1*8975f5c5SAndroid Build Coastguard Worker# Copyright 2014 The Chromium Authors 2*8975f5c5SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 3*8975f5c5SAndroid Build Coastguard Worker# found in the LICENSE file. 4*8975f5c5SAndroid Build Coastguard Worker 5*8975f5c5SAndroid Build Coastguard Workerimport("//build/config/cast.gni") 6*8975f5c5SAndroid Build Coastguard Workerimport("//build/config/chrome_build.gni") 7*8975f5c5SAndroid Build Coastguard Workerimport("//build/config/clang/clang.gni") 8*8975f5c5SAndroid Build Coastguard Workerimport("//build/config/rust.gni") 9*8975f5c5SAndroid Build Coastguard Workerimport("//build/config/sanitizers/sanitizers.gni") 10*8975f5c5SAndroid Build Coastguard Workerimport("//build/toolchain/toolchain.gni") 11*8975f5c5SAndroid Build Coastguard Workerimport("//build_overrides/build.gni") 12*8975f5c5SAndroid Build Coastguard Worker 13*8975f5c5SAndroid Build Coastguard Workerif (is_ios) { 14*8975f5c5SAndroid Build Coastguard Worker import("//build/config/apple/mobile_config.gni") 15*8975f5c5SAndroid Build Coastguard Worker} 16*8975f5c5SAndroid Build Coastguard Worker 17*8975f5c5SAndroid Build Coastguard Worker# libfuzzer can't cope with shared objects being unloaded, which sometimes 18*8975f5c5SAndroid Build Coastguard Worker# occurs for large fuzzers that involve our graphics stack. Shim out dlclose 19*8975f5c5SAndroid Build Coastguard Worker# so that this doesn't occur. 20*8975f5c5SAndroid Build Coastguard Worker# 21*8975f5c5SAndroid Build Coastguard Worker# dlclose() is defined by POSIX, making `is_posix` a tempting condition to use. 22*8975f5c5SAndroid Build Coastguard Worker# However the linker does not necessarily support `-wrap` on all POSIX 23*8975f5c5SAndroid Build Coastguard Worker# platforms, hence the restriction to Linux and ChromeOS. We might eventually 24*8975f5c5SAndroid Build Coastguard Worker# want to disable shared library unloading on all platforms, but we have not 25*8975f5c5SAndroid Build Coastguard Worker# noticed a need for it as the known-affected large fuzzers only run on Linux. 26*8975f5c5SAndroid Build Coastguard Workeruse_dlcloseshim = use_libfuzzer && (is_linux || is_chromeos) 27*8975f5c5SAndroid Build Coastguard Worker 28*8975f5c5SAndroid Build Coastguard Worker# Contains the dependencies needed for sanitizers to link into executables and 29*8975f5c5SAndroid Build Coastguard Worker# shared_libraries. 30*8975f5c5SAndroid Build Coastguard Workergroup("deps") { 31*8975f5c5SAndroid Build Coastguard Worker deps = [] 32*8975f5c5SAndroid Build Coastguard Worker data = [] 33*8975f5c5SAndroid Build Coastguard Worker if (using_sanitizer) { 34*8975f5c5SAndroid Build Coastguard Worker public_configs = [ 35*8975f5c5SAndroid Build Coastguard Worker # Even when a target removes default_sanitizer_flags, it may be depending 36*8975f5c5SAndroid Build Coastguard Worker # on a library that did not remove default_sanitizer_flags. Thus, we need 37*8975f5c5SAndroid Build Coastguard Worker # to add the ldflags here as well as in default_sanitizer_flags. 38*8975f5c5SAndroid Build Coastguard Worker ":default_sanitizer_ldflags", 39*8975f5c5SAndroid Build Coastguard Worker ] 40*8975f5c5SAndroid Build Coastguard Worker if (!is_fuchsia) { 41*8975f5c5SAndroid Build Coastguard Worker if (is_win) { 42*8975f5c5SAndroid Build Coastguard Worker exe = ".exe" 43*8975f5c5SAndroid Build Coastguard Worker } else { 44*8975f5c5SAndroid Build Coastguard Worker exe = "" 45*8975f5c5SAndroid Build Coastguard Worker } 46*8975f5c5SAndroid Build Coastguard Worker data += [ 47*8975f5c5SAndroid Build Coastguard Worker "//tools/valgrind/asan/", 48*8975f5c5SAndroid Build Coastguard Worker "$clang_base_path/bin/llvm-symbolizer${exe}", 49*8975f5c5SAndroid Build Coastguard Worker ] 50*8975f5c5SAndroid Build Coastguard Worker } 51*8975f5c5SAndroid Build Coastguard Worker if (is_asan || is_lsan || is_msan || is_tsan || is_ubsan_any) { 52*8975f5c5SAndroid Build Coastguard Worker public_configs += [ ":sanitizer_options_link_helper" ] 53*8975f5c5SAndroid Build Coastguard Worker deps += [ ":options_sources" ] 54*8975f5c5SAndroid Build Coastguard Worker } 55*8975f5c5SAndroid Build Coastguard Worker if (use_prebuilt_instrumented_libraries || 56*8975f5c5SAndroid Build Coastguard Worker use_locally_built_instrumented_libraries) { 57*8975f5c5SAndroid Build Coastguard Worker deps += [ "//third_party/instrumented_libs:deps" ] 58*8975f5c5SAndroid Build Coastguard Worker } 59*8975f5c5SAndroid Build Coastguard Worker } 60*8975f5c5SAndroid Build Coastguard Worker if (fail_on_san_warnings) { 61*8975f5c5SAndroid Build Coastguard Worker data += [ "//tools/memory/sanitizer/escalate_sanitizer_warnings.py" ] 62*8975f5c5SAndroid Build Coastguard Worker } 63*8975f5c5SAndroid Build Coastguard Worker if (is_asan || is_ubsan_any) { 64*8975f5c5SAndroid Build Coastguard Worker if (is_win || is_apple) { 65*8975f5c5SAndroid Build Coastguard Worker data_deps = [ ":copy_sanitizer_runtime" ] 66*8975f5c5SAndroid Build Coastguard Worker } 67*8975f5c5SAndroid Build Coastguard Worker if (is_apple) { 68*8975f5c5SAndroid Build Coastguard Worker public_deps = [ ":sanitizer_runtime_bundle_data" ] 69*8975f5c5SAndroid Build Coastguard Worker } 70*8975f5c5SAndroid Build Coastguard Worker } 71*8975f5c5SAndroid Build Coastguard Worker if (use_centipede || enable_fuzztest_fuzz) { 72*8975f5c5SAndroid Build Coastguard Worker # For executables which aren't actual fuzzers, we need stubs for 73*8975f5c5SAndroid Build Coastguard Worker # the sanitizer coverage symbols, because we'll still be generating 74*8975f5c5SAndroid Build Coastguard Worker # .o files which depend on them. 75*8975f5c5SAndroid Build Coastguard Worker deps += [ "//third_party/fuzztest:centipede_weak_sancov_stubs" ] 76*8975f5c5SAndroid Build Coastguard Worker } 77*8975f5c5SAndroid Build Coastguard Worker} 78*8975f5c5SAndroid Build Coastguard Worker 79*8975f5c5SAndroid Build Coastguard Workerassert(!(is_win && is_asan && current_cpu == "x86"), 80*8975f5c5SAndroid Build Coastguard Worker "ASan is only supported in 64-bit builds on Windows.") 