Skip to content

[asan] Update asan config to work with gcc; fix a few issues#22746

Open
hageboeck wants to merge 7 commits into
root-project:masterfrom
hageboeck:asan_gcc
Open

[asan] Update asan config to work with gcc; fix a few issues#22746
hageboeck wants to merge 7 commits into
root-project:masterfrom
hageboeck:asan_gcc

Conversation

@hageboeck

@hageboeck hageboeck commented Jul 2, 2026

Copy link
Copy Markdown
Member
  • Fix finding the asan runtime library for gcc (note: tested with gcc 15 and 16)
  • Put all asan flags into CMAKE_CXX_FLAGS
    1. This makes it more obvious what's happening
    2. For many builtins, ROOT's CXX_FLAGS and/or C_FLAGS are passed on to the builtin, so these are sanitised as well (especially for clad, which was detected as broken in Build option for Address Sanitizer is broken #7968).
      For those externals that are not covered by the sanitizer (system libs or builtins), modern sanitiser implementations cover them through function interpositioning, so dynamic allocations are covered (while the stack is not). This seems a good compromise, because objects that are passed around between ROOT and builtins are covered.
  • For executables that are not declared via ROOT_EXECUTABLE, ROOT's sanitiser configs were missing. Instead of keeping up-to-date a curated list of executables that break tests, there's now a CMake function to sanitise every executable declared in the ROOT build.

In testing the asan builds, foursix issues were uncovered and fixed:

  • A buffer overflow in TLatex
  • libasan needed to be whitelisted in a pyroot test.
  • Clad doesn't compile when TMVA is off, because there was an unprotected custom gradient.
  • The cppinterop tblgen executables needed to be sanitised
  • The argv array for PyROOT applications was one element too small

A use-after-free in CppInterOp (when passing argument to the interpreter by char*) will be addressed by @aaronj0 in #22728

Fix #7968

Comment thread cmake/modules/RootConfiguration.cmake Outdated

@ferdymercury ferdymercury left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot!

Could you edit https://github.com/root-project/root/blob/master/cmake/modules/RootBuildOptions.cmake#L194 to reflect that both GCC and Clang work ?

@silverweed silverweed left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I second @ferdymercury's request to edit the message if you confirmed that clang works

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Test Results

    23 files      23 suites   3d 15h 9m 36s ⏱️
 3 874 tests  3 871 ✅ 0 💤 3 ❌
79 709 runs  79 706 ✅ 0 💤 3 ❌

For more details on these failures, see this check.

Results for commit c1897f9.

♻️ This comment has been updated with latest results.

hageboeck added 3 commits July 3, 2026 12:28
Since the \0 character was missing in the dynamically allocated buffer,
the strlen function can run past the end of the buffer.
Therefore, the buffer was replaced with a TString directly constructed
from char* and length.
@hageboeck hageboeck force-pushed the asan_gcc branch 2 times, most recently from 7345086 to e98fd05 Compare July 3, 2026 13:02
hageboeck added 4 commits July 3, 2026 15:10
Asan detected an overflow of the argv array, because it violated the
convention to contain an extra element == nullptr.
- Convert the flags from a list into a string.
- Append the string to CMAKE_CXX_FLAGS and CMAKE_C_FLAGS.
- Activate use-after-scope sanitisation also in gcc.

In this way, the flags are observable at configure time, they propagate
into builtins and tools like clad which are initialised with ROOT's
CMAKE_CXX_FLAGS. This also allowed for removing two special cases for
gtest and clad.
Instead of sanitizing only a few hand-picked executables, recursively
search all executables defined in the build system. Sanitize all that
don't link to ROOTStaticSanitizerConfig.

Since roottest is part of ROOT, several special cases could be removed.
@hageboeck hageboeck changed the title [asan] Update asan config to work with gcc; fix four issues [asan] Update asan config to work with gcc; fix a few issues Jul 3, 2026
@hageboeck hageboeck requested a review from silverweed July 3, 2026 13:14
@hageboeck

Copy link
Copy Markdown
Member Author

@silverweed could I ask you to check again?
I added a commit regarding the length of the argv array. You fixed a similar issue last week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Build option for Address Sanitizer is broken

3 participants