Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 6148 - Include bounds checking patch in gcc ebuild
Summary: Include bounds checking patch in gcc ebuild
Status: VERIFIED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GCC Porting (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Alexander Gabert (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-08-07 06:41 UTC by Klaus Kusche
Modified: 2004-10-13 06:57 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Klaus Kusche 2002-08-07 06:41:09 UTC
Is it possible to include the bounds checking patch from
http://web.inter.nl.net/hcc/Haj.Ten.Brugge/ in the gcc ebuild, perhaps
controlled by an USE variable?

I urgently need a gcc with this patch (which checks for memory accesses outside
array bounds or malloc items, really great!), because I use gcc in programming
courses for 15/16 year olds, and this patch keeps them from blowing holes in
their feet every second line of code.

However, as the patch contains additions to the C startup code and gcc's runtime
lib, having both the standard and the patched gcc around on the same system is a
mess. Hence, I'd like to have it as my one and only gcc.

The patch should not affect gcc's behaviour or the generated code in any way as
long as -fbounds-checking is not specified, any changes are activated only if
this flag is given when compiling a piece of code. It does not require any
changes to glibc, the binutils, or anything else.
Comment 1 Matthew Kennedy (RETIRED) gentoo-dev 2002-12-14 00:11:01 UTC
assigned
Comment 2 Klaus Kusche 2002-12-14 03:17:52 UTC
Additional info:

Another source for the same patch for the latest gcc versions is
ftp://nscs.fast.net/pub/binaries/boundschecking
(see also http://gcc.gnu.org/extensions.html)
Comment 3 Matthew Kennedy (RETIRED) gentoo-dev 2003-04-07 14:47:32 UTC
method -- this bug more relevent to your secure gentoo initiative
Comment 4 Joshua Brindle (RETIRED) gentoo-dev 2003-04-07 19:26:53 UTC
we will be including Propolice Stack Smashing Protection in the stable gcc as soon as we can, it's in the unstable profile now (gcc-3.2.2-r3) and in package.mask. SSP provides additional protection over bounds checking and is enabled by compiling with -fstack-protector.
Comment 5 Klaus Kusche 2003-04-08 10:48:21 UTC
Two very different patches, for two very different purposes:
* Propolice is a security extension. It protects the return address on the stack from being overwritten, with minimal time and space overhead.

* The bounds checking patch is a program testing / debugging tool, also very useful for educational purposes, introducing significant overhead and code changes. Differences between Propolice and bounds checking:
+ Bounds checking protects any local, global or dynamic heap item, not just the stack.
+ Bounds checking detects any access violating the defined size of the object being accessed, no matter if overrun or underrun, no matter if by index or by pointer. It also detects cases where pointer arithmetic makes a pointer point to an object differing from the object the pointer was originally derived from, even if the new address is perfectly valid (similar to Pascal array indexing, even stricter than Java).
+ Bounds checking gives perfect error messages (source line containing the violation, name, address and size of the object the pointer is related to, address actually accessed, kind of access).

Hence, for use in program development and in class, I need bounds checking, not
Propolice.
Comment 6 Joshua Brindle (RETIRED) gentoo-dev 2003-04-08 12:18:57 UTC
what do you think about this patch in our gcc azarah?
Comment 7 Martin Schlemmer (RETIRED) gentoo-dev 2003-04-08 18:05:20 UTC
I don't have issues, as long as its dead code if not enabled.  We need testing
though before going mainline ... see if you can merge it in -r3 if you want
to ?
Comment 8 Alexander Gabert (RETIRED) gentoo-dev 2003-11-17 06:35:31 UTC
what is happening to this bug?  can we close it?  the latest tests with bounds checkers like libmudflap in a tree-ssa gcc cvs snapshot were not successful on my side.  also remember that we have propolice now protecting from linear stack overflows, together with nonexec stack like OpenWall or PaX or ExecShield this is as good as it gets i think to not trip into any speed penalties during execution flow like full bounds checking would inevitably mean.

thanks,

Alex
Comment 9 Klaus Kusche 2003-11-17 11:46:45 UTC
As I said on 2003-04-08, I don't want bounds checking for security reasons, but I need it for educational purposes (and in school, the benefits of bounds checking outweigh almost any slowdown - programming exercises are not speed critical).

