Commit graph

240 commits

Author SHA1 Message Date
Ivan Lozano
0c3a1efae4 Add integer_overflow sanitization build option.
Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and
unsigned integer overflow sanitization globally. This implements the
Soong side of the build option.

An additional build option is provided to control whether or not to run
in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the
same way that SANITIZE_TARGET does and currently only supports
'integer_overflow' as an option.

A default sanitizer blacklist is added to avoid applying sanitization
to functions that are likely to exhibit benign overflows.

Bug: 30969751
Test: Building with and without the new flags, device boot-up, tested
various permutations of controlling the new flags from build files.

Change-Id: Ibc8a8615d3132f1a23faaf1cb4861f24c5ef734a
2017-07-07 09:52:23 -07:00
Dan Austin
8241abba87 Update coverage sanitizer flags in soong
Update the coverage sanitizer flags in soong to use the new
flavor of coverage sanitization.

Bug: 63108942

Test: Fuzzer runs with coverage guards.
Change-Id: I2e817a5282cf7dab49aee6985743defd4fb74628
2017-06-29 08:55:13 -07:00
Jayant Chowdhary
9677e8c6ad Black-list for clang LibTooling Cflags.
Add a list of flags which are not understood by clang LibTooling tools
and filter them out of the Cflags the tools are invoked with.

Test: In frameworks/av, make libmedia vendor_available (this invokes
header-abi-dumper on this module), mm -j64.

Bug: 62447349

Change-Id: I46f017212b89f4331145c999103d0ed44da0abaf
2017-06-19 19:43:03 -07:00
Ivan Lozano
651275ba90 Add support for misc_undefined diagnostics
Setting Sanitize.Diag.Undefined to true does not enable diagnostics for
all possible UBSan sanitizers that might be declared in Sanitize.Misc_undefined
(specifically unsigned-integer-overflow and nullability-*). This adds an
equivalent Sanitize.Diag.Misc_undefined string array to allow diagnostics to
be enabled in these sanitizers.

Bug: 62546512
Test: make works and device boots.
Test: Tested an Android.bp generated binary with the new field enabling
unsigned-integer-overflow diagnostics.

Change-Id: I9aa7cb2555ab4f94ae1aa290715a617718d936ff
2017-06-19 10:11:56 -07:00
Evgenii Stepanov
c6482d69c2 Don't add -lrt on Darwin for sanitized targets.
Bug: 34719251

Change-Id: Iff81c4d891a2341a8152e5603391b55b0222ebd7
2017-06-07 16:19:17 -07:00
Evgenii Stepanov
76cee23144 Fix -fsanitize=integer not passed for soong builds.
Also filter out -Wl,--no-undefined for all host sanitizers, not just ASan.
UBSan on host defaults to no-trap (i.e. diagnostic mode), and that requires
the runtime library and runs into the same problem with undefined symbols as ASan.

Bug: 34719251
Test: Misc_undefined: ["integer"] on a soong target
Change-Id: I1fb4781f663a11f5f427d50c0bf9beb8e181cd5e
Merged-In: I1fb4781f663a11f5f427d50c0bf9beb8e181cd5e
(cherry picked from commit fe9bc1dccb)
2017-06-07 11:01:02 -07:00
Andreas Gampe
9707116867 Soong: Change Sanitize.Recover order
Add Sanitize.Order cflags after the general sanitizer options, so
it can override the global -fno-sanitize-recover=all.

Bug: 38128476
Test: m SANITIZE_HOST=address
Test: manual test
Change-Id: Ied5600507b66bd25d9d2a8bba428162ed4eb01e4
2017-05-08 23:37:51 +00:00
Colin Cross
8ff9ef4c30 Declare dependency on sanitizer runtime libraries
Moving the last users of a sanitizer runtime library to soong was
causing the runtime library to stop getting installed.  Declare
the dependency so make keeps installing it.

Test: builds
Change-Id: Ieeb9ad5c04ac8df0d1a74239da393dac5cab2b03
2017-05-08 15:57:05 -07:00
Vishwath Mohan
8f4fdd8f76 Disable CFI for ASAN targets. (Soong)
This CL disables CFI if both CFI and ASAN flags are enabled. This
allows ASAN to take precedence where needed, preventing build errors
that would otherwise arise.

