[cfe-dev] clang attributes to disable asan/tsan/msan

Sean Silva silvas at purdue.edu
Mon Feb 18 10:35:41 PST 2013 

On Mon, Feb 18, 2013 at 8:31 AM, Kostya Serebryany <kcc at google.com> wrote:
> Hi,
>
> Clang has two attributes to disable bug detection tools in a given function:
>
> __attribute__((no_thread_safety_analysis)) disables clang's *static*
> thread-safety analysis.
> (http://clang.llvm.org/docs/LanguageExtensions.html#thread-safety-annotation-checking)
>
> __attribute__((no_address_safety_analysis)) disables AddressSanitizer
> (*dynamic* analysis)
> http://clang.llvm.org/docs/LanguageExtensions.html#extensions-for-dynamic-analysis
>
> Now we need two more attributes to disable
> ThreadSanitizer (http://clang.llvm.org/docs/ThreadSanitizer.html)
> and MemorySanitizer (http://clang.llvm.org/docs/MemorySanitizer.html)
>
> For MemorySanitizer I propose __attribute__((no_uninitialized_checks))
> Objections? Better naming suggestion?
> Maybe __attribute__((no_memory_sanitizer))?
> (We deliberately named no-asan attribute "no_address_safety_analysis" w/o
> mentioning asan
> in the name to make this attribute usable for other tools, e.g. SAFECode.
> So,
> we may not want to tie the no-msan attribute to msan)

It seems to me like it is going to be simpler and more transparent to
have the attribute explicitly mention the sanitizer, e.g.`
__attribute__((no_sanitize("memory")))`; then the user knows exactly
what they are getting (since the name corresponds with the command
line option). If other tools want to use those attributes it's not
hard to look for them.

It also isn't entirely clear to me that the attribute would have
exactly the same semantics for the sanitizers and some other tool.
AFAIK the term "address safety" has no independent meaning and
basically means "the things that asan checks", so the term "address"
in `__attribute__((no_address_safety_analysis))` is already asan
specific in that regard, and it would be clearer to just say
`no_sanitize("memory")`.

If we really want the attributes to be tool-agnostic, then they should
describe what the function does that is naughty, e.g.
`__attribute__((reads_unintialized_memory_on_purpose))`, and let the
tool interpret that information and behave appropriately.

-- Sean Silva

More information about the cfe-dev mailing list