Android Open Source Project / Android moved to Clang for userspace and the NDK (third party apps). Clang-compiled kernels are the end of the road for GCC in the Android ecosystem.
-
-
Show this thread
-
Clang-compiled kernels will provide KMSan (GCC doesn't have MSan), improved UBSan and the opportunity to share work on mitigations with userspace both for Google (likely CFI and SafeStack) and for us downstream (small current features like -fsanitize=local-init and more to come).
Show this thread -
A prominent example for UBSan is that the integer sanitizer works reliably in Clang and can be used in trapping mode for production which Android is doing. There's a good chance of Google adopting it in the kernel now but CFI / SafeStack will likely be first.
@johnregehr@wdtzShow this thread -
GCC integer sanitizer has false positives so it's unusable beyond finding bugs and be quite annoying for that. Rest of the UBSan implementation has similar issues and MSan / SafeStack / CFI / other features are completely missing. Lacks any pros to make up for those cons too.
Show this thread
End of conversation
New conversation -
-
-
basic engineers at Google about the things I've done for infosec over the years, I think this 2 yr thread might be the best.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.