Comment 1 Toralf Förster 2023-12-01 09:21:47 UTC

Created attachment 876039 [details]
emerge-info.txt

Comment 2 Toralf Förster 2023-12-01 09:21:48 UTC

Created attachment 876040 [details]
dev-python:cysignals-1.11.4:20231130-214950.log

Comment 3 Toralf Förster 2023-12-01 09:21:49 UTC

Created attachment 876041 [details]
emerge-history.txt

Comment 4 Toralf Förster 2023-12-01 09:21:50 UTC

Created attachment 876042 [details]
environment

Comment 5 Toralf Förster 2023-12-01 09:21:51 UTC

Created attachment 876043 [details]
etc.clang.tar.xz

Comment 6 Toralf Förster 2023-12-01 09:21:52 UTC

Created attachment 876044 [details]
etc.portage.tar.xz

Comment 7 Toralf Förster 2023-12-01 09:21:53 UTC

Created attachment 876045 [details]
logs.tar.xz

Comment 8 Toralf Förster 2023-12-01 09:21:54 UTC

Created attachment 876046 [details]
qlist-info.txt

Comment 9 Toralf Förster 2023-12-01 09:21:55 UTC

Created attachment 876047 [details]
temp.tar.xz

Comment 10 Michael Orlitzky 2023-12-01 21:01:14 UTC

Reported upstream. We will probably have to pile on a third hack to disable FORTIFY_SOURCE unless someone understands the sketchy code well-enough to replace it.

Comment 11 Sam James 2023-12-01 21:03:45 UTC

do I even want to look at why they're doing this..

Comment 12 Michael Orlitzky 2023-12-01 23:00:20 UTC

(In reply to Sam James from comment #11)
> do I even want to look at why they're doing this..

Naturally my first instinct is to blame overly-clever code, but in this case cysignals has its roots in the dark ages of cython. Basically we needed a way to handle Ctrl-C in the SageMath CLI if you were stuck in a long-running computation. In pure python, everything's great, but within a cdef function not so much.

Cysignals lets you wrap those (presumably tight) loops in some signal handling magic. It was later split out into this independent package, but considering its original purpose, saving a few ops here and there with clever code could easily be justified.

Comment 13 Michael Orlitzky 2024-06-29 15:29:49 UTC

Does toolchain@ have any suggestions to work around this in Gentoo until the issue can be fixed upstream? I think that ultimately we need to disable source-fortification.

Comment 14 Sam James 2024-07-07 04:54:27 UTC

I'll take a look.

Comment 15 Sam James 2024-07-07 04:59:06 UTC

So:
```
2023-11-30 21:50:03,061 root INFO clang -Wsign-compare -DNDEBUG -O2 -pipe -march=native -fno-diagnostics-color -Werror=implicit-function-declaration -Werror=implicit-int -DNDEBUG -fPIC -DCYTHON_CLINE_IN_TRACEBACK=0 -U_FORTIFY_SOURCE -Isrc -Isrc/cysignals -I/usr/include/python3.11 -c build/src/cysignals/alarm.c -o /var/tmp/portage/dev-python/cysignals-1.11.4/work/cysignals-1.11.4-python3_11/build/temp.linux-x86_64-cpython-311/build/src/cysignals/alarm.o -pthread -Wp,-U_FORTIFY_SOURCE
In file included from build/src/cysignals/signals.c:2380:
build/src/cysignals/implementation.c:27:2: error: "cysignals must be compiled without _FORTIFY_SOURCE"
   27 | #error "cysignals must be compiled without _FORTIFY_SOURCE"
      |  ^
build/src/cysignals/implementation.c:163:5: warning: ignoring return value of function declared with 'warn_unused_result' attribute [-Wunused-result]
  163 |     write(2, s, strlen(s));
      |     ^~~~~ ~~~~~~~~~~~~~~~
build/src/cysignals/implementation.c:422:29: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'long' [-Wsign-compare]
  422 |     if (trampolinestacksize < PTHREAD_STACK_MIN)
      |         ~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~
2 warnings and 1 error generated.
```

-U_FORTIFY_SOURCE and the -Wp,-U* banged in for good measure.. should be enough?

