Commit graph

231 commits

Author SHA1 Message Date
Colin Cross
127bb8b9f6 Don't rewrite LLNDK dependencies with .llndk suffix
Rewriting LLNDK dependencies with .llndk suffix requries referencing
a global data structure to determine if a given library is an LLNDK
library and therefore needs the .llndk suffix.  References to
global data structures from mutators must be removed to support
incremental Soong analysis.  Instead, move the LLNDK stubs rules
into the vendor variant of the implementing cc_library so that
the original name can be used.

As an incremental step, the llndk_library modules are left in
place, and the properties are copied into the cc_library via
the dependency specified by the llndk_stub property.  A followup
will move the LLNDK properties directly into the cc_library and
delete the llndk_library modules.

The global list of LLNDK libraries is kept for now as it is used
to generate the vndk.libraries.txt file.

Bug: 170784825
Test: m checkbuild
Test: compare Soong outputs
Test: all Soong tests
Change-Id: I2a942b21c162541a49e27b2e5833c9aebccff1d0
2020-12-21 17:53:30 -08:00
Cindy Zhou
d3fe49289d Add arch_variant support for diag
Allow for different arch to specify sanitizer options.

Bug: 158010610
Test: Compiles with build options
Change-Id: I4db72f682e920e3c1a6d55473f316e56567636e6
2020-12-01 11:26:39 -08:00
Cindy Zhou
8cd45dea53 Add CFI support for assembly heavy libraries
This commit adds an new option to the sanitizer build config to enable CFI with the
"-fno-sanitize-cfi-canonical-jump-tables" flag in order to provide more
support for assembly heavy libraries.

Bug: 158010610
Test: Compile with option enabled in libaom and libvpx
Change-Id: I7d0d3ed6ff876582043fd72b687757426e3dc5aa
2020-11-18 17:32:54 -08:00
Jose Galmes
f729458e69 Support for recovery snapshot.
Bug: 171231437
Test: source build/envsetup.sh
Test: ALLOW_MISSING_DEPENDENCIES=true m -j nothing

Change-Id: I6b35fbb0b90ffffa941ea108cbd31a454b2dd403
2020-11-16 17:09:36 -08:00
Yifan Hong
60e0cfb5cb Add vendor-ramdisk image to Soong.
Add vendor_ramdisk_available and vendor_ramdisk attribute to
various rules. When a vendor_ramdisk variant of a module is
generated, it is installed to $OUT/vendor-ramdisk.

It is similar to a ramdisk image.
Test: m nothing -j

Change-Id: Ib2d16459f3094dbe21c3bdb7c016cb4b2bf62765
2020-10-22 10:26:26 -07:00
Colin Cross
e7257d2019 Add version dependencies to sanitizer runtime dependencies
The hwasan runtime has stubs, make the function to add all version
variants of a shared library available to the sanitizer mutator.

Test: m checkbuild
Change-Id: Ie4124022140f8520834d7bf7b59f0499cd381083
2020-09-30 21:17:59 +00:00
Martin Stjernholm
b024957791 Propagate all sanitizer flags in SDK snapshots.
liblog snapshot needs to sanitizer.address=false to avoid cycle in asan
builds. Adding that separately in library_sdk_member.go would start to
feel like whack-a-mole, so the snapshot generation is instead extended
to handle nested property structs.

This uses the BpPropertySet.AddProperty extension in
https://r.android.com/1423510, and common value optimisation now
recurses into non-anonymous structs, instead of comparing them as a
whole.

Test: m nothing
Test: `m SANITIZE_TARGET=address nothing` with prebuilts/runtime
  present in the manifest and a fresh snapshot made with this
Bug: 151303681
Change-Id: I472554117a488e6c800045cb2ed59377778571a4
2020-09-25 00:33:04 +01:00
Bill Peckham
f3bf78650a Merge "Add exclude_from_vendor_snapshot property, related logic" am: e1359af34d
Original change: https://android-review.googlesource.com/c/platform/build/soong/+/1416430

Change-Id: I89da13623f047a1651fb99b6a6ccc575cc75171c
2020-09-03 18:06:37 +00:00
Bill Peckham
e1359af34d Merge "Add exclude_from_vendor_snapshot property, related logic" 2020-09-03 17:52:29 +00:00
Colin Cross
90d0500699 Merge changes I59b7a32a,Ida7bc75a am: 0329f2398c
Original change: https://android-review.googlesource.com/c/platform/build/soong/+/1406259

Change-Id: I9b2b709c59630394aa528c64b4fbe60b52d50be5
2020-09-03 00:21:49 +00:00
Bill Peckham
945441c09a Add exclude_from_vendor_snapshot property, related logic
When building a vendor snapshot, the general rule the
build system uses to select a module for inclusion into
the vendor snapshot is if it's a framework module.
However, there are cases where a partner may modify the
framework module, thereby assuming control of that
module.

