-
Notifications
You must be signed in to change notification settings - Fork 377
Add Sanitizers documentation #4199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: release/2.21
Are you sure you want to change the base?
Conversation
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Co-authored-by: Carlos Zoido <[email protected]>
Co-authored-by: Carlos Zoido <[email protected]>
Modeling and applying sanitizers using settings | ||
----------------------------------------------- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be good, before this section, to add a bit of explanation about how sanitizers influence binary compatibility and then, as a result, explain how you can model it for these cases.
Also, it would be great to do some research about if all the sanitizers will make binaries to break compatibility or there are cases were you can apply the sanitizers just as flags without the risk of producing incompatible binaries.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added an explanation about what each sanitizers does in the library/application and their abi compatibility as well. Please, review it again.
.. code-block:: bash | ||
git clone https://github.com/conan-io/examples2.git | ||
cd examples2/examples/dev_flow/sanitizers/compiler_sanitizers | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’d suggest restructuring the page so readers get the why/what before the how. Right now the doc asks to clone the repo in the middle of conceptual explanations, which interrupts the flow. It would be clearer to start with the important concepts and only then move to the hands-on example.
Depending on how extensive we want the theoretical part to be, we might even split it out into a separate page (so this page stays more tutorial-oriented, and the other more reference-style).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I moved to the end of the document:
Present everything about Sanitizers -> How to configure Sanitizer with Conan -> Example -> Final considerations.
|
||
Sanitizers are powerful tools for detecting runtime bugs like buffer overflows, data races, memory leaks, | ||
dangling pointers, use-of-uninitialized memory, and various types of undefined behavior. Compilers such as | ||
GCC, Clang, and MSVC support these tools through specific compiler and linker flags. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be good to talk about the difference in sanitizer support for each compiler, maybe do a comparative table or something like that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be huge, considering the number of sanitizers supported by llvm. I pointed the sanitizers pages as a link in the documentation.
Let me add a table, in case it gets too big, we can still summarize to most important sanitizers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's just for consideration, if you think that it would add value...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just added some tables, indeed it is much clearer and visible now. Thank you for that suggestion! Please, take a look.
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Co-authored-by: Carlos Zoido <[email protected]>
Co-authored-by: Carlos Zoido <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
This approach is preferred because enabling a sanitizer alters the package ID, allowing you to build and use | ||
the same binary package with or without sanitizers. This is ideal for development and debugging workflows. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this, once it has been defined above the importance of using sanitizers only in dev-environments, I fully agree that a different package_id
is quite good default approach, even if binary compatibility isn't fully necessary
compiler: | ||
clang: | ||
sanitizer: [null, Address, Leak, Thread, Memory, UndefinedBehavior, HardwareAssistanceAddress, KernelAddress, AddressUndefinedBehavior, ThreadUndefinedBehavior] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to enable more than 1 sanitizer simultaneously? How would that be represented?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I see, some of them are actually combinations of Address+Undefined, for example. I think this deserves a line of explanation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added an explanation on the commit 4311346
conan export signed_integer_overflow/ | ||
conan install --requires=signed_integer_overflow/0.1.0 -pr profiles/asan_ubsan -of signed_integer_overflow/install --build=missing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not simplify to a conan build
command?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conan export + conan install is olde school. Let me update to conan build
then :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, updated in the commit 81e012b
examples/dev_flow.rst
Outdated
|
||
dev_flow/debug/step_into_dependencies | ||
dev_flow/debug/debugging_visual | ||
dev_flow/sanitizers/compiler_sanitizers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure this is the best section? I'd say sanitizing is not necessarily a "developer flow", but instead something that likely runs on CI. Maybe it could be part of "Security"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initially, I did have a clear idea where to put it, as Conan 1.x documentation does not follow the same structure. I just moved to the security section on the commit a1095e2.
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Signed-off-by: Uilian Ries <[email protected]>
Related to conan-io/examples2#192
This is a new documentation page and spiritual successor of https://docs.conan.io/1/howtos/sanitizers.html
Also related to Conan issues: