tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_build/core/config_sanitizers.mk

438 lines
16 KiB
Makefile
Raw Normal View History

Add a SANITIZE_HOST flag. We had discussed the idea of making all host tools default to using ASAN. Even if we don't make it the default, this makes it easy for the user to switch all host binaries over. Change-Id: I64a5c741b1b4e9aefed3a6be8dcd4f386e06b29c
2014-11-01 00:23:08 +01:00
##############################################
## Perform configuration steps for sanitizers.
##############################################
Clean up sanitizer configuration. * Refactor a few pieces to avoid deeply nested conditionals. * LOCAL_SANITIZE := never replaces LOCAL_ADDRESS_SANITIZER := false. Change-Id: I68bb8c5edda6ecd40179c5ba9f18d06e96aaa260
2015-04-17 01:21:02 +02:00
my_sanitize := $(strip $(LOCAL_SANITIZE))
Hide CFI behind a global flag. This CL ensures that the LOCAL_SANITIZE=cfi is not honored unless it is enabled globally using ENABLE_CFI='true' first. This allows CFI to be hidden behind a flag. Bug: 30227045 Bug: 22033465 Test: m -j40 works and device boots Test: cfi is correctly honored only when the global flag is set. Change-Id: If4508ba448bd4260020483f9c11ee849bb419713
2017-01-19 02:50:29 +01:00
my_sanitize_diag := $(strip $(LOCAL_SANITIZE_DIAG))
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
my_global_sanitize :=
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
my_global_sanitize_diag :=
Remove GCC support from Make Test: out/build-aosp_arm64.ninja is the same before/after Test: build_test on downstream branches Change-Id: If7f8c12f2f288b1e589689361f9457acae634882
2018-09-05 07:25:22 +02:00
ifdef LOCAL_IS_HOST_MODULE
ifneq ($($(my_prefix)OS),windows)
my_global_sanitize := $(strip $(SANITIZE_HOST))
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
Remove GCC support from Make Test: out/build-aosp_arm64.ninja is the same before/after Test: build_test on downstream branches Change-Id: If7f8c12f2f288b1e589689361f9457acae634882
2018-09-05 07:25:22 +02:00
# SANITIZE_HOST=true is a deprecated way to say SANITIZE_HOST=address.
my_global_sanitize := $(subst true,address,$(my_global_sanitize))
Enable SANITIZE_TARGET. The same as SANITIZE_HOST, but for the target. Also, skip all LOCAL_FORCE_STATIC_EXECUTABLE targets, as ASan does not support static linking. Bug: 21785137 Change-Id: Ief53ff8de1fee18f230d6c7dd31845db5bbd415c
2015-06-11 22:57:10 +02:00
endif
Remove GCC support from Make Test: out/build-aosp_arm64.ninja is the same before/after Test: build_test on downstream branches Change-Id: If7f8c12f2f288b1e589689361f9457acae634882
2018-09-05 07:25:22 +02:00
else
my_global_sanitize := $(strip $(SANITIZE_TARGET))
my_global_sanitize_diag := $(strip $(SANITIZE_TARGET_DIAG))
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
endif
Fix misuse of my_sanitize_host. Ying pointed out in https://android-review.googlesource.com/#/c/147290 that my_sanitize_host would be read as some garbage value for target builds. Move the configuration later and don't use the local at all. Change-Id: Id8a095821d000a184e72f950b9481597073a7044
2015-04-17 20:04:06 +02:00
Fix exclusion overriding local integer_overflow. INTEGER_OVERFLOW_EXCLUDE_PATHS should only apply to the global sanitizer setting, and should not override local module settings. This pulls out the check so it occurs earlier and does not interfere with local settings. This makes Make consistent with Soong's behavior as well. Bug: 30969751 Test: Created a test build file with this explicitly set, excluded the path, and checked if it was still being sanitized. Change-Id: I9020d92bae136b6087d37f71d5337acaefe850b4
2017-07-21 19:33:32 +02:00
# Disable global integer_overflow in excluded paths.
ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
combined_exclude_paths := $(INTEGER_OVERFLOW_EXCLUDE_PATHS) \
$(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
endif
endif
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
# Global integer sanitization doesn't support static modules.
ifeq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
endif
ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
endif
CFI include/exclude path support (Make) This CL adds the ability to centrally enable or disable CFI for components using either an environment or product config variable. This is a better, nore manageable option that enabling CFI across each component individually. Bug: 67507323 Test: CFI_INCLUDE_PATHS= system/nfc m -j40 Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40 Change-Id: I02fe1960a822c124fd101ab5419aa81e2dd51adf
2017-10-31 10:25:16 +01:00
# Disable global CFI in excluded paths
ifneq ($(filter cfi, $(my_global_sanitize)),)
combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
$(PRODUCT_CFI_EXCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_global_sanitize := $(filter-out cfi,$(my_global_sanitize))
my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag))
endif
endif
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
ifneq ($(my_global_sanitize),)
Apply SANITIZE_TARGET and LOCAL_SANITIZE when both are present. The idea is that targets with LOCAL_SANITIZE = signed-integer-overflow and SANITIZE_TARGET=safe-stack should get both sanitizers. This should work just fine for SANITIZE_TARGET=address, too. Bug: 27729263 Change-Id: Ifee350da4877008fb061bc7f6c700e7fade405bc
2016-05-20 02:45:21 +02:00
my_sanitize := $(my_global_sanitize) $(my_sanitize)
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
endif
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
ifneq ($(my_global_sanitize_diag),)
my_sanitize_diag := $(my_global_sanitize_diag) $(my_sanitize_diag)
endif
Fix misuse of my_sanitize_host. Ying pointed out in https://android-review.googlesource.com/#/c/147290 that my_sanitize_host would be read as some garbage value for target builds. Move the configuration later and don't use the local at all. Change-Id: Id8a095821d000a184e72f950b9481597073a7044
2015-04-17 20:04:06 +02:00
Build: Add module-level product configuration of sanitization To allow special sanitizer settings for modules shared between products, add product-specific module settings. This was copied from the product-specific dexopt settings. Bug: 29498013 Change-Id: I17a96b975bb6ac7f4ffb3d5b08e2f00b21bd97a1 (cherry picked from commit bb5454b6db5770f0b0275424148b2d7d3c52a56d)
2016-06-28 00:15:31 +02:00
# The sanitizer specified in the product configuration wins over the previous.
ifneq ($(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG),)
my_sanitize := $(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG)
ifeq ($(my_sanitize),never)
my_sanitize :=
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
my_sanitize_diag :=
Build: Add module-level product configuration of sanitization To allow special sanitizer settings for modules shared between products, add product-specific module settings. This was copied from the product-specific dexopt settings. Bug: 29498013 Change-Id: I17a96b975bb6ac7f4ffb3d5b08e2f00b21bd97a1 (cherry picked from commit bb5454b6db5770f0b0275424148b2d7d3c52a56d)
2016-06-28 00:15:31 +02:00
endif
endif
Export variable for device sanitize arch to Soong Also renames the variable from SANITIZE_ARCH to SANITIZE_TARGET_ARCH, and makes it only apply to the device. Bug: 29498013 Test: No change to build.ninja files with m -j SANITIZE_TARGET=address Change-Id: Ib5f6ab448f5d96d2426c983308136670f9a55b7b
2016-11-02 23:05:21 +01:00
ifndef LOCAL_IS_HOST_MODULE
# Add a filter point for 32-bit vs 64-bit sanitization (to lighten the burden)
SANITIZE_TARGET_ARCH ?= $(TARGET_ARCH) $(TARGET_2ND_ARCH)
ifeq ($(filter $(SANITIZE_TARGET_ARCH),$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_sanitize :=
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
my_sanitize_diag :=
Export variable for device sanitize arch to Soong Also renames the variable from SANITIZE_ARCH to SANITIZE_TARGET_ARCH, and makes it only apply to the device. Bug: 29498013 Test: No change to build.ninja files with m -j SANITIZE_TARGET=address Change-Id: Ib5f6ab448f5d96d2426c983308136670f9a55b7b
2016-11-02 23:05:21 +01:00
endif
Build: Add option to restrict sanitization by architecture Add Make variable SANITIZE_ARCH to selectively sanitize binaries. This uses the "bitness," i.e., 32 or 64, to potentially filter the sanitization. By default, both are being sanitized. This can be used to create builds that lower the sanitization burden by not sanitizing "half" of the platform. Bug: 29498013 Change-Id: I73e6d479f08a970ba912f4f63967d32f3487125f (cherry picked from commit 0290a416c844f9a8ec953f63f199b00d36283228)
2016-06-21 02:36:49 +02:00
endif
Build: Add option to restrict sanitization by owner Add Make variable SANITIZE_NEVER_BY_OWNER to selectively sanitize modules. By default, both are being sanitized. The value of the variable is interpreted as a space or colon separated list of owner names. This can be used to create builds that lower the sanitization burden by not sanitizing parts of the platform. Bug: 29498013 Change-Id: Ib4412657fd38ff28a5c0863eddc2acde63c88ebb (cherry picked from commit ea38d8e95d7daea49cc2a528d69e06a0005b31a6)
2016-06-21 02:46:29 +02:00
# Add a filter point based on module owner (to lighten the burden). The format is a space- or
# colon-separated list of owner names.
ifneq (,$(SANITIZE_NEVER_BY_OWNER))
ifneq (,$(LOCAL_MODULE_OWNER))
ifneq (,$(filter $(LOCAL_MODULE_OWNER),$(subst :, ,$(SANITIZE_NEVER_BY_OWNER))))
$(warning Not sanitizing $(LOCAL_MODULE) based on module owner.)
my_sanitize :=
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
my_sanitize_diag :=
Build: Add option to restrict sanitization by owner Add Make variable SANITIZE_NEVER_BY_OWNER to selectively sanitize modules. By default, both are being sanitized. The value of the variable is interpreted as a space or colon separated list of owner names. This can be used to create builds that lower the sanitization burden by not sanitizing parts of the platform. Bug: 29498013 Change-Id: Ib4412657fd38ff28a5c0863eddc2acde63c88ebb (cherry picked from commit ea38d8e95d7daea49cc2a528d69e06a0005b31a6)
2016-06-21 02:46:29 +02:00
endif
endif
endif
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
# Don't apply sanitizers to NDK code.
ifdef LOCAL_SDK_VERSION
my_sanitize :=
Never add asan libraries to NDK code We're beginning to enforce (still warning) that NDK code only links to other NDK code. So we should never need to link them to the address sanitizer libraries. This breaks down a bit when platform code starts depending on NDK-built code, where the NDK-built code should be mostly the same as if it was built with the platform, but has an implicit LOCAL_SANITIZE := never. Even so, this change shouldn't make that worse, as we'll still compile fine, and anything platform code that uses asan should pull in the shared library. Change-Id: I81b30b9edd971468c3cb1467f809f184807b505e
2016-06-29 01:47:43 +02:00
my_global_sanitize :=
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
my_sanitize_diag :=
Clean up sanitizer configuration. * Refactor a few pieces to avoid deeply nested conditionals. * LOCAL_SANITIZE := never replaces LOCAL_ADDRESS_SANITIZER := false. Change-Id: I68bb8c5edda6ecd40179c5ba9f18d06e96aaa260
2015-04-17 01:21:02 +02:00
endif
Fix sanitizer choice for global vs module. The sanitizer chosen by the environment (either by SANITIZE_TARGET or SANITIZE_HOST) should be chosen over the one specified by the module. Bug: http://b/23330588 Change-Id: I835b7d76e071fc0db2f859f98dfb9d7ff76af245
2015-08-20 05:13:33 +02:00
# Never always wins.
ifeq ($(LOCAL_SANITIZE),never)
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
my_sanitize :=
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
my_sanitize_diag :=
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
endif
Enable CFI by default but restrict CFI_INCLUDE_PATHS This CL enables CFI on security sensitive components for product configs that inherit core_64_bit.mk (and core_64_bit_only.mk). Note that this only requests the build system to do so. Internal build logic will dictate if this is actually enabled on the build or not (CFI is currently disabled for ARM32 and MIPS for example). In addition, this also restricts CFI_INCLUDE_PATHS and PRODUCT_CFI_INCLUDE_PATHS to Arm64 architectures only. This helps narrow which targets enable CFI out of the box. Bug: 66301104 Test: CFI is enabled on aosp_* targets Change-Id: I52af499dc34cd4b42fbfb1175f6a37aaf17b65dd
2018-05-25 03:04:25 +02:00
# Enable CFI in included paths (for Arm64 only).
CFI include/exclude path support (Make) This CL adds the ability to centrally enable or disable CFI for components using either an environment or product config variable. This is a better, nore manageable option that enabling CFI across each component individually. Bug: 67507323 Test: CFI_INCLUDE_PATHS= system/nfc m -j40 Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40 Change-Id: I02fe1960a822c124fd101ab5419aa81e2dd51adf
2017-10-31 10:25:16 +01:00
ifeq ($(filter cfi, $(my_sanitize)),)
Enable CFI by default but restrict CFI_INCLUDE_PATHS This CL enables CFI on security sensitive components for product configs that inherit core_64_bit.mk (and core_64_bit_only.mk). Note that this only requests the build system to do so. Internal build logic will dictate if this is actually enabled on the build or not (CFI is currently disabled for ARM32 and MIPS for example). In addition, this also restricts CFI_INCLUDE_PATHS and PRODUCT_CFI_INCLUDE_PATHS to Arm64 architectures only. This helps narrow which targets enable CFI out of the box. Bug: 66301104 Test: CFI is enabled on aosp_* targets Change-Id: I52af499dc34cd4b42fbfb1175f6a37aaf17b65dd
2018-05-25 03:04:25 +02:00
ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
combined_include_paths := $(CFI_INCLUDE_PATHS) \
$(PRODUCT_CFI_INCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_sanitize := cfi $(my_sanitize)
endif
CFI include/exclude path support (Make) This CL adds the ability to centrally enable or disable CFI for components using either an environment or product config variable. This is a better, nore manageable option that enabling CFI across each component individually. Bug: 67507323 Test: CFI_INCLUDE_PATHS= system/nfc m -j40 Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40 Change-Id: I02fe1960a822c124fd101ab5419aa81e2dd51adf
2017-10-31 10:25:16 +01:00
endif
endif
Hide CFI behind a global flag. This CL ensures that the LOCAL_SANITIZE=cfi is not honored unless it is enabled globally using ENABLE_CFI='true' first. This allows CFI to be hidden behind a flag. Bug: 30227045 Bug: 22033465 Test: m -j40 works and device boots Test: cfi is correctly honored only when the global flag is set. Change-Id: If4508ba448bd4260020483f9c11ee849bb419713
2017-01-19 02:50:29 +01:00
# If CFI is disabled globally, remove it from my_sanitize.
Change the global CFI flag to default to enabled. This CL changes the ENABLE_CFI flag to default to enabled. Setting it to false will override local settings to enable CFI. Bug: 30227045 Bug: 22033465 Test: m -j40 works and device boots Test: cfi is honored unless the global flag is set. Change-Id: I16ea3ecb704d4ce70bd91be8a4e5ae6e4f63ea0f
2017-01-24 22:20:28 +01:00
ifeq ($(strip $(ENABLE_CFI)),false)
Hide CFI behind a global flag. This CL ensures that the LOCAL_SANITIZE=cfi is not honored unless it is enabled globally using ENABLE_CFI='true' first. This allows CFI to be hidden behind a flag. Bug: 30227045 Bug: 22033465 Test: m -j40 works and device boots Test: cfi is correctly honored only when the global flag is set. Change-Id: If4508ba448bd4260020483f9c11ee849bb419713
2017-01-19 02:50:29 +01:00
my_sanitize := $(filter-out cfi,$(my_sanitize))
my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif
Disble CFI for ARM32 processes. This CL disables CFI for 32-bit ARM processes, which is broken due to a compiler error in the most recent version of clang. Bug: 35157333 Test: ENABLE_CFI=true m -j40 does not enable CFI for 32-bit processes Change-Id: I6a6e1d14c8365da1056b4cbccad11ef2f15c70b2
2017-02-08 05:28:07 +01:00
# Disable CFI for arm32 (b/35157333).
ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_sanitize := $(filter-out cfi,$(my_sanitize))
my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif
Disable CFI for ASAN targets. (Make) This CL disables CFI if both CFI and ASAN flags are enabled. This allows ASAN to take precedence where needed, preventing build errors that would otherwise arise. Bug: 30227045 Test: SANITIZE_TARGET="address" m -j40 Change-Id: I9073ace0a10eb554d14e418a9b23cc8a8277607d
2017-04-20 16:39:13 +02:00
# Also disable CFI if ASAN is enabled.
ifneq ($(filter address,$(my_sanitize)),)
my_sanitize := $(filter-out cfi,$(my_sanitize))
my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif
Disable CFI on Mips and add -march to linkflags on ARM. Mips toolchain does not have ld.gold. ARM change is a workaround for LLVM r290384. Bug: 33678192 Test: make ENABLE_CFI=1 Change-Id: I77a127e0b472d5da10bf45a2983527a714339cb8
2017-02-01 02:08:33 +01:00
# CFI needs gold linker, and mips toolchain does not have one.
ifneq ($(filter mips mips64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_sanitize := $(filter-out cfi,$(my_sanitize))
my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
# Disable sanitizers which need the UBSan runtime for host targets.
Use the .cfi variant of a static library where needed. This CL repoints static dependencies to their .cfi variants for CFI enabled targets. It also disables CFI for host targets because the version of ar intended for hosts does not have plugin support (which CFI requires). Bug: 67507323 Test: m -j40 Change-Id: Id11afd0c8765469858f406aace2a192afff6d042
2017-11-17 20:19:36 +01:00
ifdef LOCAL_IS_HOST_MODULE
my_sanitize := $(filter-out cfi,$(my_sanitize))
my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
my_sanitize := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize))
my_sanitize_diag := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize_diag))
Use the .cfi variant of a static library where needed. This CL repoints static dependencies to their .cfi variants for CFI enabled targets. It also disables CFI for host targets because the version of ar intended for hosts does not have plugin support (which CFI requires). Bug: 67507323 Test: m -j40 Change-Id: Id11afd0c8765469858f406aace2a192afff6d042
2017-11-17 20:19:36 +01:00
endif
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
# Support for local sanitize blacklist paths.
ifneq ($(my_sanitize)$(my_global_sanitize),)
ifneq ($(LOCAL_SANITIZE_BLACKLIST),)
my_cflags += -fsanitize-blacklist=$(LOCAL_PATH)/$(LOCAL_SANITIZE_BLACKLIST)
endif
endif
Fix exclusion overriding local integer_overflow. INTEGER_OVERFLOW_EXCLUDE_PATHS should only apply to the global sanitizer setting, and should not override local module settings. This pulls out the check so it occurs earlier and does not interfere with local settings. This makes Make consistent with Soong's behavior as well. Bug: 30969751 Test: Created a test build file with this explicitly set, excluded the path, and checked if it was still being sanitized. Change-Id: I9020d92bae136b6087d37f71d5337acaefe850b4
2017-07-21 19:33:32 +02:00
# Disable integer_overflow if LOCAL_NOSANITIZE=integer.
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
ifneq ($(filter integer_overflow, $(my_global_sanitize) $(my_sanitize)),)
ifneq ($(filter integer, $(strip $(LOCAL_NOSANITIZE))),)
my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
endif
endif
Add LOCAL_NOSANITIZE. This can be used to selectively disable individual sanitizers on a target. For example, some parts of libc should be built with SafeStack (when requested with SANITIZE_TARGET), but never with AddressSanitizer. Current build rules specify LOCAL_SANITIZE := never to disable AddressSanitizer; the idea is to change that to LOCAL_NOSANITIZE := address thread. Bug: 27729263 Change-Id: I2b770f2ce3faf6ad6798792327e96adb86fe4a4f
2016-05-12 22:07:17 +02:00
my_nosanitize = $(strip $(LOCAL_NOSANITIZE))
ifneq ($(my_nosanitize),)
my_sanitize := $(filter-out $(my_nosanitize),$(my_sanitize))
endif
Add "hwaddress" sanitizer. Build/make support for "hwaddress". * HWASan supports static binaries, unlike ASan. * It will be used to build libc. Since static libraries get a .hwasan suffix in soong, the logic that moves libc-and-friends to the end of the link command line has to be updated. Bug: 112438058 Test: manual, part of a bigger patch set Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-07-27 20:54:32 +02:00
ifneq ($(filter arm x86 x86_64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_sanitize := $(filter-out hwaddress,$(my_sanitize))
endif
ifneq ($(filter hwaddress,$(my_sanitize)),)
my_sanitize := $(filter-out address,$(my_sanitize))
my_sanitize := $(filter-out thread,$(my_sanitize))
[make] Disable CFI when building with HWASan. Same as soong. This needs do match, otherwise, for example, CFI may be disable in a static library in soong, and left enabled in a shared library in make; that would not work as CFI only supports DSO granularity. Bug: 120508119, 112709969 Change-Id: I00d6b1c9c373bcb6804c135407c6eeae88b375b6 Test: hwasan build of master branch boots
2018-12-05 02:06:45 +01:00
my_sanitize := $(filter-out cfi,$(my_sanitize))
Add "hwaddress" sanitizer. Build/make support for "hwaddress". * HWASan supports static binaries, unlike ASan. * It will be used to build libc. Since static libraries get a .hwasan suffix in soong, the logic that moves libc-and-friends to the end of the link command line has to be updated. Bug: 112438058 Test: manual, part of a bigger patch set Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-07-27 20:54:32 +02:00
endif
ifneq ($(filter hwaddress,$(my_sanitize)),)
my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_RUNTIME_LIBRARY)
Link hwasan static library to native tests. They are executables, but they are not EXECUTABLES. Bug: 112438058 Test: make SANITIZE_TARGET=hwaddress tests Change-Id: I0f5d8d6259d7df4196bde50ec553b73099f2c8ac
2018-11-01 23:43:14 +01:00
ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
Add "hwaddress" sanitizer. Build/make support for "hwaddress". * HWASan supports static binaries, unlike ASan. * It will be used to build libc. Since static libraries get a .hwasan suffix in soong, the logic that moves libc-and-friends to the end of the link command line has to be updated. Bug: 112438058 Test: manual, part of a bigger patch set Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-07-27 20:54:32 +02:00
ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
my_static_libraries := $(my_static_libraries) $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_STATIC_LIBRARY)
endif
endif
endif
Make TSAN easier to use. TSAN is not supported on 32-bit architectures. For non-multilib cases, make its use an error. For multilib cases, don't use it for the 32-bit case. Change-Id: I8e40be4002379cc2c9aa98ab8b812b337d6e077e
