New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 464797 link

Starred by 14 users

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Mar 2018
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: ----


Sign in to add a comment

Deploy -fsanitize=cfi-vcall on Linux

Project Member Reported by p...@chromium.org, Mar 6 2015

Issue description

-fsanitize=cfi-vptr is a new low-overhead control flow integrity scheme implemented in Clang documented at http://clang.llvm.org/docs/ControlFlowIntegrity.html

This bug tracks progress on deploying it on Linux.
 
Showing comments 23 - 122 of 122 Older
Project Member

Comment 23 by bugdroid1@chromium.org, Jul 21 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build.git/+/3e61021342656056cdcb57378d76136115f6bd44

commit 3e61021342656056cdcb57378d76136115f6bd44
Author: pcc@chromium.org <pcc@chromium.org>
Date: Tue Jul 21 10:10:00 2015

CFI Linux CF: Add builder to the main scheduler's list.

BUG= 464797 
R=thakis@chromium.org

Review URL: https://codereview.chromium.org/1247483003

git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/build@296079 0039d316-1c4b-4281-b951-d872f2087c98

[modify] http://crrev.com/3e61021342656056cdcb57378d76136115f6bd44/masters/master.chromium.fyi/master.cfg

Comment 24 Deleted

Comment 25 Deleted

Comment 26 by krasin@google.com, Jul 22 2015

CFI status for today:

35/54 tests are green and running on the CFI buildbot:
http://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux

4 more tests will be green and on the buildbot, when https://codereview.chromium.org/1250803003/ is landed.

The full status is available here: https://docs.google.com/spreadsheets/d/1_3CeJXf-0YiSm2ncibH3hLhagJq9-E72WUpIiT2qXno/edit#gid=0

Comment 27 by krasin@google.com, Jul 22 2015

Correction: CFI buildbot slave is temporary broken (infra issues: could not upload some data to gs://), the ticket is filed: https://code.google.com/p/chromium/issues/detail?id=512997
End of day update:

Done: 39/54 (green locally; should run on the buildbot; buildbot is still broken)
Under review: 7 (will be green when the fixes are submitted)
Broken: 8

The full status is available here: https://docs.google.com/spreadsheets/d/1_3CeJXf-0YiSm2ncibH3hLhagJq9-E72WUpIiT2qXno/edit#gid=0 (same as in #26)
By broken I mean CFI reports when the tests run. All build failures are now fixed by Peter (thx!)
End of week update:

Buildbot is green, with 39/54 tests
Under review: 5
Broken: 10

There're a few fixes in the fly, which together will significantly improve the situation next week.
Project Member

Comment 32 by bugdroid1@chromium.org, Jul 31 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3184322ba03c4221ca2b0295d7413ab9ac82b4d2

commit 3184322ba03c4221ca2b0295d7413ab9ac82b4d2
Author: pcc <pcc@chromium.org>
Date: Fri Jul 31 00:46:30 2015

CFI: Add a new debug URL, chrome://badcastcrash.

This URL causes the renderer to intentionally perform a bad cast, which
causes a CFI violation. This allows us to manually test how CFI violations
in the renderer are handled.

BUG= 464797 
R=avi@chromium.org
TEST=build with cfi_vptr=1, manually navigate to chrome://badcastcrash, verify that "Aw, snap" page appears

Review URL: https://codereview.chromium.org/1266893002

Cr-Commit-Position: refs/heads/master@{#341247}

[modify] http://crrev.com/3184322ba03c4221ca2b0295d7413ab9ac82b4d2/chrome/common/url_constants.cc
[modify] http://crrev.com/3184322ba03c4221ca2b0295d7413ab9ac82b4d2/content/browser/frame_host/debug_urls.cc
[modify] http://crrev.com/3184322ba03c4221ca2b0295d7413ab9ac82b4d2/content/public/common/url_constants.cc
[modify] http://crrev.com/3184322ba03c4221ca2b0295d7413ab9ac82b4d2/content/public/common/url_constants.h
[modify] http://crrev.com/3184322ba03c4221ca2b0295d7413ab9ac82b4d2/content/renderer/render_frame_impl.cc

Buildbot now runs 46 / 55 test suites
There're 9 test suites with CFI failures.

As always, up to date info is at
https://docs.google.com/spreadsheets/d/1_3CeJXf-0YiSm2ncibH3hLhagJq9-E72WUpIiT2qXno/edit#gid=0
Project Member

Comment 34 by bugdroid1@chromium.org, Aug 5 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ed9ea9af2cf1ab10d0e5ecaaa008b19fe980a4aa

commit ed9ea9af2cf1ab10d0e5ecaaa008b19fe980a4aa
Author: pcc <pcc@chromium.org>
Date: Wed Aug 05 00:46:39 2015

CFI: Enable stack traces in renderer process in non-official CFI builds.

A CFI failure causes a SIGILL signal to be raised, and the most likely
place for a failure to occur is in the renderer. By printing a stack trace
we provide developers with a basic set of information about CFI failures,
and allow crashes to be disambiguated by ClusterFuzz.

BUG= 464797 
R=jln@chromium.org,jam@chromium.org

Review URL: https://codereview.chromium.org/1269673003

Cr-Commit-Position: refs/heads/master@{#341833}

[modify] http://crrev.com/ed9ea9af2cf1ab10d0e5ecaaa008b19fe980a4aa/content/common/sandbox_linux/sandbox_linux.cc
[modify] http://crrev.com/ed9ea9af2cf1ab10d0e5ecaaa008b19fe980a4aa/content/renderer/renderer_main.cc

Project Member

Comment 35 by bugdroid1@chromium.org, Aug 7 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ff550411a2f2701746c93b32e9675e4047be167f

commit ff550411a2f2701746c93b32e9675e4047be167f
Author: pcc <pcc@chromium.org>
Date: Fri Aug 07 00:50:36 2015

CFI: Add diagnostic information to likely CFI violation stack traces.

If CFI enforcement is enabled and we receive a SIGILL, it is most likely
that a CFI check failed. Add a reference to the CFI documentation to the
stack trace to make it easier to identify and investigate CFI violations.

Also add an end marker to stack traces to make it easier for automated
tools to extract stack traces.

BUG= 464797 
R=thakis@chromium.org

Review URL: https://codereview.chromium.org/1267423002

Cr-Commit-Position: refs/heads/master@{#342246}

[modify] http://crrev.com/ff550411a2f2701746c93b32e9675e4047be167f/base/debug/stack_trace_posix.cc

Project Member

Comment 36 by bugdroid1@chromium.org, Aug 12 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c964309764aeedac75ce8bcd11d59dd1f827484a

commit c964309764aeedac75ce8bcd11d59dd1f827484a
Author: pcc <pcc@chromium.org>
Date: Wed Aug 12 01:02:28 2015

build: Enable flags for better stack traces in non-official CFI builds.

BUG= 464797 
R=inferno@chromium.org
TBR=thakis@chromium.org

Review URL: https://codereview.chromium.org/1289673002

Cr-Commit-Position: refs/heads/master@{#342952}

[modify] http://crrev.com/c964309764aeedac75ce8bcd11d59dd1f827484a/build/common.gypi

Project Member

Comment 37 by bugdroid1@chromium.org, Aug 13 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build.git/+/e82f7db36dd8bf7e4e2b0fa07c309a1012e35974

commit e82f7db36dd8bf7e4e2b0fa07c309a1012e35974
Author: pcc@chromium.org <pcc@chromium.org>
Date: Thu Aug 13 20:17:08 2015

CFI Linux CF: Add flags for better stack traces.

