Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ASan and UBSan options #6825

Merged
merged 1 commit into from
Apr 16, 2021
Merged

Add ASan and UBSan options #6825

merged 1 commit into from
Apr 16, 2021

Conversation

twose
Copy link
Member

@twose twose commented Apr 1, 2021
edited
Loading

When we need to enable ASan/UBSan in PHP extension, we also need to enable it in PHP kernel. Providing these options makes it easier for us to enable ASan/UBSan when compiling PHP.
And we use --enable-address-sanitizer and --enable-undefined-sanitizer in azure-pipelines.yml instead of changing CFLAGS.
We also add compile flag check to MSan.

@dktapps
Copy link
Contributor

dktapps commented Apr 7, 2021

shouldn't it be ARG_WITH() instead of ARG_ENABLE()? ASan requires additional libraries to be linked.

@nikic
Copy link
Member

nikic commented Apr 7, 2021

enable is preferred here. More generally, we'd like them to be interchangeable (php/php-tasks#2).

nikic
nikic reviewed Apr 7, 2021
View reviewed changes
configure.ac Outdated Show resolved Hide resolved
@twose twose force-pushed the asan branch 2 times, most recently from 3e2b30e to 407f086 Compare April 8, 2021 02:38
nikic
nikic reviewed Apr 8, 2021
View reviewed changes
configure.ac Outdated Show resolved Hide resolved
nikic
nikic reviewed Apr 8, 2021
View reviewed changes
configure.ac Outdated Show resolved Hide resolved
nikic
nikic reviewed Apr 8, 2021
View reviewed changes
configure.ac Outdated Show resolved Hide resolved
@dixyes
Copy link
Contributor

dixyes commented Apr 13, 2021
edited
Loading

Windows build system already have a "--enable-sanitizer" option, but only for MSVC clang toolchain.

Shall we use "--enable-sanitizer" as option name, or use something like "--enable-sanitizer=yes,a,b,c“ ?

The command to configure it may be like:

REM at windows
configure.bat --enable-zts --enable-debug --disable-all --enable-cli --enable-sanitizer
REM or
configure.bat --enable-zts --enable-debug --disable-all --enable-cli --enable-sanitizer=address,undefined
REM or
configure.bat --enable-zts --enable-debug --disable-all --enable-cli --enable-sanitizer=yes,address,undefined
REM note: from VS 2019 16.9, MSVC native CL.exe starts supporting ASan natively
: at unix-like
./configure --enable-zts --enable-debug --disable-all --enable-cli --enable-sanitizer
: or
./configure --enable-zts --enable-debug --disable-all --enable-cli --enable-sanitizer=address,undefined
: or
./configure --enable-zts --enable-debug --disable-all --enable-cli --enable-sanitizer=yes,address,undefined

nikic
nikic reviewed Apr 13, 2021
View reviewed changes
azure-pipelines.yml Outdated Show resolved Hide resolved
@nikic
Copy link
Member

nikic commented Apr 13, 2021

Shall we use "--enable-sanitizer" as option name, or use something like "--enable-sanitizer=yes,a,b,c“ ?

Is there any advantage to combining all the options? It seems like same result for more parsing/diagnostic effort.

A blanket --enable-sanitizer option without specifying which sanitizers should be used wouldn't work because some of them are mutually exclusive (memory and address).

@dixyes
Copy link
Contributor

dixyes commented Apr 13, 2021

Shall we use "--enable-sanitizer" as option name, or use something like "--enable-sanitizer=yes,a,b,c“ ?

Is there any advantage to combining all the options? It seems like same result for more parsing/diagnostic effort.

A blanket --enable-sanitizer option without specifying which sanitizers should be used wouldn't work because some of them are mutually exclusive (memory and address).

  1. We can use same options among Windows/unix-like build system: something like "--enable-zts" vs "--enable-maintainer-zts" seems not good.
  2. Windows build system now will enable "address" and "undefined" sanitizers when enabling blanket --enable-sanitizer option, this behavior should be kept.

nikic
nikic approved these changes Apr 13, 2021
View reviewed changes
configure.ac Outdated Show resolved Hide resolved
@twose
Add ASan and UBSan options
5a2dc58 
When we need to enable ASan/UBSan in PHP extension, we also need to enable it in PHP kernel. Providing these options makes it easier for us to enable ASan when compiling PHP.
And we use --enable-address-sanitizer and --enable-undefined-sanitizer in azure-pipelines.yml instead of changing CFLAGS.
We also add compile flag check to MSan.
@twose twose changed the title Add --enable-address-sanitizer flag Add ASan and UBSan options Apr 13, 2021
@dixyes dixyes mentioned this pull request Apr 13, 2021
Closed
@twose twose merged commit 122deea into php:master Apr 16, 2021
@twose twose deleted the asan branch April 16, 2021 04:41
@morrisonlevi
Copy link
Contributor

morrisonlevi commented Apr 24, 2021
edited
Loading

Does enabling sanitizers here automatically add sanitizer settings to extensions built with a sanitizer-enabled PHP? A quick glance at the patch suggests no, but I didn't check it out to find out.

I am asking because if it does then I am quite happy -- this makes it a lot easier to build whole PHP ecosystems with sanitizers. If it does not, I would prefer that we revert these changes. Recommendations for options to use with sanitizers change, and new sanitizer types are added. I don't think special casing these ones is worth any sort of maintenance unless these propagate out into the extension ecosystem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikic nikic nikic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@twose @dktapps @nikic @dixyes @morrisonlevi