This change adds the exclude_from_vendor_snapshot
property allowing the partner to mark a module that
would normally be included in the vendor snapshot for
exclusion. This module is then built from source when
building the vendor image against the vendor snapshot.

Bug: 165705527
Test: m nothing
Test: build partner code against vendor snapshot
Change-Id: I6c5c15f13eeeb8f29717a4abd84b65fa72096889
2020-09-02 22:27:45 +00:00
Xin Li
65cb5c69ea Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: Ifca7b65f4e27bf14cdc30f72f790b0de90130bae
Change-Id: I3a39be5f0b8736de4822c6a14072c78d4e4ad89d
2020-08-29 01:17:45 -07:00
Colin Cross
42507337e5 Only request image and version variations for device SDK dependencies
AddFarVariationDependencies was broken, which allowed sdk modules to
request dependencies using image and version variations, even for
host modules that do not have image or version variations.  Make
the image and version variations conditional on device sdk modules.

Test: go test ./sdk
Change-Id: I59b7a32a3782254fd5feb828a5258ee13d4db812
2020-08-26 11:51:51 -07:00
Pirama Arumuga Nainar
84ce8d8d89 Merge "[cc/sanitize] Deprecate blacklist sub-property of sanitize" 2020-08-11 21:24:16 +00:00
Inseob Kim
eaebec1312 Merge changes from topic "cfi_vendor_snapshot"
* changes:
  Add cfi static libraries to vendor snapshot
  Refactor vendor snapshot modules
2020-08-07 01:48:10 +00:00
Mitch Phillips
8dc2af873b Merge "Added write only sanitizer for ASAN and HWASAN" 2020-08-06 21:17:12 +00:00
Inseob Kim
c42f2f2e9d Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.

This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.

For example, suppose that "libfoo" is defined as follows.

cc_library_static {
    name: "libfoo",
    vendor_available: true,
}

As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:

vendor_snapshot_static {
    name: "libfoo",
    src: "libfoo.a",
    cfi: {
        src: "libfoo.cfi.a",
    },
}

The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.

Two clarification:

1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.

2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.

sanitize: {
    cfi: false,
}

In this case, only non-CFI variant will be created for the vendor
snapshot module.

Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-08-06 19:47:57 +00:00
Treehugger Robot
8c69770ff0 Merge changes from topic "soong_sanitize_fix"
* changes:
  Separate lists of soong sanitize modules
  Move image mutator things to image.go
2020-08-06 00:48:16 +00:00
Inseob Kim
74d255698b Separate lists of soong sanitize modules
Dependencies of makefile modules are being redirected according to
SOONG_CFI_STATIC_LIBRARIES and SOONG_HWASAN_STATIC_LIBRARIES. But the
variables are shared among all variants (e.g. core, vendor, product,
arch), which can cause build error.

This splits the Makefile variables into several lists, one list per each
arch and each image variant, to correctly make the redirection.

Bug: 162476652
Test: build and inspect ninja
Change-Id: Icc753382f1c53de8468cc85243a6954e1986297a
2020-08-05 04:47:41 +00:00
Pirama Arumuga Nainar
c02c98b8f5 [cc/sanitize] Deprecate blacklist sub-property of sanitize
All uses of this property have been migrated to 'blocklist' instead.

Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Bug: 162245450

Test: TH
Change-Id: I4b83b41ad5a4b2caf1166b1acece9537f545aaad
2020-07-30 22:17:22 -07:00
Colin Cross
6e511a9a9f Add libraryDependencyTag to track dependencies on static and shared libraries
dependencyTag uses a set of predefined tags to identify different types
of dependencies.  There are already multiple bits of metadata stored
in the dependency tag (Library, Shared, ReexportFlags), and supporting
them all requires a combinatorial explosion of predefined tags and
causes issues when using equality comparisons if a new bit of metadata
is added.