Based on https://codereview.chromium.org/1289673002 and the 'ASAN Release
(symbolized)' config in masters/master.chromium.lkgr/master_lkgr_cfg.py.
The former will be partially reverted once this lands in order to prevent the flags
from interfering with regular perf measurements.

BUG= 464797 
R=maruel@chromium.org
TBR=inferno@chromium.org

Review URL: https://codereview.chromium.org/1291123002

git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/build@296303 0039d316-1c4b-4281-b951-d872f2087c98

[modify] http://crrev.com/e82f7db36dd8bf7e4e2b0fa07c309a1012e35974/masters/master.chromium.fyi/master.cfg

Comment 38 by laforge@google.com, Aug 24 2015

Labels: Pri-2
Adding default Pri-2
Please note that we're starting to switch the Linux bots over to the GN build shortly. I notice that the CFI build flag is not supported in the GN build.

If you don't want this support to be lost in the switchover, you should add this to the GN build. Please ping me if you need guidance.
Project Member

Comment 40 by bugdroid1@chromium.org, Sep 2 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2e1b0482167caa55a82caf3a8df76976dc999bf0

commit 2e1b0482167caa55a82caf3a8df76976dc999bf0
Author: pcc <pcc@chromium.org>
Date: Wed Sep 02 20:28:51 2015

Clang: Include CFI blacklist in LLVM package.

This will cause us to start packaging cfi_blacklist.txt once
we roll past LLVM r246617.

R=thakis@chromium.org,hans@chromium.org
BUG= 464797 

Review URL: https://codereview.chromium.org/1323843003

Cr-Commit-Position: refs/heads/master@{#347009}

[modify] http://crrev.com/2e1b0482167caa55a82caf3a8df76976dc999bf0/tools/clang/scripts/package.py

Project Member

Comment 41 by bugdroid1@chromium.org, Sep 5 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build.git/+/48183b6b9a0c584e739ee567a4871e0035ea9af3

commit 48183b6b9a0c584e739ee567a4871e0035ea9af3
Author: pcc@chromium.org <pcc@chromium.org>
Date: Sat Sep 05 01:07:12 2015

CFI Linux CF: Enable detailed diagnostics using cfi_diag=1.

BUG= 464797 
R=inferno@chromium.org
TBR=thakis@chromium.org

Review URL: https://codereview.chromium.org/1325803003

git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/build@296574 0039d316-1c4b-4281-b951-d872f2087c98

[modify] http://crrev.com/48183b6b9a0c584e739ee567a4871e0035ea9af3/masters/master.chromium.fyi/master.cfg

Comment 42 by p...@chromium.org, Sep 11 2015

Blockedon: chromium:528798
Project Member

Comment 44 by bugdroid1@chromium.org, Oct 1 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/58ce4660835621899e0129250e690059d9ece8a9

commit 58ce4660835621899e0129250e690059d9ece8a9
Author: krasin <krasin@google.com>
Date: Thu Oct 01 21:09:01 2015

Remove an assert that triggers a bad cast in blink::LifecycleNotifier.

The bad cast happens in
blink::LifecycleNotifier<blink::ExecutionContext, blink::ContextLifecycleObserver>::context(),
when it's called from the destructor. See  https://crbug.com/537398 .

The primary issue is that this method makes a base-to-derived cast at the time,
when the derived instance is already destroyed.

This bug was found by Control Flow Integrity check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity

BUG= chromium:537398 , chromium:464797 

Review URL: https://codereview.chromium.org/1381823002

Cr-Commit-Position: refs/heads/master@{#351884}

[modify] http://crrev.com/58ce4660835621899e0129250e690059d9ece8a9/third_party/WebKit/Source/platform/LifecycleNotifier.h

Cc: thakis@chromium.org h...@chromium.org
Status update for the upcoming launch on Linux:

it's mostly ready, there're a few small blockers:

1. We need to make sure that bots have LLVM Gold plugin available. The proposed solution is https://codereview.chromium.org/1375213007/ which needs a review from thakis@

2. ClusterFuzz found a new issue:  https://crbug.com/538952 
I am on it, will try to fix soon.

3. Waiting for skia deps roll https://skia.googlesource.com/skia.git/+/92d976c3ad06d4a398d7bf95d2060e40154c39d7 to get the trybot green

4. Waiting for chromium.fyi master restart to get CFI / ClusterFuzz bot green: 537768

5. There's a few tests still need to be added to the buildbot: https://codereview.chromium.org/1308063002/ (blocked on #3)
#1: no resolution. See https://codereview.chromium.org/1375213007/
#2: not reproducible so far
#3, #4: fixed. CFI trybot and CFI ClusterFuzz buildbot are green.
#5: sent for a review: https://codereview.chromium.org/1308063002/

Blockedon: chromium:536159
#1 is  issue 536159 , right?
Correct.
Blockedon: chromium:541708
Labels: -Pri-2 Pri-1
#1, #5: submitted; resolved. #2 still not reproducible.

The only known (soft) blocker is  https://crbug.com/541708 . It makes the CFI buildbot red, but the fix is under works. Should land on Monday.

I have also posted an email to chromium-dev: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/pbJqt6ccMII

If everything goes as planned, I will create a CL that turns cfi_vptr=1 for the official builds on Monday. We'll see if it's possible to land it safely.
 https://crbug.com/541708  is fixed, the buildbot is expected to become green within a few hours.

I have created a CL that turns on cfi_vptr=1 on the official Linux Chrome and sent for a review: https://codereview.chromium.org/1393283005/

Blockedon: chromium:542426
Project Member

Comment 53 by bugdroid1@chromium.org, Nov 12 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/373a674cd140140bfc31ec5ac49cb314902c3442

commit 373a674cd140140bfc31ec5ac49cb314902c3442
Author: pcc <pcc@chromium.org>
Date: Thu Nov 12 21:15:36 2015

build: Move CFI Windows build config under OS=="win" block.

Should unbreak CFI bots (update.sh does not support --print-clang-revision).

BUG= 464797 
TBR=thakis@chromium.org

Review URL: https://codereview.chromium.org/1436813005

Cr-Commit-Position: refs/heads/master@{#359388}

[modify] http://crrev.com/373a674cd140140bfc31ec5ac49cb314902c3442/build/common.gypi

Project Member

Comment 55 by bugdroid1@chromium.org, Nov 26 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9ddd19577633e02c8c6f6ae83ee5efd9e2c4c567

commit 9ddd19577633e02c8c6f6ae83ee5efd9e2c4c567
Author: krasin <krasin@google.com>
Date: Thu Nov 26 00:51:14 2015

Fix downloading of LLVM Gold plugin for the official Chrome.

The build needs the plugin to make an LTO build, which will soon
be the default for the official Chrome as a part of
Control Flow Integrity launch. See
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
for more details.

BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1475173002

Cr-Commit-Position: refs/heads/master@{#361774}

[modify] http://crrev.com/9ddd19577633e02c8c6f6ae83ee5efd9e2c4c567/tools/clang/scripts/update.sh

Project Member

Comment 56 by bugdroid1@chromium.org, Dec 2 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build.git/+/76ba5cdef0deb67bb25265586299f29809e45dd3

commit 76ba5cdef0deb67bb25265586299f29809e45dd3
Author: krasin@google.com <krasin@google.com>
Date: Wed Dec 02 01:45:23 2015

Increase the timeout for Linux x64 official builders.

This is needed in the anticipation of CFI launch that turns on LTO build,
which will have some slow linking commands, which do not produce output
until they're done.

BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1489233002

git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/build@297781 0039d316-1c4b-4281-b951-d872f2087c98

[modify] http://crrev.com/76ba5cdef0deb67bb25265586299f29809e45dd3/masters/master.chromium.chrome/master.cfg
[modify] http://crrev.com/76ba5cdef0deb67bb25265586299f29809e45dd3/masters/master.chromium.perf/master.cfg

Project Member

Comment 57 by bugdroid1@chromium.org, Dec 2 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/14ca7bfeec92b5c90b23c1663641e40581d28a89

commit 14ca7bfeec92b5c90b23c1663641e40581d28a89
Author: Peter Collingbourne <pcc@chromium.org>
Date: Wed Dec 02 21:13:38 2015

CFI buildbot: remove a test not supported by GN.

BUG= 464797 
R=thakis@chromium.org

Review URL: https://codereview.chromium.org/1495553003 .

Cr-Commit-Position: refs/heads/master@{#362793}

[modify] http://crrev.com/14ca7bfeec92b5c90b23c1663641e40581d28a89/testing/buildbot/chromium.fyi.json

Project Member

Comment 58 by bugdroid1@chromium.org, Dec 2 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7ff79f9569429444dabdb6d5024918bc548916b3

commit 7ff79f9569429444dabdb6d5024918bc548916b3
Author: krasin <krasin@google.com>
Date: Wed Dec 02 21:52:28 2015

Fix downloading LLVM Gold plugin in the case, when Clang is up to date.

The script should download LLVM Gold plugin, if it's missing, even if the
main Clang toolchain is up to date. This change is to match update.py
functionality with the gone update.sh.

BUG= 464797 , 494442 

Review URL: https://codereview.chromium.org/1491203003

Cr-Commit-Position: refs/heads/master@{#362803}

[modify] http://crrev.com/7ff79f9569429444dabdb6d5024918bc548916b3/tools/clang/scripts/update.py

Project Member

Comment 59 by bugdroid1@chromium.org, Dec 3 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9aedd443e02995d017138da7913e97650f889641

commit 9aedd443e02995d017138da7913e97650f889641
Author: krasin <krasin@google.com>
Date: Thu Dec 03 01:53:02 2015

Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG= chromium:464797 
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

Review URL: https://codereview.chromium.org/1393283005

Cr-Commit-Position: refs/heads/master@{#362856}

[modify] http://crrev.com/9aedd443e02995d017138da7913e97650f889641/build/common.gypi
[modify] http://crrev.com/9aedd443e02995d017138da7913e97650f889641/build/config/sanitizers/sanitizers.gni

Project Member

Comment 60 by bugdroid1@chromium.org, Dec 3 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9e37ffbe43c0b100bcc02f9faf648f11d86316c1

commit 9e37ffbe43c0b100bcc02f9faf648f11d86316c1
Author: akuegel <akuegel@chromium.org>
Date: Thu Dec 03 09:30:23 2015

Revert of Fix downloading LLVM Gold plugin in the case, when Clang is up to date. (patchset #1 id:1 of https://codereview.chromium.org/1491203003/ )

Reason for revert:
This breaks Codesearch bots.

Original issue's description:
> Fix downloading LLVM Gold plugin in the case, when Clang is up to date.
>
> The script should download LLVM Gold plugin, if it's missing, even if the
> main Clang toolchain is up to date. This change is to match update.py
> functionality with the gone update.sh.
>
> BUG= 464797 , 494442 
>
> Committed: https://crrev.com/7ff79f9569429444dabdb6d5024918bc548916b3
> Cr-Commit-Position: refs/heads/master@{#362803}

TBR=thakis@chromium.org,krasin@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 464797 , 494442 

Review URL: https://codereview.chromium.org/1494883004

Cr-Commit-Position: refs/heads/master@{#362938}

[modify] http://crrev.com/9e37ffbe43c0b100bcc02f9faf648f11d86316c1/tools/clang/scripts/update.py

Project Member

Comment 61 by bugdroid1@chromium.org, Dec 3 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2f8494c55755a5b7f7c61c5204b05a5634189b3c

commit 2f8494c55755a5b7f7c61c5204b05a5634189b3c
Author: akuegel <akuegel@chromium.org>
Date: Thu Dec 03 10:13:51 2015

Reland of Fix downloading LLVM Gold plugin in the case, when Clang is up to date. (patchset #1 id:1 of https://codereview.chromium.org/1494883004/ )

Reason for revert:
Reverting didn't help.

Original issue's description:
> Revert of Fix downloading LLVM Gold plugin in the case, when Clang is up to date. (patchset #1 id:1 of https://codereview.chromium.org/1491203003/ )
>
> Reason for revert:
> This breaks Codesearch bots.
>
> Original issue's description:
> > Fix downloading LLVM Gold plugin in the case, when Clang is up to date.
> >
> > The script should download LLVM Gold plugin, if it's missing, even if the
> > main Clang toolchain is up to date. This change is to match update.py
> > functionality with the gone update.sh.
> >
> > BUG= 464797 , 494442 
> >
> > Committed: https://crrev.com/7ff79f9569429444dabdb6d5024918bc548916b3
> > Cr-Commit-Position: refs/heads/master@{#362803}
>
> TBR=thakis@chromium.org,krasin@google.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG= 464797 , 494442 
>
> Committed: https://crrev.com/9e37ffbe43c0b100bcc02f9faf648f11d86316c1
> Cr-Commit-Position: refs/heads/master@{#362938}

TBR=thakis@chromium.org,krasin@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 464797 , 494442 

Review URL: https://codereview.chromium.org/1493283002

Cr-Commit-Position: refs/heads/master@{#362939}

[modify] http://crrev.com/2f8494c55755a5b7f7c61c5204b05a5634189b3c/tools/clang/scripts/update.py

Project Member

Comment 62 by bugdroid1@chromium.org, Dec 3 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/56a0cb54c0ccf06e545435150fdcdbfc29718bc1

commit 56a0cb54c0ccf06e545435150fdcdbfc29718bc1
Author: krasin <krasin@google.com>
Date: Thu Dec 03 13:27:49 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. (patchset #10 id:180001 of https://codereview.chromium.org/1393283005/ )

Reason for revert:
One of the buildbots timed out while linking Chrome:
https://build.chromium.org/p/chromium.chrome/builders/Google%20Chrome%20Linux%20x64/builds/6251

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> Committed: https://crrev.com/9aedd443e02995d017138da7913e97650f889641
> Cr-Commit-Position: refs/heads/master@{#362856}

TBR=thakis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1498723002

Cr-Commit-Position: refs/heads/master@{#362973}

[modify] http://crrev.com/56a0cb54c0ccf06e545435150fdcdbfc29718bc1/build/common.gypi
[modify] http://crrev.com/56a0cb54c0ccf06e545435150fdcdbfc29718bc1/build/config/sanitizers/sanitizers.gni

After reverting the launch CL, we now have three known blockers for the next CFI launch attempt:

1. perf master needs to be restarted as well (requested in
https://crbug.com/565486, no action from me is needed)
2. official.desktop buildbot does not limit link concurrency and fails due to
OOM (htts://crbug.com/565162, need to figure out where the configs for this bot
are)
3. there's a CFI regression happened in cc_unittests:
https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/3597

I think that the most useful information from the first attempt is #2. I would
not be able to find out about it without actually trying.
Project Member

Comment 64 by bugdroid1@chromium.org, Dec 3 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1fd302ba896e0a925c8c6b53432de98111074737

commit 1fd302ba896e0a925c8c6b53432de98111074737
Author: krasin <krasin@google.com>
Date: Thu Dec 03 21:19:11 2015

CFI: fix invalid cast in tile_manager_unittest.cc.

TaskSetFinishedTaskImpl was casted to its sibling,
cc::RasterTask instead of a base class, cc::TileTask.

This is a follow up to https://codereview.chromium.org/1470113002 which introduced this bad cast.

