build: Disable _FORTIFY_SOURCE if using MSan #30140

pull hebasto wants to merge 2 commits into bitcoin:master from hebasto:240518-msan changing 3 files +22 −6
  1. hebasto commented at 9:58 am on May 18, 2024: member

    This PR shifts responsibility to disable _FORTIFY_SOURCE from the user to the build system, which:

    • improves usability
    • simplifies the CI and OSS-Fuzz scripts
    • is useful for CMake migration as it removes the need to use non-standard APPEND_CPPFLAGS in such a corner case
  2. build: Disable `_FORTIFY_SOURCE` if using MSan f88b189129
  3. ci: Drop no longer needed `CPPFLAGS='-U_FORTIFY_SOURCE'` in MSan jobs 721925ba82
  4. DrahtBot commented at 9:58 am on May 18, 2024: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage

    For detailed information about the code coverage, see the test coverage report.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept NACK fanquake

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  5. DrahtBot added the label Build system on May 18, 2024
  6. hebasto added the label Needs CMake port on May 18, 2024
  7. hebasto added the label Tests on May 18, 2024
  8. fanquake commented at 10:22 am on May 18, 2024: member

    Concept NACK. If anything should be changed, it would be the implementation of applying the hardening flags in the CMake branch, so it’s possible to override them using standard CMake variables. Not push more complexity into the build system, and hardcode specific things.

    Removing APPEND_*FLAGS shouldn’t be a goal, as it needs to exist, to do what it exists for (actually give a mechanism for always overriding a flag, regardless of what CMake try’s to do). Otherwise in future, if we (or any other user) needs to do something, there may not be a (easy, working) way to do so, depending on the implementation details of the CMake build system.

  9. hebasto commented at 10:38 am on May 18, 2024: member

    Concept NACK. If anything should be changed, it would be the implementation of applying the hardening flags in the CMake branch, so it’s possible to override them using standard CMake variables.

    I disagree. The current implementation is undocumented and error-prone on the user side.

    Not push more complexity into the build system, and hardcode specific things.

    This statement seems quite arbitrary. Considering that the build system is full of “hardcode specific things” that “push more complexity into”, what are explicit criteria for such a reasoning?

    Removing APPEND_*FLAGS shouldn’t be a goal

    It is not a goal of this PR. Rather removing the need to use them when building with MSan.

  10. fanquake commented at 10:45 am on May 18, 2024: member

    I disagree. The current implementation is undocumented and error-prone on the user side.

    In the CMake branch? If this is the case, then it needs to be reworked anyway…?

    Another reason undefining a flag like this needs to be easily possible, is if you want to set the fortify level to anything other than what we pick, it needs to be undefined first. So this all needs to be possible outside of MSAN. Given that, we should also use the same mechanisms, rather than hardcoding things here.

  11. hebasto commented at 10:57 am on May 18, 2024: member

    I disagree. The current implementation is undocumented and error-prone on the user side.

    In the CMake branch? If this is the case, then it needs to be reworked anyway…?

    In the master branch.

    ./configure CC=clang CXX=clang++ --with-sanitizers=memory just leads to MSan warnings forcing the user for further actions.

  12. fanquake commented at 11:11 am on May 18, 2024: member

    ./configure CC=clang CXX=clang++ –with-sanitizers=memory just leads to MSan warnings forcing the user for further actions.

    Your PR here doesn’t change that. Anyone wanting to use MSAN needs to do extensive setup, and build a fully instrumented toolchain. It can’t be expected to work out of the box.

  13. hebasto commented at 11:36 am on May 18, 2024: member

    Anyone wanting to use MSAN needs to do extensive setup, and build a fully instrumented toolchain. It can’t be expected to work out of the box.

    Right. I didn’t mean the latter. Just quoted the main system configuration stage for brevity.

    Your PR here doesn’t change that.

    It does. The second commit proves it, doesn’t it?

  14. fanquake commented at 11:39 am on May 18, 2024: member

    It does. The second commit proves it, doesn’t it?

    No. I don’t see how that commit sets up a fully instrumented MSAN toolchain.

  15. hebasto commented at 11:43 am on May 18, 2024: member

    It does. The second commit proves it, doesn’t it?

    No. I don’t see how that commit sets up a fully instrumented MSAN toolchain.

    Sure. It “shifts responsibility to disable _FORTIFY_SOURCE from the user to the build system”.

  16. fanquake commented at 11:47 am on May 18, 2024: member

    Sure. It “shifts responsibility to disable _FORTIFY_SOURCE from the user to the build system”.

    Setting a single preprocessor flag isn’t instrumenting a toolchain?

    I still haven’t seen a good reason to not use the mechanisms that exist to set flags, given those mechanisms need to exist (i.e undefining and redefining fortify source), and should be tested so they are known to be working.

  17. hebasto closed this on May 18, 2024
  18. hebasto removed the label Needs CMake port on May 20, 2024


hebasto DrahtBot fanquake

Labels
Build system Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-28 22:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me