GNU bug report logs - #76393
Warn about -fsanitizer=address builds

Previous Next

Full log

Message #11 received at 76393 <at> debbugs.gnu.org (full text, mbox):

From: Pip Cet <pipcet <at> protonmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 76393 <at> debbugs.gnu.org, eggert <at> cs.ucla.edu
Subject: Re: bug#76393: Warn about -fsanitizer=address builds
Date: Tue, 18 Feb 2025 15:48:44 +0000

"Eli Zaretskii" <eliz <at> gnu.org> writes:

>> Date: Tue, 18 Feb 2025 12:34:08 +0000
>> From:  Pip Cet via "Bug reports for GNU Emacs,
>>  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
>>
>> Building with current GCC and -fsanitizer=address results in certain
>> (large) stack allocations being performed on a "fake stack", using
>> __asan_stack_malloc_N.  This "fake stack" is invisible to GC and thus
>> breaks conservative GC scanning (bug#76327).
>>
>> It seems to be possible to work around this by setting
>>
>> ASAN_OPTIONS=detect_stack_use_after_return=0
>>
>> Even with that option, a "sanitized" build reports bogus errors.
>>
>> ASAN_OPTIONS=detect_stack_use_after_return=0,detect_leaks=0
>>
>> seems to work, at least, but is it really worth it to keep adding
>> options (inconveniently using environment variables) to work around such
>> ASAN bugs?
>>
>> I think it would be preferrable to warn about builds with
>> -fsanitizer=address, which generates broken code, or disable them
>> entirely.
>
> If what we have in etc/DEBUG about building with address sanitization
> is not enough or outdated, please consider updating and expanding that
> section.

Since we detect asan builds, and we know them to be broken, we should
probably warn about it in configure.ac as well.  I strongly suspect that
if ASAN sees further development, it will break Emacs in new ways, and
that'll be hard to debug.

So here's the documentation part; I'd like to change configure.ac as
well, but the doc part should come first.

From 96e3e05a8a636b205ba204a222dc2eb98a45d4fa Mon Sep 17 00:00:00 2001
From: Pip Cet <pipcet <at> protonmail.com>
Subject: [PATCH] Warn about -fsanitize=address (bug#76393)

* etc/DEBUG (Running Emacs with address sanitization): Explain
currently-known problems when building with -fsanitize=address.
---
 etc/DEBUG | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/etc/DEBUG b/etc/DEBUG
index ca061063454..95c2180fb18 100644
--- a/etc/DEBUG
+++ b/etc/DEBUG
@@ -1010,14 +1010,20 @@ program.
 ** Running Emacs with address sanitization
 
 Building Emacs with address sanitization can help debug memory-use
-problems, such as freeing the same object twice.  To use
-AddressSanitizer with GCC and similar compilers, append
+problems, such as freeing the same object twice.  However,
+-fsanitize=address also introduces bugs in the compiled code which cause
+GC problems and phantom crashes, which do not always look like they're
+caused by the address sanitizer.
+
+To use AddressSanitizer with GCC and similar compilers, append
 '-fsanitize=address' to CFLAGS, either when running 'configure' or
 running 'make'.  Configure, build and run Emacs with
-ASAN_OPTIONS='detect_leaks=0' in the environment to suppress
-diagnostics of minor memory leaks in Emacs.  For example:
+ASAN_OPTIONS='detect_stack_use_after_return=0,detect_leaks=0' in the
+environment to suppress diagnostics of minor memory leaks in Emacs, and
+buggy code which relocates objects from the stack to the heap .  For
+example:
 
-  export ASAN_OPTIONS='detect_leaks=0'
+  export ASAN_OPTIONS='detect_stack_use_after_return=0,detect_leaks=0'
   ./configure CFLAGS='-O0 -g3 -fsanitize=address'
   make
   src/emacs
-- 
2.48.1

Pip

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.