1*6777b538SAndroid Build Coastguard Worker# Copyright 2014 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker# found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Workerimport("//build/config/cast.gni") 6*6777b538SAndroid Build Coastguard Workerimport("//build/config/chrome_build.gni") 7*6777b538SAndroid Build Coastguard Workerimport("//build/config/clang/clang.gni") 8*6777b538SAndroid Build Coastguard Workerimport("//build/config/rust.gni") 9*6777b538SAndroid Build Coastguard Workerimport("//build/config/sanitizers/sanitizers.gni") 10*6777b538SAndroid Build Coastguard Workerimport("//build/toolchain/toolchain.gni") 11*6777b538SAndroid Build Coastguard Workerimport("//build_overrides/build.gni") 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Workerif (is_ios) { 14*6777b538SAndroid Build Coastguard Worker import("//build/config/ios/ios_sdk.gni") 15*6777b538SAndroid Build Coastguard Worker} 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker# Contains the dependencies needed for sanitizers to link into executables and 18*6777b538SAndroid Build Coastguard Worker# shared_libraries. 19*6777b538SAndroid Build Coastguard Workergroup("deps") { 20*6777b538SAndroid Build Coastguard Worker if (using_sanitizer) { 21*6777b538SAndroid Build Coastguard Worker public_configs = [ 22*6777b538SAndroid Build Coastguard Worker # Even when a target removes default_sanitizer_flags, it may be depending 23*6777b538SAndroid Build Coastguard Worker # on a library that did not remove default_sanitizer_flags. Thus, we need 24*6777b538SAndroid Build Coastguard Worker # to add the ldflags here as well as in default_sanitizer_flags. 25*6777b538SAndroid Build Coastguard Worker ":default_sanitizer_ldflags", 26*6777b538SAndroid Build Coastguard Worker ] 27*6777b538SAndroid Build Coastguard Worker deps = [] 28*6777b538SAndroid Build Coastguard Worker if (!is_fuchsia) { 29*6777b538SAndroid Build Coastguard Worker if (is_win) { 30*6777b538SAndroid Build Coastguard Worker exe = ".exe" 31*6777b538SAndroid Build Coastguard Worker } else { 32*6777b538SAndroid Build Coastguard Worker exe = "" 33*6777b538SAndroid Build Coastguard Worker } 34*6777b538SAndroid Build Coastguard Worker data = [ 35*6777b538SAndroid Build Coastguard Worker "//tools/valgrind/asan/", 36*6777b538SAndroid Build Coastguard Worker "$clang_base_path/bin/llvm-symbolizer${exe}", 37*6777b538SAndroid Build Coastguard Worker ] 38*6777b538SAndroid Build Coastguard Worker } 39*6777b538SAndroid Build Coastguard Worker if (is_asan || is_lsan || is_msan || is_tsan || is_ubsan || is_ubsan_vptr || 40*6777b538SAndroid Build Coastguard Worker is_ubsan_security) { 41*6777b538SAndroid Build Coastguard Worker public_configs += [ ":sanitizer_options_link_helper" ] 42*6777b538SAndroid Build Coastguard Worker deps += [ ":options_sources" ] 43*6777b538SAndroid Build Coastguard Worker } 44*6777b538SAndroid Build Coastguard Worker if (use_prebuilt_instrumented_libraries || 45*6777b538SAndroid Build Coastguard Worker use_locally_built_instrumented_libraries) { 46*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/instrumented_libs:deps" ] 47*6777b538SAndroid Build Coastguard Worker } 48*6777b538SAndroid Build Coastguard Worker } 49*6777b538SAndroid Build Coastguard Worker if (fail_on_san_warnings) { 50*6777b538SAndroid Build Coastguard Worker data += [ "//tools/memory/sanitizer/escalate_sanitizer_warnings.py" ] 51*6777b538SAndroid Build Coastguard Worker } 52*6777b538SAndroid Build Coastguard Worker if (is_asan || is_ubsan || is_ubsan_vptr || is_ubsan_security) { 53*6777b538SAndroid Build Coastguard Worker if (is_win || is_apple) { 54*6777b538SAndroid Build Coastguard Worker data_deps = [ ":copy_sanitizer_runtime" ] 55*6777b538SAndroid Build Coastguard Worker } 56*6777b538SAndroid Build Coastguard Worker if (is_apple) { 57*6777b538SAndroid Build Coastguard Worker public_deps = [ ":sanitizer_runtime_bundle_data" ] 58*6777b538SAndroid Build Coastguard Worker } 59*6777b538SAndroid Build Coastguard Worker } 60*6777b538SAndroid Build Coastguard Worker if (use_centipede || enable_fuzztest_fuzz) { 61*6777b538SAndroid Build Coastguard Worker # For executables which aren't actual fuzzers, we need stubs for 62*6777b538SAndroid Build Coastguard Worker # the sanitizer coverage symbols, because we'll still be generating 63*6777b538SAndroid Build Coastguard Worker # .o files which depend on them. 64*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/fuzztest:centipede_weak_sancov_stubs" ] 65*6777b538SAndroid Build Coastguard Worker } 66*6777b538SAndroid Build Coastguard Worker} 67*6777b538SAndroid Build Coastguard Worker 68*6777b538SAndroid Build Coastguard Workerassert(!(is_win && is_asan && current_cpu == "x86"), 69*6777b538SAndroid Build Coastguard Worker "ASan is only supported in 64-bit builds on Windows.") 70*6777b538SAndroid Build Coastguard Worker 71*6777b538SAndroid Build Coastguard Workerif ((is_apple || is_win) && 72*6777b538SAndroid Build Coastguard Worker (is_asan || is_ubsan || is_ubsan_vptr || is_ubsan_security)) { 73*6777b538SAndroid Build Coastguard Worker if (is_mac || (is_ios && target_environment == "catalyst")) { 74*6777b538SAndroid Build Coastguard Worker if (is_asan) { 75*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.asan_osx_dynamic.dylib" 76*6777b538SAndroid Build Coastguard Worker } else { 77*6777b538SAndroid Build Coastguard Worker assert(is_ubsan || is_ubsan_vptr || is_ubsan_security) 78*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.ubsan_osx_dynamic.dylib" 79*6777b538SAndroid Build Coastguard Worker } 80*6777b538SAndroid Build Coastguard Worker } else if (is_ios) { 81*6777b538SAndroid Build Coastguard Worker if (is_asan) { 82*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.asan_iossim_dynamic.dylib" 83*6777b538SAndroid Build Coastguard Worker } else { 84*6777b538SAndroid Build Coastguard Worker assert(is_ubsan || is_ubsan_vptr || is_ubsan_security) 85*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_path = "darwin/libclang_rt.ubsan_iossim_dynamic.dylib" 86*6777b538SAndroid Build Coastguard Worker } 87*6777b538SAndroid Build Coastguard Worker } else if (is_win && current_cpu == "x64") { 88*6777b538SAndroid Build Coastguard Worker if (is_asan) { 89*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-x86_64.dll" 90*6777b538SAndroid Build Coastguard Worker } else { 91*6777b538SAndroid Build Coastguard Worker assert(is_ubsan || is_ubsan_vptr || is_ubsan_security) 92*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_path = "windows/clang_rt.ubsan_dynamic-x86_64.dll" 93*6777b538SAndroid Build Coastguard Worker } 94*6777b538SAndroid Build Coastguard Worker } 95*6777b538SAndroid Build Coastguard Worker 96*6777b538SAndroid Build Coastguard Worker _clang_rt_dso_full_path = 97*6777b538SAndroid Build Coastguard Worker "$clang_base_path/lib/clang/$clang_version/lib/$_clang_rt_dso_path" 98*6777b538SAndroid Build Coastguard Worker 99*6777b538SAndroid Build Coastguard Worker if (!is_ios) { 100*6777b538SAndroid Build Coastguard Worker copy("copy_sanitizer_runtime") { 101*6777b538SAndroid Build Coastguard Worker sources = [ _clang_rt_dso_full_path ] 102*6777b538SAndroid Build Coastguard Worker outputs = [ "$root_out_dir/{{source_file_part}}" ] 103*6777b538SAndroid Build Coastguard Worker } 104*6777b538SAndroid Build Coastguard Worker } else { 105*6777b538SAndroid Build Coastguard Worker # On iOS, the runtime library need to be code signed (adhoc signature) 106*6777b538SAndroid Build Coastguard Worker # starting with Xcode 8, so use an action instead of a copy on iOS. 107*6777b538SAndroid Build Coastguard Worker action("copy_sanitizer_runtime") { 108*6777b538SAndroid Build Coastguard Worker script = "//build/config/ios/codesign.py" 109*6777b538SAndroid Build Coastguard Worker sources = [ _clang_rt_dso_full_path ] 110*6777b538SAndroid Build Coastguard Worker outputs = [ "$root_out_dir/" + get_path_info(sources[0], "file") ] 111*6777b538SAndroid Build Coastguard Worker args = [ 112*6777b538SAndroid Build Coastguard Worker "code-sign-file", 113*6777b538SAndroid Build Coastguard Worker "--identity=" + ios_code_signing_identity, 114*6777b538SAndroid Build Coastguard Worker "--output=" + rebase_path(outputs[0], root_build_dir), 115*6777b538SAndroid Build Coastguard Worker rebase_path(sources[0], root_build_dir), 116*6777b538SAndroid Build Coastguard Worker ] 117*6777b538SAndroid Build Coastguard Worker } 118*6777b538SAndroid Build Coastguard Worker } 119*6777b538SAndroid Build Coastguard Worker 120*6777b538SAndroid Build Coastguard Worker if (is_apple) { 121*6777b538SAndroid Build Coastguard Worker bundle_data("sanitizer_runtime_bundle_data") { 122*6777b538SAndroid Build Coastguard Worker sources = get_target_outputs(":copy_sanitizer_runtime") 123*6777b538SAndroid Build Coastguard Worker outputs = [ "{{bundle_executable_dir}}/{{source_file_part}}" ] 124*6777b538SAndroid Build Coastguard Worker public_deps = [ ":copy_sanitizer_runtime" ] 125*6777b538SAndroid Build Coastguard Worker } 126*6777b538SAndroid Build Coastguard Worker } 127*6777b538SAndroid Build Coastguard Worker} 128*6777b538SAndroid Build Coastguard Worker 129*6777b538SAndroid Build Coastguard Workerconfig("sanitizer_options_link_helper") { 130*6777b538SAndroid Build Coastguard Worker if (is_apple) { 131*6777b538SAndroid Build Coastguard Worker ldflags = [ "-Wl,-u,__sanitizer_options_link_helper" ] 132*6777b538SAndroid Build Coastguard Worker } else if (!is_win) { 133*6777b538SAndroid Build Coastguard Worker ldflags = [ "-Wl,-u_sanitizer_options_link_helper" ] 134*6777b538SAndroid Build Coastguard Worker } 135*6777b538SAndroid Build Coastguard Worker} 136*6777b538SAndroid Build Coastguard Worker 137*6777b538SAndroid Build Coastguard Workerstatic_library("options_sources") { 138*6777b538SAndroid Build Coastguard Worker # This is a static_library instead of a source_set, as it shouldn't be 139*6777b538SAndroid Build Coastguard Worker # unconditionally linked into targets. 140*6777b538SAndroid Build Coastguard Worker visibility = [ 141*6777b538SAndroid Build Coastguard Worker ":deps", 142*6777b538SAndroid Build Coastguard Worker "//:gn_all", 143*6777b538SAndroid Build Coastguard Worker ] 144*6777b538SAndroid Build Coastguard Worker sources = [ "//build/sanitizers/sanitizer_options.cc" ] 145*6777b538SAndroid Build Coastguard Worker 146*6777b538SAndroid Build Coastguard Worker # Don't compile this target with any sanitizer code. It can be called from 147*6777b538SAndroid Build Coastguard Worker # the sanitizer runtimes, so instrumenting these functions could cause 148*6777b538SAndroid Build Coastguard Worker # recursive calls into the runtime if there is an error. 149*6777b538SAndroid Build Coastguard Worker configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] 150*6777b538SAndroid Build Coastguard Worker 151*6777b538SAndroid Build Coastguard Worker if (is_asan) { 152*6777b538SAndroid Build Coastguard Worker if (!defined(asan_suppressions_file)) { 153*6777b538SAndroid Build Coastguard Worker asan_suppressions_file = "//build/sanitizers/asan_suppressions.cc" 154*6777b538SAndroid Build Coastguard Worker } 155*6777b538SAndroid Build Coastguard Worker sources += [ asan_suppressions_file ] 156*6777b538SAndroid Build Coastguard Worker } 157*6777b538SAndroid Build Coastguard Worker 158*6777b538SAndroid Build Coastguard Worker if (is_lsan) { 159*6777b538SAndroid Build Coastguard Worker if (!defined(lsan_suppressions_file)) { 160*6777b538SAndroid Build Coastguard Worker lsan_suppressions_file = "//build/sanitizers/lsan_suppressions.cc" 161*6777b538SAndroid Build Coastguard Worker } 162*6777b538SAndroid Build Coastguard Worker sources += [ lsan_suppressions_file ] 163*6777b538SAndroid Build Coastguard Worker } 164*6777b538SAndroid Build Coastguard Worker 165*6777b538SAndroid Build Coastguard Worker if (is_tsan) { 166*6777b538SAndroid Build Coastguard Worker if (!defined(tsan_suppressions_file)) { 167*6777b538SAndroid Build Coastguard Worker tsan_suppressions_file = "//build/sanitizers/tsan_suppressions.cc" 168*6777b538SAndroid Build Coastguard Worker } 169*6777b538SAndroid Build Coastguard Worker sources += [ tsan_suppressions_file ] 170*6777b538SAndroid Build Coastguard Worker } 171*6777b538SAndroid Build Coastguard Worker} 172*6777b538SAndroid Build Coastguard Worker 173*6777b538SAndroid Build Coastguard Worker# Applies linker flags necessary when either :deps or :default_sanitizer_flags 174*6777b538SAndroid Build Coastguard Worker# are used. 175*6777b538SAndroid Build Coastguard Workerconfig("default_sanitizer_ldflags") { 176*6777b538SAndroid Build Coastguard Worker visibility = [ 177*6777b538SAndroid Build Coastguard Worker ":default_sanitizer_flags", 178*6777b538SAndroid Build Coastguard Worker ":deps", 179*6777b538SAndroid Build Coastguard Worker 180*6777b538SAndroid Build Coastguard Worker # https://crbug.com/360158. 181*6777b538SAndroid Build Coastguard Worker "//tools/ipc_fuzzer/fuzzer:ipc_fuzzer", 182*6777b538SAndroid Build Coastguard Worker ] 183*6777b538SAndroid Build Coastguard Worker 184*6777b538SAndroid Build Coastguard Worker if (is_posix || is_fuchsia) { 185*6777b538SAndroid Build Coastguard Worker sanitizers = [] # sanitizers applicable to both clang and rustc 186*6777b538SAndroid Build Coastguard Worker ldflags = [] 187*6777b538SAndroid Build Coastguard Worker rustflags = [] 188*6777b538SAndroid Build Coastguard Worker if (is_asan) { 189*6777b538SAndroid Build Coastguard Worker sanitizers += [ "address" ] 190*6777b538SAndroid Build Coastguard Worker } 191*6777b538SAndroid Build Coastguard Worker if (is_hwasan) { 192*6777b538SAndroid Build Coastguard Worker sanitizers += [ "hwaddress" ] 193*6777b538SAndroid Build Coastguard Worker } 194*6777b538SAndroid Build Coastguard Worker if (is_lsan) { 195*6777b538SAndroid Build Coastguard Worker # In Chromium, is_lsan always implies is_asan. ASAN includes LSAN. 196*6777b538SAndroid Build Coastguard Worker # It seems harmless to pass both options to clang, but it doesn't 197*6777b538SAndroid Build Coastguard Worker # work on rustc, so apply this option to clang only. 198*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=leak" ] 199*6777b538SAndroid Build Coastguard Worker } 200*6777b538SAndroid Build Coastguard Worker if (is_tsan) { 201*6777b538SAndroid Build Coastguard Worker sanitizers += [ "thread" ] 202*6777b538SAndroid Build Coastguard Worker } 203*6777b538SAndroid Build Coastguard Worker if (is_msan) { 204*6777b538SAndroid Build Coastguard Worker sanitizers += [ "memory" ] 205*6777b538SAndroid Build Coastguard Worker } 206*6777b538SAndroid Build Coastguard Worker if (is_ubsan || is_ubsan_security) { 207*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=undefined" ] 208*6777b538SAndroid Build Coastguard Worker } 209*6777b538SAndroid Build Coastguard Worker if (is_ubsan_vptr) { 210*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=vptr" ] 211*6777b538SAndroid Build Coastguard Worker } 212*6777b538SAndroid Build Coastguard Worker foreach(sanitizer, sanitizers) { 213*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=$sanitizer" ] 214*6777b538SAndroid Build Coastguard Worker rustflags += [ "-Zsanitizer=$sanitizer" ] 215*6777b538SAndroid Build Coastguard Worker } 216*6777b538SAndroid Build Coastguard Worker 217*6777b538SAndroid Build Coastguard Worker if (use_sanitizer_coverage) { 218*6777b538SAndroid Build Coastguard Worker if (use_libfuzzer) { 219*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=fuzzer-no-link" ] 220*6777b538SAndroid Build Coastguard Worker if (is_mac) { 221*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/926588): on macOS, dead code stripping does not work 222*6777b538SAndroid Build Coastguard Worker # well with `pc-table` instrumentation enabled by `fuzzer-no-link`. 223*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fno-sanitize-coverage=pc-table" ] 224*6777b538SAndroid Build Coastguard Worker } 225*6777b538SAndroid Build Coastguard Worker } else { 226*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ] 227*6777b538SAndroid Build Coastguard Worker } 228*6777b538SAndroid Build Coastguard Worker } 229*6777b538SAndroid Build Coastguard Worker 230*6777b538SAndroid Build Coastguard Worker if (is_cfi && current_toolchain == default_toolchain) { 231*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=cfi-vcall" ] 232*6777b538SAndroid Build Coastguard Worker if (use_cfi_cast) { 233*6777b538SAndroid Build Coastguard Worker ldflags += [ 234*6777b538SAndroid Build Coastguard Worker "-fsanitize=cfi-derived-cast", 235*6777b538SAndroid Build Coastguard Worker "-fsanitize=cfi-unrelated-cast", 236*6777b538SAndroid Build Coastguard Worker ] 237*6777b538SAndroid Build Coastguard Worker } 238*6777b538SAndroid Build Coastguard Worker if (use_cfi_icall) { 239*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize=cfi-icall" ] 240*6777b538SAndroid Build Coastguard Worker } 241*6777b538SAndroid Build Coastguard Worker if (use_cfi_diag) { 242*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fno-sanitize-trap=cfi" ] 243*6777b538SAndroid Build Coastguard Worker if (use_cfi_recover) { 244*6777b538SAndroid Build Coastguard Worker ldflags += [ "-fsanitize-recover=cfi" ] 245*6777b538SAndroid Build Coastguard Worker } 246*6777b538SAndroid Build Coastguard Worker } 247*6777b538SAndroid Build Coastguard Worker } 248*6777b538SAndroid Build Coastguard Worker } else if (is_win) { 249*6777b538SAndroid Build Coastguard Worker # Windows directly calls link.exe instead of the compiler driver when 250*6777b538SAndroid Build Coastguard Worker # linking. Hence, pass the runtime libraries instead of -fsanitize=address 251*6777b538SAndroid Build Coastguard Worker # or -fsanitize=fuzzer. 