Patchwork [wwwdocs] Mention -faddress-sanitizer in gcc-4.8/changes.html

login
register
mail settings
Submitter Tobias Burnus
Date Nov. 23, 2012, 11:27 a.m.
Message ID <50AF5DA3.9040803@net-b.de>
Download mbox | patch
Permalink /patch/201295/
State New
Headers show

Comments

Tobias Burnus - Nov. 23, 2012, 11:27 a.m.
Konstantin Serebryany wrote:
> On Mon, Nov 19, 2012 at 10:44 PM, Tobias Burnus <burnus@net-b.de> wrote:
>> attached is a first draft for -faddress-sanitizer in the release notes.
> stack overflow is something different, I guess we want to say "stack
> buffer overflow". I typically write something like "heap-, stack-, and global- buffer
> overflow as well as use-after-free bugs".

Fixed. See attached updated patch.

> I also suggest adding "use -O1 or higher for better performance"
> because otherwise "fast memory error detector" is not really true.

Is that needed? I think that's obvious that -O0 is not that fast.


Notes: I didn't mention Sparc, PowerPC, and Darwin as those aren't yet 
available. I kept the current wording for ASAN even though global and 
stack overflow are to my knowledge not yet available.

Tobias
Konstantin Serebryany - Nov. 23, 2012, 12:20 p.m.
Looks good.

On Fri, Nov 23, 2012 at 3:27 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Konstantin Serebryany wrote:
>>
>> On Mon, Nov 19, 2012 at 10:44 PM, Tobias Burnus <burnus@net-b.de> wrote:
>>>
>>> attached is a first draft for -faddress-sanitizer in the release notes.
>>
>> stack overflow is something different, I guess we want to say "stack
>>
>> buffer overflow". I typically write something like "heap-, stack-, and
>> global- buffer
>> overflow as well as use-after-free bugs".
>
>
> Fixed. See attached updated patch.
>
>
>> I also suggest adding "use -O1 or higher for better performance"
>> because otherwise "fast memory error detector" is not really true.
>
>
> Is that needed? I think that's obvious that -O0 is not that fast.

asan at O0 is *really* slow, and for some users it may be non-obvious.
but I don't insist because your patch give the links to the detailed docs.


>
>
> Notes: I didn't mention Sparc, PowerPC, and Darwin

Darwin works fine with clang, but not yet in gcc.

> as those aren't yet
> available. I kept the current wording for ASAN even though global and stack
> overflow are to my knowledge not yet available.

at least simple tests for stack- and global- buffer overflows seem to work.

Thanks!

--kcc

>
> Tobias
Tobias Burnus - Nov. 23, 2012, 1:22 p.m.
Konstantin Serebryany wrote:
> Looks good.

And now available at http://gcc.gnu.org/gcc-4.8/changes.html

>> Notes: I didn't mention Sparc, PowerPC, and Darwin
> Darwin works fine with clang, but not yet in gcc.

I know – and actually it is a bit unclear to me what's the review status 
of Jack Howarth's patch.

> at least simple tests for stack- and global- buffer overflows seem to 
> work.

I think the man page should be then updated. (I think it used to mention 
stack and global buffer overflow; in any case, the the current version 
doesn't.)

Tobias
Konstantin Serebryany - Nov. 23, 2012, 1:24 p.m.
On Fri, Nov 23, 2012 at 5:22 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Konstantin Serebryany wrote:
>>
>> Looks good.
>
>
> And now available at http://gcc.gnu.org/gcc-4.8/changes.html

Cool!

>
>
>>> Notes: I didn't mention Sparc, PowerPC, and Darwin
>>
>> Darwin works fine with clang, but not yet in gcc.
>
>
> I know – and actually it is a bit unclear to me what's the review status of
> Jack Howarth's patch.

I think it needs the LICENSE file (mach_override has a separate license).

>
>
>> at least simple tests for stack- and global- buffer overflows seem to
>> work.
>
>
> I think the man page should be then updated.

man page?


> (I think it used to mention
> stack and global buffer overflow; in any case, the the current version
> doesn't.)
>
> Tobias
Tobias Burnus - Nov. 23, 2012, 1:30 p.m.
Konstantin Serebryany wrote:
>> >I think the man page should be then updated.
> man page?

I mean gcc/doc/invoke.texi, which is available as "man gcc" and also 
part of the GCC Manual (http://gcc.gnu.org/onlinedocs/). It currently 
contains:

@item -fsanitize=address
Enable AddressSanitizer, a fast memory error detector.
Memory access instructions will be instrumented to detect
out-of-bounds and use-after-free bugs. So far only heap bugs will be 
detected.
See @uref{http://code.google.com/p/address-sanitizer/} for more details.


Tobias
Konstantin Serebryany - Nov. 23, 2012, 1:33 p.m.
On Fri, Nov 23, 2012 at 5:30 PM, Tobias Burnus <burnus@net-b.de> wrote:
> Konstantin Serebryany wrote:
>>>
>>> >I think the man page should be then updated.
>>
>> man page?
>
>
> I mean gcc/doc/invoke.texi, which is available as "man gcc" and also part of
> the GCC Manual (http://gcc.gnu.org/onlinedocs/). It currently contains:
>
> @item -fsanitize=address
> Enable AddressSanitizer, a fast memory error detector.
> Memory access instructions will be instrumented to detect
> out-of-bounds and use-after-free bugs. So far only heap bugs will be
> detected.

I guess we can remove this: "So far only heap bugs will be detected."

--kcc

> See @uref{http://code.google.com/p/address-sanitizer/} for more details.
>
>
> Tobias

Patch

Index: changes.html
===================================================================
RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-4.8/changes.html,v
retrieving revision 1.63
diff -u -p -r1.63 changes.html
--- changes.html	21 Nov 2012 10:19:27 -0000	1.63
+++ changes.html	23 Nov 2012 11:21:19 -0000
@@ -110,6 +110,18 @@  by this change.</p>
 	 inlining decisions (for example in the case of Fortran
 	 array descriptors) and devirtualization.</li>
     </ul></li>
+    <li><a href="https://code.google.com/p/address-sanitizer/">AddressSanitizer
+	</a>, a fast memory error detector, has been added and can be
+	enabled via <code>-fsanitize=address</code>. Memory access
+	instructions will be instrumented to detect heap-, stack-, and
+	global-buffer overflow as well as use-after-free bugs. To get
+	nicer stacktraces, use <code>-fno-omit-frame-pointer</code>. The
+	AddressSanitizer is available on IA-32/x86-64/x32 Linux.</li>
+    <li><a href="https://code.google.com/p/data-race-test/wiki/ThreadSanitizer"
+	>ThreadSanitizer</a> has been added and can be enabled via
+	<code>-fsanitize=thread</code>. Instructions will be instrumented to
+	detect data races. The ThreadSanitizer is available on x86-64
+	Linux.</li>
   </ul>