Bug: 30227045
Test: SANITIZE_TARGET="address" m -j40
Change-Id: Id336bf2bf5498d4c3ea6492e36b366c76c06376e
2017-04-20 08:06:09 -07:00
Vishwath Mohan
1dd8839286 Refactor sanitized library on-disk layout - Soong.
This CL moves the location of ASAN-ified libraries on disk in the
following manner:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.

Change-Id: I06bf459260ec451d4495a02562f640ad622f34c2
2017-03-31 01:03:56 +00:00
Vishwath Mohan
7a5b46db91 Add ar flags for CFI enabled components in Soong.
CFI enabled components need ar to use the gold linker. This CL adds
that.

Bug: 36290748
Test: Enabling CFI for a Soong component builds without error.
Change-Id: Icbf78fa1ca0d845350516b4dd345b54fbb7ef847
2017-03-16 16:36:16 -07:00
Vishwath Mohan
f3918d37fb Blacklist code for CFI.
Adds the -fsanitize-blacklist option for CFI, using the built in
blacklist at external/compiler-rt/lib/cfi/cfi_blacklist.txt.

Also refactors the CFI cflags and ldflags into cc/makevars.go to
ensure they're consistent across Soong and make projects.

Bug: 30227045
Test: ENABLE_CFI=true m -j40 builds and boots.
Test: The blacklist prevents runtime errors that otherwise occur.
Change-Id: I91c5420478e7290061d89338a86abdef69c67fe2
2017-02-15 12:46:52 -08:00
Vishwath Mohan
6d67e6e68e Disble CFI for ARM32 processes.
This CL disables CFI for 32-bit ARM processes, which is broken due to
a compiler error in the most recent version of clang.

Bug: 35157333
Test: ENABLE_CFI=true m -j40 does not enable CFI for 32-bit processes
Change-Id: I52ccf60d91ff1a2af4cf024376b7d70f87040674
2017-02-08 19:46:27 -08:00
Evgenii Stepanov
a83fdacf7c Disable CFI on Mips and add -march to linkflags on ARM.
Mips toolchain does not have ld.gold.
ARM change is a workaround for LLVM r290384.

Bug: 33678192
Test: make ENABLE_CFI=1
Change-Id: I189ffd42760f0ea8d151717337b9355b37cb207b
2017-02-03 23:50:28 +00:00
Evgenii Stepanov
cb3f890263 Remove duplicate code.
Test: NFC
Change-Id: I63a1b1ee244c2ab015914e1879aefc3ba8f886b0
2017-02-03 13:25:03 -08:00
Evgenii Stepanov
774cb81796 Disable global coverage when a module disables asan.
With SANITIZE_TARGET="address coverage", if a module disables ASan
(address: false), it is left with just coverage, which is not
supported. In that case, disable coverage as well.

Bug: 33091541
Test: see above
Change-Id: Idcd04dad8cab7c7e2644d2408b1b8a381490e5af
2017-01-24 20:55:11 +00:00
Evgenii Stepanov
7ebf9fa3c9 Force Thumb for CFI targets.
Bug: 22033465
Test: bionic device tests
Change-Id: I672ccc970309631fa895b7134a32c0d403a2151e
2017-01-20 14:13:32 -08:00
Vishwath Mohan
1b017a76e1 Hide CFI behind a global flag.
This CL ensures that locally enabling CFI in a .bp file is not honored
unless it is enabled globally using ENABLE_CFI=true first, effectively
hiding it behind a flag.

Bug: 30227045
Bug: 22033465
Test: m -j40 works and device boots
Test: cfi is correctly honored only when the global flag is set.
Change-Id: Iccc6e4bf5e7828ab8ce6056f3e40922712faa0d8
2017-01-19 14:40:34 -08:00
Colin Cross
23ae82a2b2 Support sanitizing a single device arch
Allow specifying one or more architectures to sanitize for.  Defaults to
sanitizing all architectures.  Allows reducing the cost of sanitization
by only sanitizing half of the platform.

