abort() seems friendlier, but in practice it puts a couple of irrelevant
libc.so frames on the top of the stack trace and clobbers all the
registers that might have helped remotely debug a sanitizer failure.
Let's switch to trapping directly in the sanitized code instead.
Bug: http://b/298741930
Test: treehugger
Change-Id: I4fca63cb42bfba16a934c1fa88b08697faf3be41
Like aosp/2495518, but adds the ability to centrally disable HWASan
for multiple modules when building with SANITIZE_TARGET=hwaddress.
HWASan takes precedence over CFI and several other sanitizers that it's
incompatible with[1], which can be problematic for modules that require
those sanitizers (e.g. those that depend on vendor prebuilts where only
sanitized variants are provided). This patch adds an easy way to disable
HWASan for such modules while still keeping it globally enabled.
Test: build with HWASAN_EXCLUDE_PATHS set and verify with readelf that
relevant modules have no references to __hwasan symbols
[1] bb31ca1168/core/config_sanitizers.mk (236)
Change-Id: I64185b570bc64e61680c3212934a02d80a4904b9
GNU make bits for https://android-review.git.corp.google.com/c/platform/build/soong/+/2625692.
Bug: N/A
Test: Build {libc, libm, libc++, libm, and libnetd} in internal master
with these patches and an experimental compiler with the lld support.
Also, `SANITIZE_TARGET=memtag_globals m` here with in-tree compiler
without lld support.
Change-Id: I44c239ba907a90a355c46e12afbbbe96bb2e4426
Allow product configuration of memtag target list by
moving the current set into a product variable instead of the various
.bp files.
The default list of memtag targets can be found in
build/make/target/product/memtag-common.mk
This is NFC as all targets in the list already have "memtag_heap: true"
in the build files.
Bug: 280343521
Test: no functional change
Change-Id: I5954fde05256e00a8e01c114ad522f50ed0cfa9f
Environment variables HWASAN_INCLUDE_PATHS and
PRODUCT_HWASAN_INCLUDE_PATHS can be used to enable HWASan for multiple
modules, by just adding the module directory to the env variable.
Bug: b/271948407
Test: Set specific module directory to above env variable and check the
assembly codes of output elf files after building, finding hwasan
related symbols inside.
Change-Id: I4493cb627fb564ee317eb95bd24ec020d42ae28c
This change depends on the following toolchain commit:
https://reviews.llvm.org/D118948
Bug: b/174878242
Change-Id: Id67503a5c0983c9ae6fc29f158f4d20bca778e9f
Bug: http://b/133876586
This was turned off but the upstream change fixing this has been long
part of the Android toolchain.
Test: Output of
m aidl_parser_fuzzer; readelf aidl_parser_fuzzer | grep -c sancov
hasn't changed.
Change-Id: I1d5f9c94cebad74ee00adc1290bbf425bb5c4cd3
BUILD_HOST_EXECUTABLE modules are substantially deprecated, but some
partners are still using them for their bits with the workaround
provided in the product definition. This fixes a build error where
the host module doesn't have a linkable ELF note archive.
MTE is not intended for host modules, and it's fine for us to say
"host module using AndroidMk - no MTE for you" if this changes.
Test: Manually tested using a BUILD_HOST_EXECUTABLE module.
Change-Id: Ifedff39f2f03c08bfb644221d2ab1b88e635c8a3
CFI has been enabled for 32-bit builds but this option
still only works for 64-bit builds
Bug: 179233410
Change-Id: I3a9fed728489021f6c062ad45082b0a2705cec51
Before this change, exclude paths disabled sanitization of targets that
would otherwise be enabled by SanitizeDevice product variable (aka
SANITIZE_TARGET).
With this change, in addition to the above logic, exclude path disables
sanitization of targets that would otherwise be enabled by the
corresponding include path.
Effectively, this change disables sanitization of targets that are
covered by *both* include and exclude paths.
Test: MEMTAG_HEAP_SYNC_INCLUDE_PATHS=system/extras \
MEMTAG_HEAP_EXCLUDE_PATHS=system/extras/su m su && \
readelf -n path/to/su | grep .note.android.memtag
Bug: b/184976817
Change-Id: Ifa44b85556c6468fe5a37b5e6864c4ce9561ae2b
Small typo in the AndroidMk sanitizer config, where adding heap MTE
ended up promoting CFI to diagnostic CFI accidentally, where this isn't
a valid transformation.
Bug: 184397138
Test: lunch aosp_sunfish-userdebug
Test: PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS=\
Test: "hardware/qcom frameworks/opt/net/wifi" \
Test: CFI_INCLUDE_PATHS=hardware/qcom \
Test: m libwifi-hal
Change-Id: I74a03debf0042f2ee004503dd4a0e81131bd9fde
Enabling cfi for 32-bit arch; b/35157333 seems to have been resolved in b/67507331.
Bug: 158010610
Test: manual interaction with Wimbley device: youtube video, chrome
navigations, gmail
MPTS testing on Sargo
Change-Id: I79eeb7e880ea09d857f8339901b67f77243a575c
New clang compiler enables unsigned-shift-base as part of
integer sanitizers. But it makes some daemons crash at
libc++.
Bug: 177566116
Test: build.
Change-Id: I6d64fa5002b6035be4d960441eb5176c97152af9
All uses of this property have been migrated to
LOCAL_SANITIZE_BLOCKLIST.
Update language to comply with Android’s inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for
reference
Bug: 161896447
Bug: 162245450
Test: Add the old property to an Android.mk and ensure error is thrown.
Change-Id: I797ff651f03b954b410f76f4d201a962ded717df
It'll replace LOCAL_SANITIZE_BLACKLIST.
Update language to comply with Android’s inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for
reference
Bug: 161896447
Bug: 162245450
Test: n/a (no users in AOSP for this property).
Change-Id: Ie31c35af722d05011a528e1170b0c026b50fbf88
This was deprecated in R, which has now branched, and there aren't any
users on master.
Test: build-aosp_crosshatch.ninja is the same (except for the removal of the empty auxiliary target)
Test: treehugger
Change-Id: I306156ab7f91cd4a2258554b4215766c99cd12d1
libdl.a has a no-op dlopen, which breaks static libraries that need a real
dlopen. Instead of automatically linking libdl.a into static executables,
make it optional.
Until recently, the libunwind_llvm.a unwinder, used on arm32, needed the
no-op dladdr, but it's now built using -D_LIBUNWIND_USE_DLADDR=0.
The HWASan run-time uses dlsym and dladdr, so add a libdl dependency for
HWASan-built static binaries. We could also remove the dependency from
libclang_rt.hwasan_static-*.a, but this is also easy to do.
Bug: http://b/141485154
Test: bionic unit tests, device boots, verify that static and dynamic
executables can throw/catch an exception
Test: verify that a static executable using dlopen doesn't link (unless it
adds an explicit dependency on libdl)
Change-Id: Id26741f79dca50256a2dc23453af3026a6c88dca
We already link the shared prebuilt from the toolchain. This is
redundant and the wrong version.
Test: make checkbuild
Bug: http://b/74067984
Change-Id: Ie315b7fd8195414717d3fbe6dad1f12577ef3e35
Sanitizer coverage is currently broken with the experimental pass
manager. See b/133876586 for more information. The patch is currently
being worked on upstream (https://reviews.llvm.org/D62888), but is not
ready yet. Hence, we disable it here (similar to the LTO bug).
Bug: 133876586
Test: Build anything with SANITIZE_TARGET='fuzzer', verify that it has
'sancov' symbols.
Change-Id: I74d02e52ccbe2a3d96b6b8e30230197b554e60a0
- Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of
'coverage'.
- Removed an old dependency that made fuzzer builds without ASan
an error.
- Fixed up the build flags to allow fuzzers to be built. Previously, the
coverage flags were manually provided. As the toolchain has moved on,
these flags are no longer compatible with libFuzzer, and so I've updated
them to use the correct, compatible flags.
Bug: 121042685
Test: With all patches in the bug merged, build a fuzzer using
'SANITIZE_TARGET=fuzzer mmma <your_fuzzer>'.
Change-Id: I86e6a26d27c22b3622cf6ea8760f502f607df6f0
This CL simplifies the PRODUCTS.$(INTERNAL_PRODUCT).X accesses of
product variables, and removes unnecessary stripping of them.
Replace: '\$\(PRODUCTS\.\$\(INTERNAL_PRODUCT\)\.([^\)]*)\)' with '$(\1)'
Replace: '\$\(strip\s*\$\(PRODUCT_([^\)]*)\)\)' with '$(PRODUCT_\1)'
A few minor manual tweaks.