BUG= 565515 , 464797 
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1494273002

Cr-Commit-Position: refs/heads/master@{#363063}

[modify] http://crrev.com/1fd302ba896e0a925c8c6b53432de98111074737/cc/tiles/tile_manager_unittest.cc

Project Member

Comment 65 by bugdroid1@chromium.org, Dec 4 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8b2f896b9b2083ced0a42879ef6ea427a3cd56d4

commit 8b2f896b9b2083ced0a42879ef6ea427a3cd56d4
Author: krasin <krasin@google.com>
Date: Fri Dec 04 04:45:15 2015

get_concurrent_links.py: give more RAM per job in LTO builds.

This is required for launching Control Flow Integrity on Linux x86-64,
as it uses LTO builds, which use significantly more memory during
link phase.

Failing to do that lead me to see this OOM error message on the bot:
https://chromegw.corp.google.com/i/official.desktop/builders/precise64/builds/253

BUG=565162, 464797 

Review URL: https://codereview.chromium.org/1492843006

Cr-Commit-Position: refs/heads/master@{#363137}

[modify] http://crrev.com/8b2f896b9b2083ced0a42879ef6ea427a3cd56d4/build/toolchain/gcc_toolchain.gni
[modify] http://crrev.com/8b2f896b9b2083ced0a42879ef6ea427a3cd56d4/build/toolchain/get_concurrent_links.py
[modify] http://crrev.com/8b2f896b9b2083ced0a42879ef6ea427a3cd56d4/build/toolchain/win/BUILD.gn

#2 and #3 blockers from the update #63 are resolved. The master restart for the perf bots is still pending. I hope to re-land https://codereview.chromium.org/1393283005/ tomorrow in the first half of the day.
Project Member

Comment 67 by bugdroid1@chromium.org, Dec 4 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/abbfcc7930834381e05c31068ac2256cb9ea4f49

commit abbfcc7930834381e05c31068ac2256cb9ea4f49
Author: krasin <krasin@google.com>
Date: Fri Dec 04 19:28:22 2015

Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG= chromium:464797 
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a second attempt to land the CL. The first one:
https://codereview.chromium.org/1393283005/

Review URL: https://codereview.chromium.org/1501593003

Cr-Commit-Position: refs/heads/master@{#363267}

[modify] http://crrev.com/abbfcc7930834381e05c31068ac2256cb9ea4f49/build/common.gypi
[modify] http://crrev.com/abbfcc7930834381e05c31068ac2256cb9ea4f49/build/config/sanitizers/sanitizers.gni

Project Member

Comment 68 by bugdroid1@chromium.org, Dec 5 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/931533d38f6b44a56f7a768e91d71f2f167c7897

commit 931533d38f6b44a56f7a768e91d71f2f167c7897
Author: krasin <krasin@google.com>
Date: Sat Dec 05 00:24:33 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. (patchset #1 id:1 of https://codereview.chromium.org/1501593003/ )

Reason for revert:
Buildbot timed out:
https://build.chromium.org/p/chromium.chrome/builders/Google%20Chrome%20Linux%20x64/builds/6284

"command timed out: 3600 seconds without output, attempting to kill"

It's hard to say why does the buildbot so much slower than a local build. Possibly, not enough RAM.

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a second attempt to land the CL. The first one:
> https://codereview.chromium.org/1393283005/
>
> Committed: https://crrev.com/abbfcc7930834381e05c31068ac2256cb9ea4f49
> Cr-Commit-Position: refs/heads/master@{#363267}

TBR=thakis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1501873002

Cr-Commit-Position: refs/heads/master@{#363313}

[modify] http://crrev.com/931533d38f6b44a56f7a768e91d71f2f167c7897/build/common.gypi
[modify] http://crrev.com/931533d38f6b44a56f7a768e91d71f2f167c7897/build/config/sanitizers/sanitizers.gni

This attempt revealed that build47-m1 is much slower than a local build: it was trying to link Chrome for longer than 1 hour (compared to 32 minutes locally). I will investigate this.
The mystery is solved: build47-m1 has only 24 GB of RAM. That's the lowest amount of RAM I ever tried for CFI / LTO Chrome. Will need to significantly increase the timeout for this buildbot in the short term and request a beefier machine in the medium term.

Comment 71 by p...@google.com, Dec 7 2015

If the machine is thrashing the cycle time is likely to be intolerable so I'd suggest going straight to requesting a better machine.

Comment 72 by h...@chromium.org, Dec 7 2015

> If the machine is thrashing the cycle time is likely to be intolerable so I'd suggest going straight to requesting a better machine.

+1, infra people are usually very fast. And if this is a VM, it might be easy to just turn up the RAM knob.
I have requested more RAM for the slave: https://crbug.com/567258

The slave now has ~113 GB of RAM.
I have also checked the RAM for perf bots. While it's only 24 GB there, they don't seem to link any large targets, that's why they didn't fail in the last attempt.

About to submit the third attempt: https://codereview.chromium.org/1502373003. Waiting for the tree to become green.
Project Member

Comment 75 by bugdroid1@chromium.org, Dec 8 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2e8ed4750b26923558b4754de4fd7f4cae3399e8

commit 2e8ed4750b26923558b4754de4fd7f4cae3399e8
Author: krasin <krasin@google.com>
Date: Tue Dec 08 01:20:05 2015

Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG= chromium:464797 
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a third attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

All issues discovered by the previous attempt are resolved at this point.

Review URL: https://codereview.chromium.org/1502373003

Cr-Commit-Position: refs/heads/master@{#363677}

[modify] http://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8/build/common.gypi
[modify] http://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8/build/config/sanitizers/sanitizers.gni

This attempt seems to be a step forward. Google Chrome Linux x64 succesfully links Chrome. The overall build is failing, but I believe that CFI has nothing to do with the failure:

http://build.chromium.org/p/chromium.chrome/builders/Google%20Chrome%20Linux%20x64/builds/6339
dpkg-shlibdeps: warning: binaries to analyze should already be installed in their package's directory.
7c7
< libdbus-1-3 (>= 1.2.14)
---
> libdbus-1-3 (>= 1.1.4)

ERROR: Shared library dependencies changed!
If this is intentional, please update:
chrome/installer/linux/debian/expected_deps_ia32
chrome/installer/linux/debian/expected_deps_x64

As a side note, it seems that the upgraded slave could be faster if goma was off, because it has 32 cores and uses none of the for the compilation.
Project Member

Comment 77 by bugdroid1@chromium.org, Dec 8 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8496468f39f1af06f5f0557b999636928487b421

commit 8496468f39f1af06f5f0557b999636928487b421
Author: mkwst <mkwst@chromium.org>
Date: Tue Dec 08 09:54:13 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. (patchset #1 id:1 of https://codereview.chromium.org/1502373003/ )

Reason for revert:
Speculative revert to see if this resolves dependency issues on the official builder.

"""
Huh! It appears that dpkg-shlibdeps (http://man.he.net/man1/dpkg-shlibdeps) takes a look at the undefined symbols in the binary, looks at their version and generates the requirement, like "libdbus-1-3 (>= 1.2.14)". If some code was eliminated due to full-program optimization, the number of undefined symbols could reduce, and the requirement could become weaker, like "libdbus-1-3 (>= 1.1.4)".
"""

BUG=567637

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a third attempt to land the CL. Previous attempts:
> https://codereview.chromium.org/1501593003/
> https://codereview.chromium.org/1393283005/
>
> All issues discovered by the previous attempt are resolved at this point.
>
> Committed: https://crrev.com/2e8ed4750b26923558b4754de4fd7f4cae3399e8
> Cr-Commit-Position: refs/heads/master@{#363677}

TBR=thakis@chromium.org,krasin@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1502133004

Cr-Commit-Position: refs/heads/master@{#363778}

[modify] http://crrev.com/8496468f39f1af06f5f0557b999636928487b421/build/common.gypi
[modify] http://crrev.com/8496468f39f1af06f5f0557b999636928487b421/build/config/sanitizers/sanitizers.gni

The new attempt: https://codereview.chromium.org/1502233004/
This time, I have updated the expectations for the shared lib deps and have a reasonable hope to succeed on the Google Chrome Linux x64 builder.