Bug: 29498013
Test: No change to build.ninja files with m -j SANITIZE_TARGET=address
Test: m -j SANITIZE_TARGET=address SANITIZE_TARGET_ARCH=arm
Test: nm -D $OUT/system/bin/app_process64 | grep asan, no asan symbols found
Change-Id: I972cccc2f19443895d47b44bd8104105f93ffb7d
2016-11-02 15:18:19 -07:00
Evgenii Stepanov
1e405e160a [soong] Enable LOCAL_SANITIZE:=cfi and add LOCAL_SANITIZE_DIAG.
LOCAL_SANITIZE_DIAG works for ubsan, too.

Bug: 22033465
Test: build a test target with cfi and diag { cfi } properties.

Change-Id: I9cd8e8df9b330430b321709d7f05b4da0294e771
2016-10-31 15:29:08 -07:00
Colin Cross
46974e2457 Don't pass -Wl,--no-undefined to host targets
Host builds were compiling without -Wl,--no-undefined because of an ASAN
issue.  Pass -Wl,--no-undefined for host builds unless sanitzers are
enabled.  Also fix LOCAL_ALLOW_UNDEFINED_SYMBOLS on darwin, where
disallowing undefined symbols is the default.

Test: m -j host
Test: m -j SANITIZE_HOST=address host
Bug: 32305815
Change-Id: Ia4bb305a50b1c1048b119f75726d52f82e21438c
2016-10-21 18:20:23 +00:00
Dan Willemsen
78ffeea24e Fix gofmt problems and add gofmt to preupload checks
Test: gofmt -d .
Test: <bad change>, repo upload
Change-Id: I5ca0676461616f166a842d307c600dc50a50ec48
2016-10-20 18:48:20 -07:00
Dan Willemsen
cbceaab39c Export asan configuration to make
Test: Ninja files for ASAN'd aosp_flounder-eng identical
Change-Id: Ib29cac0bc391dadd9ff27992c7b356415182767f
2016-10-13 23:46:10 +00:00
Colin Cross
b0f28957ae Support mixed ASAN and non-ASAN host builds
Host builds may build binaries that must have ASAN disabled.  Convert
host ASAN to use variants.  Since there is only one install location for
shared libraries, don't install the non-ASAN variant at all for now.

Test: mmma -j art SANITIZE_HOST=address
Change-Id: Iacefecac93df44823316624b4c540c24f643fb80
2016-09-19 16:50:35 -07:00
Colin Cross
9461040154 Fix installation path for asan libraries
Check c.sanitize.inData() when deciding on install paths.
Don't set inData() for sanitized binaries.

Bug: 30773053
Change-Id: I24be75ccc1b25ae53f7f0a98d1632b30735d0931
2016-08-29 13:50:24 -07:00
Evgenii Stepanov
af36db1178 Add ubsan_standalone library name to the toolchain.
and export the library name to make. Refactor the code a bit to avoid repeating the library name
multiple times.

Bug: 22033465
Test: Ran external/clang/build.py for aosp-llvm

Change-Id: I25eb3858eb92e1dd493b09524d559802551b2547
2016-08-15 17:05:04 -07:00
Colin Cross
91169fe8ea Fix coverage sanitizer builds
Disable coverage for static binaries where address sanitizer is
disabled, and disable coverage in the mutator when disabling address
sanitizer.

Bug: 29188876
Change-Id: Ia1a21878c3f34cd295a6dec49608c412eb09e7b1
2016-08-11 16:54:01 -07:00
Colin Cross
b916a38233 Refactor cc modules to use decorators instead of inheritance
For example , instead of trying to have libraryLinker inherit from
baseLinker and libraryCompiler inherit from baseCompiler, create a
single decorator object that wraps both baseLinker and baseCompiler.

Test: Builds, no unexpected changes to build.ninja
Change-Id: I2468adaea8466c203a240259ba5694b8b1df7a52
2016-08-05 10:25:09 -07:00
Colin Cross
b98c8b0595 Move toolchain and global variables into separate package
Move all of the configuration into a cc/config package

Change-Id: If56fc7242062ed1ce3cb297f78a1e0ef7537373c
2016-08-01 13:37:01 -07:00
Colin Cross
3c344ef29e Disable asan for static binaries
build/core/executable.mk has an extra check to disable asan for static
binaries, do the same in soong.