Add a new libraryDependencyTag type that will contain the metadata
bits, and replace the quality comparisons with checks on the metadata
bits.

There are 5 TODOs where modifying the checks identified problems with
the existing checks.  These were left in place to produce identical
build output and will be fixed separately.

Bug: 162437057
Test: no change to build.ninja or {Android,make_vars,late}-${TARGET_PRODUCT}.mk
Change-Id: I72d4207dcf381c07c92e00e5a03968ebb5ed8d30
2020-07-29 13:22:30 -07:00
Jasraj Bedi
bb4511df94 Added write only sanitizer for ASAN and HWASAN
Bug: 162024969
Test: Successfully builds targets for both host and device

"writeonly" flag in SANITIZE_(HOST|TARGET) enables it with "address"
and "hwaddress"

Change-Id: Ia89d43230deef15a67dee09ed015fea14f0717ff
2020-07-29 20:13:53 +00:00
Pirama Arumuga Nainar
eda8499a3c Merge "[cc/sanitize] Add Blocklist property" 2020-07-28 17:21:59 +00:00
Pirama Arumuga Nainar
6c4ccca7b7 [cc/sanitize] Add Blocklist property
This will eventually replace the Blacklist property.

Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Bug: 162245450
Test: build topic
Change-Id: I3c2609c791c27b8ba3bcb55f79304b78bce1f518
2020-07-27 13:37:05 -07:00
Pirama Arumuga Nainar
eb8d403273 Rename CFI blocklist files.
Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Test: build
Change-Id: I3de274e58135660e102c276a9822a2ef2cd7cba8
2020-07-27 18:37:48 +00:00
Mitch Phillips
7df01cc05a Merge "[HWASan] Disable GlobalISel/FastISel w/ HWASan." into rvc-dev am: 13b85a4792
Original change: https://googleplex-android-review.googlesource.com/c/platform/build/soong/+/11959173

Change-Id: I986f605a95a5627c42ff6195138c65843f6938f5
2020-06-30 18:38:19 +00:00
Mitch Phillips
b1c574fd13 [HWASan] Disable GlobalISel/FastISel w/ HWASan.
Bug: 159343917
Test: See upstream testing at https://reviews.llvm.org/D82249
Change-Id: Ib644a857caa048d7fc3dd5e5f20553e0b4a47d43
2020-06-30 17:35:56 +00:00
Christopher Ferris
f70926eef0 Remove libc_scudo references.
Test: Builds and boots.
Change-Id: Iad97159e6193f7afffd8fbc9456427eee5d150e3
Merged-In: Iad97159e6193f7afffd8fbc9456427eee5d150e3
(cherry picked from commit 1f16b27511)
2020-06-22 15:27:56 -07:00
Jooyung Han
8ce8db9ed6 apex: install hwasan lib if depended on libc
There're two ways to enable hwasan:
- global setting: TARGET_SANITIZE=hwaddress
- individual setting: sanitize: { hwaddress: true }

This change covers both cases by looking up if com.android.runtime is
hwaddress santized or not.

Bug: 156678661
Test: m (soong test added)
Change-Id: I67c382c3e76a06f4b27f221eebd153c698647227
2020-05-15 19:12:38 +09:00
Dan Willemsen
b5b2aba43b Don't tell make about modules in other namespaces
This was causing build breaks when different devices moved to Android.bp
at different times.

Bug: 150878976
Test: build *_hwasan targets
Change-Id: I68912bb6a5696809c318d1ec816a1bcfbe2df245
Merged-In: I68912bb6a5696809c318d1ec816a1bcfbe2df245
(cherry picked from commit 7b6af23db6)
2020-05-04 00:05:47 -07:00
Dan Willemsen
7b6af23db6 Don't tell make about modules in other namespaces
This was causing build breaks when different devices moved to Android.bp
at different times.

Bug: 150878976
Test: build *_hwasan targets
Change-Id: I68912bb6a5696809c318d1ec816a1bcfbe2df245
2020-05-03 21:30:43 -07:00
Evgenii Stepanov
96fa3dd0af Revert "Reenable the new pass manager in hwasan builds."
This reverts commit 259eaab3b3.