81*8975f5c5SAndroid Build Coastguard Worker 82*8975f5c5SAndroid Build Coastguard Workerif ((is_apple || is_win) && (is_asan || is_ubsan_any)) { 83*8975f5c5SAndroid Build Coastguard Worker if (is_mac || (is_ios && target_environment == "catalyst")) { 84*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 85*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.asan_osx_dynamic.dylib" 86*8975f5c5SAndroid Build Coastguard Worker } else { 87*8975f5c5SAndroid Build Coastguard Worker assert(is_ubsan_any) 88*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.ubsan_osx_dynamic.dylib" 89*8975f5c5SAndroid Build Coastguard Worker } 90*8975f5c5SAndroid Build Coastguard Worker } else if (is_ios) { 91*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 92*8975f5c5SAndroid Build Coastguard Worker if (target_environment == "simulator") { 93*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.asan_iossim_dynamic.dylib" 94*8975f5c5SAndroid Build Coastguard Worker } else { 95*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.asan_ios_dynamic.dylib" 96*8975f5c5SAndroid Build Coastguard Worker } 97*8975f5c5SAndroid Build Coastguard Worker } else { 98*8975f5c5SAndroid Build Coastguard Worker assert(is_ubsan_any) 99*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.ubsan_iossim_dynamic.dylib" 100*8975f5c5SAndroid Build Coastguard Worker } 101*8975f5c5SAndroid Build Coastguard Worker } else if (is_win && current_cpu == "x64") { 102*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 103*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-x86_64.dll" 104*8975f5c5SAndroid Build Coastguard Worker } else { 105*8975f5c5SAndroid Build Coastguard Worker assert(is_ubsan_any) 106*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_path = "windows/clang_rt.ubsan_dynamic-x86_64.dll" 107*8975f5c5SAndroid Build Coastguard Worker } 108*8975f5c5SAndroid Build Coastguard Worker } 109*8975f5c5SAndroid Build Coastguard Worker 110*8975f5c5SAndroid Build Coastguard Worker _clang_rt_dso_full_path = 111*8975f5c5SAndroid Build Coastguard Worker "$clang_base_path/lib/clang/$clang_version/lib/$_clang_rt_dso_path" 112*8975f5c5SAndroid Build Coastguard Worker 113*8975f5c5SAndroid Build Coastguard Worker if (!is_ios) { 114*8975f5c5SAndroid Build Coastguard Worker copy("copy_sanitizer_runtime") { 115*8975f5c5SAndroid Build Coastguard Worker sources = [ _clang_rt_dso_full_path ] 116*8975f5c5SAndroid Build Coastguard Worker outputs = [ "$root_out_dir/{{source_file_part}}" ] 117*8975f5c5SAndroid Build Coastguard Worker } 118*8975f5c5SAndroid Build Coastguard Worker } else { 119*8975f5c5SAndroid Build Coastguard Worker # On iOS, the runtime library need to be code signed (adhoc signature) 120*8975f5c5SAndroid Build Coastguard Worker # starting with Xcode 8, so use an action instead of a copy on iOS. 121*8975f5c5SAndroid Build Coastguard Worker action("copy_sanitizer_runtime") { 122*8975f5c5SAndroid Build Coastguard Worker script = "//build/config/apple/codesign.py" 123*8975f5c5SAndroid Build Coastguard Worker sources = [ _clang_rt_dso_full_path ] 124*8975f5c5SAndroid Build Coastguard Worker outputs = [ "$root_out_dir/" + get_path_info(sources[0], "file") ] 125*8975f5c5SAndroid Build Coastguard Worker args = [ 126*8975f5c5SAndroid Build Coastguard Worker "code-sign-file", 127*8975f5c5SAndroid Build Coastguard Worker "--identity=" + ios_code_signing_identity, 128*8975f5c5SAndroid Build Coastguard Worker "--output=" + rebase_path(outputs[0], root_build_dir), 129*8975f5c5SAndroid Build Coastguard Worker rebase_path(sources[0], root_build_dir), 130*8975f5c5SAndroid Build Coastguard Worker ] 131*8975f5c5SAndroid Build Coastguard Worker } 132*8975f5c5SAndroid Build Coastguard Worker } 133*8975f5c5SAndroid Build Coastguard Worker 134*8975f5c5SAndroid Build Coastguard Worker if (is_apple) { 135*8975f5c5SAndroid Build Coastguard Worker bundle_data("sanitizer_runtime_bundle_data") { 136*8975f5c5SAndroid Build Coastguard Worker sources = get_target_outputs(":copy_sanitizer_runtime") 137*8975f5c5SAndroid Build Coastguard Worker outputs = [ "{{bundle_executable_dir}}/{{source_file_part}}" ] 138*8975f5c5SAndroid Build Coastguard Worker public_deps = [ ":copy_sanitizer_runtime" ] 139*8975f5c5SAndroid Build Coastguard Worker } 140*8975f5c5SAndroid Build Coastguard Worker } 141*8975f5c5SAndroid Build Coastguard Worker} 142*8975f5c5SAndroid Build Coastguard Worker 143*8975f5c5SAndroid Build Coastguard Workerconfig("sanitizer_options_link_helper") { 144*8975f5c5SAndroid Build Coastguard Worker if (is_apple) { 145*8975f5c5SAndroid Build Coastguard Worker ldflags = [ "-Wl,-u,__sanitizer_options_link_helper" ] 146*8975f5c5SAndroid Build Coastguard Worker } else if (!is_win) { 147*8975f5c5SAndroid Build Coastguard Worker ldflags = [ "-Wl,-u_sanitizer_options_link_helper" ] 148*8975f5c5SAndroid Build Coastguard Worker } 149*8975f5c5SAndroid Build Coastguard Worker} 150*8975f5c5SAndroid Build Coastguard Worker 151*8975f5c5SAndroid Build Coastguard Workerstatic_library("options_sources") { 152*8975f5c5SAndroid Build Coastguard Worker # This is a static_library instead of a source_set, as it shouldn't be 153*8975f5c5SAndroid Build Coastguard Worker # unconditionally linked into targets. 154*8975f5c5SAndroid Build Coastguard Worker visibility = [ 155*8975f5c5SAndroid Build Coastguard Worker ":deps", 156*8975f5c5SAndroid Build Coastguard Worker "//:gn_all", 157*8975f5c5SAndroid Build Coastguard Worker ] 158*8975f5c5SAndroid Build Coastguard Worker sources = [ "//build/sanitizers/sanitizer_options.cc" ] 159*8975f5c5SAndroid Build Coastguard Worker 160*8975f5c5SAndroid Build Coastguard Worker # Don't compile this target with any sanitizer code. It can be called from 161*8975f5c5SAndroid Build Coastguard Worker # the sanitizer runtimes, so instrumenting these functions could cause 162*8975f5c5SAndroid Build Coastguard Worker # recursive calls into the runtime if there is an error. 163*8975f5c5SAndroid Build Coastguard Worker configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] 164*8975f5c5SAndroid Build Coastguard Worker 165*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 166*8975f5c5SAndroid Build Coastguard Worker if (!defined(asan_suppressions_file)) { 167*8975f5c5SAndroid Build Coastguard Worker asan_suppressions_file = "//build/sanitizers/asan_suppressions.cc" 168*8975f5c5SAndroid Build Coastguard Worker } 169*8975f5c5SAndroid Build Coastguard Worker sources += [ asan_suppressions_file ] 170*8975f5c5SAndroid Build Coastguard Worker } 171*8975f5c5SAndroid Build Coastguard Worker 172*8975f5c5SAndroid Build Coastguard Worker if (is_lsan) { 173*8975f5c5SAndroid Build Coastguard Worker if (!defined(lsan_suppressions_file)) { 174*8975f5c5SAndroid Build Coastguard Worker lsan_suppressions_file = "//build/sanitizers/lsan_suppressions.cc" 175*8975f5c5SAndroid Build Coastguard Worker } 176*8975f5c5SAndroid Build Coastguard Worker sources += [ lsan_suppressions_file ] 177*8975f5c5SAndroid Build Coastguard Worker } 178*8975f5c5SAndroid Build Coastguard Worker 179*8975f5c5SAndroid Build Coastguard Worker if (is_tsan) { 180*8975f5c5SAndroid Build Coastguard Worker if (!defined(tsan_suppressions_file)) { 181*8975f5c5SAndroid Build Coastguard Worker tsan_suppressions_file = "//build/sanitizers/tsan_suppressions.cc" 182*8975f5c5SAndroid Build Coastguard Worker } 183*8975f5c5SAndroid Build Coastguard Worker sources += [ tsan_suppressions_file ] 184*8975f5c5SAndroid Build Coastguard Worker } 185*8975f5c5SAndroid Build Coastguard Worker} 186*8975f5c5SAndroid Build Coastguard Worker 187*8975f5c5SAndroid Build Coastguard Workerif (use_dlcloseshim) { 188*8975f5c5SAndroid Build Coastguard Worker source_set("dlclose_shim") { 189*8975f5c5SAndroid Build Coastguard Worker sources = [ "//build/sanitizers/dlcloseshim.c" ] 190*8975f5c5SAndroid Build Coastguard Worker } 191*8975f5c5SAndroid Build Coastguard Worker} else { 192*8975f5c5SAndroid Build Coastguard Worker group("dlclose_shim") { 193*8975f5c5SAndroid Build Coastguard Worker deps = [] 194*8975f5c5SAndroid Build Coastguard Worker } 195*8975f5c5SAndroid Build Coastguard Worker} 196*8975f5c5SAndroid Build Coastguard Worker 197*8975f5c5SAndroid Build Coastguard Worker# Applies linker flags necessary when either :deps or :default_sanitizer_flags 198*8975f5c5SAndroid Build Coastguard Worker# are used. 199*8975f5c5SAndroid Build Coastguard Workerconfig("default_sanitizer_ldflags") { 200*8975f5c5SAndroid Build Coastguard Worker visibility = [ 201*8975f5c5SAndroid Build Coastguard Worker ":default_sanitizer_flags", 202*8975f5c5SAndroid Build Coastguard Worker ":deps", 203*8975f5c5SAndroid Build Coastguard Worker 204*8975f5c5SAndroid Build Coastguard Worker # https://crbug.com/360158. 205*8975f5c5SAndroid Build Coastguard Worker "//tools/ipc_fuzzer/fuzzer:ipc_fuzzer", 206*8975f5c5SAndroid Build Coastguard Worker ] 207*8975f5c5SAndroid Build Coastguard Worker 208*8975f5c5SAndroid Build Coastguard Worker if (is_posix || is_fuchsia) { 209*8975f5c5SAndroid Build Coastguard Worker sanitizers = [] # sanitizers applicable to both clang and rustc 210*8975f5c5SAndroid Build Coastguard Worker ldflags = [] 211*8975f5c5SAndroid Build Coastguard Worker rustflags = [] 212*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 213*8975f5c5SAndroid Build Coastguard Worker sanitizers += [ "address" ] 214*8975f5c5SAndroid Build Coastguard Worker } 215*8975f5c5SAndroid Build Coastguard Worker if (is_hwasan) { 216*8975f5c5SAndroid Build Coastguard Worker sanitizers += [ "hwaddress" ] 217*8975f5c5SAndroid Build Coastguard Worker } 218*8975f5c5SAndroid Build Coastguard Worker if (is_lsan) { 219*8975f5c5SAndroid Build Coastguard Worker # In Chromium, is_lsan always implies is_asan. ASAN includes LSAN. 220*8975f5c5SAndroid Build Coastguard Worker # It seems harmless to pass both options to clang, but it doesn't 221*8975f5c5SAndroid Build Coastguard Worker # work on rustc, so apply this option to clang only. 222*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=leak" ] 223*8975f5c5SAndroid Build Coastguard Worker } 224*8975f5c5SAndroid Build Coastguard Worker if (is_tsan) { 225*8975f5c5SAndroid Build Coastguard Worker sanitizers += [ "thread" ] 226*8975f5c5SAndroid Build Coastguard Worker } 227*8975f5c5SAndroid Build Coastguard Worker if (is_msan) { 228*8975f5c5SAndroid Build Coastguard Worker sanitizers += [ "memory" ] 229*8975f5c5SAndroid Build Coastguard Worker } 230*8975f5c5SAndroid Build Coastguard Worker if (is_ubsan || is_ubsan_security) { 231*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=undefined" ] 232*8975f5c5SAndroid Build Coastguard Worker } 233*8975f5c5SAndroid Build Coastguard Worker if (is_ubsan_vptr) { 234*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=vptr" ] 235*8975f5c5SAndroid Build Coastguard Worker } 236*8975f5c5SAndroid Build Coastguard Worker foreach(sanitizer, sanitizers) { 237*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=$sanitizer" ] 238*8975f5c5SAndroid Build Coastguard Worker rustflags += [ "-Zsanitizer=$sanitizer" ] 239*8975f5c5SAndroid Build Coastguard Worker } 240*8975f5c5SAndroid Build Coastguard Worker 241*8975f5c5SAndroid Build Coastguard Worker if (use_sanitizer_coverage) { 242*8975f5c5SAndroid Build Coastguard Worker if (use_libfuzzer) { 243*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=fuzzer-no-link" ] 244*8975f5c5SAndroid Build Coastguard Worker if (is_mac) { 245*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40611636): on macOS, dead code stripping does not work 246*8975f5c5SAndroid Build Coastguard Worker # well with `pc-table` instrumentation enabled by `fuzzer-no-link`. 