[R-pkg-devel] Compiled code checks raise a WARNING in Fedora 28

| Hi,
| 
| For other Fedora users that may be struggling with this too...
| 
| Fedora 28 introduced new hardening flags for compiled code (see [1]).
| Particularly, -D_GLIBCXX_ASSERTIONS is added to the default CXXFLAGS
| (verify the output of 'R CMD config CXXFLAGS'), which enables range
| checks for C++ arrays, vectors and strings. As a consequence, you may
| see the following after running 'R CMD check' on your package with C++
| code:
| 
| checking compiled code ... WARNING
| Found ?abort?, possibly from ?abort? (C)
| Found ?printf?, possibly from ?printf? (C)
| 
| I'm not sure whether this is a false positive or not. Anyway, a quick
| workaround is to disable this flag by including -U_GLIBCXX_ASSERTIONS
| in your local Makevars.

AFAICT that has little do with Fedora, it is just R being picky. Writing R
Extensions told you about abort() et al for years:

  Under no circumstances should your compiled code ever call @code{abort}
  or @code{exit}@footnote{or where supported the variants @code{_Exit} and
  @code{_exit}.}: these terminate the user's @R{} process, quite possibly
  including all his unsaved work.  One usage that could call @code{abort}
  is the @code{assert} macro in C or C++ functions, which should never be
  active in production code.  The normal way to ensure that is to define
  the macro @code{NDEBUG}, and @command{R CMD INSTALL} does so as part of
  the compilation flags.  If you wish to use @code{assert} during
  development. you can include @code{-UNDEBUG} in @code{PKG_CPPFLAGS}.
  Note that your own @file{src/Makefile} or makefiles in sub-directories
  may also need to define @code{NDEBUG}.

(Quoted from R-release's manual source)

Also:

edd at rob:~/deb/r-base$ ag "Found " src/library/tools/R/sotools.R
481:                 c(strwrap(gettextf("Found %s, possibly from %s",
702:              strwrap(paste("Found non-API calls to R:",
705:          } else paste("  Found non-API call to R:", sQuote(x))
716:              strwrap(paste("Found no calls to:",
719:          } else paste("  Found no call to:", sQuote(x))
edd at rob:~/deb/r-base$

I am kinda surprised you had not seen these before :)

Dirk

http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org

2018-05-23 17:40 GMT+02:00 Dirk Eddelbuettel <edd at debian.org>:

On 23 May 2018 at 17:22, I?aki ?car wrote:
| Hi,
|
| For other Fedora users that may be struggling with this too...
|
| Fedora 28 introduced new hardening flags for compiled code (see [1]).
| Particularly, -D_GLIBCXX_ASSERTIONS is added to the default CXXFLAGS
| (verify the output of 'R CMD config CXXFLAGS'), which enables range
| checks for C++ arrays, vectors and strings. As a consequence, you may
| see the following after running 'R CMD check' on your package with C++
| code:
|
| checking compiled code ... WARNING
| Found ?abort?, possibly from ?abort? (C)
| Found ?printf?, possibly from ?printf? (C)
|
| I'm not sure whether this is a false positive or not. Anyway, a quick
| workaround is to disable this flag by including -U_GLIBCXX_ASSERTIONS
| in your local Makevars.

AFAICT that has little do with Fedora, it is just R being picky. Writing R
Extensions told you about abort() et al for years:

  Under no circumstances should your compiled code ever call @code{abort}
  or @code{exit}@footnote{or where supported the variants @code{_Exit} and
  @code{_exit}.}: these terminate the user's @R{} process, quite possibly
  including all his unsaved work.  One usage that could call @code{abort}
  is the @code{assert} macro in C or C++ functions, which should never be
  active in production code.  The normal way to ensure that is to define
  the macro @code{NDEBUG}, and @command{R CMD INSTALL} does so as part of
  the compilation flags.  If you wish to use @code{assert} during
  development. you can include @code{-UNDEBUG} in @code{PKG_CPPFLAGS}.
  Note that your own @file{src/Makefile} or makefiles in sub-directories
  may also need to define @code{NDEBUG}.