Bug: 30191800
Change-Id: Ia78063264f3280eb889ba9e45c45dd66e4c64a96
2016-07-18 16:14:12 -07:00
Colin Cross
263abbd5e9 Support global and local sanitizers
Mixing undefined and address sanitizers requires updating cflags.
Matches makefile change Ifee350da4877008fb061bc7f6c700e7fade405bc

Bug: 30163657
Change-Id: Iea4364b912b496400581a475bc79bd9b9c4dd76d
2016-07-15 13:12:58 -07:00
Evgenii Stepanov
fcfe56d194 Target sanitize properties can disable the global sanitizer.
With this change, sanitize: { address: false } disables
SANITIZE_TARGET=address for one target.

Also rename SafeStack to Safestack, because the former can not be
used as a target property.

Bug: 27729263
2016-07-07 10:54:42 -07:00
Evgenii Stepanov
05bafd3784 Revert "Target sanitize properties can disable the global sanitizer."
This reverts commit bb02886451.

Breaks SANITIZE_HOST=address

Change-Id: I9791a034e32a83d567b8739a7ec7b61890cb1b97
2016-07-07 17:38:41 +00:00
Evgenii Stepanov
bb02886451 Target sanitize properties can disable the global sanitizer.
With this change, sanitize: { address: false } disables
SANITIZE_TARGET=address for one target.

Also rename SafeStack to Safestack, because the former can not be
used as a target property.

Bug: 27729263
Change-Id: I20f55c0e62b2fdd191ba66c0f661a039109bd78f
2016-07-06 16:38:58 -07:00
Colin Cross
b36ab1a1a0 Fix sanitize host builds
Host builds don't have a separate place to install asan modules, so only
create a single variant for them.

Change-Id: I81f7090debd7935db778f8600d8cbc86dd53b1cb
2016-05-25 12:35:53 -07:00
Colin Cross
bc6fb16b26 Support sanitizer variants inside make builds
Create both sanitized and unsanitized variants inside make builds with
sanitizers enabled.  Only export the sanitized version to make, and
always install the sanitized version in /data to match the make build.

Change-Id: I5a17bcbddc7a9d871c929c84d3c116228ef3258f
2016-05-24 17:14:15 -07:00
Colin Cross
635c3b0157 Rename common to android
Rename the "common" package to "android", because common is too
generic.  Also removes all android.Android naming stutter.

Ran:
gomvpkg -from 'android/soong/common' -to 'android/soong/android'
gorename -from '"android/soong/android".AndroidModuleContext' -to 'ModuleContext'
gorename -from '"android/soong/android".AndroidBaseContext' -to 'BaseContext'
gorename -from '"android/soong/android".AndroidModuleBase' -to 'ModuleBase'
gorename -from '"android/soong/android".AndroidBottomUpMutatorContext' -to 'BottomUpMutatorContext'
gorename -from '"android/soong/android".AndroidTopDownMutatorContext' -to 'TopDownMutatorContext'
gorename -from '"android/soong/android".AndroidModule' -to 'Module'

Change-Id: I3b23590b8ce7c8a1ea1139411d84a53163288da7
2016-05-18 15:37:25 -07:00
Evgenii Stepanov
0a8a0d09d1 Support SANITIZE_TARGET=safe-stack in soong.
Change-Id: I570a7033ece82c5e76815dc1b81622b481930de4
2016-05-12 13:54:53 -07:00
Colin Cross
30d5f514dd Support sanitizer builds inside make
Make expects libraries built with address sanitizer to be installed into
/data, and can't handle multiple variants of modules.

Change-Id: Ice575ff6f0788a88f296e7b3ee521a2b9771f55f
2016-05-03 18:02:42 -07:00
Colin Cross
16b2349190 Add support for sanitizer property
Add a new feature to cc modules that adds the cflags and libraries
necessary to implement AddressSanitizer, ThreadSanitizer, and
UndefinedBehaviorSanitizer.

Change-Id: Ibe5ffadc7ece56080a2521f2c7c00da9ef712584
2016-04-21 16:42:08 -07:00