Hence, the checking should not be permanently enabled - I will certainly do my emerges without it! And that's exactly what the patch at http://web.inter.nl.net/hcc/Haj.Ten.Brugge/ or ftp://nscs.fast.net/pub/binaries/boundschecking does:
If gcc is called without -fbounds-checking, it behaves like a standard gcc.
If this option is given, it generates bounds-checking code and links against special libs.

I'm still at 3.1.1, and there the patch mentioned above compiles and works perfectly.
One of my pupils built a later version of gcc (3.3.x?) with this patch a few weeks ago, also without any problems.
So the patch should be ok and should work out of the box.
Comment 10 Alexander Gabert (RETIRED) gentoo-dev 2003-11-18 10:35:33 UTC
hi, i am trying this with http://heanet.dl.sourceforge.net/sourceforge/boundschecking/bounds-checking-gcc-3.3.2-1.00.patch.bz2 and gcc-3.3.2-r2 now and will forward any side effects to Martin,

Alex
Comment 11 Alexander Gabert (RETIRED) gentoo-dev 2004-03-01 07:19:54 UTC
hi, i need to find some time to do this, i think i can do it in 3.3.3-r1 to be activated for a special USE flag given because it should not penalize the majority of users not needing it

AG
Comment 12 SpanKY gentoo-dev 2004-03-01 08:31:28 UTC
why a USE flag ?
like the reporter said, nothing should change unless you compile with -fbounds-checking
Comment 13 Alexander Gabert (RETIRED) gentoo-dev 2004-03-03 03:06:13 UTC
yes, you are right, a nondefault version would work
Comment 14 Alexander Gabert (RETIRED) gentoo-dev 2004-03-04 05:33:20 UTC
could we take on the USE="debug" flag to activate the passive patch?

i would not like to introduce this patch by default.

only when USE="debug" is given to the gcc ebuild, this patch would be included

see it as a proper line of defense against pappy doing something wrong

is this okay for you please?

thanks in advance, Alex
Comment 15 solar (RETIRED) gentoo-dev 2004-03-05 11:27:08 UTC
Re: comment #14 use debug && epatch fbounds-xxxx.patch works for me.
Comment 16 Klaus Kusche 2004-03-06 01:19:49 UTC
Please do not overload a single USE flag. "debug" has other meanings (one effect is that it makes emerged binaries significantly larger), and it should be possible to switch these features on and off individually:

* "debug" means that I want to debug gcc (or whatever package is emerged with "debug") itself (which is not what I intend).
* The bounds checking patch is for debugging my own programs compiled with gcc - that's a completely different goal.
Comment 17 Alexander Gabert (RETIRED) gentoo-dev 2004-03-11 07:22:43 UTC
the bounds checking made it into pie-ssp-bounds-checking in gcc-3.3.3-r1

please test
Comment 18 Klaus Kusche 2004-03-15 12:34:45 UTC
I've a problem with testing: All my gentoo systems are still at gcc-3.1 level, which is binary and library incompatible with gcc-3.2 or later, so I can't install and run gcc-3.3.x here.

Most likely, I will upgrade in summer and test then.
Comment 19 Alexander Gabert (RETIRED) gentoo-dev 2004-03-23 01:20:44 UTC
Hi Klaus,

i have two open points here:

1) this patch apparently nukes the PPC when the compiler contains altivec patches, i saw a bug at Gentoo where this compiler was unable to compile and the c-bounds.c file was showing errors when running 3.3.3-r1 on PPC.

So, i am strongly recommending that we couple this patch to x86 first and see.

2) I had to couple the pie-ssp patch with the bounds checker patch.

In the long run, this is supposed to be a bad decision.

This is how it should work in the future, and will be changed by me:

- gcc source unpacked, branch update applied, arch and gentoo fixes applied

- pie-ssp patch applied (either hardened default or nondefault behaviour, does not matter in this case)

- if x86 custom bounds checker patch applied to the gentoo pie-ssp gcc source

I like to refer to the term "custom" because such a patch would be transformed from the generic original bounds-checker patch from the site you mentioned to a conforming patch that is able to be applied to our gcc source which has some "overlapping" hunks in the includes and the SPECS section mangling.