Project Member

Comment 79 by bugdroid1@chromium.org, Dec 9 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/64719eadd90a3131a744baa89a1183bdcb1e2375

commit 64719eadd90a3131a744baa89a1183bdcb1e2375
Author: krasin <krasin@google.com>
Date: Wed Dec 09 01:54:07 2015

Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG= chromium:464797 
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a fourth attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1502373003/
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/

The last time it failed, it was https://crbug.com/567637
(mismatched deps expectations for the installer).
Fixing the expectations.

Review URL: https://codereview.chromium.org/1502233004

Cr-Commit-Position: refs/heads/master@{#363895}

[modify] http://crrev.com/64719eadd90a3131a744baa89a1183bdcb1e2375/build/common.gypi
[modify] http://crrev.com/64719eadd90a3131a744baa89a1183bdcb1e2375/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/64719eadd90a3131a744baa89a1183bdcb1e2375/chrome/installer/linux/debian/expected_deps_x64

The fourth attempt is a limited success, Google Chrome Linux x64 builder succeeded:

https://build.chromium.org/p/chromium.chrome/builders/Google%20Chrome%20Linux%20x64/builds/6349

Canary builder is not that good. Breakpad does not like the fact that we have DWARF v4 debug info. I filed https://crbug/567979

Correct url: https://crbug.com/567979
I've also sent https://codereview.chromium.org/1509733004/ for a review to address OOM problem on the official buildbot. It's sporadic, so the primary CL may actually survive until the right fix is submitted.
Project Member

Comment 83 by bugdroid1@chromium.org, Dec 9 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1be865f6b9edf39aaeba57750b33abc305f8ae0e

commit 1be865f6b9edf39aaeba57750b33abc305f8ae0e
Author: thakis <thakis@chromium.org>
Date: Wed Dec 09 15:27:27 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. (patchset #1 id:1 of https://codereview.chromium.org/1502233004/ )

Reason for revert:
Broken at clang trunk ( http://crbug.com/568121 )

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a fourth attempt to land the CL. Previous attempts:
> https://codereview.chromium.org/1502373003/
> https://codereview.chromium.org/1501593003/
> https://codereview.chromium.org/1393283005/
>
> The last time it failed, it was https://crbug.com/567637
> (mismatched deps expectations for the installer).
> Fixing the expectations.
>
> Committed: https://crrev.com/64719eadd90a3131a744baa89a1183bdcb1e2375
> Cr-Commit-Position: refs/heads/master@{#363895}

TBR=thestig@chromium.org,krasin@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1517443002

Cr-Commit-Position: refs/heads/master@{#364068}

[modify] http://crrev.com/1be865f6b9edf39aaeba57750b33abc305f8ae0e/build/common.gypi
[modify] http://crrev.com/1be865f6b9edf39aaeba57750b33abc305f8ae0e/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/1be865f6b9edf39aaeba57750b33abc305f8ae0e/chrome/installer/linux/debian/expected_deps_x64

Project Member

Comment 84 by bugdroid1@chromium.org, Dec 9 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2d29f7386050b401838cfbb722a0f53fd1230fce

commit 2d29f7386050b401838cfbb722a0f53fd1230fce
Author: krasin <krasin@google.com>
Date: Wed Dec 09 22:14:59 2015

Give more RAM per ld process.

It has been observed that occasionally official buildbots
would crash with OOM, when building Chrome with CFI
(and thus with LTO). This CL reduces the number of
concurrent link processes to avoid this problem.

BUG= 464797 

Review URL: https://codereview.chromium.org/1509733004

Cr-Commit-Position: refs/heads/master@{#364173}

[modify] http://crrev.com/2d29f7386050b401838cfbb722a0f53fd1230fce/build/toolchain/get_concurrent_links.py

Blockedon: chromium:568121
Project Member

Comment 86 by bugdroid1@chromium.org, Dec 14 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/efe55ae0c0f26165d71d540ac319ccc9bc569cb3

commit efe55ae0c0f26165d71d540ac319ccc9bc569cb3
Author: krasin <krasin@google.com>
Date: Mon Dec 14 22:59:58 2015

Enable Control Flow Integrity for the official Linux Chrome.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG= chromium:464797 
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a fifth attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1502373003/
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/
https://codereview.chromium.org/1502233004/

The last time it failed, it was primarily due to the new Clang roll,
that had a bug in the linker. This is now fixed upstream and
the new Clang roll happened:  https://crbug.com/568248 

Perf bots were purple and got a RAM upgrade:  https://crbug.com/567787 

precice64 official buildbot got OOM due to too many Gold instances
running in parallel: https://crbug.com/568011, a more conservative
limit was submitted: https://codereview.chromium.org/1509733004/

TBR=thestig@chromium.org

Review URL: https://codereview.chromium.org/1513623004

Cr-Commit-Position: refs/heads/master@{#365117}

[modify] http://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3/build/common.gypi
[modify] http://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3/chrome/installer/linux/debian/expected_deps_x64

Project Member

Comment 87 by bugdroid1@chromium.org, Dec 15 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e24db69d101447028c9ea6008a023865a9ca3af9

commit e24db69d101447028c9ea6008a023865a9ca3af9
Author: krasin <krasin@google.com>
Date: Tue Dec 15 01:16:38 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. (patchset #3 id:40001 of https://codereview.chromium.org/1513623004/ )

Reason for revert:
Link time for the official Chrome on the perf buildbot is more than 1 hour. Possibly, some regression in LLVM Gold plugin.

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a fifth attempt to land the CL. Previous attempts:
> https://codereview.chromium.org/1502373003/
> https://codereview.chromium.org/1501593003/
> https://codereview.chromium.org/1393283005/
> https://codereview.chromium.org/1502233004/
>
> The last time it failed, it was primarily due to the new Clang roll,
> that had a bug in the linker. This is now fixed upstream and
> the new Clang roll happened:  https://crbug.com/568248 
>
> Perf bots were purple and got a RAM upgrade:  https://crbug.com/567787 
>
> precice64 official buildbot got OOM due to too many Gold instances
> running in parallel: https://crbug.com/568011, a more conservative
> limit was submitted: https://codereview.chromium.org/1509733004/
>
> TBR=thestig@chromium.org
>
> Committed: https://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3
> Cr-Commit-Position: refs/heads/master@{#365117}

TBR=thakis@chromium.org,thestig@chromium.org,phajdan.jr@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1530553002

Cr-Commit-Position: refs/heads/master@{#365133}

[modify] http://crrev.com/e24db69d101447028c9ea6008a023865a9ca3af9/build/common.gypi
[modify] http://crrev.com/e24db69d101447028c9ea6008a023865a9ca3af9/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/e24db69d101447028c9ea6008a023865a9ca3af9/chrome/installer/linux/debian/expected_deps_x64

Project Member

Comment 88 by bugdroid1@chromium.org, Dec 15 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23d659b2daba01396042c29856dd768c5b0d45bb

commit 23d659b2daba01396042c29856dd768c5b0d45bb
Author: krasin <krasin@google.com>
Date: Tue Dec 15 05:06:34 2015

Reduce concurrency for LTO builds. Reserve 32 GB per link job.