252*6777b538SAndroid Build Coastguard Worker if (is_asan && is_component_build) { 253*6777b538SAndroid Build Coastguard Worker # In the static-library build, ASan libraries are different for 254*6777b538SAndroid Build Coastguard Worker # executables and dlls, see link_executable and link_shared_library below. 255*6777b538SAndroid Build Coastguard Worker # This here handles only the component build. 256*6777b538SAndroid Build Coastguard Worker assert(current_cpu == "x64", "WinASan unsupported architecture") 257*6777b538SAndroid Build Coastguard Worker libs = [ 258*6777b538SAndroid Build Coastguard Worker "clang_rt.asan_dynamic-x86_64.lib", 259*6777b538SAndroid Build Coastguard Worker "clang_rt.asan_dynamic_runtime_thunk-x86_64.lib", 260*6777b538SAndroid Build Coastguard Worker ] 261*6777b538SAndroid Build Coastguard Worker } 262*6777b538SAndroid Build Coastguard Worker if (use_libfuzzer) { 263*6777b538SAndroid Build Coastguard Worker assert(current_cpu == "x64", "LibFuzzer unsupported architecture") 264*6777b538SAndroid Build Coastguard Worker assert(!is_component_build, 265*6777b538SAndroid Build Coastguard Worker "LibFuzzer only supports non-component builds on Windows") 266*6777b538SAndroid Build Coastguard Worker 267*6777b538SAndroid Build Coastguard Worker # Incremental linking causes padding that messes up SanitizerCoverage. 268*6777b538SAndroid Build Coastguard Worker # Don't do it. 269*6777b538SAndroid Build Coastguard Worker ldflags = [ "/INCREMENTAL:NO" ] 270*6777b538SAndroid Build Coastguard Worker } 271*6777b538SAndroid Build Coastguard Worker } 272*6777b538SAndroid Build Coastguard Worker} 273*6777b538SAndroid Build Coastguard Worker 274*6777b538SAndroid Build Coastguard Workerconfig("common_sanitizer_flags") { 275*6777b538SAndroid Build Coastguard Worker cflags = [] 276*6777b538SAndroid Build Coastguard Worker 277*6777b538SAndroid Build Coastguard Worker if (using_sanitizer) { 278*6777b538SAndroid Build Coastguard Worker assert(is_clang, "sanitizers only supported with clang") 279*6777b538SAndroid Build Coastguard Worker 280*6777b538SAndroid Build Coastguard Worker # Allow non-default toolchains to enable sanitizers in toolchain_args even 281*6777b538SAndroid Build Coastguard Worker # in official builds. 282*6777b538SAndroid Build Coastguard Worker assert(current_toolchain != default_toolchain || !is_official_build, 283*6777b538SAndroid Build Coastguard Worker "sanitizers not supported in official builds") 284*6777b538SAndroid Build Coastguard Worker 285*6777b538SAndroid Build Coastguard Worker cflags += [ 286*6777b538SAndroid Build Coastguard Worker # Column info in debug data confuses Visual Studio's debugger, so don't 287*6777b538SAndroid Build Coastguard Worker # use this by default. However, clusterfuzz needs it for good 288*6777b538SAndroid Build Coastguard Worker # attribution of reports to CLs, so turn it on there. 289*6777b538SAndroid Build Coastguard Worker "-gcolumn-info", 290*6777b538SAndroid Build Coastguard Worker ] 291*6777b538SAndroid Build Coastguard Worker 292*6777b538SAndroid Build Coastguard Worker # Frame pointers are controlled in //build/config/compiler:default_stack_frames 293*6777b538SAndroid Build Coastguard Worker } 294*6777b538SAndroid Build Coastguard Worker} 295*6777b538SAndroid Build Coastguard Worker 296*6777b538SAndroid Build Coastguard Workerconfig("asan_flags") { 297*6777b538SAndroid Build Coastguard Worker cflags = [] 298*6777b538SAndroid Build Coastguard Worker if (is_asan) { 299*6777b538SAndroid Build Coastguard Worker cflags += [ "-fsanitize=address" ] 300*6777b538SAndroid Build Coastguard Worker if (!is_win && !is_apple && !is_fuchsia) { 301*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/1459233, crbug.com/1462248): This causes asan 302*6777b538SAndroid Build Coastguard Worker # odr-violation errors in rust code, and link failures for cros/asan. 303*6777b538SAndroid Build Coastguard Worker # Clang recently turned it on by default for all ELF targets (it was 304*6777b538SAndroid Build Coastguard Worker # already on for Fuchsia). Pass the flag to turn it back off. 305*6777b538SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-address-globals-dead-stripping" ] 306*6777b538SAndroid Build Coastguard Worker } 307*6777b538SAndroid Build Coastguard Worker if (is_win) { 308*6777b538SAndroid Build Coastguard Worker if (!defined(asan_win_blocklist_path)) { 309*6777b538SAndroid Build Coastguard Worker asan_win_blocklist_path = 310*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/memory/asan/blocklist_win.txt", root_build_dir) 311*6777b538SAndroid Build Coastguard Worker } 312*6777b538SAndroid Build Coastguard Worker cflags += [ "-fsanitize-ignorelist=$asan_win_blocklist_path" ] 313*6777b538SAndroid Build Coastguard Worker } 314*6777b538SAndroid Build Coastguard Worker } 315*6777b538SAndroid Build Coastguard Worker} 316*6777b538SAndroid Build Coastguard Worker 317*6777b538SAndroid Build Coastguard Workerconfig("link_executable") { 318*6777b538SAndroid Build Coastguard Worker if (is_asan && is_win && !is_component_build) { 319*6777b538SAndroid Build Coastguard Worker assert(current_cpu == "x64", "WinASan unsupported architecture") 320*6777b538SAndroid Build Coastguard Worker ldflags = [ "-wholearchive:clang_rt.asan-x86_64.lib" ] 321*6777b538SAndroid Build Coastguard Worker } 322*6777b538SAndroid Build Coastguard Worker} 323*6777b538SAndroid Build Coastguard Worker 324*6777b538SAndroid Build Coastguard Workerconfig("link_shared_library") { 325*6777b538SAndroid Build Coastguard Worker if (is_asan && is_win && !is_component_build) { 326*6777b538SAndroid Build Coastguard Worker assert(current_cpu == "x64", "WinASan unsupported architecture") 327*6777b538SAndroid Build Coastguard Worker libs = [ "clang_rt.asan_dll_thunk-x86_64.lib" ] 328*6777b538SAndroid Build Coastguard Worker } 329*6777b538SAndroid Build Coastguard Worker} 330*6777b538SAndroid Build Coastguard Worker 331*6777b538SAndroid Build Coastguard Workerconfig("cfi_flags") { 332*6777b538SAndroid Build Coastguard Worker cflags = [] 333*6777b538SAndroid Build Coastguard Worker rustflags = [] 334*6777b538SAndroid Build Coastguard Worker if (is_cfi && current_toolchain == default_toolchain) { 335*6777b538SAndroid Build Coastguard Worker if (!defined(cfi_ignorelist_path)) { 336*6777b538SAndroid Build Coastguard Worker cfi_ignorelist_path = 337*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/cfi/ignores.txt", root_build_dir) 338*6777b538SAndroid Build Coastguard Worker } 339*6777b538SAndroid Build Coastguard Worker cflags += [ 340*6777b538SAndroid Build Coastguard Worker "-fsanitize=cfi-vcall", 341*6777b538SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$cfi_ignorelist_path", 342*6777b538SAndroid Build Coastguard Worker ] 343*6777b538SAndroid Build Coastguard Worker 344*6777b538SAndroid Build Coastguard Worker if (toolchain_supports_rust_thin_lto) { 345*6777b538SAndroid Build Coastguard Worker # sanitize=cfi implies -fsplit-lto-unit, and Rust needs to match 346*6777b538SAndroid Build Coastguard Worker # behaviour. Rust needs to know the linker will be doing LTO in this case 347*6777b538SAndroid Build Coastguard Worker # or it rejects the Zsplit-lto-unit flag. 348*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/1442331): Add -Zsanitize=cfi instead. 349*6777b538SAndroid Build Coastguard Worker rustflags += [ 350*6777b538SAndroid Build Coastguard Worker "-Zsplit-lto-unit", 351*6777b538SAndroid Build Coastguard Worker "-Clinker-plugin-lto=yes", 352*6777b538SAndroid Build Coastguard Worker ] 353*6777b538SAndroid Build Coastguard Worker } else { 354*6777b538SAndroid Build Coastguard Worker # Don't include bitcode if it won't be used. 355*6777b538SAndroid Build Coastguard Worker rustflags += [ "-Cembed-bitcode=no" ] 356*6777b538SAndroid Build Coastguard Worker } 357*6777b538SAndroid Build Coastguard Worker 358*6777b538SAndroid Build Coastguard Worker if (use_cfi_cast) { 359*6777b538SAndroid Build Coastguard Worker cflags += [ 360*6777b538SAndroid Build Coastguard Worker "-fsanitize=cfi-derived-cast", 361*6777b538SAndroid Build Coastguard Worker "-fsanitize=cfi-unrelated-cast", 362*6777b538SAndroid Build Coastguard Worker ] 363*6777b538SAndroid Build Coastguard Worker } 364*6777b538SAndroid Build Coastguard Worker 365*6777b538SAndroid Build Coastguard Worker if (use_cfi_icall) { 366*6777b538SAndroid Build Coastguard Worker cflags += [ "-fsanitize=cfi-icall" ] 367*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/1442331): Add cflags += [ 368*6777b538SAndroid Build Coastguard Worker # "-fsanitize-cfi-icall-experimental-normalize-integers" ] 369*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/1442331): Add rustflags += [ 370*6777b538SAndroid Build Coastguard Worker # "-Zsanitizer-cfi-normalize-integers" ]. 371*6777b538SAndroid Build Coastguard Worker } 372*6777b538SAndroid Build Coastguard Worker 373*6777b538SAndroid Build Coastguard Worker if (use_cfi_diag) { 374*6777b538SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-trap=cfi" ] 375*6777b538SAndroid Build Coastguard Worker if (is_win) { 376*6777b538SAndroid Build Coastguard Worker cflags += [ 377*6777b538SAndroid Build Coastguard Worker "/Oy-", 378*6777b538SAndroid Build Coastguard Worker "/Ob0", 379*6777b538SAndroid Build Coastguard Worker ] 380*6777b538SAndroid Build Coastguard Worker } else { 381*6777b538SAndroid Build Coastguard Worker cflags += [ 382*6777b538SAndroid Build Coastguard Worker "-fno-inline-functions", 383*6777b538SAndroid Build Coastguard Worker "-fno-inline", 384*6777b538SAndroid Build Coastguard Worker "-fno-omit-frame-pointer", 385*6777b538SAndroid Build Coastguard Worker "-O1", 386*6777b538SAndroid Build Coastguard Worker ] 387*6777b538SAndroid Build Coastguard Worker } 388*6777b538SAndroid Build Coastguard Worker if (use_cfi_recover) { 389*6777b538SAndroid Build Coastguard Worker cflags += [ "-fsanitize-recover=cfi" ] 390*6777b538SAndroid Build Coastguard Worker } 391*6777b538SAndroid Build Coastguard Worker } 392*6777b538SAndroid Build Coastguard Worker } 393*6777b538SAndroid Build Coastguard Worker} 394*6777b538SAndroid Build Coastguard Worker 395*6777b538SAndroid Build Coastguard Worker# crbug.com/785442: Fix cfi-icall failures for code that casts pointer argument 396*6777b538SAndroid Build Coastguard Worker# types in function pointer type signatures. 397*6777b538SAndroid Build Coastguard Workerconfig("cfi_icall_generalize_pointers") { 398*6777b538SAndroid Build Coastguard Worker if (is_clang && is_cfi && use_cfi_icall) { 399*6777b538SAndroid Build Coastguard Worker cflags = [ "-fsanitize-cfi-icall-generalize-pointers" ] 400*6777b538SAndroid Build Coastguard Worker } 401*6777b538SAndroid Build Coastguard Worker} 402*6777b538SAndroid Build Coastguard Worker 403*6777b538SAndroid Build Coastguard Workerconfig("cfi_icall_disable") { 404*6777b538SAndroid Build Coastguard Worker if (is_clang && is_cfi && use_cfi_icall) { 405*6777b538SAndroid Build Coastguard Worker cflags = [ "-fno-sanitize=cfi-icall" ] 406*6777b538SAndroid Build Coastguard Worker } 407*6777b538SAndroid Build Coastguard Worker} 408*6777b538SAndroid Build Coastguard Worker 409*6777b538SAndroid Build Coastguard Workerconfig("coverage_flags") { 410*6777b538SAndroid Build Coastguard Worker cflags = [] 411*6777b538SAndroid Build Coastguard Worker if (use_sanitizer_coverage) { 412*6777b538SAndroid Build Coastguard Worker # Used by sandboxing code to allow coverage dump to be written on the disk. 413*6777b538SAndroid Build Coastguard Worker defines = [ "SANITIZER_COVERAGE" ] 414*6777b538SAndroid Build Coastguard Worker 415*6777b538SAndroid Build Coastguard Worker if (use_libfuzzer) { 416*6777b538SAndroid Build Coastguard Worker cflags += [ "-fsanitize=fuzzer-no-link" ] 417*6777b538SAndroid Build Coastguard Worker if (is_mac) { 418*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/926588): on macOS, dead code stripping does not work 419*6777b538SAndroid Build Coastguard Worker # well with `pc-table` instrumentation enabled by `fuzzer-no-link`. 420*6777b538SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-coverage=pc-table" ] 421*6777b538SAndroid Build Coastguard Worker } 422*6777b538SAndroid Build Coastguard Worker } else { 423*6777b538SAndroid Build Coastguard Worker cflags += [ 424*6777b538SAndroid Build Coastguard Worker "-fsanitize-coverage=$sanitizer_coverage_flags", 425*6777b538SAndroid Build Coastguard Worker "-mllvm", 426*6777b538SAndroid Build Coastguard Worker "-sanitizer-coverage-prune-blocks=1", 427*6777b538SAndroid Build Coastguard Worker ] 428*6777b538SAndroid Build Coastguard Worker if (current_cpu == "arm") { 429*6777b538SAndroid Build Coastguard Worker # http://crbug.com/517105 430*6777b538SAndroid Build Coastguard Worker cflags += [ 431*6777b538SAndroid Build Coastguard Worker "-mllvm", 432*6777b538SAndroid Build Coastguard Worker "-sanitizer-coverage-block-threshold=0", 433*6777b538SAndroid Build Coastguard Worker ] 434*6777b538SAndroid Build Coastguard Worker } 435*6777b538SAndroid Build Coastguard Worker } 436*6777b538SAndroid Build Coastguard Worker if (sanitizer_coverage_allowlist != "") { 437*6777b538SAndroid Build Coastguard Worker cflags += [ "-fsanitize-coverage-allowlist=" + 438*6777b538SAndroid Build Coastguard Worker rebase_path(sanitizer_coverage_allowlist, root_build_dir) ] 439*6777b538SAndroid Build Coastguard Worker } 440*6777b538SAndroid Build Coastguard Worker } 441*6777b538SAndroid Build Coastguard Worker if (use_centipede) { 442*6777b538SAndroid Build Coastguard Worker # Centipede intercepts calls such as memcmp and memcpy in order to improve 443*6777b538SAndroid Build Coastguard Worker # its testcase generation. 444*6777b538SAndroid Build Coastguard Worker cflags += [ "-fno-builtin" ] 445*6777b538SAndroid Build Coastguard Worker } 446*6777b538SAndroid Build Coastguard Worker} 447*6777b538SAndroid Build Coastguard Worker 448*6777b538SAndroid Build Coastguard Workerconfig("hwasan_flags") { 449*6777b538SAndroid Build Coastguard Worker if (is_hwasan) { 450*6777b538SAndroid Build Coastguard Worker asmflags = [ "-fsanitize=hwaddress" ] 451*6777b538SAndroid Build Coastguard Worker cflags = [ "-fsanitize=hwaddress" ] 452*6777b538SAndroid Build Coastguard Worker } 453*6777b538SAndroid Build Coastguard Worker} 454*6777b538SAndroid Build Coastguard Worker 455*6777b538SAndroid Build Coastguard Workerconfig("lsan_flags") { 456*6777b538SAndroid Build Coastguard Worker if (is_lsan) { 457*6777b538SAndroid Build Coastguard Worker cflags = [ "-fsanitize=leak" ] 458*6777b538SAndroid Build Coastguard Worker } 459*6777b538SAndroid Build Coastguard Worker} 460*6777b538SAndroid Build Coastguard Worker 461*6777b538SAndroid Build Coastguard Workerconfig("msan_flags") { 462*6777b538SAndroid Build Coastguard Worker if (is_msan) { 463*6777b538SAndroid Build Coastguard Worker assert(is_linux || is_chromeos, 464*6777b538SAndroid Build Coastguard Worker "msan only supported on linux x86_64/ChromeOS") 465*6777b538SAndroid Build Coastguard Worker if (!defined(msan_ignorelist_path)) { 466*6777b538SAndroid Build Coastguard Worker msan_ignorelist_path = 467*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/msan/ignorelist.txt", root_build_dir) 468*6777b538SAndroid Build Coastguard Worker } 469*6777b538SAndroid Build Coastguard Worker cflags = [ 470*6777b538SAndroid Build Coastguard Worker "-fsanitize=memory", 471*6777b538SAndroid Build Coastguard Worker "-fsanitize-memory-track-origins=$msan_track_origins", 472*6777b538SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$msan_ignorelist_path", 473*6777b538SAndroid Build Coastguard Worker 474*6777b538SAndroid Build Coastguard Worker # TODO(https://crbug.com/1317909): evaluate and possibly enable 475*6777b538SAndroid Build Coastguard Worker "-fno-sanitize-memory-use-after-dtor", 476*6777b538SAndroid Build Coastguard Worker ] 477*6777b538SAndroid Build Coastguard Worker 478*6777b538SAndroid Build Coastguard Worker if (!msan_eager_checks) { 479*6777b538SAndroid Build Coastguard Worker cflags += [ "-fno-sanitize-memory-param-retval" ] 480*6777b538SAndroid Build Coastguard Worker } 481*6777b538SAndroid Build Coastguard Worker } 482*6777b538SAndroid Build Coastguard Worker} 483*6777b538SAndroid Build Coastguard Worker 484*6777b538SAndroid Build Coastguard Workerconfig("tsan_flags") { 485*6777b538SAndroid Build Coastguard Worker if (is_tsan) { 486*6777b538SAndroid Build Coastguard Worker assert(is_linux || is_chromeos, "tsan only supported on linux x86_64") 487*6777b538SAndroid Build Coastguard Worker if (!defined(tsan_ignorelist_path)) { 488*6777b538SAndroid Build Coastguard Worker tsan_ignorelist_path = 489*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir) 490*6777b538SAndroid Build Coastguard Worker } 491*6777b538SAndroid Build Coastguard Worker cflags = [ 492*6777b538SAndroid Build Coastguard Worker "-fsanitize=thread", 493*6777b538SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$tsan_ignorelist_path", 494*6777b538SAndroid Build Coastguard Worker ] 495*6777b538SAndroid Build Coastguard Worker } 496*6777b538SAndroid Build Coastguard Worker} 497*6777b538SAndroid Build Coastguard Worker 498*6777b538SAndroid Build Coastguard Workerconfig("ubsan_flags") { 499*6777b538SAndroid Build Coastguard Worker cflags = [] 500*6777b538SAndroid Build Coastguard Worker if (is_ubsan) { 501*6777b538SAndroid Build