<div dir="ltr">> Are you sure you've diagnosed the issue correctly? __builtin___memcpy_chk works correctly, as far as I know.<div><br><div>100% sure. Let's have a look at the output of</div><div><br></div><div><div style="color:rgb(0,0,0);background-color:rgb(255,255,254)"><div>  #include <string.h><br>  static char dest[10];<br>  char* square(int n) {<br>    memcpy(dest, "hello", n);<br>    return dest;<br>  }<br></div><div><br></div><div>compiled with -D_FORTIFY_SOURCE=1 -O1 : <span style="background-color:rgb(255,255,255);color:rgb(34,34,34)"><a href="https://godbolt.org/z/UvABWp">https://godbolt.org/z/UvABWp</a></span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34)"><br></span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34)">Clang issues a call to memcpy, while gcc issues a call to __memcpy_chk.</span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34)">The call to __memcpy_chk performs extra runtime checks memcpy doesn't,</span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34)">and clang doesn't generate the extra checks inline either. This is a separate</span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34)">concern from the accuracy of </span>__builtin_object_size, just a different runtime behavior.</div><div><br></div><div>Clang could generate the call to __memcpy_chk if its declaration is available, which is the case for the glibc.</div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 3, 2019 at 8:41 PM Eli Friedman <<a href="mailto:efriedma@quicinc.com">efriedma@quicinc.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Are you sure you've diagnosed the issue correctly? __builtin___memcpy_chk works correctly, as far as I know.<br>
<br>
-Eli<br>
<br>
> -----Original Message-----<br>
> From: cfe-dev <<a href="mailto:cfe-dev-bounces@lists.llvm.org" target="_blank">cfe-dev-bounces@lists.llvm.org</a>> On Behalf Of Serge Guelton via<br>
> cfe-dev<br>
> Sent: Tuesday, December 3, 2019 2:07 AM<br>
> To: <a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
> Cc: <a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
> Subject: [EXT] [cfe-dev] clang and -D_FORTIFY_SOURCE=1<br>
><br>
> Hi folks (CCing llvm-dev, but that's probably more of a cfe-dev topic),<br>
><br>
> As a follow-up to that old thread about -D_FORTIFY_SOURCE=n<br>
><br>
>     <a href="http://lists.llvm.org/pipermail/cfe-dev/2015-November/045845.html" rel="noreferrer" target="_blank">http://lists.llvm.org/pipermail/cfe-dev/2015-November/045845.html</a><br>
><br>
> And, more recently, to this fedora thread where clang/llvm -<br>
> D_FORTIFY_SOURCE<br>
> support is claimed to be only partial:<br>
><br>
>     <a href="https://pagure.io/fesco/issue/2020" rel="noreferrer" target="_blank">https://pagure.io/fesco/issue/2020</a><br>
><br>
> I dig into the glibc headers in order to have a better understanding of what's<br>
> going on, and wrote my notes here:<br>
><br>
>     <a href="https://sergesanspaille.fedorapeople.org/fortify_source_requirements.rst" rel="noreferrer" target="_blank">https://sergesanspaille.fedorapeople.org/fortify_source_requirements.rst</a><br>
><br>
> TL;DR: clang does provide a similar compile-time checking as gcc, but no<br>
> runtime<br>
> checking. To assert that I wrote a small test suite:<br>
><br>
>     <a href="https://github.com/serge-sans-paille/fortify-test-suite" rel="noreferrer" target="_blank">https://github.com/serge-sans-paille/fortify-test-suite</a><br>
><br>
> And indeed, clang doesn't pass it, mostly because it turns call to<br>
> __builtin__(.*)_chk into calls to __builtin__\1.<br>
><br>
> We need to support the runtime behavior of the following builtins:<br>
><br>
> - __builtin___memcpy_chk<br>
> - __builtin___memmove_chk<br>
> - __builtin___mempcpy_chk<br>
> - __builtin___memset_chk<br>
> - __builtin___snprintf_chk<br>
> - __builtin___sprintf_chk<br>
> - __builtin___stpcpy_chk<br>
> - __builtin___strcat_chk<br>
> - __builtin___strcpy_chk<br>
> - __builtin___strncat_chk<br>
> - __builtin___strncpy_chk<br>
> - __builtin___vsnprintf_chk<br>
> - __builtin___vsprintf_chk<br>
><br>
> And I'd like to implement them at clang level, leveraging their existing<br>
> implementation. Is that the right way to go / any comments / issue with that<br>
> approach ?<br>
> _______________________________________________<br>
> cfe-dev mailing list<br>
> <a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
> <a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
</blockquote></div>