• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2014 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/clang/clang.gni")
6import("//build/config/sanitizers/sanitizers.gni")
7import("//build/misc/overrides/build.gni")
8import("//build/ohos_var.gni")
9import("//build/toolchain/toolchain.gni")
10
11# Contains the dependencies needed for sanitizers to link into executables and
12# shared_libraries.
13group("deps") {
14  if (using_sanitizer && !is_mingw) {
15    public_configs = [
16      ":sanitizer_options_link_helper",
17
18      # Even when a target removes default_sanitizer_flags, it may be depending
19      # on a library that did not remove default_sanitizer_flags. Thus, we need
20      # to add the ldflags here as well as in default_sanitizer_flags.
21      ":default_sanitizer_ldflags",
22    ]
23    if (use_musl) {
24      public_configs -= [ ":sanitizer_options_link_helper" ]
25      public_configs -= [ ":default_sanitizer_ldflags" ]
26    }
27    deps = [ ":options_sources" ]
28    if (is_win) {
29      exe = ".exe"
30    } else {
31      exe = ""
32    }
33    data = [
34      "//tools/valgrind/asan/",
35      "$clang_base_path/bin/llvm-symbolizer${exe}",
36    ]
37    if (use_prebuilt_instrumented_libraries ||
38        use_locally_built_instrumented_libraries) {
39      deps += [ "//third_party/instrumented_libraries:deps" ]
40    }
41
42    # ASAN is supported on iOS but the runtime library depends on the compiler
43    # used (Chromium version of clang versus Xcode version of clang). Only copy
44    # the ASAN runtime on iOS if building with Chromium clang.
45    if (is_win || is_mac || !use_xcode_clang) {
46      data_deps = [ ":copy_asan_runtime" ]
47    }
48    if (is_mac || !use_xcode_clang) {
49      public_deps = [ ":asan_runtime_bundle_data" ]
50    }
51  }
52}
53
54if ((is_mac || is_win || !use_xcode_clang || is_ohos) && using_sanitizer) {
55  if (is_mac) {
56    _clang_rt_dso_path = "darwin/libclang_rt.asan_osx_dynamic.dylib"
57  } else if (is_win && target_cpu == "x86") {
58    _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-i386.dll"
59  } else if (is_win && target_cpu == "x64") {
60    _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-x86_64.dll"
61  } else if (is_ohos) {
62    if (target_cpu == "arm64") {
63      _clang_rt_dso_path = "aarch64-linux-ohos/libclang_rt.asan.so"
64    } else if (target_cpu == "arm") {
65      _clang_rt_dso_path = "arm-linux-ohos/libclang_rt.asan.so"
66    } else if (target_cpu == "x86_64") {
67      _clang_rt_dso_path = ""
68    }
69  }
70
71  _clang_rt_dso_full_path =
72      "$clang_base_path/lib/clang/$clang_version/lib/$_clang_rt_dso_path"
73
74  copy("copy_asan_runtime") {
75    set_sources_assignment_filter([])
76    sources = [ _clang_rt_dso_full_path ]
77    outputs = [ "$root_out_dir/{{source_file_part}}" ]
78  }
79
80  if (is_mac || !use_xcode_clang) {
81    bundle_data("asan_runtime_bundle_data") {
82      sources = get_target_outputs(":copy_asan_runtime")
83      outputs = [ "{{bundle_executable_dir}}/{{source_file_part}}" ]
84      public_deps = [ ":copy_asan_runtime" ]
85    }
86  }
87}
88
89config("sanitizer_options_link_helper") {
90  if (is_mac) {
91    ldflags = [ "-Wl,-U,_sanitizer_options_link_helper" ]
92  } else if (!is_win && !is_mingw) {
93    ldflags = [ "-Wl,-u_sanitizer_options_link_helper" ]
94  }
95}
96
97static_library("options_sources") {
98  # This is a static_library instead of a source_set, as it shouldn't be
99  # unconditionally linked into targets.
100  visibility = [
101    ":deps",
102    "//:gn_visibility",
103  ]
104  sources = [ "//build/misc/sanitizers/sanitizer_options.cc" ]
105
106  # Don't compile this target with any sanitizer code. It can be called from
107  # the sanitizer runtimes, so instrumenting these functions could cause
108  # recursive calls into the runtime if there is an error.