247*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fno-sanitize-coverage=pc-table" ] 248*8975f5c5SAndroid Build Coastguard Worker } 249*8975f5c5SAndroid Build Coastguard Worker } else { 250*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ] 251*8975f5c5SAndroid Build Coastguard Worker } 252*8975f5c5SAndroid Build Coastguard Worker if (is_mac && use_centipede) { 253*8975f5c5SAndroid Build Coastguard Worker # OS X linking doesn't allow undefined symbols at link time 254*8975f5c5SAndroid Build Coastguard Worker # and in a component build, component shared objects will 255*8975f5c5SAndroid Build Coastguard Worker # need to use this symbol to report control flow coverage 256*8975f5c5SAndroid Build Coastguard Worker # to the main binary 257*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-Wl,-undefined,dynamic_lookup" ] 258*8975f5c5SAndroid Build Coastguard Worker } 259*8975f5c5SAndroid Build Coastguard Worker } 260*8975f5c5SAndroid Build Coastguard Worker 261*8975f5c5SAndroid Build Coastguard Worker if (is_cfi && current_toolchain == default_toolchain) { 262*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=cfi-vcall" ] 263*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_cast) { 264*8975f5c5SAndroid Build Coastguard Worker ldflags += [ 265*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=cfi-derived-cast", 266*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=cfi-unrelated-cast", 267*8975f5c5SAndroid Build Coastguard Worker ] 268*8975f5c5SAndroid Build Coastguard Worker } 269*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_icall) { 270*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=cfi-icall" ] 271*8975f5c5SAndroid Build Coastguard Worker } 272*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_diag) { 273*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fno-sanitize-trap=cfi" ] 274*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_recover) { 275*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-fsanitize-recover=cfi" ] 276*8975f5c5SAndroid Build Coastguard Worker } 277*8975f5c5SAndroid Build Coastguard Worker } 278*8975f5c5SAndroid Build Coastguard Worker } 279*8975f5c5SAndroid Build Coastguard Worker } else if (is_win) { 280*8975f5c5SAndroid Build Coastguard Worker # Windows directly calls link.exe instead of the compiler driver when 281*8975f5c5SAndroid Build Coastguard Worker # linking. Hence, pass the runtime libraries instead of -fsanitize=address 282*8975f5c5SAndroid Build Coastguard Worker # or -fsanitize=fuzzer. 283*8975f5c5SAndroid Build Coastguard Worker ldflags = [] 284*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 285*8975f5c5SAndroid Build Coastguard Worker assert(current_cpu == "x64", "WinASan unsupported architecture") 286*8975f5c5SAndroid Build Coastguard Worker libs = [ "clang_rt.asan_dynamic-x86_64.lib" ] 287*8975f5c5SAndroid Build Coastguard Worker if (is_component_build) { 288*8975f5c5SAndroid Build Coastguard Worker ldflags += 289*8975f5c5SAndroid Build Coastguard Worker [ "-wholearchive:clang_rt.asan_dynamic_runtime_thunk-x86_64.lib" ] 290*8975f5c5SAndroid Build Coastguard Worker } else { 291*8975f5c5SAndroid Build Coastguard Worker ldflags += 292*8975f5c5SAndroid Build Coastguard Worker [ "-wholearchive:clang_rt.asan_static_runtime_thunk-x86_64.lib" ] 293*8975f5c5SAndroid Build Coastguard Worker } 294*8975f5c5SAndroid Build Coastguard Worker } 295*8975f5c5SAndroid Build Coastguard Worker if (use_libfuzzer) { 296*8975f5c5SAndroid Build Coastguard Worker assert(current_cpu == "x64", "LibFuzzer unsupported architecture") 297*8975f5c5SAndroid Build Coastguard Worker assert(!is_component_build, 298*8975f5c5SAndroid Build Coastguard Worker "LibFuzzer only supports non-component builds on Windows") 299*8975f5c5SAndroid Build Coastguard Worker 300*8975f5c5SAndroid Build Coastguard Worker # Incremental linking causes padding that messes up SanitizerCoverage. 301*8975f5c5SAndroid Build Coastguard Worker # Don't do it. 302*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "/INCREMENTAL:NO" ] 303*8975f5c5SAndroid Build Coastguard Worker } 304*8975f5c5SAndroid Build Coastguard Worker } 305*8975f5c5SAndroid Build Coastguard Worker if (use_dlcloseshim) { 306*8975f5c5SAndroid Build Coastguard Worker ldflags += [ "-Wl,-wrap,dlclose" ] 307*8975f5c5SAndroid Build Coastguard Worker } 308*8975f5c5SAndroid Build Coastguard Worker} 309*8975f5c5SAndroid Build Coastguard Worker 310*8975f5c5SAndroid Build Coastguard Workerconfig("common_sanitizer_flags") { 311*8975f5c5SAndroid Build Coastguard Worker cflags = [] 312*8975f5c5SAndroid Build Coastguard Worker 313*8975f5c5SAndroid Build Coastguard Worker if (using_sanitizer) { 314*8975f5c5SAndroid Build Coastguard Worker assert(is_clang, "sanitizers only supported with clang") 315*8975f5c5SAndroid Build Coastguard Worker 316*8975f5c5SAndroid Build Coastguard Worker # Allow non-default toolchains to enable sanitizers in toolchain_args even 317*8975f5c5SAndroid Build Coastguard Worker # in official builds. 318*8975f5c5SAndroid Build Coastguard Worker assert(current_toolchain != default_toolchain || !is_official_build, 319*8975f5c5SAndroid Build Coastguard Worker "sanitizers not supported in official builds") 320*8975f5c5SAndroid Build Coastguard Worker 321*8975f5c5SAndroid Build Coastguard Worker cflags += [ 322*8975f5c5SAndroid Build Coastguard Worker # Column info in debug data confuses Visual Studio's debugger, so don't 323*8975f5c5SAndroid Build Coastguard Worker # use this by default. However, clusterfuzz needs it for good 324*8975f5c5SAndroid Build Coastguard Worker # attribution of reports to CLs, so turn it on there. 325*8975f5c5SAndroid Build Coastguard Worker "-gcolumn-info", 326*8975f5c5SAndroid Build Coastguard Worker ] 327*8975f5c5SAndroid Build Coastguard Worker 328*8975f5c5SAndroid Build Coastguard Worker # Frame pointers are controlled in //build/config/compiler:default_stack_frames 329*8975f5c5SAndroid Build Coastguard Worker } 330*8975f5c5SAndroid Build Coastguard Worker} 331*8975f5c5SAndroid Build Coastguard Worker 332*8975f5c5SAndroid Build Coastguard Workerconfig("asan_flags") { 333*8975f5c5SAndroid Build Coastguard Worker cflags = [] 334*8975f5c5SAndroid Build Coastguard Worker rustflags = [] 335*8975f5c5SAndroid Build Coastguard Worker if (is_asan) { 336*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fsanitize=address" ] 337*8975f5c5SAndroid Build Coastguard Worker rustflags += [ "-Zsanitizer=address" ] 338*8975f5c5SAndroid Build Coastguard Worker if (!is_win && !is_apple && !is_fuchsia) { 339*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/1459233, crbug.com/1462248): This