Re: [PATCH] Asan constructor init order checking

[Dodji Seketeli]

Hello,

Jakub Jelinek <ja...@redhat.com> writes:

> --- gcc/cgraph.h.jj   2013-11-13 18:32:52.000000000 +0100
> +++ gcc/cgraph.h      2013-11-15 12:05:25.950985500 +0100
> @@ -520,6 +520,11 @@ class GTY((tag ("SYMTAB_VARIABLE"))) var
>  public:
>    /* Set when variable is scheduled to be assembled.  */
>    unsigned output : 1;
> +  /* Set if the variable is dynamically initialized.  Not set for
> +     function local statics or variables that can be initialized in
> +     multiple compilation units (such as template static data members
> +     that need construction).  */
> +  unsigned asan_dynamically_initialized : 1;
>  };

Maybe this could just be called dynamically_initialized?  It's just used
by asan today, but it looks like an information that could be used more
generally, independently from asan.

>  
>        /* If we're using __cxa_atexit, register a function that calls the
>        destructor for the object.  */
> @@ -3498,6 +3507,9 @@ do_static_initialization_or_destruction
>                            tf_warning_or_error);
>    finish_if_stmt_cond (cond, init_if_stmt);
>  
> +  if (flag_sanitize & SANITIZE_ADDRESS)
> +    finish_expr_stmt (asan_dynamic_init_call (/*after_p=*/false));
> +

I guess this spot could use some comment referring to the comment of
asan_globals.cc:__asan_before_dynamic_init from libsanitizer.  Basically
saying that we are emitting a call to __asan_before_dynamic_init to
poison all dynamically initialized global variables not defined in this
TU, so that a dynamic initializer for a global variable is only allowed
to touch the global variables from this current TU.  This comment could
be valuable when chasing a bug about this a couple of months from now
when we forget about how this works again.

And then, similarly ...

> @@ -3546,6 +3558,9 @@ do_static_initialization_or_destruction
>  
>    } while (node);
>  
> +  if (flag_sanitize & SANITIZE_ADDRESS)
> +    finish_expr_stmt (asan_dynamic_init_call (/*after_p=*/true));
> +

... this spot could also use some comment referring to the comment of
asan_global.cc:__asan_after_dynamic_init, saying that because the
initializers of globals must have run by now (they are emitted by
one_static_initialization_or_destruction that has been invoked before
this point and after the point above) we are un-poisoning all
dynamically initialized global variables.

Also, do we have some tests for this?  I am not sure how I'd write
multi-tu dejagnu tests for this myself though ;-)

Other than that, LGTM.

Thanks.

-- 
                Dodji