109  configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
110
111  if (is_asan) {
112    if (!defined(asan_suppressions_file)) {
113      asan_suppressions_file = "//build/misc/sanitizers/asan_suppressions.cc"
114    }
115    sources += [ asan_suppressions_file ]
116  }
117
118  if (is_lsan) {
119    if (!defined(lsan_suppressions_file)) {
120      lsan_suppressions_file = "//build/misc/sanitizers/lsan_suppressions.cc"
121    }
122    sources += [ lsan_suppressions_file ]
123  }
124
125  if (is_tsan) {
126    if (!defined(tsan_suppressions_file)) {
127      tsan_suppressions_file = "//build/misc/sanitizers/tsan_suppressions.cc"
128    }
129    sources += [ tsan_suppressions_file ]
130  }
131}
132
133# Applies linker flags necessary when either :deps or :default_sanitizer_flags
134# are used.
135config("default_sanitizer_ldflags") {
136  visibility = [
137    ":default_sanitizer_flags",
138    ":deps",
139  ]
140
141  if (is_posix && !is_mingw) {
142    ldflags = []
143    if (is_asan) {
144      if (!use_musl) {
145        ldflags += [ "-fsanitize=address" ]
146      }
147      if (is_mac) {
148        # https://crbug.com/708707
149        ldflags += [ "-fno-sanitize-address-use-after-scope" ]
150      } else {
151        ldflags += [ "-fsanitize-address-use-after-scope" ]
152      }
153      ldflags += [ "-fsanitize-recover=address" ]
154    }
155    if (is_lsan) {
156      ldflags += [ "-fsanitize=leak" ]
157    }
158    if (is_tsan) {
159      ldflags += [ "-fsanitize=thread" ]
160    }
161    if (is_msan) {
162      ldflags += [ "-fsanitize=memory" ]
163    }
164    if (is_ubsan || is_ubsan_security) {
165      ldflags += [ "-fsanitize=undefined" ]
166    }
167    if (is_ubsan_null) {
168      ldflags += [ "-fsanitize=null" ]
169    }
170    if (is_ubsan_vptr) {
171      ldflags += [ "-fsanitize=vptr" ]
172    }
173    if (is_safestack) {
174      ldflags += [ "-fsanitize=safe-stack" ]
175    }
176
177    if (use_sanitizer_coverage) {
178      if (use_libfuzzer && !is_mac) {
179        #ldflags += [ "-fsanitize=fuzzer-no-link" ]
180        ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ]
181      } else {
182        ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ]
183      }
184    }
185
186    if (is_cfi && current_toolchain == default_toolchain) {
187      ldflags += [ "-fsanitize=cfi-vcall" ]
188      if (use_cfi_cast) {
189        ldflags += [
190          "-fsanitize=cfi-derived-cast",
191          "-fsanitize=cfi-unrelated-cast",
192        ]
193      }
194      if (use_cfi_icall) {
195        ldflags += [ "-fsanitize=cfi-icall" ]
196      }
197      if (use_cfi_diag) {
198        ldflags += [ "-fno-sanitize-trap=cfi" ]
199        if (use_cfi_recover) {
200          ldflags += [ "-fsanitize-recover=cfi" ]
201        }
202      }
203    }
204  } else if (is_win) {
205    # Windows directly calls link.exe instead of the compiler driver when
206    # linking.  Hence, pass the runtime libraries instead of -fsanitize=address
207    # or -fsanitize=fuzzer.
208    if (is_asan && is_component_build) {
209      # In the static-library build, ASan libraries are different for
210      # executables and dlls, see link_executable and link_shared_library below.
211      # This here handles only the component build.
212      if (target_cpu == "x64") {
213        # Windows 64-bit.
214        libs = [
215          "clang_rt.asan_dynamic-x86_64.lib",
216          "clang_rt.asan_dynamic_runtime_thunk-x86_64.lib",
217        ]
218      } else {
219        assert(target_cpu == "x86", "WinASan unsupported architecture")
220        libs = [
221          "clang_rt.asan_dynamic-i386.lib",
222          "clang_rt.asan_dynamic_runtime_thunk-i386.lib",
223        ]
224      }
225    }
226    if (use_libfuzzer) {
227      assert(target_cpu == "x64", "LibFuzzer unsupported architecture")
228      assert(!is_component_build,
229             "LibFuzzer only supports non-component builds on Windows")
230
231      # Incremental linking causes padding that messes up SanitizerCoverage.
232      # Don't do it.
233      ldflags = [ "/INCREMENTAL:NO" ]
234      libs = [ "clang_rt.fuzzer_no_main-x86_64.lib" ]
235    }
236  }
237}
238
239config("common_sanitizer_flags") {
240  cflags = []
241
242  if (using_sanitizer && !is_mingw) {
243    assert(is_clang, "sanitizers only supported with clang")
244    assert(!is_official_build, "sanitizers not supported in official builds")
245
246    cflags += [
247      # Column info in debug data confuses Visual Studio's debugger, so don't
248      # use this by default.  However, clusterfuzz needs it for good
249      # attribution of reports to CLs, so turn it on there.