causes asan 340*8975f5c5SAndroid Build Coastguard Worker # odr-violation errors in rust code, and link failures for cros/asan. 341*8975f5c5SAndroid Build Coastguard Worker # Clang recently turned it on by default for all ELF targets (it was 342*8975f5c5SAndroid Build Coastguard Worker # already on for Fuchsia). Pass the flag to turn it back off. 343*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-address-globals-dead-stripping" ] 344*8975f5c5SAndroid Build Coastguard Worker } 345*8975f5c5SAndroid Build Coastguard Worker if (is_win) { 346*8975f5c5SAndroid Build Coastguard Worker if (!defined(asan_win_blocklist_path)) { 347*8975f5c5SAndroid Build Coastguard Worker asan_win_blocklist_path = 348*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/memory/asan/blocklist_win.txt", root_build_dir) 349*8975f5c5SAndroid Build Coastguard Worker } 350*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fsanitize-ignorelist=$asan_win_blocklist_path" ] 351*8975f5c5SAndroid Build Coastguard Worker } 352*8975f5c5SAndroid Build Coastguard Worker } 353*8975f5c5SAndroid Build Coastguard Worker} 354*8975f5c5SAndroid Build Coastguard Worker 355*8975f5c5SAndroid Build Coastguard Workerconfig("cfi_flags") { 356*8975f5c5SAndroid Build Coastguard Worker cflags = [] 357*8975f5c5SAndroid Build Coastguard Worker rustflags = [] 358*8975f5c5SAndroid Build Coastguard Worker if (is_cfi && current_toolchain == default_toolchain) { 359*8975f5c5SAndroid Build Coastguard Worker if (!defined(cfi_ignorelist_path)) { 360*8975f5c5SAndroid Build Coastguard Worker cfi_ignorelist_path = 361*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/cfi/ignores.txt", root_build_dir) 362*8975f5c5SAndroid Build Coastguard Worker } 363*8975f5c5SAndroid Build Coastguard Worker cflags += [ 364*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=cfi-vcall", 365*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$cfi_ignorelist_path", 366*8975f5c5SAndroid Build Coastguard Worker ] 367*8975f5c5SAndroid Build Coastguard Worker 368*8975f5c5SAndroid Build Coastguard Worker if (toolchain_supports_rust_thin_lto) { 369*8975f5c5SAndroid Build Coastguard Worker # sanitize=cfi implies -fsplit-lto-unit, and Rust needs to match 370*8975f5c5SAndroid Build Coastguard Worker # behaviour. Rust needs to know the linker will be doing LTO in this case 371*8975f5c5SAndroid Build Coastguard Worker # or it rejects the Zsplit-lto-unit flag. 372*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40266913): Add -Zsanitize=cfi instead. 373*8975f5c5SAndroid Build Coastguard Worker rustflags += [ 374*8975f5c5SAndroid Build Coastguard Worker "-Zsplit-lto-unit", 375*8975f5c5SAndroid Build Coastguard Worker "-Clinker-plugin-lto=yes", 376*8975f5c5SAndroid Build Coastguard Worker ] 377*8975f5c5SAndroid Build Coastguard Worker } else { 378*8975f5c5SAndroid Build Coastguard Worker # Don't include bitcode if it won't be used. 379*8975f5c5SAndroid Build Coastguard Worker rustflags += [ "-Cembed-bitcode=no" ] 380*8975f5c5SAndroid Build Coastguard Worker } 381*8975f5c5SAndroid Build Coastguard Worker 382*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_cast) { 383*8975f5c5SAndroid Build Coastguard Worker cflags += [ 384*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=cfi-derived-cast", 385*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=cfi-unrelated-cast", 386*8975f5c5SAndroid Build Coastguard Worker ] 387*8975f5c5SAndroid Build Coastguard Worker } 388*8975f5c5SAndroid Build Coastguard Worker 389*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_icall) { 390*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fsanitize=cfi-icall" ] 391*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40266913): Add cflags += [ 392*8975f5c5SAndroid Build Coastguard Worker # "-fsanitize-cfi-icall-experimental-normalize-integers" ] 393*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40266913): Add rustflags += [ 394*8975f5c5SAndroid Build Coastguard Worker # "-Zsanitizer-cfi-normalize-integers" ]. 395*8975f5c5SAndroid Build Coastguard Worker } 396*8975f5c5SAndroid Build Coastguard Worker 397*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_diag) { 398*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-trap=cfi" ] 399*8975f5c5SAndroid Build Coastguard Worker if (is_win) { 400*8975f5c5SAndroid Build Coastguard Worker cflags += [ 401*8975f5c5SAndroid Build Coastguard Worker "/Oy-", 402*8975f5c5SAndroid Build Coastguard Worker "/Ob0", 403*8975f5c5SAndroid Build Coastguard Worker ] 404*8975f5c5SAndroid Build Coastguard Worker } else { 405*8975f5c5SAndroid Build Coastguard Worker cflags += [ 406*8975f5c5SAndroid Build Coastguard Worker "-fno-inline-functions", 407*8975f5c5SAndroid Build Coastguard Worker "-fno-inline", 408*8975f5c5SAndroid Build Coastguard Worker "-fno-omit-frame-pointer", 409*8975f5c5SAndroid Build Coastguard Worker "-O1", 410*8975f5c5SAndroid Build Coastguard Worker ] 411*8975f5c5SAndroid Build Coastguard Worker } 412*8975f5c5SAndroid Build Coastguard Worker if (use_cfi_recover) { 413*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fsanitize-recover=cfi" ] 414*8975f5c5SAndroid Build Coastguard Worker } 415*8975f5c5SAndroid Build Coastguard Worker } 416*8975f5c5SAndroid Build Coastguard Worker } 417*8975f5c5SAndroid Build Coastguard Worker} 418*8975f5c5SAndroid Build Coastguard Worker 419*8975f5c5SAndroid Build Coastguard Worker# crbug.com/785442: Fix cfi-icall failures for code that casts pointer argument 420*8975f5c5SAndroid Build Coastguard Worker# types in function pointer type signatures. 