2015-07-30 19:17:33 +02:00
# TSAN is not supported on 32-bit architectures. For non-multilib cases, make
# its use an error. For multilib cases, don't use it for the 32-bit case.
ifneq ($(filter thread,$(my_sanitize)),)
ifeq ($(my_32_64_bit_suffix),32)
ifeq ($(my_module_multilib),both)
my_sanitize := $(filter-out thread,$(my_sanitize))
else
$(error $(LOCAL_PATH): $(LOCAL_MODULE): TSAN cannot be used for 32-bit modules.)
endif
Link tsan shared library when tsan is used. Bug: http://b/25392375 Test: build a unit test with tsan. Change-Id: Ib2d937f2e311f6670cf341a983740f0ca464f166
2017-10-19 23:33:58 +02:00
else
my_shared_libraries += $(TSAN_RUNTIME_LIBRARY)
Make TSAN easier to use. TSAN is not supported on 32-bit architectures. For non-multilib cases, make its use an error. For multilib cases, don't use it for the 32-bit case. Change-Id: I8e40be4002379cc2c9aa98ab8b812b337d6e077e
2015-07-30 19:17:33 +02:00
endif
endif
Apply SANITIZE_TARGET=safe-stack to 64 bit targets only. Bug: 27729263 Change-Id: I214a9f40b94f6e6716aca05be774f014e62f73e8
2016-05-07 03:15:57 +02:00
ifneq ($(filter safe-stack,$(my_sanitize)),)
ifeq ($(my_32_64_bit_suffix),32)
my_sanitize := $(filter-out safe-stack,$(my_sanitize))
endif
endif
Add Scudo support for Make Scudo is a hardened usermode allocator that is part of LLVM's compiler-rt project (home of the Sanitizers). clang allows for -fsanitize=scudo as a possible command line option to link the shared Scudo library to a binary. This patch add Scudo as a potential sanitize option. Scudo is not compatible with ASan and TSan and will be disabled if either is enabled. Test: aosp compiled with m -j Test: local experiment with LOCAL_SANITIZE := scudo to ensure that a test target (mediaserver) could be linked with scudo. Change-Id: I462843b9d5512fba2c4a3ac1a0c356ca90bce4e5
2018-06-14 20:02:15 +02:00
# Disable Scudo if ASan or TSan is enabled.
Add "hwaddress" sanitizer. Build/make support for "hwaddress". * HWASan supports static binaries, unlike ASan. * It will be used to build libc. Since static libraries get a .hwasan suffix in soong, the logic that moves libc-and-friends to the end of the link command line has to be updated. Bug: 112438058 Test: manual, part of a bigger patch set Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-07-27 20:54:32 +02:00
ifneq ($(filter address thread hwaddress,$(my_sanitize)),)
Add Scudo support for Make Scudo is a hardened usermode allocator that is part of LLVM's compiler-rt project (home of the Sanitizers). clang allows for -fsanitize=scudo as a possible command line option to link the shared Scudo library to a binary. This patch add Scudo as a potential sanitize option. Scudo is not compatible with ASan and TSan and will be disabled if either is enabled. Test: aosp compiled with m -j Test: local experiment with LOCAL_SANITIZE := scudo to ensure that a test target (mediaserver) could be linked with scudo. Change-Id: I462843b9d5512fba2c4a3ac1a0c356ca90bce4e5
2018-06-14 20:02:15 +02:00
my_sanitize := $(filter-out scudo,$(my_sanitize))
endif
Add option to disable Scudo globally [Make] This adds an option to turn off Scudo globally, and use it for Go. Bug: 123228023 Test: verify that Scudo is disabled for a Go build, eg: lunch marlin_svelte-eng && m -j, check that Scudo is not linked in out/target/product/marlin/system/bin/mediaextractor Test: verify that Scudo is enabled otherwise, eg: lunch marlin-eng && m -j, check that Scudo is linked in out/target/product/marlin/system/bin/mediaextractor Change-Id: Idc82d581fade544a474e6f2ff0b54dd191ba0818 Merged-In: Idc82d581fade544a474e6f2ff0b54dd191ba0818
2019-02-01 18:06:42 +01:00
# Or if disabled globally.
Access PRODUCT_ variables directly This CL simplifies the PRODUCTS.$(INTERNAL_PRODUCT).X accesses of product variables, and removes unnecessary stripping of them. Replace: '\$\(PRODUCTS\.\$\(INTERNAL_PRODUCT\)\.([^\)]*)\)' with '$(\1)' Replace: '\$\(strip\s*\$\(PRODUCT_([^\)]*)\)\)' with '$(PRODUCT_\1)' A few minor manual tweaks. Bug: 116769560 Test: presubmit Change-Id: I70c54f1582e3cc780028535960147d99ebc2e0e1
2019-03-28 16:45:40 +01:00
ifeq ($(PRODUCT_DISABLE_SCUDO),true)
Add option to disable Scudo globally [Make] This adds an option to turn off Scudo globally, and use it for Go. Bug: 123228023 Test: verify that Scudo is disabled for a Go build, eg: lunch marlin_svelte-eng && m -j, check that Scudo is not linked in out/target/product/marlin/system/bin/mediaextractor Test: verify that Scudo is enabled otherwise, eg: lunch marlin-eng && m -j, check that Scudo is linked in out/target/product/marlin/system/bin/mediaextractor Change-Id: Idc82d581fade544a474e6f2ff0b54dd191ba0818 Merged-In: Idc82d581fade544a474e6f2ff0b54dd191ba0818
2019-02-01 18:06:42 +01:00
my_sanitize := $(filter-out scudo,$(my_sanitize))
endif
SANITIZE_TARGET: allow undef symbols in non-sanitized shared libraries. These symbols are defined in the ASan runtime library, which is always present at runtime. Bug:21785137 Change-Id: Ib8418c66323fd4cdfdc05548048f32380cb84ee5