250      "-gcolumn-info",
251    ]
252
253    # Frame pointers are controlled in //build/config/compiler:default_stack_frames
254  }
255}
256
257config("asan_flags") {
258  cflags = []
259  if (is_asan && !is_mingw) {
260    cflags += [ "-fsanitize=address" ]
261    if (!is_mac) {
262      cflags += [ "-fsanitize-address-use-after-scope" ]
263    } else {
264      # https://crbug.com/708707
265      cflags += [ "-fno-sanitize-address-use-after-scope" ]
266    }
267    if (!asan_globals) {
268      cflags += [
269        "-mllvm",
270        "-asan-globals=0",
271      ]
272    }
273    cflags += [ "-fsanitize-recover=address" ]
274  }
275}
276
277config("link_executable") {
278  if (is_asan && is_win && !is_component_build) {
279    if (target_cpu == "x64") {
280      ldflags = [ "-wholearchive:clang_rt.asan-x86_64.lib" ]
281    } else {
282      assert(target_cpu == "x86", "WinASan unsupported architecture")
283      ldflags = [ "-wholearchive:clang_rt.asan-i386.lib" ]
284    }
285  } else if (is_asan && is_ohos) {
286    libs = [ "$_clang_rt_dso_full_path" ]
287    if (target_cpu == "arm") {
288      ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-arm-asan.so.1" ]
289    } else if (target_cpu == "arm64") {
290      ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-aarch64-asan.so.1" ]
291    }
292  }
293}
294
295config("link_shared_library") {
296  if (is_asan && is_win && !is_component_build) {
297    if (target_cpu == "x64") {
298      libs = [ "clang_rt.asan_dll_thunk-x86_64.lib" ]
299    } else {
300      assert(target_cpu == "x86", "WinASan unsupported architecture")
301      libs = [ "clang_rt.asan_dll_thunk-i386.lib" ]
302    }
303  } else if (is_asan && is_ohos) {
304    libs = [ "$_clang_rt_dso_full_path" ]
305  }
306}
307
308config("cfi_flags") {
309  cflags = []
310  if (is_cfi && current_toolchain == default_toolchain) {
311    if (!defined(cfi_blocklist_path)) {
312      cfi_blocklist_path =
313          rebase_path("//tools/cfi/blocklist.txt", root_build_dir)
314    }
315    cflags += [
316      "-fsanitize=cfi-vcall",
317      "-fsanitize-blacklist=$cfi_blocklist_path",
318    ]
319
320    if (use_cfi_cast) {
321      cflags += [
322        "-fsanitize=cfi-derived-cast",
323        "-fsanitize=cfi-unrelated-cast",
324      ]
325    }
326
327    if (use_cfi_icall) {
328      cflags += [ "-fsanitize=cfi-icall" ]
329    }
330
331    if (use_cfi_diag) {
332      cflags += [ "-fno-sanitize-trap=cfi" ]
333      if (is_win) {
334        cflags += [
335          "/Oy-",
336          "/Ob0",
337        ]
338      } else {
339        cflags += [
340          "-fno-inline-functions",
341          "-fno-inline",
342          "-fno-omit-frame-pointer",
343          "-O1",
344        ]
345      }
346      if (use_cfi_recover) {
347        cflags += [ "-fsanitize-recover=cfi" ]
348      }
349    }
350  }
351}
352
353# crbug.com/785442: Fix cfi-icall failures for code that casts pointer argument
354# types in function pointer type signatures.
355config("cfi_icall_generalize_pointers") {
356  if (is_clang && is_cfi && use_cfi_icall) {
357    cflags = [ "-fsanitize-cfi-icall-generalize-pointers" ]
358  }
359}
360
361config("cfi_icall_disable") {
362  if (is_clang && is_cfi && use_cfi_icall) {
363    cflags = [ "-fno-sanitize=cfi-icall" ]
364  }
365}
366
367config("coverage_flags") {
368  cflags = []
369  if (use_sanitizer_coverage) {
370    # Used by sandboxing code to allow coverage dump to be written on the disk.
