirills' complain is about main part, not src.
But I have no idea what name could be better.
I guess thechnically it's preprocessed src? :)
To me as is name is fine.

MaskRay updated this revision to Diff 445051.Jul 15 2022, 10:37 AM
MaskRay retitled this revision from [sanitizer] Add "mainsrc" prefix to sanitizer special case list to [sanitizer] Add "mainfile" prefix to sanitizer special case list.
MaskRay edited the summary of this revision. (Show Details)

mainsrc => mainfile

Clang names the file "main file". CC1 has options like -main-file-name.
Using "mainfile" instead of "mainsrc" avoids introducing new terminology.

This revision was landed with ongoing or failed builds.Jul 15 2022, 10:39 AM
This revision was automatically updated to reflect the committed changes.