Coastguard Worker if (!defined(ubsan_ignorelist_path)) { 502*6777b538SAndroid Build Coastguard Worker ubsan_ignorelist_path = 503*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/ubsan/ignorelist.txt", root_build_dir) 504*6777b538SAndroid Build Coastguard Worker } 505*6777b538SAndroid Build Coastguard Worker 506*6777b538SAndroid Build Coastguard Worker # TODO(crbug.com/1502579): Enable all of -fsanitize=undefined. Note that 507*6777b538SAndroid Build Coastguard Worker # both this list and Clang's defaults omit -fsanitize=float-divide-by-zero. 508*6777b538SAndroid Build Coastguard Worker # C and C++ leave it undefined to accommodate non-IEEE floating point, but 509*6777b538SAndroid Build Coastguard Worker # we assume the compiler implements IEEE floating point, which does define 510*6777b538SAndroid Build Coastguard Worker # division by zero. 511*6777b538SAndroid Build Coastguard Worker cflags += [ 512*6777b538SAndroid Build Coastguard Worker "-fsanitize=alignment", 513*6777b538SAndroid Build Coastguard Worker "-fsanitize=bool", 514*6777b538SAndroid Build Coastguard Worker "-fsanitize=bounds", 515*6777b538SAndroid Build Coastguard Worker "-fsanitize=builtin", 516*6777b538SAndroid Build Coastguard Worker "-fsanitize=integer-divide-by-zero", 517*6777b538SAndroid Build Coastguard Worker "-fsanitize=null", 518*6777b538SAndroid Build Coastguard Worker "-fsanitize=nonnull-attribute", 519*6777b538SAndroid Build Coastguard Worker "-fsanitize=object-size", 520*6777b538SAndroid Build Coastguard Worker "-fsanitize=return", 521*6777b538SAndroid Build Coastguard Worker "-fsanitize=returns-nonnull-attribute", 522*6777b538SAndroid Build Coastguard Worker "-fsanitize=shift-exponent", 523*6777b538SAndroid Build Coastguard Worker "-fsanitize=signed-integer-overflow", 524*6777b538SAndroid Build Coastguard Worker "-fsanitize=unreachable", 525*6777b538SAndroid Build Coastguard Worker "-fsanitize=vla-bound", 526*6777b538SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$ubsan_ignorelist_path", 527*6777b538SAndroid Build Coastguard Worker ] 528*6777b538SAndroid Build Coastguard Worker } 529*6777b538SAndroid Build Coastguard Worker} 530*6777b538SAndroid Build Coastguard Worker 531*6777b538SAndroid Build Coastguard Workerconfig("ubsan_no_recover") { 532*6777b538SAndroid Build Coastguard Worker if (is_ubsan_no_recover) { 533*6777b538SAndroid Build Coastguard Worker cflags = [ "-fno-sanitize-recover=undefined" ] 534*6777b538SAndroid Build Coastguard Worker } 535*6777b538SAndroid Build Coastguard Worker} 536*6777b538SAndroid Build Coastguard Worker 537*6777b538SAndroid Build Coastguard Workerconfig("ubsan_security_flags") { 538*6777b538SAndroid Build Coastguard Worker if (is_ubsan_security) { 539*6777b538SAndroid Build Coastguard Worker if (!defined(ubsan_security_ignorelist_path)) { 540*6777b538SAndroid Build Coastguard Worker ubsan_security_ignorelist_path = 541*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/ubsan/security_ignorelist.txt", root_build_dir) 542*6777b538SAndroid Build Coastguard Worker } 543*6777b538SAndroid Build Coastguard Worker cflags = [ 544*6777b538SAndroid Build Coastguard Worker "-fsanitize=function", 545*6777b538SAndroid Build Coastguard Worker "-fsanitize=shift", 546*6777b538SAndroid Build Coastguard Worker "-fsanitize=signed-integer-overflow", 547*6777b538SAndroid Build Coastguard Worker "-fsanitize=vla-bound", 548*6777b538SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$ubsan_security_ignorelist_path", 549*6777b538SAndroid Build Coastguard Worker ] 550*6777b538SAndroid Build Coastguard Worker } 551*6777b538SAndroid Build Coastguard Worker} 552*6777b538SAndroid Build Coastguard Worker 553*6777b538SAndroid Build Coastguard Workerconfig("ubsan_vptr_flags") { 554*6777b538SAndroid Build Coastguard Worker if (is_ubsan_vptr) { 555*6777b538SAndroid Build Coastguard Worker if (!defined(ubsan_vptr_ignorelist_path)) { 556*6777b538SAndroid Build Coastguard Worker ubsan_vptr_ignorelist_path = 557*6777b538SAndroid Build Coastguard Worker rebase_path("//tools/ubsan/vptr_ignorelist.txt", root_build_dir) 558*6777b538SAndroid Build Coastguard Worker } 559*6777b538SAndroid Build Coastguard Worker cflags = [ 560*6777b538SAndroid Build Coastguard Worker "-fsanitize=vptr", 561*6777b538SAndroid Build Coastguard Worker "-fsanitize-ignorelist=$ubsan_vptr_ignorelist_path", 562*6777b538SAndroid Build Coastguard Worker ] 563*6777b538SAndroid Build Coastguard Worker } 564*6777b538SAndroid Build Coastguard Worker} 565*6777b538SAndroid Build Coastguard Worker 566*6777b538SAndroid Build Coastguard Workerconfig("fuzzing_build_mode") { 567*6777b538SAndroid Build Coastguard Worker if (use_fuzzing_engine) { 568*6777b538SAndroid Build Coastguard Worker defines = [ "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ] 569*6777b538SAndroid Build Coastguard Worker } 570*6777b538SAndroid Build Coastguard Worker} 571*6777b538SAndroid Build Coastguard Worker 572*6777b538SAndroid Build Coastguard Workerall_sanitizer_configs = [ 573*6777b538SAndroid Build Coastguard Worker ":common_sanitizer_flags", 574*6777b538SAndroid Build Coastguard Worker ":coverage_flags", 575*6777b538SAndroid Build Coastguard Worker ":default_sanitizer_ldflags", 576*6777b538SAndroid Build Coastguard Worker ":asan_flags", 577*6777b538SAndroid Build Coastguard Worker ":cfi_flags", 578*6777b538SAndroid Build Coastguard Worker ":hwasan_flags", 579*6777b538SAndroid Build Coastguard Worker ":lsan_flags", 580*6777b538SAndroid Build Coastguard Worker ":msan_flags", 581*6777b538SAndroid Build Coastguard Worker ":tsan_flags", 582*6777b538SAndroid Build Coastguard Worker ":ubsan_flags", 583*6777b538SAndroid Build Coastguard Worker ":ubsan_no_recover", 584*6777b538SAndroid Build Coastguard Worker ":ubsan_security_flags", 585*6777b538SAndroid Build Coastguard Worker ":ubsan_vptr_flags", 586*6777b538SAndroid Build Coastguard Worker ":fuzzing_build_mode", 587*6777b538SAndroid Build Coastguard Worker] 588*6777b538SAndroid Build Coastguard Worker 589*6777b538SAndroid Build Coastguard Worker# This config is applied by default to all targets. It sets the compiler flags 590*6777b538SAndroid Build Coastguard Worker# for sanitizer usage, or, if no sanitizer is set, does nothing. 