Message ID | 50AF5DA3.9040803@net-b.de |
---|---|
State | New |
Headers | show |
Looks good. On Fri, Nov 23, 2012 at 3:27 PM, Tobias Burnus <burnus@net-b.de> wrote: > Konstantin Serebryany wrote: >> >> On Mon, Nov 19, 2012 at 10:44 PM, Tobias Burnus <burnus@net-b.de> wrote: >>> >>> attached is a first draft for -faddress-sanitizer in the release notes. >> >> stack overflow is something different, I guess we want to say "stack >> >> buffer overflow". I typically write something like "heap-, stack-, and >> global- buffer >> overflow as well as use-after-free bugs". > > > Fixed. See attached updated patch. > > >> I also suggest adding "use -O1 or higher for better performance" >> because otherwise "fast memory error detector" is not really true. > > > Is that needed? I think that's obvious that -O0 is not that fast. asan at O0 is *really* slow, and for some users it may be non-obvious. but I don't insist because your patch give the links to the detailed docs. > > > Notes: I didn't mention Sparc, PowerPC, and Darwin Darwin works fine with clang, but not yet in gcc. > as those aren't yet > available. I kept the current wording for ASAN even though global and stack > overflow are to my knowledge not yet available. at least simple tests for stack- and global- buffer overflows seem to work. Thanks! --kcc > > Tobias
Konstantin Serebryany wrote: > Looks good. And now available at http://gcc.gnu.org/gcc-4.8/changes.html >> Notes: I didn't mention Sparc, PowerPC, and Darwin > Darwin works fine with clang, but not yet in gcc. I know – and actually it is a bit unclear to me what's the review status of Jack Howarth's patch. > at least simple tests for stack- and global- buffer overflows seem to > work. I think the man page should be then updated. (I think it used to mention stack and global buffer overflow; in any case, the the current version doesn't.) Tobias
On Fri, Nov 23, 2012 at 5:22 PM, Tobias Burnus <burnus@net-b.de> wrote: > Konstantin Serebryany wrote: >> >> Looks good. > > > And now available at http://gcc.gnu.org/gcc-4.8/changes.html Cool! > > >>> Notes: I didn't mention Sparc, PowerPC, and Darwin >> >> Darwin works fine with clang, but not yet in gcc. > > > I know – and actually it is a bit unclear to me what's the review status of > Jack Howarth's patch. I think it needs the LICENSE file (mach_override has a separate license). > > >> at least simple tests for stack- and global- buffer overflows seem to >> work. > > > I think the man page should be then updated. man page? > (I think it used to mention > stack and global buffer overflow; in any case, the the current version > doesn't.) > > Tobias
Konstantin Serebryany wrote: >> >I think the man page should be then updated. > man page? I mean gcc/doc/invoke.texi, which is available as "man gcc" and also part of the GCC Manual (http://gcc.gnu.org/onlinedocs/). It currently contains: @item -fsanitize=address Enable AddressSanitizer, a fast memory error detector. Memory access instructions will be instrumented to detect out-of-bounds and use-after-free bugs. So far only heap bugs will be detected. See @uref{http://code.google.com/p/address-sanitizer/} for more details. Tobias
On Fri, Nov 23, 2012 at 5:30 PM, Tobias Burnus <burnus@net-b.de> wrote: > Konstantin Serebryany wrote: >>> >>> >I think the man page should be then updated. >> >> man page? > > > I mean gcc/doc/invoke.texi, which is available as "man gcc" and also part of > the GCC Manual (http://gcc.gnu.org/onlinedocs/). It currently contains: > > @item -fsanitize=address > Enable AddressSanitizer, a fast memory error detector. > Memory access instructions will be instrumented to detect > out-of-bounds and use-after-free bugs. So far only heap bugs will be > detected. I guess we can remove this: "So far only heap bugs will be detected." --kcc > See @uref{http://code.google.com/p/address-sanitizer/} for more details. > > > Tobias
Index: changes.html =================================================================== RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-4.8/changes.html,v retrieving revision 1.63 diff -u -p -r1.63 changes.html --- changes.html 21 Nov 2012 10:19:27 -0000 1.63 +++ changes.html 23 Nov 2012 11:21:19 -0000 @@ -110,6 +110,18 @@ by this change.</p> inlining decisions (for example in the case of Fortran array descriptors) and devirtualization.</li> </ul></li> + <li><a href="https://code.google.com/p/address-sanitizer/">AddressSanitizer + </a>, a fast memory error detector, has been added and can be + enabled via <code>-fsanitize=address</code>. Memory access + instructions will be instrumented to detect heap-, stack-, and + global-buffer overflow as well as use-after-free bugs. To get + nicer stacktraces, use <code>-fno-omit-frame-pointer</code>. The + AddressSanitizer is available on IA-32/x86-64/x32 Linux.</li> + <li><a href="https://code.google.com/p/data-race-test/wiki/ThreadSanitizer" + >ThreadSanitizer</a> has been added and can be enabled via + <code>-fsanitize=thread</code>. Instructions will be instrumented to + detect data races. The ThreadSanitizer is available on x86-64 + Linux.</li> </ul>