(Quoted from R-release's manual source)

Yes, I know. The thing is that, with -D_GLIBCXX_ASSERTIONS, I see

$ strings src/*.o | grep abort | sort | uniq
abort
__builtin_abort
__cxa_guard_abort

and without it, the first two lines go away. So it seems that those
assertions may result in a call to 'abort'. I don't know whether R is
right or not in its *pickiness* for this particular case.

I?aki

Also:

edd at rob:~/deb/r-base$ ag "Found " src/library/tools/R/sotools.R
481:                 c(strwrap(gettextf("Found %s, possibly from %s",
702:              strwrap(paste("Found non-API calls to R:",
705:          } else paste("  Found non-API call to R:", sQuote(x))
716:              strwrap(paste("Found no calls to:",
719:          } else paste("  Found no call to:", sQuote(x))
edd at rob:~/deb/r-base$

I am kinda surprised you had not seen these before :)

Dirk

--
http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org

| 2018-05-23 17:40 GMT+02:00 Dirk Eddelbuettel <edd at debian.org>:
| >

| > | Hi,
| > |
| > | For other Fedora users that may be struggling with this too...
| > |
| > | Fedora 28 introduced new hardening flags for compiled code (see [1]).
| > | Particularly, -D_GLIBCXX_ASSERTIONS is added to the default CXXFLAGS
| > | (verify the output of 'R CMD config CXXFLAGS'), which enables range
| > | checks for C++ arrays, vectors and strings. As a consequence, you may
| > | see the following after running 'R CMD check' on your package with C++
| > | code:
| > |
| > | checking compiled code ... WARNING
| > | Found ?abort?, possibly from ?abort? (C)
| > | Found ?printf?, possibly from ?printf? (C)
| > |
| > | I'm not sure whether this is a false positive or not. Anyway, a quick
| > | workaround is to disable this flag by including -U_GLIBCXX_ASSERTIONS
| > | in your local Makevars.
| >
| > AFAICT that has little do with Fedora, it is just R being picky. Writing R
| > Extensions told you about abort() et al for years:
| >
| >   Under no circumstances should your compiled code ever call @code{abort}
| >   or @code{exit}@footnote{or where supported the variants @code{_Exit} and
| >   @code{_exit}.}: these terminate the user's @R{} process, quite possibly
| >   including all his unsaved work.  One usage that could call @code{abort}
| >   is the @code{assert} macro in C or C++ functions, which should never be
| >   active in production code.  The normal way to ensure that is to define
| >   the macro @code{NDEBUG}, and @command{R CMD INSTALL} does so as part of
| >   the compilation flags.  If you wish to use @code{assert} during
| >   development. you can include @code{-UNDEBUG} in @code{PKG_CPPFLAGS}.
| >   Note that your own @file{src/Makefile} or makefiles in sub-directories
| >   may also need to define @code{NDEBUG}.
| >
| > (Quoted from R-release's manual source)
| 
| Yes, I know. The thing is that, with -D_GLIBCXX_ASSERTIONS, I see
| 
| $ strings src/*.o | grep abort | sort | uniq
| abort
| __builtin_abort
| __cxa_guard_abort
| 
| and without it, the first two lines go away. So it seems that those
| assertions may result in a call to 'abort'. I don't know whether R is
| right or not in its *pickiness* for this particular case.

Doh. I was dense. You are quite right, it seems -- the new instrumentation
'unmasks' more uses of abort which R's shared library symbol grep analysis
stumbles over.  I should have stayed under my rock it seems -- sorry about
the noise.

Dirk
 
| I?aki
| 
| >
| > Also:
| >
| > edd at rob:~/deb/r-base$ ag "Found " src/library/tools/R/sotools.R
| > 481:                 c(strwrap(gettextf("Found %s, possibly from %s",
| > 702:              strwrap(paste("Found non-API calls to R:",
| > 705:          } else paste("  Found non-API call to R:", sQuote(x))
| > 716:              strwrap(paste("Found no calls to:",
| > 719:          } else paste("  Found no call to:", sQuote(x))
| > edd at rob:~/deb/r-base$
| >
| > I am kinda surprised you had not seen these before :)
| >
| > Dirk
| >
| > --
| > http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org

http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org