| # Copyright 2017 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/config/clang/clang.gni") |
| import("//build/config/sanitizers/sanitizer_default_options.gni") |
| import("//build/toolchain/variant.gni") |
| |
| variant("asan") { |
| common_flags = [ "-fsanitize=address" ] |
| cflags = [ |
| # See https://fxbug.dev/66129 and |
| # https://github.com/google/sanitizers/issues/1017. |
| "-mllvm", |
| "-asan-use-private-alias=1", |
| ] |
| |
| # TODO(phosek): use runtime.json instead of invoking Clang. |
| if (is_fuchsia) { |
| extension = ".so" |
| } else if (is_mac) { |
| extension = "_osx_dynamic.dylib" |
| } else { |
| extension = ".a" |
| } |
| |
| # For dynamic linking (Fuchsia and macOS), there is just one combined DSO. |
| # For static linking (other platforms), there are separate libraries for the |
| # generic (C) and C++-specific runtime support. |
| needed_asan_libs = [ "asan" ] |
| if (extension == ".a") { |
| needed_asan_libs += [ "asan_cxx" ] |
| } |
| rustflags = [] |
| foreach(asan, needed_asan_libs) { |
| libclang_rt_asan = |
| exec_script("/usr/bin/env", |
| [ |
| "${clang_prefix}/clang", |
| "--target=${clang_target}", |
| "-print-file-name=libclang_rt.${asan}${extension}", |
| ], |
| "trim string") |
| rustflags += [ "-Clink-arg=${libclang_rt_asan}" ] |
| } |
| if (is_fuchsia) { |
| rustflags += [ "-Clink-arg=-dynamic-linker=asan/ld.so.1" ] |
| } |
| |
| # ASan wants frame pointers because it captures stack traces |
| # on allocations and such, not just on errors. |
| configs = [ "//build/config:frame_pointers" ] |
| |
| if (is_kernel) { |
| configs += [ "//zircon/kernel/lib/instrumentation/asan:kasan" ] |
| } |
| |
| deps = [ ":asan_default_options" ] |
| } |
| |
| sanitizer_default_options("asan_default_options") { |
| # The asan runtime includes the lsan and ubsan runtimes, which parse their |
| # own options. |
| deps = [ |
| ":lsan_default_options", |
| ":ubsan_default_options", |
| ] |
| } |
| |
| sanitizer_default_options("lsan_default_options") { |
| } |
| |
| # TODO(fxbug.dev/45047): Temporary while leaks are plugged. |
| # As leak bugs are found, file a bug #nnnnn for the leaky test/component, |
| # and then add: |
| # ``` |
| # # TODO(nnnnn): Fix the leaks and remove this. |
| # deps += [ "//build/config/sanitizers:suppress-lsan.DO-NOT-USE-THIS" ] |
| # ``` |
| # to the target that builds the leaky code. When all leaky tests have been |
| # marked that way, the asan_default_options default above will be removed. |
| sanitizer_extra_options("suppress-lsan.DO-NOT-USE-THIS") { |
| visibility = [ |
| "//garnet/bin/cpuperf/tests/*", |
| "//garnet/bin/setui/*", |
| "//garnet/bin/trace/*", |
| "//garnet/bin/trace/tests/*", |
| "//sdk/lib/fit-promise/*", |
| "//sdk/lib/fit/test/*", |
| "//src/cobalt/bin/system-metrics/*", |
| "//src/connectivity/bluetooth/profiles/bt-a2dp-sink/*", |
| "//src/connectivity/bluetooth/profiles/bt-a2dp/*", |
| "//src/connectivity/weave/*", |
| "//src/developer/debug/debug_agent/*", |
| "//src/developer/forensics/feedback_data/tests/*", |
| "//src/developer/memory/monitor/tests/*", |
| "//src/developer/shell/josh/*", |
| "//src/developer/shell/mirror/*", |
| "//src/devices/sysmem/tests/sysmem/fuzz/*", |
| "//src/devices/usb/drivers/xhci-rewrite/*", |
| "//src/diagnostics/archivist/tests/logs/cpp/*", |
| "//src/fonts/font_info/*", |
| "//src/graphics/drivers/msd-intel-gen/tests/unit_tests/*", |
| "//src/graphics/lib/compute/*", |
| "//src/graphics/lib/compute/mold/*", |
| "//src/graphics/lib/compute/surpass/*", |
| "//src/graphics/tests/benchmark/*", |
| "//src/graphics/tests/vkext/*", |
| "//src/graphics/tests/vkloop/*", |
| "//src/lib/cmx/*", |
| "//src/lib/scoped_task/*", |
| "//src/lib/vulkan/tests/*", |
| "//src/lib/zircon/rust/*", |
| "//src/media/audio/drivers/intel-hda/controller/*", |
| "//src/media/playback/mediaplayer/*", |
| "//src/ui/examples/escher/test/*", |
| "//src/ui/input/drivers/hid-input-report/*", |
| "//src/ui/lib/escher/test/*", |
| "//src/ui/scenic/lib/flatland/buffers/tests/*", |
| "//src/ui/scenic/lib/flatland/renderer/tests/*", |
| "//src/ui/scenic/lib/input/tests/*", |
| "//src/ui/scenic/lib/input/tests/fuzzers/*", |
| "//third_party/crashpad/*", |
| "//third_party/mesa/src/intel/vulkan/tests/*", |
| "//third_party/openssh-portable/*", |
| "//third_party/rapidjson/*", |
