Merge "libc: Disable FORTIFY if we're using clang-tidy."

2017-10-31 17:36:18 +00:00 · 2017-10-31 17:36:18 +00:00 · 9fe034b7bb
commit 9fe034b7bb
parent 8142b5c5b0 e5d66eb86a
2 changed files with 21 additions and 2 deletions
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@ -261,8 +261,13 @@

 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
 #  if defined(__clang__)
-/* FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors. */
-#    if !__has_feature(address_sanitizer)
+/*
+ * FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors.
+ * Additionally, the static analyzer/clang-tidy try to pattern match some
+ * standard library functions, and FORTIFY sometimes interferes with this. So,
+ * we turn FORTIFY off in both cases.
+ */
+#    if !__has_feature(address_sanitizer) && !defined(__clang_analyzer__)
 #      define __BIONIC_FORTIFY 1
 #    endif
 #  elif defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
--- a/tests/Android.bp
+++ b/tests/Android.bp
@ -224,6 +224,20 @@ cc_test_library {
    srcs: ["fortify_compilation_test.cpp"],
 }

+// Ensure we don't use FORTIFY'ed functions with the static analyzer/clang-tidy:
+// it can confuse these tools pretty easily. If this builds successfully, then
+// __clang_analyzer__ overrode FORTIFY. Otherwise, FORTIFY was incorrectly
+// enabled. The library that results from building this is meant to be unused.
+cc_test_library {
+    name: "fortify_disabled_for_tidy",
+    cflags: [
+        "-Werror",
+        "-D_FORTIFY_SOURCE=2",
+        "-D__clang_analyzer__",
+    ],
+    srcs: ["fortify_compilation_test.cpp"],
+}
+
 cc_test_library {
    name: "libfortify1-tests-clang",
    defaults: ["bionic_fortify_tests_defaults", "bionic_tests_defaults"],