2015-06-26 01:38:25 +02:00
# Undefined symbols can occur if a non-sanitized library links
# sanitized static libraries. That's OK, because the executable
# always depends on the ASan runtime library, which defines these
# symbols.
Sanitizer build tweaks. -Wl,-no-undefined is currently disabled for any SANITIZE_TARGET. Limit that to the sanitizers with a runtime library (i.e. address, thread). Re-enable the relocation packer for ASan. This has been fixed upstream a long time ago. Bug: 27729263 Change-Id: I566df6104de816223dc1c519d41a87629ce9c47c
2016-05-20 02:49:51 +02:00
ifneq ($(filter address thread,$(strip $(SANITIZE_TARGET))),)
SANITIZE_TARGET: allow undef symbols in non-sanitized shared libraries. These symbols are defined in the ASan runtime library, which is always present at runtime. Bug:21785137 Change-Id: Ib8418c66323fd4cdfdc05548048f32380cb84ee5
2015-06-26 01:38:25 +02:00
ifndef LOCAL_IS_HOST_MODULE
ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
ifeq ($(my_sanitize),)
my_allow_undefined_symbols := true
endif
endif
endif
endif
Add support for a partial ubsan build. Some of the ubsan checks expose a few pathological performance cases in clang, and thus aren't suited to be used in SANITIZE_HOST. This mode is also supported on the target despite not having the target runtime libraries for ubsan by generating traps. Change-Id: I0b0f0a08ca84d72e44e2174a66726b1c5e5cad7e
2015-04-17 03:07:07 +02:00
ifneq ($(filter default-ub,$(my_sanitize)),)
my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
endif
Add support of SANITIZE_TARGET='address coverage' for fuzzing. Also, add trace-cmp instrumentation to fuzz_test and host_fuzz_test. Bug: 22850550 Change-Id: Ifff7b8be693ae991feb0a64e19439370a19b2748
2015-09-18 20:54:43 +02:00
ifneq ($(filter coverage,$(my_sanitize)),)
ifeq ($(filter address,$(my_sanitize)),)
$(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
endif
Enhance coverage options to include those needed by Honggfuzz for coverage-driven fuzzing Test: make m Bug: 64903541 Change-Id: Ibb7eb126b6e68c03d0336606ec540a62a8e903d4
2017-08-21 23:07:42 +02:00
my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
Add support of SANITIZE_TARGET='address coverage' for fuzzing. Also, add trace-cmp instrumentation to fuzz_test and host_fuzz_test. Bug: 22850550 Change-Id: Ifff7b8be693ae991feb0a64e19439370a19b2748
2015-09-18 20:54:43 +02:00
my_sanitize := $(filter-out coverage,$(my_sanitize))
endif
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
ifneq ($(filter integer_overflow,$(my_sanitize)),)
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
# Respect LOCAL_NOSANITIZE for integer-overflow flags.
ifeq ($(filter signed-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
my_sanitize += signed-integer-overflow
endif
ifeq ($(filter unsigned-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
my_sanitize += unsigned-integer-overflow
endif
my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
# Check for diagnostics mode.
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
Add minimal-runtime support for integer overflows. Adds Make support for -fsanitze-minimal-runtime when using the integer overflow sanitizers. This makes the crashes due to these sanitizers less mysterious. This also cleans up the handling of the integer_overflow flag. Bug: 64091660 Test: Compiled and checked the generated compiler commands Test: Checked program that overflows for the abort reason Test: Checked integer_overflow flag still emits overflow checks Change-Id: I11012ed0cbbf51935f549a08bd17109b5ce6f330
2018-02-21 22:41:05 +01:00
my_sanitize_diag += signed-integer-overflow
my_sanitize_diag += unsigned-integer-overflow
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
else
$(call pretty-error,Make cannot apply integer overflow diagnostics to static binary.)
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
endif
Enable integer_overflow flag for static targets. This allows the integer_overflow LOCAL_SANITIZE setting to be used with static targets, to mirror Soong. Bug: 73283972 Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow Test: Enabled sanitizer in a static target and tested for SIGABRT. Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-15 22:49:20 +01:00
else
$(call pretty-error,Make cannot apply integer overflow diagnostics to static library.)
Add integer_overflow sanitization build option. Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and unsigned integer overflow sanitization globally. This implements the Make side of the build option. A LOCAL_SANITIZE_BLACKLIST variable is added to allow blacklists to be defined in make files, mirroring similar functionality provided in Soong. An additional build option is provided to control whether or not to run in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the same way that SANITIZE_TARGET does and currently only supports 'integer_overflow' as an option. Bug: 30969751 Test: Building with and without the new flags, device boot-up, tested various permutations of controlling the new flags from build files. Change-Id: Iacc47e196f21aa1edff5b406bfbc564b5f4e42bd
2017-06-28 18:11:26 +02:00
endif
endif
my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
endif
# Makes sure integer_overflow diagnostics is removed from the diagnostics list
# even if integer_overflow is not set for some reason.
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
endif
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
ifneq ($(my_sanitize),)
Switch from clang 3.6 to new clang repository (with 3.8). This reverts commit f7dbab16ffe97f41f8f8161b64d015830ab075ae. Bug: 23396112 Switch from "-fsanitize-undefined-trap-on-error" to "-fsanitize-trap=all". The former ends up accidentally leaving unresolved calls to __ubsan* helper functions in the object file with clang 3.8. The latter is used when we don't include address sanitizer, and replaces any misbehavior with a direct call to abort().
2015-11-10 01:32:11 +01:00
fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize))
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
my_cflags += -fsanitize=$(fsanitize_arg)
(make) Add -fsanitize= argument to assembly flags. It allows use of sanitizer preprocessor macros (like __has_feature()) in assembly files. Bug: 112438058 Test: SANITIZE_TARGET=hwaddress Change-Id: If9da7493d69fa2e03649754c38117e36eb8d222c
2018-08-31 21:57:26 +02:00
my_asflags += -fsanitize=$(fsanitize_arg)
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
ifdef LOCAL_IS_HOST_MODULE
Add support for `LOCAL_SANITIZE := integer`. This also does a bit of cleanup in config_sanitizers.mk. The result is that `LOCAL_SANITIZE := <any arbitrary ubsan group>` should function fine for both host and target. This is a superset of LOCAL_DETECT_INTEGER_OVERFLOWS, so remove that. This also checks integer division by zero. It's supposed to cover shifting undefined behaviors as well, but apparently it does not (though `LOCAL_SANITIZE := shift` works fine). Change-Id: I4ac99eafa6920a3f8cb82af37ce56ff0fdb95223
2015-06-17 08:27:34 +02:00
my_cflags += -fno-sanitize-recover=all
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
my_ldflags += -fsanitize=$(fsanitize_arg)
Add support for `LOCAL_SANITIZE := integer`. This also does a bit of cleanup in config_sanitizers.mk. The result is that `LOCAL_SANITIZE := <any arbitrary ubsan group>` should function fine for both host and target. This is a superset of LOCAL_DETECT_INTEGER_OVERFLOWS, so remove that. This also checks integer division by zero. It's supposed to cover shifting undefined behaviors as well, but apparently it does not (though `LOCAL_SANITIZE := shift` works fine). Change-Id: I4ac99eafa6920a3f8cb82af37ce56ff0fdb95223
2015-06-17 08:27:34 +02:00
else
Apply SANITIZE_TARGET and LOCAL_SANITIZE when both are present. The idea is that targets with LOCAL_SANITIZE = signed-integer-overflow and SANITIZE_TARGET=safe-stack should get both sanitizers. This should work just fine for SANITIZE_TARGET=address, too. Bug: 27729263 Change-Id: Ifee350da4877008fb061bc7f6c700e7fade405bc
2016-05-20 02:45:21 +02:00
my_cflags += -fsanitize-trap=all
my_cflags += -ftrap-function=abort
Only add libdl dependency for ASan/TSan on target. Only sanitizers that intercept stuff need that. For example, SafeStack does not, and I think UBSan too. Bug: 27729263 Change-Id: I413cd46cc6c6914a363a3c53da7954beacd8f0d8
2016-05-12 22:07:36 +02:00
ifneq ($(filter address thread,$(my_sanitize)),)
Apply SANITIZE_TARGET and LOCAL_SANITIZE when both are present. The idea is that targets with LOCAL_SANITIZE = signed-integer-overflow and SANITIZE_TARGET=safe-stack should get both sanitizers. This should work just fine for SANITIZE_TARGET=address, too. Bug: 27729263 Change-Id: Ifee350da4877008fb061bc7f6c700e7fade405bc
2016-05-20 02:45:21 +02:00
my_cflags += -fno-sanitize-trap=address,thread
Only add libdl dependency for ASan/TSan on target. Only sanitizers that intercept stuff need that. For example, SafeStack does not, and I think UBSan too. Bug: 27729263 Change-Id: I413cd46cc6c6914a363a3c53da7954beacd8f0d8
2016-05-12 22:07:36 +02:00
my_shared_libraries += libdl
endif
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
endif
endif
Enable LOCAL_SANITIZE:=cfi and add LOCAL_SANITIZE_DIAG. Bug: 22033465 Change-Id: Ie011f888f55a2cfb5c943070a3844cb541812afe
2016-07-07 19:56:39 +02:00
ifneq ($(filter cfi,$(my_sanitize)),)
Force Thumb for CFI targets. Bug: 22033465 Test: bionic device tests Change-Id: I66eb83bc7153cc34dde4fa1abfa861182a10f1fa
