Enable ASan in all components, switch stdlib to libc++, switch to lld

[senderista]

This change passes compiler/linker flags to all built components to enable AddressSanitizer when -DSANITIZER=ASAN is passed to cmake (default in debug builds), and to use libc++ rather than libstdc++ (which is the default stdlib with clang even though it's the GCC stdlib and libc++ is the LLVM stdlib). We also set the linker flag -fuse-ld=lld everywhere to force the lld linker to be used rather than GNU ld (again the default with clang even though lld is the LLVM linker). The combination of libc++ and lld will make it possible to enable MemorySanitizer in an upcoming PR. Additionally, lld is reputed to make LLVM builds much faster (particularly debug builds), but I haven't measured the difference. Note that if you aren't using gdev, you need to install the following packages (assuming Ubuntu 20.04):

clang-10
libc++-10-dev
libc++abi-10-dev
lld-10

If you only install the lld-10 package but not the lld package (which installs lld-10 as the default lld version on Ubuntu 20.04 but not on 18.04), you may need to create a symlink from ld.lld to ld.lld-10 so that linker flags will work properly:

update-alternatives --install "/usr/bin/ld.lld" "ld.lld" "/usr/bin/ld.lld-10" 10

(As usual, this is already taken care of for you by gdev.)

PS: I had to enable ASan in all built components in order to switch to libc++, because ASan is able to use a feature called "container overflow detection" when libc++ is used (it's annotated to enable this feature). However, this will lead to false positives when any code is linked that wasn't built with ASan, so I had to pass ASan compiler/linker flags to all our third-party components as well. After doing so, I verified that ASan no longer produced false positives. Enabling UBSan on all built components produced runtime errors in LLVM, so for now UBSan is only enabled on Gaia components.

[simone-gaia]

Looking at other projects I don't get why we use our own GAIA_COMPILE_FLAGS and GAIA_LINKER_FLAGS. Every time you have some arguments you want to apply both to Gaia and other code you need to set it twice. Not something that need to be addressed in this PR, but maybe you know why.

[senderista]

I agree, I don't think it's proper usage of cmake and I've wanted to fix it for a while. But it took so much fiddling to get these changes to work that I'd like to reserve that for a separate PR.

[simone-gaia]

Cool, I just wanted to know if there was a strong reason to keep them.

[LaurentiuCristofor]

The idea was to share the default compilation/linking flags across the project. If there's a better way to do that, we should use it.

[senderista]

It would be easy enough to just use add_compile_options()/add_link_options() at the top level, with the current contents of GAIA_*_FLAGS, but I'm worried that might break some 3rd-party code. I'll try that once this PR is checked in.

[simone-gaia]

Another thing is:

Additionally, since we don't force lld to be used via linker flags, you need to set the following environment variables in your .bashrc or equivalent:

Why don't we force it?

[simone-gaia]

Do these 2 commands affect GAIA flags?

[senderista]

Yes, they affect the compile/link flags for everything we build. That's the intention (again, everything must be built with ASan after switching to libc++).

[simone-gaia]

It could be a good moment to remove both the python and the jni stuff....

[senderista]

I don't think that's in scope for this PR, and it would need prior discussion.

[simone-gaia]

• Why is $CACHE{SANITIZER} inside "?
• Why are you using $CACHE to access SANITIZER?

[senderista]

1. It turned out that I couldn't use the bare variable reference (CACHE{SANITIZER}) with STREQUAL, so I needed to compare two strings, and it's safer to quote a string value.
2. Any variable specified with -D on the cmake command line is automatically a cache variable.

[simone-gaia]

Where this BUILD_SHARED_LIBRARY come from, or better how it affects Gaia since we almost build everything static.

[senderista]

OMG, good catch! Cut'n'paste detritus from SO...

[senderista]

Additionally, since we don't force lld to be used via linker flags, you need to set the following environment variables in your .bashrc or equivalent:

Why don't we force it?

We could force it, I just want to avoid unnecessarily passing flags to projects we don't own. But it might be better to pass -fuse-ld=lld-10 everywhere instead since that wouldn't require user configuration to work properly (but note that we already require environment variable configuration for clang-10). Is that your take?

[simone-gaia]

Additionally, since we don't force lld to be used via linker flags, you need to set the following environment variables in your .bashrc or equivalent:

Why don't we force it?

We could force it, I just want to avoid unnecessarily passing flags to projects we don't own. But it might be better to pass -fuse-ld=lld-10 everywhere instead since that wouldn't require user configuration to work properly (but note that we already require environment variable configuration for clang-10). Is that your take?

Yes, probably we should set also the compilers since I don't see us using GCC or any other compiler any time soon. (see: https://stackoverflow.com/questions/7031126/switching-between-gcc-and-clang-llvm-using-cmake)

[LaurentiuCristofor]

Could you add a quick comment on what PIE flags are and are needed for?

[senderista]

Added comment for next commit.

[senderista]

Additionally, since we don't force lld to be used via linker flags, you need to set the following environment variables in your .bashrc or equivalent:

Why don't we force it?

We could force it, I just want to avoid unnecessarily passing flags to projects we don't own. But it might be better to pass -fuse-ld=lld-10 everywhere instead since that wouldn't require user configuration to work properly (but note that we already require environment variable configuration for clang-10). Is that your take?

Yes, probably we should set also the compilers since I don't see us using GCC or any other compiler any time soon. (see: https://stackoverflow.com/questions/7031126/switching-between-gcc-and-clang-llvm-using-cmake)

So the top answer suggests using CMAKE_USER_MAKE_RULES_OVERRIDE to point to an override file (which could specify the compiler/linker to use). The problem is that this solution still requires -DCMAKE_USER_MAKE_RULES_OVERRIDE to be passed on the cmake command line, and if we do that we may as well just set CXX/LD on the cmake command line. Again, we can't really enforce any of these requirements without a standardized build command, so that's what I think we need to focus on next.

[LaurentiuCristofor]

This doesn't read clearly to me. Is a word missing in this sentence?

My questions:

• Which attributes?
• Does "selectively" refer to enabling the attributes or to disabling UBSan? What does it mean exactly?
• What's the connection between enabling attributes and disabling UBSan?

[senderista]

This is moot because I no longer enable UBSan on 3rd-party components when ASan is enabled via the SANITIZER option.

[LaurentiuCristofor]

I am not clear on the meaning of a comment, but otherwise I have no suggestions/requests for change.

[simone-gaia]

If you can add the -fno-limit-debug-info flag to LLVm cool, otherwise no worries.

[simone-gaia]

Sorry, forgot to mention it. We need -fno-limit-debug-info also in LLVM, otherwise, it won't be possible to see the values of things such as strings.

[simone-gaia]

Unfortunately there not seem to be one of the LLVM_.... cmake options for this.

[senderista]

Added this flag to all built binaries in latest commit, and verified it is included in the LLVM compile command line.

[senderista]

FYI, in the latest commit I removed the -shared-libasan linker flag from the SDK build. It's no longer necessary to run tests because the test executables are now also built with ASan. It would be necessary if the ASan-enabled SDK shared lib were linked with other executables not built from our repo, but I can't think of any such scenario now, and if we encounter such a scenario in the future we can restore the flag (and somehow add the ASan shared runtime path to LD_PRELOAD when the executable is run, like we do now for the Postgres FDW lib).

[senderista]

I think I've addressed all concerns, so I'm merging without waiting for approvals from the remaining reviewers. I'll copy the README from this PR to the #engineering channel so there are no surprises from new dependencies.