[cfe-dev] [llvm-dev] clang and -D_FORTIFY_SOURCE=1

James Y Knight via cfe-dev cfe-dev at lists.llvm.org
Tue Dec 3 12:01:55 PST 2019 

The glibc implementation of FORTIFY_SOURCE is indeed not compatible with
clang, because it uses compiler extensions which were trivial to implement
in GCC's architecture, but difficult/impossible in clang's.

However, clang does provide other mechanisms by which the same results can
be achieved.

If anyone is interested in glibc fully supporting fortify mode with clang,
way to achieve this would be to look at the implementation in the bionic
libc's headers, and then implement the same technique in glibc.

On Tue, Dec 3, 2019 at 2:48 PM Martin Storsjö via llvm-dev <
llvm-dev at lists.llvm.org> wrote:

> On Tue, 3 Dec 2019, Serge Guelton via cfe-dev wrote:
>
> > Hi folks (CCing llvm-dev, but that's probably more of a cfe-dev topic),
> >
> > As a follow-up to that old thread about -D_FORTIFY_SOURCE=n
> >
> >    http://lists.llvm.org/pipermail/cfe-dev/2015-November/045845.html
> >
> > And, more recently, to this fedora thread where clang/llvm
> -D_FORTIFY_SOURCE
> > support is claimed to be only partial:
> >
> >    https://pagure.io/fesco/issue/2020
> >
> > I dig into the glibc headers in order to have a better understanding of
> what's
> > going on, and wrote my notes here:
> >
> >
> https://sergesanspaille.fedorapeople.org/fortify_source_requirements.rst
> >
> > TL;DR: clang does provide a similar compile-time checking as gcc, but no
> runtime
> > checking. To assert that I wrote a small test suite:
> >
> >    https://github.com/serge-sans-paille/fortify-test-suite
> >
> > And indeed, clang doesn't pass it, mostly because it turns call to
> > __builtin__(.*)_chk into calls to __builtin__\1.
>
> I remember looking at the fortify macros recently, and iirc the issue was
> that the __builtin_object_size builtin, when used in an inline function,
> can't evaluate the size of the object in the context where it is inlined,
> which the glibc fortify macros/inline functions depend on.
>
> This has been discussed before, e.g. here:
> http://lists.llvm.org/pipermail/cfe-dev/2015-November/045846.html
>
> // Martin
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20191203/41ca7311/attachment.html>

More information about the cfe-dev mailing list