Google Git
Sign in
fuchsia / fuchsia / cfef5042b7b9976bc7e0ed8c11f005ee41d1b7b9 / . / build / config / sanitizers / BUILD.gn
blob: 55d60646af65b95d1403e9b2ab75788bc3442def [file] [log] [blame]
# Copyright 2017 The Fuchsia Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/config/clang/clang.gni")
import("//build/toolchain/variant.gni")
import(
"//zircon/public/gn/config/instrumentation/sanitizer_default_options.gni")
variant("asan") {
common_flags = [ "-fsanitize=address" ]
cflags = [
# See https://fxbug.dev/66129 and
# https://github.com/google/sanitizers/issues/1017.
"-mllvm",
"-asan-use-private-alias=1",
]
# TODO(phosek): use runtime.json instead of invoking Clang.
if (is_fuchsia) {
extension = ".so"
} else if (is_mac) {
extension = "_osx_dynamic.dylib"
} else {
extension = ".a"
}
# For dynamic linking (Fuchsia and macOS), there is just one combined DSO.
# For static linking (other platforms), there are separate libraries for the
# generic (C) and C++-specific runtime support.
needed_asan_libs = [ "asan" ]
if (extension == ".a") {
needed_asan_libs += [ "asan_cxx" ]
}
rustflags = []
foreach(asan, needed_asan_libs) {
libclang_rt_asan =
exec_script("/usr/bin/env",
[
"${clang_prefix}/clang",
"--target=${clang_target}",
"-print-file-name=libclang_rt.${asan}${extension}",
],
"trim string")
rustflags += [ "-Clink-arg=${libclang_rt_asan}" ]
}
if (is_fuchsia) {
rustflags += [ "-Clink-arg=-dynamic-linker=asan/ld.so.1" ]
}
# ASan wants frame pointers because it captures stack traces
# on allocations and such, not just on errors.
configs = [ "//build/config:frame_pointers" ]
deps = [ ":asan_default_options" ]
}
sanitizer_default_options("asan_default_options") {
# The asan runtime includes the lsan and ubsan runtimes, which parse their
# own options.
deps = [
":lsan_default_options",
":ubsan_default_options",
]
}
sanitizer_default_options("lsan_default_options") {
}
# TODO(fxbug.dev/45047): Temporary while leaks are plugged.
# As leak bugs are found, file a bug #nnnnn for the leaky test/component,
# and then add:
# ```
# # TODO(nnnnn): Fix the leaks and remove this.
# deps += [ "//build/config/sanitizers:suppress-lsan.DO-NOT-USE-THIS" ]
# ```
# to the target that builds the leaky code. When all leaky tests have been
# marked that way, the asan_default_options default above will be removed.
sanitizer_extra_options("suppress-lsan.DO-NOT-USE-THIS") {
visibility = [
"//garnet/bin/cpuperf/tests/*",
"//garnet/bin/setui/*",
"//garnet/bin/trace/*",
"//garnet/bin/trace/tests/*",
"//src/connectivity/bluetooth/profiles/bt-a2dp-sink/*",
"//src/connectivity/bluetooth/profiles/bt-a2dp/*",
"//src/connectivity/weave/*",
"//src/developer/debug/debug_agent/*",
"//src/developer/memory/monitor/tests/*",
"//src/developer/shell/mirror/*",
"//src/devices/sysmem/tests/sysmem/fuzz/*",
"//src/devices/usb/drivers/xhci-rewrite/*",
"//src/fonts/font_info/*",
"//src/graphics/drivers/msd-intel-gen/tests/unit_tests/*",
"//src/graphics/lib/compute/*",
"//src/graphics/lib/compute/mold/*",
"//src/graphics/lib/compute/surpass/*",
"//src/graphics/tests/benchmark/*",
"//src/graphics/tests/vkext/*",
"//src/graphics/tests/vkloop/*",
"//src/lib/cmx/*",
"//src/lib/scoped_task/*",
"//src/lib/vulkan/tests/*",
"//src/lib/zircon/rust/*",
"//src/media/audio/drivers/intel-hda/controller/*",
"//src/media/playback/mediaplayer/*",
"//src/ui/examples/escher/test/*",
"//src/ui/input/drivers/hid-input-report/*",
"//src/ui/lib/escher/test/*",
"//src/ui/scenic/lib/flatland/buffers/tests/*",
"//src/ui/scenic/lib/flatland/renderer/tests/*",
"//src/ui/scenic/lib/input/tests/*",
"//src/ui/scenic/lib/input/tests/fuzzers/*",
"//third_party/crashpad/*",
"//third_party/mesa/src/intel/vulkan/tests/*",
"//third_party/openssh-portable/*",
"//third_party/rust_crates/*",
"//vendor/*",
"//zircon/system/ulib/elf-search/test/*",
"//zircon/system/ulib/fit/test/*",
"//zircon/system/ulib/lazy_init/test/*",
"//zircon/third_party/rapidjson/*",
]
args = [ "detect_leaks=0" ]
output_name = "lsan_default_options"
tags = [ "lsan" ]
}
# TODO(fxbug.dev/59214): Temporary while bugs are fixed. As stack-use-after-return bugs
# are found, file a bug #nnnnn for the buggy test/component, and then add:
# ```
# # TODO(nnnnn): Fix the bugs and remove this.
# deps += [ "//build/config/sanitizers:suppress-asan-stack-use-after-return" ]
# ```
sanitizer_extra_options("suppress-asan-stack-use-after-return") {
visibility = [
# These tests need to check actual stack behavior, not fake stack.
"//zircon/system/ulib/c/test/sanitizer:*",
# TODO(fxbug.dev/59214): allow only necessary third-party or TODO(bug-filed) cases
# TODO(fxbug.dev/59214): These are constrained indirectly via the target of the same
# name in $zx/public/gn/config/instrumentation.
"//zircon/public/lib/*",
# TODO(fxbug.dev/62979): fix input_unit_tests
"//src/lib/ui/input:gesture_tests",
# TODO(fxbug.dev/62981): fix async-test-pkg
"//zircon/system/ulib/async/test:async",
# TODO(fxbug.dev/62982): fix brcmfmac-sim-test
"//src/connectivity/wlan/drivers/third_party/broadcom/brcmfmac/sim/test:err_inject_test",
# TODO(fxbug.dev/62984): fix gesture_recognizers_tests
"//src/ui/a11y/lib/gesture_manager/recognizers/tests:gesture_recognizers_tests",
]
args = [ "detect_stack_use_after_return=0" ]
output_name = "asan_default_options"
tags = [ "asan" ]
}
# Disable the container overflow detection, which will create false positives
# if a part of the application is built with asan and another part is not. See
# https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
sanitizer_extra_options("suppress-asan-container-overflow") {
args = [ "detect_container_overflow=0" ]
output_name = "asan_default_options"
tags = [ "asan" ]
}
# rustc flags for AddressSanitizer, primarily used for fuzzing Rust code.
# TODO(fxbug.dev/45102): This is technically wrong; it will use clang's ASan.
# rustc is built from a different fork of LLVM and should use a matching ASan.
# However, Fuchsia's libc and dynamic linker cooperate to set up the shadow
# memory and currently always link against clang's ASan. Using both rustc and
# clang's ASan would also be infeasible, as symbol names and shadow memory
# regions would conflict.
#
# Thus, variants using this config currently IGNORE the potential ABI
# incompatibility and simply use clang's ASan. If/when this breaks, these
# test-only variants should be disabled until a resolution can be found.
#
# Additionally, variants using this config CANNOT be used on binaries linked
# by rustc, as it will fail to find its runtime. It CAN be used to build
# libraries with rustc that are then linked into executables by clang, e.g.
# fuzzers.
variant("rust-asan") {
rustflags = [ "-Zsanitizer=address" ]
}
variant("ubsan") {
common_flags = [ "-fsanitize=undefined" ]
if (is_fuchsia) {
libprefix = toolchain_variant.name
if (libprefix == "ubsan-fuzzer") {
# Fuchsia-built fuzzers don't have their own separate libprefix.
# They just use the base variant.
libprefix = "ubsan"
}
dynamic_linker_flags = "-dynamic-linker=$libprefix/ld.so.1"
ldflags = [ "-Wl,$dynamic_linker_flags" ]
rustflags = [ "-Clink-arg=$dynamic_linker_flags" ]
}
if (is_host) {
# TODO(fxbug.dev/60446): remove this once LLVM prebuilts have variants
# Disable vptr checks on host binaries.
# This is a temporary hack around the facts that:
# 1) UBSan's vptr check requires RTTI, and mixing RTTI and no-RTTI TUs in
# the same binary leads to spurious UBSan failures
# 2) we have non-variant prebuilts for LLVM, which lack RTTI
# 3) we have binaries that depend on both these LLVM prebuilts and other libraries
# Disabling this check on host tools for now allows us to enable UBSan on
# host tools, which is a net win.
common_flags += [ "-fno-sanitize=vptr" ]
}
# If asan is also in use, it handles ubsan_default_options indirectly.
if (toolchain_variant.tags + [ "asan" ] - [ "asan" ] ==
toolchain_variant.tags) {
deps = [ ":ubsan_default_options" ]
}
}
sanitizer_default_options("ubsan_default_options") {
}
variant("sancov") {
common_flags = [ "-fsanitize-coverage=trace-pc-guard" ]
}