| "//third_party/rust_crates/*", |
| "//tools/vboot_reference/*", |
| "//vendor/*", |
| "//zircon/system/ulib/elf-search/test/*", |
| "//zircon/system/ulib/lazy_init/test/*", |
| ] |
| |
| args = [ "detect_leaks=0" ] |
| output_name = "lsan_default_options" |
| tags = [ "lsan" ] |
| } |
| |
| # TODO(fxbug.dev/59214): Temporary while bugs are fixed. As stack-use-after-return bugs |
| # are found, file a bug #nnnnn for the buggy test/component, and then add: |
| # ``` |
| # # TODO(nnnnn): Fix the bugs and remove this. |
| # deps += [ "//build/config/sanitizers:suppress-asan-stack-use-after-return" ] |
| # ``` |
| sanitizer_extra_options("suppress-asan-stack-use-after-return") { |
| visibility = [ |
| # These tests need to check actual stack behavior, not fake stack. |
| "//zircon/system/ulib/c/test/sanitizer:*", |
| |
| # TODO(fxbug.dev/59214): allow only necessary third-party or TODO(bug-filed) cases |
| |
| # TODO(fxbug.dev/62979): fix input_unit_tests |
| "//src/lib/ui/input:gesture_tests", |
| |
| # TODO(fxbug.dev/62981): fix async-test-pkg |
| "//zircon/system/ulib/async/test:async", |
| |
| # TODO(fxbug.dev/62982): fix brcmfmac-sim-test |
| "//src/connectivity/wlan/drivers/third_party/broadcom/brcmfmac/sim/test:err_inject_test", |
| |
| # TODO(fxbug.dev/62984): fix gesture_recognizers_tests |
| "//src/ui/a11y/lib/gesture_manager/recognizers/tests:gesture_recognizers_tests", |
| ] |
| |
| args = [ "detect_stack_use_after_return=0" ] |
| output_name = "asan_default_options" |
| tags = [ "asan" ] |
| } |
| |
| # Disable the container overflow detection, which will create false positives |
| # if a part of the application is built with asan and another part is not. See |
| # https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow. |
| sanitizer_extra_options("suppress-asan-container-overflow") { |
| args = [ "detect_container_overflow=0" ] |
| output_name = "asan_default_options" |
| tags = [ "asan" ] |
| } |
| |
| # rustc flags for AddressSanitizer, primarily used for fuzzing Rust code. |
| # TODO(fxbug.dev/45102): This is technically wrong; it will use clang's ASan. |
| # rustc is built from a different fork of LLVM and should use a matching ASan. |
| # However, Fuchsia's libc and dynamic linker cooperate to set up the shadow |
| # memory and currently always link against clang's ASan. Using both rustc and |
| # clang's ASan would also be infeasible, as symbol names and shadow memory |
| # regions would conflict. |
| # |
| # Thus, variants using this config currently IGNORE the potential ABI |
| # incompatibility and simply use clang's ASan. If/when this breaks, these |
| # test-only variants should be disabled until a resolution can be found. |
| # |
| # Additionally, variants using this config CANNOT be used on binaries linked |
| # by rustc, as it will fail to find its runtime. It CAN be used to build |
| # libraries with rustc that are then linked into executables by clang, e.g. |
| # fuzzers. |
| variant("rust-asan") { |
| rustflags = [ "-Zsanitizer=address" ] |
| } |
| |
| variant("ubsan") { |
| common_flags = [ "-fsanitize=undefined" ] |
| |
| if (is_fuchsia) { |
| dynamic_linker_flags = |
| "-dynamic-linker=${toolchain_variant.libprefix}ld.so.1" |
| ldflags = [ "-Wl,$dynamic_linker_flags" ] |
| rustflags = [ "-Clink-arg=$dynamic_linker_flags" ] |
| } |
| |
| if (is_host) { |
| # TODO(fxbug.dev/60446): remove this once LLVM prebuilts have variants |
| # Disable vptr checks on host binaries. |
| # This is a temporary hack around the facts that: |
| # 1) UBSan's vptr check requires RTTI, and mixing RTTI and no-RTTI TUs in |
| # the same binary leads to spurious UBSan failures |
| # 2) we have non-variant prebuilts for LLVM, which lack RTTI |
| # 3) we have binaries that depend on both these LLVM prebuilts and other libraries |
| # Disabling this check on host tools for now allows us to enable UBSan on |
| # host tools, which is a net win. |
| common_flags += [ "-fno-sanitize=vptr" ] |
| } |
| |
| # If asan is also in use, it handles ubsan_default_options indirectly. |
| if (toolchain_variant.tags + [ "asan" ] - [ "asan" ] == |
| toolchain_variant.tags) { |
| deps = [ ":ubsan_default_options" ] |
| } |
| } |
| |
| sanitizer_default_options("ubsan_default_options") { |
| } |
| |
| variant("sancov") { |
| common_flags = [ "-fsanitize-coverage=trace-pc-guard" ] |
| } |