421*8975f5c5SAndroid Build Coastguard Workerconfig("cfi_icall_generalize_pointers") { 422*8975f5c5SAndroid Build Coastguard Worker if (is_clang && is_cfi && use_cfi_icall) { 423*8975f5c5SAndroid Build Coastguard Worker cflags = [ "-fsanitize-cfi-icall-generalize-pointers" ] 424*8975f5c5SAndroid Build Coastguard Worker } 425*8975f5c5SAndroid Build Coastguard Worker} 426*8975f5c5SAndroid Build Coastguard Worker 427*8975f5c5SAndroid Build Coastguard Workerconfig("cfi_icall_disable") { 428*8975f5c5SAndroid Build Coastguard Worker if (is_clang && is_cfi && use_cfi_icall) { 429*8975f5c5SAndroid Build Coastguard Worker cflags = [ "-fno-sanitize=cfi-icall" ] 430*8975f5c5SAndroid Build Coastguard Worker } 431*8975f5c5SAndroid Build Coastguard Worker} 432*8975f5c5SAndroid Build Coastguard Worker 433*8975f5c5SAndroid Build Coastguard Workerconfig("coverage_flags") { 434*8975f5c5SAndroid Build Coastguard Worker cflags = [] 435*8975f5c5SAndroid Build Coastguard Worker if (use_sanitizer_coverage) { 436*8975f5c5SAndroid Build Coastguard Worker # Used by sandboxing code to allow coverage dump to be written on the disk. 437*8975f5c5SAndroid Build Coastguard Worker defines = [ "SANITIZER_COVERAGE" ] 438*8975f5c5SAndroid Build Coastguard Worker 439*8975f5c5SAndroid Build Coastguard Worker if (use_libfuzzer) { 440*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fsanitize=fuzzer-no-link" ] 441*8975f5c5SAndroid Build Coastguard Worker if (is_mac) { 442*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40611636): on macOS, dead code stripping does not work 443*8975f5c5SAndroid Build Coastguard Worker # well with `pc-table` instrumentation enabled by `fuzzer-no-link`. 444*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-coverage=pc-table" ] 445*8975f5c5SAndroid Build Coastguard Worker } 446*8975f5c5SAndroid Build Coastguard Worker } else { 447*8975f5c5SAndroid Build Coastguard Worker cflags += [ 448*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-coverage=$sanitizer_coverage_flags", 449*8975f5c5SAndroid Build Coastguard Worker "-mllvm", 450*8975f5c5SAndroid Build Coastguard Worker "-sanitizer-coverage-prune-blocks=1", 451*8975f5c5SAndroid Build Coastguard Worker ] 452*8975f5c5SAndroid Build Coastguard Worker if (current_cpu == "arm") { 453*8975f5c5SAndroid Build Coastguard Worker # http://crbug.com/517105 454*8975f5c5SAndroid Build Coastguard Worker cflags += [ 455*8975f5c5SAndroid Build Coastguard Worker "-mllvm", 456*8975f5c5SAndroid Build Coastguard Worker "-sanitizer-coverage-block-threshold=0", 457*8975f5c5SAndroid Build Coastguard Worker ] 458*8975f5c5SAndroid Build Coastguard Worker } 459*8975f5c5SAndroid Build Coastguard Worker } 460*8975f5c5SAndroid Build Coastguard Worker if (sanitizer_coverage_allowlist != "") { 461*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fsanitize-coverage-allowlist=" + 462*8975f5c5SAndroid Build Coastguard Worker rebase_path(sanitizer_coverage_allowlist, root_build_dir) ] 463*8975f5c5SAndroid Build Coastguard Worker } 464*8975f5c5SAndroid Build Coastguard Worker } 465*8975f5c5SAndroid Build Coastguard Worker if (use_centipede) { 466*8975f5c5SAndroid Build Coastguard Worker # Centipede intercepts calls such as memcmp and memcpy in order to improve 467*8975f5c5SAndroid Build Coastguard Worker # its testcase generation. 468*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fno-builtin" ] 469*8975f5c5SAndroid Build Coastguard Worker } 470*8975f5c5SAndroid Build Coastguard Worker} 471*8975f5c5SAndroid Build Coastguard Worker 472*8975f5c5SAndroid Build Coastguard Workerconfig("hwasan_flags") { 473*8975f5c5SAndroid Build Coastguard Worker if (is_hwasan) { 474*8975f5c5SAndroid Build Coastguard Worker asmflags = [ "-fsanitize=hwaddress" ] 475*8975f5c5SAndroid Build Coastguard Worker cflags = [ "-fsanitize=hwaddress" ] 476*8975f5c5SAndroid Build Coastguard Worker } 477*8975f5c5SAndroid Build Coastguard Worker} 478*8975f5c5SAndroid Build Coastguard Worker 479*8975f5c5SAndroid Build Coastguard Workerconfig("lsan_flags") { 480*8975f5c5SAndroid Build Coastguard Worker if (is_lsan) { 481*8975f5c5SAndroid Build Coastguard Worker cflags = [ "-fsanitize=leak" ] 482*8975f5c5SAndroid Build Coastguard Worker } 483*8975f5c5SAndroid Build Coastguard Worker} 484*8975f5c5SAndroid Build Coastguard Worker 485*8975f5c5SAndroid Build Coastguard Workerconfig("msan_flags") { 486*8975f5c5SAndroid Build Coastguard Worker if (is_msan) { 487*8975f5c5SAndroid Build Coastguard Worker assert(is_linux || is_chromeos, 488*8975f5c5SAndroid Build Coastguard Worker "msan only supported on linux x86_64/ChromeOS") 489*8975f5c5SAndroid Build Coastguard Worker if (!defined(msan_ignorelist_path)) { 490*8975f5c5SAndroid Build Coastguard Worker msan_ignorelist_path = 491*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/msan/ignorelist.txt", root_build_dir) 492*8975f5c5SAndroid Build Coastguard Worker } 493*8975f5c5SAndroid Build Coastguard Worker cflags = [ 494*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=memory", 495*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-memory-track-origins=$msan_track_origins", 496*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$msan_ignorelist_path", 497*8975f5c5SAndroid Build Coastguard Worker ] 498*8975f5c5SAndroid Build Coastguard Worker 499*8975f5c5SAndroid Build Coastguard Worker if (!msan_check_use_after_dtor) { 500*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40222690): evaluate and possibly enable 501*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-memory-use-after-dtor" ] 502*8975f5c5SAndroid Build Coastguard Worker } 503*8975f5c5SAndroid Build Coastguard Worker 504*8975f5c5SAndroid Build Coastguard Worker if (!msan_eager_checks) { 505*8975f5c5SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-memory-param-retval" ] 506*8975f5c5SAndroid Build Coastguard Worker } 507*8975f5c5SAndroid Build Coastguard Worker } 508*8975f5c5SAndroid Build Coastguard Worker} 509*8975f5c5SAndroid Build Coastguard Worker 510*8975f5c5SAndroid Build Coastguard Workerconfig("tsan_flags") { 511*8975f5c5SAndroid Build Coastguard Worker if (is_tsan) { 512*8975f5c5SAndroid Build Coastguard Worker assert(is_linux || is_chromeos, "tsan only supported on linux x86_64") 513*8975f5c5SAndroid Build Coastguard Worker if (!defined(tsan_ignorelist_path)) { 514*8975f5c5SAndroid Build Coastguard Worker tsan_ignorelist_path = 515*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir) 516*8975f5c5SAndroid Build Coastguard Worker } 517*8975f5c5SAndroid Build Coastguard Worker cflags = [ 518*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=thread", 