Bug: 116769560
Test: presubmit
Change-Id: I70c54f1582e3cc780028535960147d99ebc2e0e1
Don't enable CFI diagnostics by default when applying it in include
paths. Part of a broader effort to remove diagnostics mode from CFI
across the board.
This should reduce performance overhead and also allows the minimal
runtime to work when other ubsan sanitizers are enabled. CFI stack
dumps should include a CFI related function, so it should be apparent
when a crash is CFI-related.
Bug: 117417735
Test: make -j
Change-Id: I3d6326e06d7aa7d9c00382f336301ecb822ae7ec
This adds an option to turn off Scudo globally, and use it for Go.
Bug: 123228023
Test: verify that Scudo is disabled for a Go build, eg:
lunch marlin_svelte-eng && m -j, check that Scudo is not linked in
out/target/product/marlin/system/bin/mediaextractor
Test: verify that Scudo is enabled otherwise, eg:
lunch marlin-eng && m -j, check that Scudo is linked in
out/target/product/marlin/system/bin/mediaextractor
Change-Id: Idc82d581fade544a474e6f2ff0b54dd191ba0818
Merged-In: Idc82d581fade544a474e6f2ff0b54dd191ba0818
This commit fixes `linker_asan[64]` apex bootstrap build errors.
Without this change, `make -j SANITIZE_TARGET=address` results in:
FAILED: ninja: 'out/target/product/walleye/system/bin/linker_asan64',
needed by 'out/target/product/walleye/system/bin/app_process64',
missing and no known rule to make it
Test: lunch aosp_walleye-userdebug && make SANITIZE_TARGET=address
Change-Id: I980a36499cd327db307321fc8e4548925e7d56bf
Native tests (BUILD_NATIVE_TEST) use their own MODULE_CLASS.
Check for it when selecting the linker for ASAN.
Test: build a native test, readelf -l <test> | grep linker
Change-Id: I34ca8c443c792bdf8b4b1fa812806c56f13a72d0
Add a LOCAL_SANITIZE_NO_RECOVER variable that allows specifying which
sanitizers running in diagnostics mode shouldn't recover. This can help
debugging as we test enabling sanitizers in new libraries since it'll
cause tombstones to be generated along with the diagnostics information.
Bug: 80195448
Bug: 110791537
Test: Compiled test module with this flag, checked compiler command.
Test: Test module crashed, tombstone contained diagnostics information.
Change-Id: I441b9c873e54bf6404325f4d0ac59835350c2889
Same as soong. This needs do match, otherwise, for example, CFI may be
disable in a static library in soong, and left enabled in a shared
library in make; that would not work as CFI only supports DSO granularity.
Bug: 120508119, 112709969
Change-Id: I00d6b1c9c373bcb6804c135407c6eeae88b375b6
Test: hwasan build of master branch boots
* New clang compiler makes some integer santizers enabling
implicit-integer-sign-change, but Android code does not
boot with this new sanitizer yet.
Bug: 119329758
Test: build and boot with new clang compiler
Change-Id: Ic80cde49d3ef51277fbe2a0aa8c1b8f2f8bfd80c
They are executables, but they are not EXECUTABLES.
Bug: 112438058
Test: make SANITIZE_TARGET=hwaddress tests
Change-Id: I0f5d8d6259d7df4196bde50ec553b73099f2c8ac
Scudo is now compatible with the -fsanitize-minimal-runtime, and offers a new
dynamic library that doesn't bundle UBSan.
This patch adds support for this new library in make, preferring it over the
full one, unless a diagnostic dependency is found.
Test: aosp compiled with m -j
Test: local test enabling Scudo for mediaextractor
Change-Id: I99ac0d410b1619de09783f5009476c1ea2995f98
It allows use of sanitizer preprocessor macros (like __has_feature())
in assembly files.
Bug: 112438058
Test: SANITIZE_TARGET=hwaddress
Change-Id: If9da7493d69fa2e03649754c38117e36eb8d222c
Build/make support for "hwaddress".
* HWASan supports static binaries, unlike ASan.
* It will be used to build libc. Since static libraries get a .hwasan
suffix in soong, the logic that moves libc-and-friends to the end
of the link command line has to be updated.
Bug: 112438058
Test: manual, part of a bigger patch set
Change-Id: I3b52336841012622771a88ba161916bc33071dfe