2017-01-20 23:12:08 +01:00
# __cfi_check needs to be built as Thumb (see the code in linker_cfi.cpp).
# LLVM is not set up to do this on a function basis, so force Thumb on the
# entire module.
LOCAL_ARM_MODE := thumb
Blacklist code for CFI. Adds the -fsanitize-blacklist option for CFI, using the built in blacklist at external/compiler-rt/lib/cfi/cfi_blacklist.txt. Also refactors the CFI cflags and ldflags into ../soong/cc/makevars.go to ensure they're consistent across Soong and make projects. Bug: 30227045 Test: ENABLE_CFI=true m -j40 builds and boots. Test: The blacklist prevents runtime errors that otherwise occur. Change-Id: I0c2801ed459a3b9adeb37daff3ca212564801259
2017-02-14 16:55:37 +01:00
my_cflags += $(CFI_EXTRA_CFLAGS)
(make) Add -fsanitize= argument to assembly flags. It allows use of sanitizer preprocessor macros (like __has_feature()) in assembly files. Bug: 112438058 Test: SANITIZE_TARGET=hwaddress Change-Id: If9da7493d69fa2e03649754c38117e36eb8d222c
2018-08-31 21:57:26 +02:00
my_asflags += $(CFI_EXTRA_ASFLAGS)
Revert "Revert "CFI compatibility with static executables and nested archives"" This reverts commit 8350c4c540b6ad8a5e5ea01b6aacb9e92fa3d7dc. Reverting the revert so a proper fix can be applied. Change-Id: I69f106dfd294198e03a62bcd88c8f18033410141
2017-11-01 10:21:20 +01:00
# Only append the default visibility flag if -fvisibility has not already been
# set to hidden.
ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),)
my_cflags += -fvisibility=default
endif
Blacklist code for CFI. Adds the -fsanitize-blacklist option for CFI, using the built in blacklist at external/compiler-rt/lib/cfi/cfi_blacklist.txt. Also refactors the CFI cflags and ldflags into ../soong/cc/makevars.go to ensure they're consistent across Soong and make projects. Bug: 30227045 Test: ENABLE_CFI=true m -j40 builds and boots. Test: The blacklist prevents runtime errors that otherwise occur. Change-Id: I0c2801ed459a3b9adeb37daff3ca212564801259
2017-02-14 16:55:37 +01:00
my_ldflags += $(CFI_EXTRA_LDFLAGS)
Run $(AR) with LLVMgold.so plugin for CFI targets. Bug: 34623182 Test: add LOCAL_SANITIZE:=cfi to some static libraries under libstagefright Change-Id: I4f0d8cbd794e0ce4737c59a4617e93c7a5defec1
2017-01-24 01:57:38 +01:00
my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so
Revert "Revert "CFI compatibility with static executables and nested archives"" This reverts commit 8350c4c540b6ad8a5e5ea01b6aacb9e92fa3d7dc. Reverting the revert so a proper fix can be applied. Change-Id: I69f106dfd294198e03a62bcd88c8f18033410141
2017-11-01 10:21:20 +01:00
ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags))
my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags))
else
# Apply the version script to non-static executables
my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map
LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map
endif
Enable LOCAL_SANITIZE:=cfi and add LOCAL_SANITIZE_DIAG. Bug: 22033465 Change-Id: Ie011f888f55a2cfb5c943070a3844cb541812afe
2016-07-07 19:56:39 +02:00
endif
Link in ASAN library if my_global_santitize is set. * When my_global_santitize is set and requires ASAN, link with ASAN library even when local module is not instrumented with ASAN, unless the local module is the ASAN library itself. * Add -Wl,--as-needed to my_ldflags for shared libraries so that unneeded ASAN library would not become a dependent of the built .so file. * Change shared file and executable file link argument order so that -Wl flags will have effect on linked-in libraries. * Remove unused ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES. BUG: 27614834 Change-Id: I4eda6003f1f24e498cba91c043dbe1fabe522686
2016-03-09 23:54:55 +01:00
# If local or global modules need ASAN, add linker flags.
ifneq ($(filter address,$(my_global_sanitize) $(my_sanitize)),)
Add a SANITIZE_HOST flag. We had discussed the idea of making all host tools default to using ASAN. Even if we don't make it the default, this makes it easy for the user to switch all host binaries over. Change-Id: I64a5c741b1b4e9aefed3a6be8dcd4f386e06b29c
2014-11-01 00:23:08 +01:00
my_ldflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_LDFLAGS)
ifdef LOCAL_IS_HOST_MODULE
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
# -nodefaultlibs (provided with libc++) prevents the driver from linking
# libraries needed with -fsanitize=address. http://b/18650275 (WAI)
--no-as-needed needs -Wl. Not sure why my checkbuild passed. Change-Id: Iead84121daaaa32c5dd1f0712e9b7caaffd58352
2015-04-28 23:55:50 +02:00
my_ldflags += -Wl,--no-as-needed
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
else
Link in ASAN library if my_global_santitize is set. * When my_global_santitize is set and requires ASAN, link with ASAN library even when local module is not instrumented with ASAN, unless the local module is the ASAN library itself. * Add -Wl,--as-needed to my_ldflags for shared libraries so that unneeded ASAN library would not become a dependent of the built .so file. * Change shared file and executable file link argument order so that -Wl flags will have effect on linked-in libraries. * Remove unused ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES. BUG: 27614834 Change-Id: I4eda6003f1f24e498cba91c043dbe1fabe522686
2016-03-09 23:54:55 +01:00
# Add asan libraries unless LOCAL_MODULE is the asan library.
Fix AddressSanitizer link order and multilib setup. ASan runtime library (when using dynamic linking) must be the first dependency of the main executable to achieve correct symbol interposition. This matches how the clang driver works. In multilib setup, ASan-RT name depends on the target arch: /system/lib/libclang_rt.asan-arm-android.so /system/lib64/libclang_rt.asan-arm64-android.so We also set RPATH to /system/lib/asan or /system/lib64/asan to have a place for ASan-only versions of system libraries. Change-Id: I5c0cdb89e5e08a1950eb276e406da9f31a6e52dd