BUG= 464797 
NOTRY=true

Review URL: https://codereview.chromium.org/1518353003

Cr-Commit-Position: refs/heads/master@{#365148}

[modify] http://crrev.com/23d659b2daba01396042c29856dd768c5b0d45bb/build/toolchain/get_concurrent_links.py

Project Member

Comment 89 by bugdroid1@chromium.org, Dec 15 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build.git/+/ab4206ff3d38ce5079646b7816c3e2d0bb76ef46

commit ab4206ff3d38ce5079646b7816c3e2d0bb76ef46
Author: krasin@google.com <krasin@google.com>
Date: Tue Dec 15 17:52:22 2015

Increase the timeout for the perf buildbots.

For some reasons, perf slaves link Chrome almost twice slower than a local machine,
and ~1.5 slower than other GCE slaves. Increasing the timeout to remedy the immediate issue.

BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1528533003

git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/build@298023 0039d316-1c4b-4281-b951-d872f2087c98

[modify] http://crrev.com/ab4206ff3d38ce5079646b7816c3e2d0bb76ef46/masters/master.chromium.chrome/master.cfg
[modify] http://crrev.com/ab4206ff3d38ce5079646b7816c3e2d0bb76ef46/masters/master.chromium.perf/master.cfg

Project Member

Comment 90 by bugdroid1@chromium.org, Dec 15 2015

Labels: merge-merged-2592
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/25e96285af7e2ae3a83ecee2d155ece43273d58a

commit 25e96285af7e2ae3a83ecee2d155ece43273d58a
Author: Alexei Svitkine <asvitkine@chromium.org>
Date: Tue Dec 15 20:42:04 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. (patchset #3 id:40001 of https://codereview.chromium.org/1513623004/ )

Reason for revert:
Link time for the official Chrome on the perf buildbot is more than 1 hour. Possibly, some regression in LLVM Gold plugin.

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a fifth attempt to land the CL. Previous attempts:
> https://codereview.chromium.org/1502373003/
> https://codereview.chromium.org/1501593003/
> https://codereview.chromium.org/1393283005/
> https://codereview.chromium.org/1502233004/
>
> The last time it failed, it was primarily due to the new Clang roll,
> that had a bug in the linker. This is now fixed upstream and
> the new Clang roll happened:  https://crbug.com/568248 
>
> Perf bots were purple and got a RAM upgrade:  https://crbug.com/567787 
>
> precice64 official buildbot got OOM due to too many Gold instances
> running in parallel: https://crbug.com/568011, a more conservative
> limit was submitted: https://codereview.chromium.org/1509733004/
>
> TBR=thestig@chromium.org
>
> Committed: https://crrev.com/efe55ae0c0f26165d71d540ac319ccc9bc569cb3
> Cr-Commit-Position: refs/heads/master@{#365117}

TBR=thakis@chromium.org,thestig@chromium.org,phajdan.jr@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1530553002

Cr-Commit-Position: refs/heads/master@{#365133}
(cherry picked from commit e24db69d101447028c9ea6008a023865a9ca3af9)

Review URL: https://codereview.chromium.org/1525313002 .

Cr-Commit-Position: refs/branch-heads/2592@{#7}
Cr-Branched-From: 568b3b7322f98601971d8db77e66b3d203ce9f7f-refs/heads/master@{#365127}

[modify] http://crrev.com/25e96285af7e2ae3a83ecee2d155ece43273d58a/build/common.gypi
[modify] http://crrev.com/25e96285af7e2ae3a83ecee2d155ece43273d58a/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/25e96285af7e2ae3a83ecee2d155ece43273d58a/chrome/installer/linux/debian/expected_deps_x64

Project Member

Comment 91 by bugdroid1@chromium.org, Dec 16 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/14cb7878cb522ad05480547690ec3990f4bbb156

commit 14cb7878cb522ad05480547690ec3990f4bbb156
Author: krasin <krasin@google.com>
Date: Wed Dec 16 06:12:59 2015

Enable Control Flow Integrity for the official Linux Chrome. Try 6.

This CL turns on CFI, a security check:
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html

This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
and should not be an issue.

BUG= chromium:464797 
Intent to Implement thread:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

This is a sixth attempt to land the CL. Previous attempts:
https://codereview.chromium.org/1502373003/
https://codereview.chromium.org/1501593003/
https://codereview.chromium.org/1393283005/
https://codereview.chromium.org/1502233004/
https://codereview.chromium.org/1513623004/

The last time it failed, it was primarily due to the perf build slaves
being much slower then the local build or other GCE slaves,
see https://crbug.com/569732. This is still under investigation,
and the timeout has been increased in the mean time:
https://codereview.chromium.org/1528533003/

Review URL: https://codereview.chromium.org/1529993002

Cr-Commit-Position: refs/heads/master@{#365486}

[modify] http://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156/build/common.gypi
[modify] http://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156/chrome/installer/linux/debian/expected_deps_x64

Project Member

Comment 92 by bugdroid1@chromium.org, Dec 16 2015

The following revision refers to this bug:
  http://goto.ext.google.com/viewvc/chrome-internal?view=rev&revision=82028

------------------------------------------------------------------
r82028 | krasin@google.com | 2015-12-16T09:57:59.217751Z

-----------------------------------------------------------------
Project Member

Comment 93 by bugdroid1@chromium.org, Dec 16 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1e16347cc95833f00b9d7347cc35b12423ca6ddf

commit 1e16347cc95833f00b9d7347cc35b12423ca6ddf
Author: krasin <krasin@google.com>
Date: Wed Dec 16 19:44:10 2015

Revert of Enable Control Flow Integrity for the official Linux Chrome. Try 6. (patchset #1 id:1 of https://codereview.chromium.org/1529993002/ )

Reason for revert:
Official desktop continuous builder takes >8 hours while using up to 100% RAM and as much CPU it could get while still not hitting OOM.

Try 6 is scrubbed. The next attempt will be in late January 2016 or even February. We will try to reduce the requirements for RAM and CPU while linking the binaries with CFI.

Original issue's description:
> Enable Control Flow Integrity for the official Linux Chrome. Try 6.
>
> This CL turns on CFI, a security check:
> https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
> http://clang.llvm.org/docs/ControlFlowIntegrity.html
>
> This feature enables LTO (Link-Time Optimization) builds, which slow down the linker by 3x-4x.
> CFI also comes with a code size overhead of about 7%-9%. The runtime CPU cost is less than 1%,
> and should not be an issue.
>
> BUG= chromium:464797 
> Intent to Implement thread:
> https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ
>
> This is a sixth attempt to land the CL. Previous attempts:
> https://codereview.chromium.org/1502373003/
> https://codereview.chromium.org/1501593003/
> https://codereview.chromium.org/1393283005/
> https://codereview.chromium.org/1502233004/
> https://codereview.chromium.org/1513623004/
>
> The last time it failed, it was primarily due to the perf build slaves
> being much slower then the local build or other GCE slaves,
> see https://crbug.com/569732. This is still under investigation,
> and the timeout has been increased in the mean time:
> https://codereview.chromium.org/1528533003/
>
> Committed: https://crrev.com/14cb7878cb522ad05480547690ec3990f4bbb156
> Cr-Commit-Position: refs/heads/master@{#365486}

TBR=thestig@chromium.org,thakis@chromium.org,pcc@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:464797 

Review URL: https://codereview.chromium.org/1532693002

Cr-Commit-Position: refs/heads/master@{#365590}

[modify] http://crrev.com/1e16347cc95833f00b9d7347cc35b12423ca6ddf/build/common.gypi
[modify] http://crrev.com/1e16347cc95833f00b9d7347cc35b12423ca6ddf/build/config/sanitizers/sanitizers.gni
[modify] http://crrev.com/1e16347cc95833f00b9d7347cc35b12423ca6ddf/chrome/installer/linux/debian/expected_deps_x64

Project Member

Comment 94 by bugdroid1@chromium.org, Dec 16 2015

The following revision refers to this bug:
  http://goto.ext.google.com/viewvc/chrome-internal?view=rev&revision=82038

------------------------------------------------------------------
r82038 | krasin@google.com | 2015-12-16T19:45:24.323016Z

-----------------------------------------------------------------

Comment 95 by kcc@chromium.org, Dec 18 2015

Blockedon: chromium:570904
Project Member

Comment 96 by bugdroid1@chromium.org, Jan 4 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/61e70ccb5957620f3329f07ef79a76b81c96044b

commit 61e70ccb5957620f3329f07ef79a76b81c96044b
Author: krasin <krasin@google.com>
Date: Mon Jan 04 17:48:32 2016

Reduce memory requirement to linux LTO builds to speed up bots.