Thanks so far,

Alex
Comment 20 Alexander Gabert (RETIRED) gentoo-dev 2004-07-08 12:51:04 UTC
are there new patches available, Klaus?

sinc.,

Alex
Comment 21 Klaus Kusche 2004-07-10 08:11:28 UTC
The latest patches I could find are for 3.3.3, nothing for 3.4.x yet.

I'll ask the author by email...
Comment 22 Klaus Kusche 2004-07-31 06:11:50 UTC
Patches for 3.3.4, 3.4.0 and 3.4.1 are on http://web.inter.nl.net/hcc/Haj.Ten.Brugge/
Comment 23 Dizzy 2004-08-21 09:30:18 UTC
Hi

I too would very much like to have the C bounds checking patch somehow with the gentoo ebuild gcc (curently Im compiling private versions of gcc for that). Either a USE or other solution is your choice. It's not clear to me from this thread, has the bounds checking patch been included already ? I have tried to test it and doesnt seem to be there. In that case, any work in progress ?

Thanks!
Comment 24 Alexander Gabert (RETIRED) gentoo-dev 2004-09-23 18:18:18 UTC
Does the libmudflap in gcc-3.4 suffice for this to close it finally?

Sincerely,

Alex
Comment 25 Klaus Kusche 2004-09-25 04:37:13 UTC
Hmmm, libmudflap might provide the same functionality as the bounds-checking patch in future, but:

* It looks very beta. I have not yet found anything about its quality, there are no experiences with real-world, large programs, and I've seen no overhead comparisions with bounds-checking. (I'm still on gcc-3.3.x, so I can't test myself).

* It is completely undocumented. I searched the gcc 3.4.2 manual on the web, and it doesn't even mention "-fmudflap". I can't even tell if libmudflap detects the same kinds of pointer problems as bounds-checking does, or more, or less.

* I found a report about libmudflap. Compared to the messages of bounds-checking (which are self-explanatory), the messages libmudflap produces for pointer violations contain more info for the experienced programmer, but are cryptic for the beginner.

My intended audience are high-school programming courses, the goal is to give beginners Pascal-like help against pointer bugs. libmudflap's cryptic messages are not helpful for 15 year olds...
Comment 26 Alexander Gabert (RETIRED) gentoo-dev 2004-10-01 06:44:02 UTC
take it on
Comment 27 Alexander Gabert (RETIRED) gentoo-dev 2004-10-07 02:07:50 UTC
added to gcc-3.4.2-r2, activate with USE=boundschecking

please try and close bug.
Comment 28 f5d8fd51ed1e804c9e8d0357e8614e0493b06e96 2004-10-07 04:47:35 UTC
works like a charm for me :-)
only thing that came into my mind is the fact that gcc man pages might need to be updated to honour the fact that -fbounds-checking now also is supported for C
Comment 29 Dizzy 2004-10-07 05:50:07 UTC
Works nice. Thank you guys, yet again Gentoo rules :)
Comment 30 Klaus Kusche 2004-10-07 06:52:00 UTC
I will test it as soon as possible.

About man pages:
Have you checked them? Two years ago, when I manually applied the bounds-checking patch to a copy of gcc 3.1, it also patched the man pages automatically: They actually included -fbounds-checking after applying the patch!
Comment 31 f5d8fd51ed1e804c9e8d0357e8614e0493b06e96 2004-10-07 07:32:18 UTC
the man reads:

-fbounds-check
  For front-ends that support it, generate additional code to check that indices used to access arrays are within the declared range.  This is currently only supported by the Java and Fortran 77 front-ends, where this option defaults to true and false respectively.


I think the patch used in this ebuild is a custom patch differing from the official patch - so it might lack the man page changes...
Comment 32 Klaus Kusche 2004-10-08 05:40:56 UTC
Excellent. Works for me.  Thanks!

About man pages: I checked the original patch, it doesn't seem to patch the man pages any longer, but it seems to patch the info nodes for gcc.
Comment 33 Alexander Gabert (RETIRED) gentoo-dev 2004-10-13 06:57:58 UTC
will try to keep it updated.