591*6777b538SAndroid Build Coastguard Worker# 592*6777b538SAndroid Build Coastguard Worker# This needs to be in a separate config so that targets can opt out of 593*6777b538SAndroid Build Coastguard Worker# sanitizers (by removing the config) if they desire. Even if a target 594*6777b538SAndroid Build Coastguard Worker# removes this config, executables & shared libraries should still depend on 595*6777b538SAndroid Build Coastguard Worker# :deps if any of their dependencies have not opted out of sanitizers. 596*6777b538SAndroid Build Coastguard Worker# Keep this list in sync with default_sanitizer_flags_but_ubsan_vptr. 597*6777b538SAndroid Build Coastguard Workerconfig("default_sanitizer_flags") { 598*6777b538SAndroid Build Coastguard Worker configs = all_sanitizer_configs 599*6777b538SAndroid Build Coastguard Worker 600*6777b538SAndroid Build Coastguard Worker if (use_sanitizer_configs_without_instrumentation) { 601*6777b538SAndroid Build Coastguard Worker configs = [] 602*6777b538SAndroid Build Coastguard Worker } 603*6777b538SAndroid Build Coastguard Worker} 604*6777b538SAndroid Build Coastguard Worker 605*6777b538SAndroid Build Coastguard Worker# This config is equivalent to default_sanitizer_flags, but excludes ubsan_vptr. 606*6777b538SAndroid Build Coastguard Worker# This allows to selectively disable ubsan_vptr, when needed. In particular, 607*6777b538SAndroid Build Coastguard Worker# if some third_party code is required to be compiled without rtti, which 608*6777b538SAndroid Build Coastguard Worker# is a requirement for ubsan_vptr. 609*6777b538SAndroid Build Coastguard Workerconfig("default_sanitizer_flags_but_ubsan_vptr") { 610*6777b538SAndroid Build Coastguard Worker configs = all_sanitizer_configs - [ ":ubsan_vptr_flags" ] 611*6777b538SAndroid Build Coastguard Worker 612*6777b538SAndroid Build Coastguard Worker if (use_sanitizer_configs_without_instrumentation) { 613*6777b538SAndroid Build Coastguard Worker configs = [] 614*6777b538SAndroid Build Coastguard Worker } 615*6777b538SAndroid Build Coastguard Worker} 616*6777b538SAndroid Build Coastguard Worker 617*6777b538SAndroid Build Coastguard Workerconfig("default_sanitizer_flags_but_coverage") { 618*6777b538SAndroid Build Coastguard Worker configs = all_sanitizer_configs - [ ":coverage_flags" ] 619*6777b538SAndroid Build Coastguard Worker 620*6777b538SAndroid Build Coastguard Worker if (use_sanitizer_configs_without_instrumentation) { 621*6777b538SAndroid Build Coastguard Worker configs = [] 622*6777b538SAndroid Build Coastguard Worker } 623*6777b538SAndroid Build Coastguard Worker} 624*6777b538SAndroid Build Coastguard Worker 625*6777b538SAndroid Build Coastguard Worker# This config is used by parts of code that aren't targeted in fuzzers and 626*6777b538SAndroid Build Coastguard Worker# therefore don't need coverage instrumentation and possibly wont need 627*6777b538SAndroid Build Coastguard Worker# sanitizer instrumentation either. The config also tells the compiler to 628*6777b538SAndroid Build Coastguard Worker# perform additional optimizations on the configured code and ensures that 629*6777b538SAndroid Build Coastguard Worker# linking it to the rest of the binary which is instrumented with sanitizers 630*6777b538SAndroid Build Coastguard Worker# works. The config only does anything if the build is a fuzzing build. 631*6777b538SAndroid Build Coastguard Workerconfig("not_fuzzed") { 632*6777b538SAndroid Build Coastguard Worker if (use_fuzzing_engine) { 633*6777b538SAndroid Build Coastguard Worker # Since we aren't instrumenting with coverage, code size is less of a 634*6777b538SAndroid Build Coastguard Worker # concern, so use a more aggressive optimization level than 635*6777b538SAndroid Build Coastguard Worker # optimize_for_fuzzing (-O1). When given multiple optimization flags, clang 636*6777b538SAndroid Build Coastguard Worker # obeys the last one, so as long as this flag comes after -O1, it should work. 637*6777b538SAndroid Build Coastguard Worker # Since this config will always be depended on after 638*6777b538SAndroid Build Coastguard Worker # "//build/config/compiler:default_optimization" (which adds -O1 when 639*6777b538SAndroid Build Coastguard Worker # optimize_for_fuzzing is true), -O2 should always be the second flag. Even 640*6777b538SAndroid Build Coastguard Worker # though this sounds fragile, it isn't a big deal if it breaks, since proto 641*6777b538SAndroid Build Coastguard Worker # fuzzers will still work, they will just be slightly slower. 642*6777b538SAndroid Build Coastguard Worker cflags = [ "-O2" ] 643*6777b538SAndroid Build Coastguard Worker 644*6777b538SAndroid Build Coastguard Worker # We need to include this config when we remove default_sanitizer_flags or 645*6777b538SAndroid Build Coastguard Worker # else there will be linking errors. We would remove default_sanitizer_flags 646*6777b538SAndroid Build Coastguard Worker # here as well, but gn doesn't permit this. 647*6777b538SAndroid Build Coastguard Worker if (!is_msan) { 648*6777b538SAndroid Build Coastguard Worker # We don't actually remove sanitization when MSan is being used so there 649*6777b538SAndroid Build Coastguard Worker # is no need to add default_sanitizer_ldflags in that case 650*6777b538SAndroid Build Coastguard Worker configs = [ ":default_sanitizer_ldflags" ] 651*6777b538SAndroid Build Coastguard Worker } 652*6777b538SAndroid Build Coastguard Worker } 653*6777b538SAndroid Build Coastguard Worker} 654