The new requirements won't be enough for the official bots,
but the old requirements made all the bots to be extremely
slow (5-7 hours), and we don't run official bots as of now,
because that was too slow for CFI launch.

Reverting to the settings good enough for development, and keep in mind,
that we need to do something about the memory consumption for LTO builds
before we could attempt to launch again.

BUG=570227, 464797 

Review URL: https://codereview.chromium.org/1553093004

Cr-Commit-Position: refs/heads/master@{#367323}

[modify] http://crrev.com/61e70ccb5957620f3329f07ef79a76b81c96044b/build/toolchain/get_concurrent_links.py

Comment 97 by p...@chromium.org, Jan 22 2016

Blockedon: chromium:580389

Comment 98 by kcc@chromium.org, Feb 2 2016

Blockedon: chromium:535406 chromium:583183
Project Member

Comment 99 by bugdroid1@chromium.org, Mar 18 2016

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/infra/infra_internal.git/+/dfd7dd11c67247524701c8e2b4f947541285b1e6

commit dfd7dd11c67247524701c8e2b4f947541285b1e6
Author: krasin <krasin@google.com>
Date: Fri Mar 18 17:51:13 2016

Blockedon: 596669

Comment 101 by p...@chromium.org, Mar 21 2016

Blockedon: -596669

Comment 102 by p...@chromium.org, Mar 21 2016

Blockedon: -596669
Project Member

Comment 103 by bugdroid1@chromium.org, Apr 9 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ec9be8559cc2dfc380c8a5b526c21c24a4a5c34e

commit ec9be8559cc2dfc380c8a5b526c21c24a4a5c34e
Author: krasin <krasin@google.com>
Date: Sat Apr 09 06:25:24 2016

Run tests on 'CFI Linux ToT' buildbot.

The list of tests is copied from 'CFI Linux'.

BUG= 464797 

Review URL: https://codereview.chromium.org/1871193002

Cr-Commit-Position: refs/heads/master@{#386286}

[modify] https://crrev.com/ec9be8559cc2dfc380c8a5b526c21c24a4a5c34e/testing/buildbot/chromium.fyi.json

Project Member

Comment 104 by bugdroid1@chromium.org, Apr 11 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f05e71054e7d4df8d04c585b0b35c3706f06fa55

commit f05e71054e7d4df8d04c585b0b35c3706f06fa55
Author: pcc <pcc@chromium.org>
Date: Mon Apr 11 20:55:07 2016

Remove blimp_unittests from list of tests for "CFI Linux ToT" bot.

Apparently that project does not have gyp files. We should restore this line
once "CFI Linux ToT" has been migrated to GN.

BUG= 464797 
R=dpranke@chromium.org,krasin@chromium.org

Review URL: https://codereview.chromium.org/1876203003

Cr-Commit-Position: refs/heads/master@{#386466}

[modify] https://crrev.com/f05e71054e7d4df8d04c585b0b35c3706f06fa55/testing/buildbot/chromium.fyi.json

Comment 105 by kcc@chromium.org, Apr 14 2016

See also: enabling of Control Flow Guard (CFG) on Windows:  bug 584575 

Comment 106 by p...@chromium.org, Jun 27 2016

Blockedon: 623646
Project Member

Comment 107 by bugdroid1@chromium.org, Jun 30 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2a76d152793a2d3a7d89f26912d2af2ca31a2335

commit 2a76d152793a2d3a7d89f26912d2af2ca31a2335
Author: pcc <pcc@chromium.org>
Date: Thu Jun 30 23:34:04 2016

Move TestExtraData classes to anonymous namespace.

We were previously declaring two different classes with the name
blink::TestExtraData, which is an ODR violation. As it happens,
their implementations compiled to the same machine code, which
allowed the tests to pass in most normal circumstances. However,
the ODR violation causes test failures in CFI mode (e.g. [1]) as a
result of stricter type checking. The fix is to move both classes to
an anonymous namespace which makes them internal to their TUs.

[1] https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/5924/steps/webkit_unit_tests/logs/WebURLResponseTest.ExtraData

BUG= 464797 
R=thakis@chromium.org

Review-Url: https://codereview.chromium.org/2119683002
Cr-Commit-Position: refs/heads/master@{#403338}

[modify] https://crrev.com/2a76d152793a2d3a7d89f26912d2af2ca31a2335/third_party/WebKit/Source/web/tests/WebURLRequestTest.cpp
[modify] https://crrev.com/2a76d152793a2d3a7d89f26912d2af2ca31a2335/third_party/WebKit/Source/web/tests/WebURLResponseTest.cpp

Project Member

Comment 108 by bugdroid1@chromium.org, Jul 1 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b25eb565ec1125425d4777e1a7580b0857c64c53

commit b25eb565ec1125425d4777e1a7580b0857c64c53
Author: pcc <pcc@chromium.org>
Date: Fri Jul 01 18:24:41 2016

Media Router: Remove unnecessary and incorrect static_cast in test.

The SigninManager object here is in fact of type SigninManager, not
FakeSigninManagerForTesting. The bad cast here caused test failures
in CFI mode [1]. Because the test is not using any members of
FakeSigninManagerForTesting, we can simply remove the cast.

[1] https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/5924/steps/unit_tests/logs/MediaRouterContextualMenuUnitTest.Basic

BUG= 464797 
R=pkasting@chromium.org

Review-Url: https://codereview.chromium.org/2118503004
Cr-Commit-Position: refs/heads/master@{#403483}

[modify] https://crrev.com/b25eb565ec1125425d4777e1a7580b0857c64c53/chrome/browser/ui/toolbar/media_router_contextual_menu_unittest.cc

Project Member

Comment 109 by bugdroid1@chromium.org, Jul 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4811641ea017bef631852cc0ac1aa8f7ac85385d

commit 4811641ea017bef631852cc0ac1aa8f7ac85385d
Author: pcc <pcc@chromium.org>
Date: Sat Jul 02 03:17:33 2016

Enable whole-program vtable opt when CFI is enabled.

Following the roll to clang r273760, the compiler can now support
both of these features simultaneously.

Discussion thread for CFI: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/pbJqt6ccMII/7iJC2oklCAAJ

BUG= 464797 , 580389 
R=thakis@chromium.org,krasin@chromium.org

Review-Url: https://codereview.chromium.org/2106313002
Cr-Commit-Position: refs/heads/master@{#403599}

[modify] https://crrev.com/4811641ea017bef631852cc0ac1aa8f7ac85385d/build/common.gypi
[modify] https://crrev.com/4811641ea017bef631852cc0ac1aa8f7ac85385d/build/config/compiler/BUILD.gn

krasin@, M53 Dev branch is "2785", are you sure you are merging this to "2795"?

