lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Jun 2019 16:40:00 -0700
From:   Nick Desaulniers <>
To:     Tom Roeder <>
Cc:     Raul E Rangel <>,
        Masahiro Yamada <>,
        Matthias Kaehlcke <>,,
        Joe Lawrence <>,
        Kees Cook <>,
        Linux Kbuild mailing list <>,
        Petr Mladek <>,
        LKML <>,
        Michal Marek <>,
        Andy Shevchenko <>,
        Changbin Du <>,
        Tetsuo Handa <>,
        Sri Krishna chowdary <>,
        Matthew Wilcox <>,
        Mikulas Patocka <>,
        Andrew Morton <>
Subject: Re: [RFC PATCH] kbuild: Add option to generate a Compilation Database

On Thu, Jun 6, 2019 at 1:54 PM Tom Roeder <> wrote:
> On Thu, Jun 06, 2019 at 02:30:03PM -0600, Raul E Rangel wrote:
> > Clang tooling requires a compilation database to figure out the build
> > options for each file. This enables tools like clang-tidy and
> > clang-check.
> >
> > See for more
> > information.

I'm also super happy to see this!
I don't know enough about GNU Make/Kbuild to answer the questions, but
hopefully Masahiro can help there.

> I'm glad to see someone adding this to the Makefile directly. I added
> scripts/ in b302046 (in Dec 2018) when I was

Heh, cool.  I had a script that basically did this; we recently
dropped it from the Android trees when doing an audit of out of tree

> working on using clang-check to look for bugs in KVM. That script

I'm very interested in this work; my summer intern is looking into
static analyses of the Linux kernel.  Can you maybe reach out to me
off thread to tell me more about what you found (or didn't)?

> > Normally cmake is used to generate the compilation database, but the
> > linux kernel uses make. Another option is using
> > [BEAR]( which instruments
> > exec to find clang invocations and generate the database that way.

It's probably possible to get this to work w/ GCC if the additional
dependency of bear exists on the host's system (and may reduce the
number of implementations).  Downside is the additional host

Sounds like it may also be possible to just run
scripts/ at build time if this config is

Maybe a comparison of the output of Tom's script and your patch might
reveal if one approach is incomplete?
~Nick Desaulniers

Powered by blists - more mailing lists