519*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$tsan_ignorelist_path", 520*8975f5c5SAndroid Build Coastguard Worker ] 521*8975f5c5SAndroid Build Coastguard Worker } 522*8975f5c5SAndroid Build Coastguard Worker} 523*8975f5c5SAndroid Build Coastguard Worker 524*8975f5c5SAndroid Build Coastguard Workerconfig("ubsan_flags") { 525*8975f5c5SAndroid Build Coastguard Worker cflags = [] 526*8975f5c5SAndroid Build Coastguard Worker if (is_ubsan) { 527*8975f5c5SAndroid Build Coastguard Worker if (!defined(ubsan_ignorelist_path)) { 528*8975f5c5SAndroid Build Coastguard Worker ubsan_ignorelist_path = 529*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/ubsan/ignorelist.txt", root_build_dir) 530*8975f5c5SAndroid Build Coastguard Worker } 531*8975f5c5SAndroid Build Coastguard Worker 532*8975f5c5SAndroid Build Coastguard Worker # TODO(crbug.com/40942951): Enable all of -fsanitize=undefined. Note that 533*8975f5c5SAndroid Build Coastguard Worker # both this list and Clang's defaults omit -fsanitize=float-divide-by-zero. 534*8975f5c5SAndroid Build Coastguard Worker # C and C++ leave it undefined to accommodate non-IEEE floating point, but 535*8975f5c5SAndroid Build Coastguard Worker # we assume the compiler implements IEEE floating point, which does define 536*8975f5c5SAndroid Build Coastguard Worker # division by zero. 537*8975f5c5SAndroid Build Coastguard Worker cflags += [ 538*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=alignment", 539*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=bool", 540*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=bounds", 541*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=builtin", 542*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=integer-divide-by-zero", 543*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=null", 544*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=nonnull-attribute", 545*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=object-size", 546*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=return", 547*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=returns-nonnull-attribute", 548*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=shift", 549*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=signed-integer-overflow", 550*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=unreachable", 551*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=vla-bound", 552*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$ubsan_ignorelist_path", 553*8975f5c5SAndroid Build Coastguard Worker ] 554*8975f5c5SAndroid Build Coastguard Worker } 555*8975f5c5SAndroid Build Coastguard Worker} 556*8975f5c5SAndroid Build Coastguard Worker 557*8975f5c5SAndroid Build Coastguard Workerconfig("ubsan_no_recover") { 558*8975f5c5SAndroid Build Coastguard Worker if (is_ubsan_no_recover) { 559*8975f5c5SAndroid Build Coastguard Worker cflags = [ "-fno-sanitize-recover=undefined" ] 560*8975f5c5SAndroid Build Coastguard Worker } 561*8975f5c5SAndroid Build Coastguard Worker} 562*8975f5c5SAndroid Build Coastguard Worker 563*8975f5c5SAndroid Build Coastguard Workerconfig("ubsan_security_flags") { 564*8975f5c5SAndroid Build Coastguard Worker if (is_ubsan_security) { 565*8975f5c5SAndroid Build Coastguard Worker if (!defined(ubsan_security_ignorelist_path)) { 566*8975f5c5SAndroid Build Coastguard Worker ubsan_security_ignorelist_path = 567*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/ubsan/security_ignorelist.txt", root_build_dir) 568*8975f5c5SAndroid Build Coastguard Worker } 569*8975f5c5SAndroid Build Coastguard Worker cflags = [ 570*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=function", 571*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=shift", 572*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=signed-integer-overflow", 573*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=vla-bound", 574*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$ubsan_security_ignorelist_path", 575*8975f5c5SAndroid Build Coastguard Worker ] 576*8975f5c5SAndroid Build Coastguard Worker } 577*8975f5c5SAndroid Build Coastguard Worker} 578*8975f5c5SAndroid Build Coastguard Worker 579*8975f5c5SAndroid Build Coastguard Workerconfig("ubsan_vptr_flags") { 580*8975f5c5SAndroid Build Coastguard Worker if (is_ubsan_vptr) { 581*8975f5c5SAndroid Build Coastguard Worker if (!defined(ubsan_vptr_ignorelist_path)) { 582*8975f5c5SAndroid Build Coastguard Worker ubsan_vptr_ignorelist_path = 583*8975f5c5SAndroid Build Coastguard Worker rebase_path("//tools/ubsan/vptr_ignorelist.txt", root_build_dir) 584*8975f5c5SAndroid Build Coastguard Worker } 585*8975f5c5SAndroid Build Coastguard Worker cflags = [ 586*8975f5c5SAndroid Build Coastguard Worker "-fsanitize=vptr", 587*8975f5c5SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$ubsan_vptr_ignorelist_path", 588*8975f5c5SAndroid Build Coastguard Worker ] 589*8975f5c5SAndroid Build Coastguard Worker } 590*8975f5c5SAndroid Build Coastguard Worker} 591*8975f5c5SAndroid Build Coastguard Worker 592*8975f5c5SAndroid Build Coastguard Workerconfig("fuzzing_build_mode") { 593*8975f5c5SAndroid Build Coastguard Worker if (use_fuzzing_engine) { 594*8975f5c5SAndroid Build Coastguard Worker defines = [ "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ] 595*8975f5c5SAndroid Build Coastguard Worker } 596*8975f5c5SAndroid Build Coastguard Worker} 597*8975f5c5SAndroid Build Coastguard Worker 598*8975f5c5SAndroid Build Coastguard Workerall_sanitizer_configs = [ 599*8975f5c5SAndroid Build Coastguard Worker ":common_sanitizer_flags", 600*8975f5c5SAndroid Build Coastguard Worker ":coverage_flags", 601*8975f5c5SAndroid Build Coastguard Worker ":default_sanitizer_ldflags", 602*8975f5c5SAndroid Build Coastguard Worker ":asan_flags", 603*8975f5c5SAndroid Build Coastguard Worker ":cfi_flags", 604*8975f5c5SAndroid Build Coastguard Worker ":hwasan_flags", 605*8975f5c5SAndroid Build Coastguard Worker ":lsan_flags", 606*8975f5c5SAndroid Build Coastguard Worker ":msan_flags", 607*8975f5c5SAndroid Build Coastguard Worker ":tsan_flags", 608*8975f5c5SAndroid Build Coastguard Worker ":ubsan_flags", 609*8975f5c5SAndroid Build Coastguard Worker ":ubsan_no_recover", 610*8975f5c5SAndroid Build Coastguard Worker ":ubsan_security_flags", 611*8975f5c5SAndroid Build Coastguard Worker ":ubsan_vptr_flags", 612*8975f5c5SAndroid Build Coastguard Worker ":fuzzing_build_mode", 613*8975f5c5SAndroid Build Coastguard Worker] 614*8975f5c5SAndroid Build Coastguard Worker 615*8975f5c5SAndroid Build Coastguard Worker# This config is applied by default to all targets. It sets the compiler flags 616*8975f5c5SAndroid Build Coastguard Worker# for sanitizer usage, or, if no sanitizer is set, does nothing. 