Adds the -fsanitize-blacklist option for CFI, using the built in
blacklist at external/compiler-rt/lib/cfi/cfi_blacklist.txt.
Also refactors the CFI cflags and ldflags into cc/makevars.go to
ensure they're consistent across Soong and make projects.
Bug: 30227045
Test: ENABLE_CFI=true m -j40 builds and boots.
Test: The blacklist prevents runtime errors that otherwise occur.
Change-Id: I91c5420478e7290061d89338a86abdef69c67fe2
This CL disables CFI for 32-bit ARM processes, which is broken due to
a compiler error in the most recent version of clang.
Bug: 35157333
Test: ENABLE_CFI=true m -j40 does not enable CFI for 32-bit processes
Change-Id: I52ccf60d91ff1a2af4cf024376b7d70f87040674
Mips toolchain does not have ld.gold.
ARM change is a workaround for LLVM r290384.
Bug: 33678192
Test: make ENABLE_CFI=1
Change-Id: I189ffd42760f0ea8d151717337b9355b37cb207b
With SANITIZE_TARGET="address coverage", if a module disables ASan
(address: false), it is left with just coverage, which is not
supported. In that case, disable coverage as well.
Bug: 33091541
Test: see above
Change-Id: Idcd04dad8cab7c7e2644d2408b1b8a381490e5af
This CL ensures that locally enabling CFI in a .bp file is not honored
unless it is enabled globally using ENABLE_CFI=true first, effectively
hiding it behind a flag.
Bug: 30227045
Bug: 22033465
Test: m -j40 works and device boots
Test: cfi is correctly honored only when the global flag is set.
Change-Id: Iccc6e4bf5e7828ab8ce6056f3e40922712faa0d8
Allow specifying one or more architectures to sanitize for. Defaults to
sanitizing all architectures. Allows reducing the cost of sanitization
by only sanitizing half of the platform.
Bug: 29498013
Test: No change to build.ninja files with m -j SANITIZE_TARGET=address
Test: m -j SANITIZE_TARGET=address SANITIZE_TARGET_ARCH=arm
Test: nm -D $OUT/system/bin/app_process64 | grep asan, no asan symbols found
Change-Id: I972cccc2f19443895d47b44bd8104105f93ffb7d
LOCAL_SANITIZE_DIAG works for ubsan, too.
Bug: 22033465
Test: build a test target with cfi and diag { cfi } properties.
Change-Id: I9cd8e8df9b330430b321709d7f05b4da0294e771
Host builds were compiling without -Wl,--no-undefined because of an ASAN
issue. Pass -Wl,--no-undefined for host builds unless sanitzers are
enabled. Also fix LOCAL_ALLOW_UNDEFINED_SYMBOLS on darwin, where
disallowing undefined symbols is the default.
Test: m -j host
Test: m -j SANITIZE_HOST=address host
Bug: 32305815
Change-Id: Ia4bb305a50b1c1048b119f75726d52f82e21438c
Host builds may build binaries that must have ASAN disabled. Convert
host ASAN to use variants. Since there is only one install location for
shared libraries, don't install the non-ASAN variant at all for now.
Test: mmma -j art SANITIZE_HOST=address
Change-Id: Iacefecac93df44823316624b4c540c24f643fb80
Check c.sanitize.inData() when deciding on install paths.
Don't set inData() for sanitized binaries.
Bug: 30773053
Change-Id: I24be75ccc1b25ae53f7f0a98d1632b30735d0931
and export the library name to make. Refactor the code a bit to avoid repeating the library name
multiple times.
Bug: 22033465
Test: Ran external/clang/build.py for aosp-llvm
Change-Id: I25eb3858eb92e1dd493b09524d559802551b2547
Disable coverage for static binaries where address sanitizer is
disabled, and disable coverage in the mutator when disabling address
sanitizer.
Bug: 29188876
Change-Id: Ia1a21878c3f34cd295a6dec49608c412eb09e7b1
For example , instead of trying to have libraryLinker inherit from
baseLinker and libraryCompiler inherit from baseCompiler, create a
single decorator object that wraps both baseLinker and baseCompiler.
Test: Builds, no unexpected changes to build.ninja
Change-Id: I2468adaea8466c203a240259ba5694b8b1df7a52
build/core/executable.mk has an extra check to disable asan for static
binaries, do the same in soong.
Bug: 30191800
Change-Id: Ia78063264f3280eb889ba9e45c45dd66e4c64a96
With this change, sanitize: { address: false } disables
SANITIZE_TARGET=address for one target.
Also rename SafeStack to Safestack, because the former can not be
used as a target property.
Bug: 27729263
With this change, sanitize: { address: false } disables
SANITIZE_TARGET=address for one target.
Also rename SafeStack to Safestack, because the former can not be
used as a target property.
Bug: 27729263
Change-Id: I20f55c0e62b2fdd191ba66c0f661a039109bd78f
Host builds don't have a separate place to install asan modules, so only
create a single variant for them.
Change-Id: I81f7090debd7935db778f8600d8cbc86dd53b1cb
Create both sanitized and unsanitized variants inside make builds with
sanitizers enabled. Only export the sanitized version to make, and
always install the sanitized version in /data to match the make build.
Change-Id: I5a17bcbddc7a9d871c929c84d3c116228ef3258f
Make expects libraries built with address sanitizer to be installed into
/data, and can't handle multiple variants of modules.
Change-Id: Ice575ff6f0788a88f296e7b3ee521a2b9771f55f
Add a new feature to cc modules that adds the cflags and libraries
necessary to implement AddressSanitizer, ThreadSanitizer, and
UndefinedBehaviorSanitizer.
Change-Id: Ibe5ffadc7ece56080a2521f2c7c00da9ef712584
