Detecting pointer misalignment (was Re: pgsql: Implementation of subscripting for jsonb)

[ redirecting to -hackers ]

Alexander Korotkov <aekorotkov(at)gmail(dot)com> writes:
>> BTW, I managed to reproduce the issue by compiling with CFLAGS="-O0
>> -fsanitize=alignment -fsanitize-trap=alignment" and the patch
>> attached.
>> I can propose the following to catch such issues earlier. We could
>> finish (wrap attribute with macro and apply it to other places with
>> misalignment access if any) and apply the attached patch and make
>> commitfest.cputube.org check patches with CFLAGS="-O0
>> -fsanitize=alignment -fsanitize-trap=alignment". What do you think?

> The revised patch is attached. The attribute is wrapped into
> pg_attribute_no_sanitize_alignment() macro. I've checked it works for
> me with gcc-10 and clang-11.

I found some time to experiment with this today. It is really nice
to be able to detect these problems without using obsolete hardware.
However, I have a few issues:

* Why do you recommend -O0? Seems to me we want to test the code
as we'd normally use it, ie typically -O2.

* -fsanitize-trap=alignment seems to be a clang-ism; gcc won't take it.
However, after some experimenting I found that "-fno-sanitize-recover=all"
(or "-fno-sanitize-recover=alignment" if you prefer) produces roughly
equivalent results on gcc.

* Both clang and gcc seem to be happy with the same spelling of the
function attribute, which is fortunate. However, I seriously doubt
that bare "#ifdef __GNUC__" is going to be good enough. At the very
least there's going to need to be a compiler version test in there,
and we might end up needing to get the configure script involved.

* I think the right place to run such a check is in some buildfarm
animals. The cfbot only sees portions of what goes into our tree.

regards, tom lane