617*8975f5c5SAndroid Build Coastguard Worker# 618*8975f5c5SAndroid Build Coastguard Worker# This needs to be in a separate config so that targets can opt out of 619*8975f5c5SAndroid Build Coastguard Worker# sanitizers (by removing the config) if they desire. Even if a target 620*8975f5c5SAndroid Build Coastguard Worker# removes this config, executables & shared libraries should still depend on 621*8975f5c5SAndroid Build Coastguard Worker# :deps if any of their dependencies have not opted out of sanitizers. 622*8975f5c5SAndroid Build Coastguard Worker# Keep this list in sync with default_sanitizer_flags_but_ubsan_vptr. 623*8975f5c5SAndroid Build Coastguard Workerconfig("default_sanitizer_flags") { 624*8975f5c5SAndroid Build Coastguard Worker configs = all_sanitizer_configs 625*8975f5c5SAndroid Build Coastguard Worker 626*8975f5c5SAndroid Build Coastguard Worker if (use_sanitizer_configs_without_instrumentation) { 627*8975f5c5SAndroid Build Coastguard Worker configs = [] 628*8975f5c5SAndroid Build Coastguard Worker } 629*8975f5c5SAndroid Build Coastguard Worker} 630*8975f5c5SAndroid Build Coastguard Worker 631*8975f5c5SAndroid Build Coastguard Worker# This config is equivalent to default_sanitizer_flags, but excludes ubsan_vptr. 632*8975f5c5SAndroid Build Coastguard Worker# This allows to selectively disable ubsan_vptr, when needed. In particular, 633*8975f5c5SAndroid Build Coastguard Worker# if some third_party code is required to be compiled without rtti, which 634*8975f5c5SAndroid Build Coastguard Worker# is a requirement for ubsan_vptr. 635*8975f5c5SAndroid Build Coastguard Workerconfig("default_sanitizer_flags_but_ubsan_vptr") { 636*8975f5c5SAndroid Build Coastguard Worker configs = all_sanitizer_configs - [ ":ubsan_vptr_flags" ] 637*8975f5c5SAndroid Build Coastguard Worker 638*8975f5c5SAndroid Build Coastguard Worker if (use_sanitizer_configs_without_instrumentation) { 639*8975f5c5SAndroid Build Coastguard Worker configs = [] 640*8975f5c5SAndroid Build Coastguard Worker } 641*8975f5c5SAndroid Build Coastguard Worker} 642*8975f5c5SAndroid Build Coastguard Worker 643*8975f5c5SAndroid Build Coastguard Workerconfig("default_sanitizer_flags_but_coverage") { 644*8975f5c5SAndroid Build Coastguard Worker configs = all_sanitizer_configs - [ ":coverage_flags" ] 645*8975f5c5SAndroid Build Coastguard Worker 646*8975f5c5SAndroid Build Coastguard Worker if (use_sanitizer_configs_without_instrumentation) { 647*8975f5c5SAndroid Build Coastguard Worker configs = [] 648*8975f5c5SAndroid Build Coastguard Worker } 649*8975f5c5SAndroid Build Coastguard Worker} 650*8975f5c5SAndroid Build Coastguard Worker 651*8975f5c5SAndroid Build Coastguard Worker# This config is used by parts of code that aren't targeted in fuzzers and 652*8975f5c5SAndroid Build Coastguard Worker# therefore don't need coverage instrumentation and possibly wont need 653*8975f5c5SAndroid Build Coastguard Worker# sanitizer instrumentation either. The config also tells the compiler to 654*8975f5c5SAndroid Build Coastguard Worker# perform additional optimizations on the configured code and ensures that 655*8975f5c5SAndroid Build Coastguard Worker# linking it to the rest of the binary which is instrumented with sanitizers 656*8975f5c5SAndroid Build Coastguard Worker# works. The config only does anything if the build is a fuzzing build. 657*8975f5c5SAndroid Build Coastguard Workerconfig("not_fuzzed") { 658*8975f5c5SAndroid Build Coastguard Worker if (use_fuzzing_engine) { 659*8975f5c5SAndroid Build Coastguard Worker # Since we aren't instrumenting with coverage, code size is less of a 660*8975f5c5SAndroid Build Coastguard Worker # concern, so use a more aggressive optimization level than 661*8975f5c5SAndroid Build Coastguard Worker # optimize_for_fuzzing (-O1). When given multiple optimization flags, clang 662*8975f5c5SAndroid Build Coastguard Worker # obeys the last one, so as long as this flag comes after -O1, it should work. 663*8975f5c5SAndroid Build Coastguard Worker # Since this config will always be depended on after 664*8975f5c5SAndroid Build Coastguard Worker # "//build/config/compiler:default_optimization" (which adds -O1 when 665*8975f5c5SAndroid Build Coastguard Worker # optimize_for_fuzzing is true), -O2 should always be the second flag. Even 666*8975f5c5SAndroid Build Coastguard Worker # though this sounds fragile, it isn't a big deal if it breaks, since proto 667*8975f5c5SAndroid Build Coastguard Worker # fuzzers will still work, they will just be slightly slower. 668*8975f5c5SAndroid Build Coastguard Worker cflags = [ "-O2" ] 669*8975f5c5SAndroid Build Coastguard Worker 670*8975f5c5SAndroid Build Coastguard Worker # We need to include this config when we remove default_sanitizer_flags or 671*8975f5c5SAndroid Build Coastguard Worker # else there will be linking errors. We would remove default_sanitizer_flags 672*8975f5c5SAndroid Build Coastguard Worker # here as well, but gn doesn't permit this. 673*8975f5c5SAndroid Build Coastguard Worker if (!is_msan) { 674*8975f5c5SAndroid Build Coastguard Worker # We don't actually remove sanitization when MSan is being used so there 675*8975f5c5SAndroid Build Coastguard Worker # is no need to add default_sanitizer_ldflags in that case 676*8975f5c5SAndroid Build Coastguard Worker configs = [ ":default_sanitizer_ldflags" ] 677*8975f5c5SAndroid Build Coastguard Worker } 678*8975f5c5SAndroid Build Coastguard Worker } 679*8975f5c5SAndroid Build Coastguard Worker} 680