2015-04-25 01:34:47 +02:00
# ASan runtime library must be the first in the link order.
Link in ASAN library if my_global_santitize is set. * When my_global_santitize is set and requires ASAN, link with ASAN library even when local module is not instrumented with ASAN, unless the local module is the ASAN library itself. * Add -Wl,--as-needed to my_ldflags for shared libraries so that unneeded ASAN library would not become a dependent of the built .so file. * Change shared file and executable file link argument order so that -Wl flags will have effect on linked-in libraries. * Remove unused ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES. BUG: 27614834 Change-Id: I4eda6003f1f24e498cba91c043dbe1fabe522686
2016-03-09 23:54:55 +01:00
ifeq (,$(filter $(LOCAL_MODULE),$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY)))
my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
$(my_shared_libraries)
endif
ifeq (,$(filter $(LOCAL_MODULE),$(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)))
my_static_libraries += $(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)
endif
# Do not add unnecessary dependency in shared libraries.
ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
my_ldflags += -Wl,--as-needed
endif
Set up dependency on ADDRESS_SANITIZER_LINKER Set up dependency on ADDRESS_SANITIZER_LINKER if address sanitizer is enabled. Bug: 22850550 Change-Id: I736fe1d4db9594edf9e82ae96e4631887881dfa5
2015-08-18 01:13:24 +02:00
Use ASAN linker for native tests Native tests (BUILD_NATIVE_TEST) use their own MODULE_CLASS. Check for it when selecting the linker for ASAN. Test: build a native test, readelf -l <test> | grep linker Change-Id: I34ca8c443c792bdf8b4b1fa812806c56f13a72d0
2018-12-21 00:55:08 +01:00
ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
Only add linker_asan as dependency to shared executables linker_asan is only needed by shared exectuables, prevent adding it as a dependency of anything else. Avoids a dependency loop from linker_asan -> linker -> linker_asan. Change-Id: Id7744ad8a5901468518fac80741c75e764adb559
2016-07-18 00:28:07 +02:00
ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
my_linker := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER)
# Make sure linker_asan get installed.
Fix linker_asan[64] apex bootstrap build error This commit fixes `linker_asan[64]` apex bootstrap build errors. Without this change, `make -j SANITIZE_TARGET=address` results in: FAILED: ninja: 'out/target/product/walleye/system/bin/linker_asan64', needed by 'out/target/product/walleye/system/bin/app_process64', missing and no known rule to make it Test: lunch aosp_walleye-userdebug && make SANITIZE_TARGET=address Change-Id: I980a36499cd327db307321fc8e4548925e7d56bf
2019-01-31 10:07:50 +01:00
$(LOCAL_INSTALLED_MODULE) : | $(PRODUCT_OUT)$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER_FILE)
Only add linker_asan as dependency to shared executables linker_asan is only needed by shared exectuables, prevent adding it as a dependency of anything else. Avoids a dependency loop from linker_asan -> linker -> linker_asan. Change-Id: Id7744ad8a5901468518fac80741c75e764adb559
2016-07-18 00:28:07 +02:00
endif
endif
Add support for ubsan. Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>. For example, the following will use both asan and ubsan: LOCAL_SANITIZE := address undefined We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we can clean up the tree. Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2014-12-12 03:56:26 +01:00
endif
endif
Link in ASAN library if my_global_santitize is set. * When my_global_santitize is set and requires ASAN, link with ASAN library even when local module is not instrumented with ASAN, unless the local module is the ASAN library itself. * Add -Wl,--as-needed to my_ldflags for shared libraries so that unneeded ASAN library would not become a dependent of the built .so file. * Change shared file and executable file link argument order so that -Wl flags will have effect on linked-in libraries. * Remove unused ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES. BUG: 27614834 Change-Id: I4eda6003f1f24e498cba91c043dbe1fabe522686
2016-03-09 23:54:55 +01:00
# If local module needs ASAN, add compiler flags.
ifneq ($(filter address,$(my_sanitize)),)
# Frame pointer based unwinder in ASan requires ARM frame setup.
LOCAL_ARM_MODE := arm
my_cflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
ifndef LOCAL_IS_HOST_MODULE
my_cflags += -mllvm -asan-globals=0
endif
endif
Add extra cflags to hwasan targets. Bug: 112438058 Test: SANITIZE_TARGET=hwaddress Change-Id: I572cb20369b2e98ab5153f665af60366cb7f7657
2018-08-28 22:52:08 +02:00
# If local module needs HWASAN, add compiler flags.
ifneq ($(filter hwaddress,$(my_sanitize)),)
my_cflags += $(HWADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
endif
Do not use UBSAN library on HOST or AUX targets AUX modules are not necessarily using the same toolchain as the TARGET modules. they don't have to depend on this library. Change-Id: Ib50cf0eb26c257ae3eb69a43aa1a12c41d5d39b0 Signed-off-by: Alexey Polyudov <apolyudov@google.com>
2018-03-28 00:28:12 +02:00
# Use minimal diagnostics when integer overflow is enabled; never do it for HOST or AUX modules
ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),)
Add minimal-runtime support for integer overflows. Adds Make support for -fsanitze-minimal-runtime when using the integer overflow sanitizers. This makes the crashes due to these sanitizers less mysterious. This also cleans up the handling of the integer_overflow flag. Bug: 64091660 Test: Compiled and checked the generated compiler commands Test: Checked program that overflows for the abort reason Test: Checked integer_overflow flag still emits overflow checks Change-Id: I11012ed0cbbf51935f549a08bd17109b5ce6f330
2018-02-21 22:41:05 +01:00
# Pre-emptively add UBSAN minimal runtime incase a static library dependency requires it
ifeq ($(filter STATIC_LIBRARIES,$(LOCAL_MODULE_CLASS)),)
ifndef LOCAL_SDK_VERSION
my_static_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY)
Don't export UBSan minimal runtime symbols. When linking in the UBSan minimal runtime, don't export the symbols. This was resulting in an edge case where symbols were sometimes undefined at runtime on address sanitized builds if static library dependencies were integer overflow sanitized. Bug: 78766744 Test: readelf on libraries show either inclusion of the shared library or no undefined symbols related to the minimal runtime. Change-Id: I4382cc72baefd7fa96cd83e8349e82f7b083f5aa
2018-05-11 23:09:36 +02:00
my_ldflags += -Wl,--exclude-libs,$($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY).a
Add minimal-runtime support for integer overflows. Adds Make support for -fsanitze-minimal-runtime when using the integer overflow sanitizers. This makes the crashes due to these sanitizers less mysterious. This also cleans up the handling of the integer_overflow flag. Bug: 64091660 Test: Compiled and checked the generated compiler commands Test: Checked program that overflows for the abort reason Test: Checked integer_overflow flag still emits overflow checks Change-Id: I11012ed0cbbf51935f549a08bd17109b5ce6f330
2018-02-21 22:41:05 +01:00
endif
endif
ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