I can't reproduce it with either GCC or Clang. For Clang, the situation is kind of more interesting because in clang-common, we have to do some hacks for it:

```
        # We have to do this because glibc's headers warn if F_S is set
        # without optimization and that would at the very least be very noisy
        # during builds and at worst trigger many -Werror builds.
        cat >> "${ED}/usr/include/gentoo/fortify.h" <<- EOF || die
        #ifdef __clang__
        # pragma clang system_header
        #endif
        #ifndef _FORTIFY_SOURCE
        # if defined(__has_feature)
        #  define __GENTOO_HAS_FEATURE(x) __has_feature(x)
        # else
        #  define __GENTOO_HAS_FEATURE(x) 0
        # endif
        #
        # if defined(__STDC_HOSTED__) && __STDC_HOSTED__ == 1
        #  define __GENTOO_NOT_FREESTANDING 1
        # else
        #  define __GENTOO_NOT_FREESTANDING 0
        # endif
        #
        # if defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && __GENTOO_NOT_FREESTANDING > 0
        #  if !defined(__SANITIZE_ADDRESS__) && !__GENTOO_HAS_FEATURE(address_sanitizer) && !__GENTOO_HAS_FEATURE(memory_sanitizer)
        #   define _FORTIFY_SOURCE ${fortify_level}
        #  endif
        # endif
        # undef __GENTOO_HAS_FEATURE
        # undef __GENTOO_NOT_FREESTANDING
        #endif
        EOF
```

But it seems to respect the wishes of the file fine (the command line args take priority as the injected config file -include comes first).

My best guess is:
1) There was some Clang bug in order precedence with config files, or
2) There was some issue in clang-common we fixed a while ago and I forgot about it.

If you can reproduce it now, I'll look more, of course.

Comment 16 Michael Orlitzky 2024-07-09 17:47:15 UTC

It still fails for me with the stable clang-17.0.6:

  $ CC=clang emerge -v1 cysignals
  ...
  In file included from build/src/cysignals/signals.c:2399:
  build/src/cysignals/implementation.c:27:2: error: "cysignals must be compiled
  without _FORTIFY_SOURCE"
     27 | #error "cysignals must be compiled without _FORTIFY_SOURCE"
        |  ^

If it's fixed with a later clang, though, then maybe it's fine to pretend it's not a problem for a little while.

Comment 17 Sam James 2024-07-10 15:17:44 UTC

I'm not sure what I was doing before, because I can reproduce it with Clang 17 and 18. Maybe I was forgetting optimisation.

```
$ cat /tmp/z.c
#ifdef _FORTIFY_SOURCE
#error Uh oh!!!!!!
#endif

int main() {
        return 0;
}

$ clang-17 /tmp/z.c -O2 -U_FORTIFY_SOURCE
/tmp/z.c:2:2: error: Uh oh!!!!!!
    2 | #error Uh oh!!!!!!
      |  ^
1 error generated.

$ clang-18 /tmp/z.c -O2 -U_FORTIFY_SOURCE
/tmp/z.c:2:2: error: Uh oh!!!!!!
    2 | #error Uh oh!!!!!!
      |  ^
1 error generated.
```

And indeed:
```
$ clang --no-default-config -include /usr/include/gentoo/fortify.h /tmp/z.c -O2 -U_FORTIFY_SOURCE
/tmp/z.c:2:2: error: Uh oh!!!!!!
    2 | #error Uh oh!!!!!!
      |  ^
1 error generated.
```

I feel like this is pretty unexpected given the point of the config file mechanism is to let us do this kind of thing without patching Clang.

We can add an escape hatch macro into fortify.h for now (like GENTOO_NO_FORTIFY_SOURCE) but we need to file a bug for Clang about the weird behaviour with the config files.