Reason for revert: breaks hwasan + gcov

Bug: 135298400
Change-Id: Ie8574753f9237a55ad1618783bd5150ffb646015
2020-03-27 19:42:01 +00:00
Evgenii Stepanov
259eaab3b3 Reenable the new pass manager in hwasan builds.
Also remove a deprecated flag -fsanitize-hwaddress-abi=platform.

Switching to the new pass manager reduces size of the "lib64" directory
by almost 6%.

Bug: 135298400
Test: objdump -d path/to/symbols/system/lib64/*.so | grep __hwasan_check_
Test: adb shell sanitizer-status

Change-Id: I327ee982e20c02b3b2126d93189048d9f4bfb301
2020-03-23 14:56:03 -07:00
Elliott Hughes
cc868de8a7 Merge "Remove unused mips workarounds." 2020-03-16 21:06:13 +00:00
Ivan Lozano
9d790c78da Disable CFI only on incompatible variants.
Only disable CFI on incompatible variants rather than the base module.

Bug: 142157676
Test: Manual llvm-cfi-verify checks
Change-Id: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
Merged-In: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
(cherry picked from commit 4774a81c0f)
2020-03-13 11:59:07 -04:00
Ivan Lozano
438d379eb6 Merge "Disable CFI only on incompatible variants." 2020-03-13 15:57:08 +00:00
Ivan Lozano
fadd6358c1 Fix UBSanitized host binaries missing runtime.
Host binaries by default use the UBSan runtime whether or not
diagnostics are requested in the module definition. The rest of the code
assumes the runtime is only needed when diag properties are set.

This makes sure to add the runtime to the dependency graph of host
binaries that are UBSanitized.

Bug: 150336284
Test: ./art/tools/dist_linux_bionic.sh com.android.art.host
Test: runtime appropriately identified as a dependency of libziparchive
Change-Id: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
Merged-In: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
(cherry picked from commit f3b190f8e7)
2020-03-12 14:14:27 -04:00
Ivan Lozano
f3b190f8e7 Fix UBSanitized host binaries missing runtime.
Host binaries by default use the UBSan runtime whether or not
diagnostics are requested in the module definition. The rest of the code
assumes the runtime is only needed when diag properties are set.

This makes sure to add the runtime to the dependency graph of host
binaries that are UBSanitized.

Bug: 150336284
Test: ./art/tools/dist_linux_bionic.sh com.android.art.host
Test: runtime appropriately identified as a dependency of libziparchive
Change-Id: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
2020-03-11 20:40:21 -04:00
Ivan Lozano
4774a81c0f Disable CFI only on incompatible variants.
Only disable CFI on incompatible variants rather than the base module.

Bug: 142157676
Test: Manual llvm-cfi-verify checks
Change-Id: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
2020-03-10 16:27:38 -04:00
Elliott Hughes
da3a071eaa Remove unused mips workarounds.
This was never really finished, and hasn't been supported for years.

Test: treehugger
Change-Id: I21d4c3112aa8cf0c56e59f0cc19ff8725ef714b9
2020-03-06 18:15:44 -08:00
Colin Cross
dc7319df2b Convert cc to AndroidMkEntries
Use AndroidMkEntries so the next patch can use ExtraFooters, which
doesn't exist in AndroidMkData.

Bug: 149591522
     the bug is not exactly related to this change, but it is the bug
     that the follow-up changes are trying to fix.
Test: manually diff out/soong/Android.aosp_x86_64.mk
Merged-In: Ia3006b6747813693cf7e2b536030b21f3109f538
Change-Id: Ia3006b6747813693cf7e2b536030b21f3109f538
(cherry picked from commit d80cbca76d)
2020-03-05 14:40:43 +09:00
Colin Cross
d80cbca76d Convert cc to AndroidMkEntries
Use AndroidMkEntries so the next patch can use ExtraFooters, which
doesn't exist in AndroidMkData.

Test: manually diff out/soong/Android.aosp_x86_64.mk
Change-Id: Ia3006b6747813693cf7e2b536030b21f3109f538
2020-02-25 19:53:04 -08:00
Ivan Lozano
9ac32c7674 Allow Linux hosts to use ubsan runtime sanitizers.
Linux host prebuilts for UBSan runtime are available now, so we can
enable these. There's a bit more work to be done for Windows/Darwin
support, so that's left to another CL.

Bug: 148289941
Test: Build host binary with integer overflow sanitization enabled.
Test: ./art/test/testrunner/run_build_test_target.py art-linux-bionic-x64

Change-Id: Ie98979116fa3bb8accb23d1788adcc28330a9530
2020-02-20 20:27:35 +00:00
Inseob Kim
eec88e1de8 Add vendor snapshot modules
This implements four modules (static/shared/header libraries, and
binaries) for vendor snapshot. These modules will override source
modules if BOARD_VNDK_VERSION != current.

Bug: 65377115
Test: 1) VNDK_SNAPSHOT_BUILD_ARTIFACTS=true m dist vndk vendor-snapshot
Test: 2) install snapshot under source tree
Test: 3) set BOARD_VNDK_VERSION and boot cuttlefish
Change-Id: I24ddb4c3aa6abeab60bbfd31bcbd8753e2592dc5
2020-02-07 02:59:24 +09:00
Inseob Kim
8471cdaced Implement vendor snapshot
Vendor snapshot can be captured with "m dist vendor-snapshot". With
vendor snapshot and vndk snapshot, older version of /vendor and newer
version of /system will be able to be built together by setting
BOARD_VNDK_VERSION to past vendor's version.

Only vendor modules under AOSP are to be captured. In detail, modules
under following directories are ignored:
- device/
- vendor/
- hardware/, except for interfaces/, libhardware/, libhardware_legacy/,
  and ril/

Test modules (cc_test, etc.) and sanitized modules are also ignored.

Bug: 65377115
Test: m dist vendor-snapshot
Change-Id: If7a2f6de7f36deee936930c0ccf7c47c4a0cebf6
2020-02-07 02:58:29 +09:00
Yifan Hong
1b3348d50a Add ramdisk image.
It is similar to recovery image.
Test: m nothing -j

Change-Id: I11389777c6bfb0c0d73bbb4c70091c1e70f44077
2020-01-22 16:54:18 -08:00
Mitch Phillips
734b4cb62f Add $ORIGIN to fuzzer-coverage sanitized .so's.
Build fuzzer-sanitized libraries with an $ORIGIN DT_RUNPATH. Android's linker
uses DT_RUNPATH, not DT_RPATH. When we deploy cc_fuzz targets and their
libraries to /data/fuzz/<arch>/lib, any transient shared library gets the
DT_RUNPATH from the shared library above it, and not the executable, meaning
that the lookup falls back to the system. Adding the $ORIGIN to the DT_RUNPATH
here means that transient shared libraries can be found colocated with their
parents.

This may have some interesting consequences if:

 1. Your fuzz target depends on a shared library which has `sanitize.fuzzer:
 false` (as the DT_RUNPATH won't have `$ORIGIN`, and so you may get missing
 libraries).
 2. A `SANITIZE_TARGET=fuzzer` platform has a shared object in two
 different directories (like system vs. ndk) and is depending on the linker
 implementation details to resolve this in some manner.

I don't believe either of these instances should reasonably happen in
practise.

Fixes: 145973404
Fixes: 145988908
Test: m example_fuzzer
Change-Id: I94cbf628fc1ce15c43283d72bdabd9817de1fef8
2019-12-10 17:35:55 +00:00
Treehugger Robot
e643cd2b61 Merge "Add -instcombine-lower-dbg-declare to hwasan flags." 2019-12-03 02:19:08 +00:00
Evgenii Stepanov
64bee4decf Add -instcombine-lower-dbg-declare to hwasan flags.
This is a workaround to improve hwasan reports involving stack
variables.

Bug: 112437883
Test: SANITIZE_TARGET=hwaddress, build and boot

Change-Id: I21ea2fdd2d1f04e2bb9b9847785c00a951030c74
2019-11-22 18:40:07 -08:00
Colin Cross
7228ecd5e3 Move cc.imageMutator into the android package
Prepare for making the image mutator available to all modules and
moving it between the os and arch mutators by moving it into the
android package and using an interface implemented by the module
types to control it.

Bug: 142286466
Test: No unexpected changes to out/soong/build.ninja
Change-Id: I0dcc9c7b5ec80edffade340c367f6ae4da34151b
2019-11-20 15:21:32 -08:00