Thank you!
Manoranjan,

I am not sure where did this merge label come from. I just submitted a regular CL  to master.
In other words, my change is #110, and I am not behind #111 (possibly, someone else cherry-picked my change; not sure)
Cc: jrobbins@chromium.org
yeah, same thing with other bugs (https://bugs.chromium.org/p/chromium/issues/detail?id=626809#c12) too and seems like this happened w/o owner action/notice.
Project Member

Comment 116 by bugdroid1@chromium.org, Jul 15 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/01f474c48200a1e556a4cf668e2b5dbda0f38a6f

commit 01f474c48200a1e556a4cf668e2b5dbda0f38a6f
Author: krasin <krasin@google.com>
Date: Fri Jul 15 23:19:05 2016

Launch CFI for virtual calls on Linux x86-64.

This is the second incremental step towards the full CFI launch.
In the first step, we enabled LinkTimeOptimization (LTO) for the
official Chrome builds. In this step we add Control Flow Integrity
checks for all virtual calls.

The remaining part is to add bad-cast checks to ensure the forward-edge
Control Flow Integrity works as planned. That remaining part will
require more work on reducing the overhead for size and speed by these
CFI checks, so we don't enable them right away.

The expected Perf impact by this CL:

- Chrome binary size is increased by 5%,
- Some of the benchmarks are slowed down by up to 3.5%.

Note that before making it slower, we made it faster by implementing
virtual const propagation and a number of heuristics for automatic
devirtualization in LLVM which sped up some layout benchmarks by up to 7%
(see  https://crbug.com/580389  and  https://crbug.com/617283 )

If there's a higher (negative) impact, we'll be willing to roll this
feature back, but please allow the Perf bots to work for a day or two
to collect more detailed statistics on the regressions, as it will help
us to identify ways to speed it up (most likely, by inventing new ways
for automatic devirtualization).

BUG= 464797 

Review-Url: https://codereview.chromium.org/2140373002
Cr-Commit-Position: refs/heads/master@{#405894}

[modify] https://crrev.com/01f474c48200a1e556a4cf668e2b5dbda0f38a6f/build/common.gypi
[modify] https://crrev.com/01f474c48200a1e556a4cf668e2b5dbda0f38a6f/build/config/sanitizers/sanitizers.gni

To clarify the CL above: this is not a final launch. It's to collect more data for the informed opinion about cfi-vcall and it will likely be reverted on Monday even if there're no regressions found. Or even earlier, if there're perf regressions > 3.5%, or if there're too many of them, or for any other reason.
Project Member

Comment 118 by bugdroid1@chromium.org, Jul 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/532a8777898abba488970f9dc17a067c7c517432

commit 532a8777898abba488970f9dc17a067c7c517432
Author: krasin <krasin@chromium.org>
Date: Sat Jul 16 17:58:57 2016

Revert of Launch CFI for virtual calls on Linux x86-64. (patchset #2 id:20001 of https://codereview.chromium.org/2140373002/ )

Reason for revert:
Too many blink_perf.layout benchmarks regressed by ~3.5%. While the regressions are within predicted upper bound, there're too many of them to ignore:

https://chromeperf.appspot.com/report?sid=ebf0165d8c96c7a70c790d179a9bdc1f9e58e616182522fd961d17ad648fc28f&start_rev=404312&end_rev=405943

We will need to reevaluate the reason for such consistent slowdown and will make another attempt after it's cleared.

Original issue's description:
> Launch CFI for virtual calls on Linux x86-64.
>
> This is the second incremental step towards the full CFI launch.
> In the first step, we enabled LinkTimeOptimization (LTO) for the
> official Chrome builds. In this step we add Control Flow Integrity
> checks for all virtual calls.
>
> The remaining part is to add bad-cast checks to ensure the forward-edge
> Control Flow Integrity works as planned. That remaining part will
> require more work on reducing the overhead for size and speed by these
> CFI checks, so we don't enable them right away.
>
> The expected Perf impact by this CL:
>
> - Chrome binary size is increased by 5%,
> - Some of the benchmarks are slowed down by up to 3.5%.
>
> Note that before making it slower, we made it faster by implementing
> virtual const propagation and a number of heuristics for automatic
> devirtualization in LLVM which sped up some layout benchmarks by up to 7%
> (see  https://crbug.com/580389  and  https://crbug.com/617283 )
>
> If there's a higher (negative) impact, we'll be willing to roll this
> feature back, but please allow the Perf bots to work for a day or two
> to collect more detailed statistics on the regressions, as it will help
> us to identify ways to speed it up (most likely, by inventing new ways
> for automatic devirtualization).
>
> BUG= 464797 
>
> Committed: https://crrev.com/01f474c48200a1e556a4cf668e2b5dbda0f38a6f
> Cr-Commit-Position: refs/heads/master@{#405894}

TBR=thakis@chromium.org,esprehn@chromium.org,krasin@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 464797 

Review-Url: https://codereview.chromium.org/2154993002
Cr-Commit-Position: refs/heads/master@{#405944}

[modify] https://crrev.com/532a8777898abba488970f9dc17a067c7c517432/build/common.gypi
[modify] https://crrev.com/532a8777898abba488970f9dc17a067c7c517432/build/config/sanitizers/sanitizers.gni

Project Member

Comment 119 by bugdroid1@chromium.org, Aug 19 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e4f3427521c7d96fb1772bd74c7938e39346d280

commit e4f3427521c7d96fb1772bd74c7938e39346d280
Author: krasin <krasin@google.com>
Date: Fri Aug 19 21:42:24 2016

Enable CFI for virtual calls on Linux x86-64 official builds.

This is the second incremental step towards the full CFI launch.
In the first step, we enabled LinkTimeOptimization (LTO) for the
official Chrome builds, which allowed us to devirtualize
51491 site calls pointing to 23149 virtual methods:
https://storage.googleapis.com/cfi-stats/2016-08-15/devirt-methods.html

That sped up a few layout benchmarks by up to 7%
(see  https://crbug.com/580389  and  https://crbug.com/617283 ) and
more by 2%-3%.

In the current step, we add Control Flow Integrity checks for
virtual calls. As of now, some functions are excluded from CFI for
performance reasons by either tools/cfi/blacklist.txt or
DISABLE_CFI_PERF attribute.

Once we have proven that there're no perf regressions, we'll be
working on the compiler optimizations to allow reenabling CFI
on the currently suppressed functions.

The remaining part would be to add bad-cast checks to ensure the
forward-edge Control Flow Integrity works as planned. That will
require more work on reducing the overhead for size and speed by these
CFI checks, so we don't enable them right away.

The expected Perf impact by this CL:

- Chrome binary size is increased by 5%,
- Some of the benchmarks are slowed down by up to 3%.

If we see any slowdown, the regressed microbenchmarks will be profiled,
and a few top methods will have CFI disabled on them. This is
the safety valve we intend to use until Clang is ready to generate
more efficient code in these cases.

BUG= 464797 

Review-Url: https://codereview.chromium.org/2259293002
Cr-Commit-Position: refs/heads/master@{#413252}

[modify] https://crrev.com/e4f3427521c7d96fb1772bd74c7938e39346d280/build/config/sanitizers/sanitizers.gni

Comment 120 by p...@chromium.org, Mar 15 2017

Blocking: 701937
Is there anything left to do here? If yes, what?
Status: Verified (was: Assigned)
No, we can close this now. There was a remaining concern about reducing the size of the blacklist, but that is being tracked separately in issue 719699.
Showing comments 23 - 122 of 122 Older

Sign in to add a comment