Hi Modern GCC and CLANG have tools to detect errors during runtime, like valgrind but much faster. Currently those sanitzer are available : - Adress sanitizer - Thread sanitizer - Undefined sanitizer GCC and CLANG currently don't work on LibreOffice (errors during the build for GCC and can't compile LO on CLANG). We should add option to the build to use those extensions during LibreOffice build and use those tools to check LibreOffice source code. Proposition is to use --with-fsanitiz= and the sanitizer name
Oups sorry for the mistake, LO doesn't compile on clang/gcc with those option (adress sanitizer...).
For example doesn't work on clang with LINKFLAGSNOUNDEFS="-Wl,-z,defs" and adress sanitizer.
Arnaud Versini committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=785c4f10b87ab47b853abf947dfb21117d55cca1 fdo#72468 avoid out of bounds array access The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Arnaud Versini committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=160410842be82a4c9a1da58f2e608e9d9c54ebf7 fdo#72468 Remove memory overflow on static memory. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
i wonder what's still missing here, just the special casing of the "jpipe" library to be built without sanitizer?
(In reply to comment #5) > i wonder what's still missing here, just the special casing of the "jpipe" > library to be built without sanitizer? As far as I remember there were some problems around the python and java bindings but Stephan knows the details. Otherwise you can already build and run it. It is even possible to package the build so most of the features are covered. I'm only disabling the firebird code as it uses a custom allocator that does not work nicely with Asan.
(In reply to comment #2) > For example doesn't work on clang with LINKFLAGSNOUNDEFS="-Wl,-z,defs" and > adress sanitizer. see <https://wiki.documentfoundation.org/Development/-fsanitize> for how to build LO with sanitizers
Since Firefox moved the build infrastructure to the Clang toolchain, and they got significant changes for performance, we should try it anyway. https://www.mozilla.org/en-US/firefox/63.0/releasenotes/ https://www.mozilla.org/en-US/firefox/64.0/releasenotes/
building with ASAN and UBSAN has been working since years and we even have a tinderbox with ASAN+UBSAN -> closing this btw while GCC ASAN does work i've noticed that clang ASAN has significantly better performance, so would recommend to use that for debug builds.