Making reproducible builds using Asan and UBsan (original) (raw)
December 12, 2025, 2:02pm 1
Hi,
TL;DR: Enabling these sanitizers yields absolute paths in .rodata. I’d like to try to address that.
I’m a C developer in a large project environment, and on behalf of the people setting up the CI I’m investigating how results from previous runs could be cached. The preferred solution right now is to look at the build-id, since that work is already done. That approach works if I compile with GCC or Clang, with or without debug info, using the proper flags for reproducible builds.
Also should there be a need to share a locally built version with asan, prehaps looking for debug information in a lab outside of the organisation, shareing of that absolut path might inadvertently be in violation of GDPR.
I’ve mostly been looking at ASan, and from my testing even a “hello world” program still ends up with absolute paths in .rodata. As far as I understand, neither GCC nor Clang inspects .rodata.
Being new to LLVM, I’d like to understand whether there is a good place in LLVM where this could be addressed. I’m just guessing here based on a high-level view of LLVM, but one possibility could be in the frontend where the compiler emits the absolute path used by the sanitizers, or perhaps some kind of post-audit pass that rewrites the absolute paths.
jrtc27 December 12, 2025, 3:30pm 2
Presumably this should be addressed by a new -fsanitize-prefix-map that’s implied by -ffile-prefix-map like the others. See for example CodeGenFunction::EmitCheckSourceLocation that constructs such strings. Note there is already an -fsanitize-undefined-strip-path-components that can help here.
simonh December 15, 2025, 2:33pm 3
Some further debugging today, lead me to that if I inspect the compile_commands.json for the command, if I change,
/usr/local/bin/clang -DUSE_ASAN … -o my_output_dir/output.c.o -c /absolut/path/to/my_.c
to
/usr/local/bin/clang -DUSE_ASAN … -o my_output_dir/output.c.o -c ./my_.c
then it’s this “./my_.c“.
-fsanitize-undefined-strip-path-components has the expected effect on ubsan, but it seems that this flag does not address asan.