Scudo minimal runtime support for make Scudo is now compatible with the -fsanitize-minimal-runtime, and offers a new dynamic library that doesn't bundle UBSan. This patch adds support for this new library in make, preferring it over the full one, unless a diagnostic dependency is found. Test: aosp compiled with m -j Test: local test enabling Scudo for mediaextractor Change-Id: I99ac0d410b1619de09783f5009476c1ea2995f98
2018-10-11 17:56:12 +02:00
ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
Add minimal-runtime support for integer overflows. Adds Make support for -fsanitze-minimal-runtime when using the integer overflow sanitizers. This makes the crashes due to these sanitizers less mysterious. This also cleans up the handling of the integer_overflow flag. Bug: 64091660 Test: Compiled and checked the generated compiler commands Test: Checked program that overflows for the abort reason Test: Checked integer_overflow flag still emits overflow checks Change-Id: I11012ed0cbbf51935f549a08bd17109b5ce6f330
2018-02-21 22:41:05 +01:00
ifeq ($(filter cfi,$(my_sanitize_diag)),)
Add "hwaddress" sanitizer. Build/make support for "hwaddress". * HWASan supports static binaries, unlike ASan. * It will be used to build libc. Since static libraries get a .hwasan suffix in soong, the logic that moves libc-and-friends to the end of the link command line has to be updated. Bug: 112438058 Test: manual, part of a bigger patch set Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-07-27 20:54:32 +02:00
ifeq ($(filter address hwaddress,$(my_sanitize)),)
Add minimal-runtime support for integer overflows. Adds Make support for -fsanitze-minimal-runtime when using the integer overflow sanitizers. This makes the crashes due to these sanitizers less mysterious. This also cleans up the handling of the integer_overflow flag. Bug: 64091660 Test: Compiled and checked the generated compiler commands Test: Checked program that overflows for the abort reason Test: Checked integer_overflow flag still emits overflow checks Change-Id: I11012ed0cbbf51935f549a08bd17109b5ce6f330
2018-02-21 22:41:05 +01:00
my_cflags += -fsanitize-minimal-runtime
my_cflags += -fno-sanitize-trap=integer
my_cflags += -fno-sanitize-recover=integer
endif
endif
endif
endif
endif
Scudo minimal runtime support for make Scudo is now compatible with the -fsanitize-minimal-runtime, and offers a new dynamic library that doesn't bundle UBSan. This patch adds support for this new library in make, preferring it over the full one, unless a diagnostic dependency is found. Test: aosp compiled with m -j Test: local test enabling Scudo for mediaextractor Change-Id: I99ac0d410b1619de09783f5009476c1ea2995f98
2018-10-11 17:56:12 +02:00
# For Scudo, we opt for the minimal runtime, unless some diagnostics are enabled.
ifneq ($(filter scudo,$(my_sanitize)),)
ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer cfi,$(my_sanitize_diag)),)
my_cflags += -fsanitize-minimal-runtime
endif
ifneq ($(filter -fsanitize-minimal-runtime,$(my_cflags)),)
my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_MINIMAL_RUNTIME_LIBRARY)
else
my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_RUNTIME_LIBRARY)
endif
endif
Fix bad variable names. My working tree was still dirty when I verified the original change. Change-Id: I3e6fa6908b809c016231b398c5d30d8cce3b87ab
2015-04-28 20:26:45 +02:00
ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
Add LOCAL_SANITIZE_RECOVER. This is needed for projects that have known ubsan issues that we can't fix right away (perhaps because it's an upstream project that we're diligent about keeping in sync with upsteam). Also make the normal ubsan use -fno-sanitize-recover=all by default. Change-Id: I1b0f3309792f32dbd08c18816d7306e76c8d7c30
2015-04-17 03:08:44 +02:00
my_cflags += -fsanitize-recover=$(recover_arg)
endif
Enable LOCAL_SANITIZE:=cfi and add LOCAL_SANITIZE_DIAG. Bug: 22033465 Change-Id: Ie011f888f55a2cfb5c943070a3844cb541812afe
2016-07-07 19:56:39 +02:00
Add make var to avoid recovering with diagnostics. Add a LOCAL_SANITIZE_NO_RECOVER variable that allows specifying which sanitizers running in diagnostics mode shouldn't recover. This can help debugging as we test enabling sanitizers in new libraries since it'll cause tombstones to be generated along with the diagnostics information. Bug: 80195448 Bug: 110791537 Test: Compiled test module with this flag, checked compiler command. Test: Test module crashed, tombstone contained diagnostics information. Change-Id: I441b9c873e54bf6404325f4d0ac59835350c2889
2018-12-12 19:04:34 +01:00
ifneq ($(strip $(LOCAL_SANITIZE_NO_RECOVER)),)
no_recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_NO_RECOVER)),
my_cflags += -fno-sanitize-recover=$(no_recover_arg)
endif
Hide CFI behind a global flag. This CL ensures that the LOCAL_SANITIZE=cfi is not honored unless it is enabled globally using ENABLE_CFI='true' first. This allows CFI to be hidden behind a flag. Bug: 30227045 Bug: 22033465 Test: m -j40 works and device boots Test: cfi is correctly honored only when the global flag is set. Change-Id: If4508ba448bd4260020483f9c11ee849bb419713
2017-01-19 02:50:29 +01:00
ifneq ($(my_sanitize_diag),)
Revert "Revert "CFI compatibility with static executables and nested archives"" This reverts commit 8350c4c540b6ad8a5e5ea01b6aacb9e92fa3d7dc. Reverting the revert so a proper fix can be applied. Change-Id: I69f106dfd294198e03a62bcd88c8f18033410141
2017-11-01 10:21:20 +01:00
# TODO(vishwath): Add diagnostic support for static executables once
# we switch to clang-4393122 (which adds the static ubsan runtime
# that this depends on)
ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
my_cflags += -fno-sanitize-trap=$(notrap_arg)
# Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
Add "hwaddress" sanitizer. Build/make support for "hwaddress". * HWASan supports static binaries, unlike ASan. * It will be used to build libc. Since static libraries get a .hwasan suffix in soong, the logic that moves libc-and-friends to the end of the link command line has to be updated. Bug: 112438058 Test: manual, part of a bigger patch set Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-07-27 20:54:32 +02:00
ifeq ($(filter address thread scudo hwaddress,$(my_sanitize)),)
Revert "Revert "CFI compatibility with static executables and nested archives"" This reverts commit 8350c4c540b6ad8a5e5ea01b6aacb9e92fa3d7dc. Reverting the revert so a proper fix can be applied. Change-Id: I69f106dfd294198e03a62bcd88c8f18033410141
2017-11-01 10:21:20 +01:00
# Does not have to be the first DT_NEEDED unlike ASan.
my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
endif
Enable LOCAL_SANITIZE:=cfi and add LOCAL_SANITIZE_DIAG. Bug: 22033465 Change-Id: Ie011f888f55a2cfb5c943070a3844cb541812afe
2016-07-07 19:56:39 +02:00
endif
endif
Disable implicit-integer-sign-change by default. * New clang compiler makes some integer santizers enabling implicit-integer-sign-change, but Android code does not boot with this new sanitizer yet. Bug: 119329758 Test: build and boot with new clang compiler Change-Id: Ic80cde49d3ef51277fbe2a0aa8c1b8f2f8bfd80c
2018-11-18 05:18:08 +01:00
# http://b/119329758, Android core does not boot up with this sanitizer yet.
# Previously sanitized modules might not pass new implicit-integer-sign-change check.
# Disable this check unless it has been explicitly specified.
ifneq ($(findstring fsanitize,$(my_cflags)),)
ifneq ($(findstring integer,$(my_cflags)),)
ifeq ($(findstring sanitize=implicit-integer-sign-change,$(my_cflags)),)
my_cflags += -fno-sanitize=implicit-integer-sign-change
endif
endif
endif
Reference in a new issue Copy permalink