371    defines = [ "SANITIZER_COVERAGE" ]
372
373    if (use_libfuzzer && !is_mac) {
374      #cflags += [ "-fsanitize=fuzzer-no-link" ]
375      cflags += [
376        "-fsanitize-coverage=$sanitizer_coverage_flags",
377        "-mllvm",
378        "-sanitizer-coverage-prune-blocks=1",
379      ]
380    } else {
381      cflags += [
382        "-fsanitize-coverage=$sanitizer_coverage_flags",
383        "-mllvm",
384        "-sanitizer-coverage-prune-blocks=1",
385      ]
386      if (current_cpu == "arm") {
387        # http://crbug.com/517105
388        cflags += [
389          "-mllvm",
390          "-sanitizer-coverage-block-threshold=0",
391        ]
392      }
393    }
394  }
395}
396
397config("lsan_flags") {
398  if (is_lsan) {
399    cflags = [ "-fsanitize=leak" ]
400  }
401}
402
403config("msan_flags") {
404  if (is_msan) {
405    assert(is_linux, "msan only supported on linux x86_64")
406    if (!defined(msan_blocklist_path)) {
407      msan_blocklist_path =
408          rebase_path("//tools/msan/blocklist.txt", root_build_dir)
409    }
410    cflags = [
411      "-fsanitize=memory",
412      "-fsanitize-memory-track-origins=$msan_track_origins",
413      "-fsanitize-blacklist=$msan_blocklist_path",
414    ]
415  }
416}
417
418config("safestack_flags") {
419  if (is_safestack) {
420    cflags = [ "-fsanitize=safe-stack" ]
421  }
422}
423
424config("tsan_flags") {
425  if (is_tsan) {
426    assert(is_linux, "tsan only supported on linux x86_64")
427    if (!defined(tsan_blocklist_path)) {
428      tsan_blocklist_path =
429          rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
430    }
431    cflags = [
432      "-fsanitize=thread",
433      "-fsanitize-blacklist=$tsan_blocklist_path",
434    ]
435  }
436}
437
438config("ubsan_flags") {
439  cflags = []
440  if (is_ubsan) {
441    if (!defined(ubsan_blocklist_path)) {
442      ubsan_blocklist_path =
443          rebase_path("//tools/ubsan/blocklist.txt", root_build_dir)
444    }
445    cflags += [
446      # Yasm dies with an "Illegal instruction" error when bounds checking is
447      # enabled. See http://crbug.com/489901
448      # "-fsanitize=bounds",
449      "-fsanitize=float-divide-by-zero",
450      "-fsanitize=integer-divide-by-zero",
451      "-fsanitize=null",
452      "-fsanitize=object-size",
453      "-fsanitize=pointer-overflow",
454      "-fsanitize=return",
455      "-fsanitize=returns-nonnull-attribute",
456      "-fsanitize=shift-exponent",
457      "-fsanitize=signed-integer-overflow",
458      "-fsanitize=unreachable",
459      "-fsanitize=vla-bound",
460      "-fsanitize-blacklist=$ubsan_blocklist_path",
461    ]
462
463    # Chromecast ubsan builds fail to compile with these
464    # experimental flags, so only add them to non-chromecast ubsan builds.
465    if (!is_chromecast) {
466      cflags += [
467        # Employ the experimental PBQP register allocator to avoid slow
468        # compilation on files with too many basic blocks.
469        # See http://crbug.com/426271.
470        "-mllvm",
471        "-regalloc=pbqp",
472
473        # Speculatively use coalescing to slightly improve the code generated
474        # by PBQP regallocator. May increase compile time.
475        "-mllvm",
476        "-pbqp-coalescing",
477      ]
478    }
479  }
480}
481
482config("ubsan_no_recover") {
483  if (is_ubsan_no_recover) {
484    cflags = [ "-fno-sanitize-recover=undefined" ]
485  }
486}
487
488config("ubsan_security_flags") {
489  if (is_ubsan_security) {
490    if (!defined(ubsan_security_blocklist_path)) {
491      ubsan_security_blocklist_path =
492          rebase_path("//tools/ubsan/security_blocklist.txt", root_build_dir)
493    }
494    cflags = [
495      "-fsanitize=function",
496      "-fsanitize=pointer-overflow",
497      "-fsanitize=shift",
498      "-fsanitize=signed-integer-overflow",
499      "-fsanitize=vla-bound",
500      "-fsanitize=vptr",
501      "-fsanitize-blacklist=$ubsan_security_blocklist_path",
502    ]
503  }
504}
505
506config("ubsan_null_flags") {
507  if (is_ubsan_null) {
508    cflags = [ "-fsanitize=null" ]
509  }
510}
511
512config("ubsan_vptr_flags") {
513  if (is_ubsan_vptr) {
514    if (!defined(ubsan_vptr_blocklist_path)) {
515      ubsan_vptr_blocklist_path =
516          rebase_path("//tools/ubsan/vptr_blocklist.txt", root_build_dir)
517    }
518    cflags = [
519      "-fsanitize=vptr",
520      "-fsanitize-blacklist=$ubsan_vptr_blocklist_path",
521    ]
522  }
523}
524
525config("fuzzing_build_mode") {
526  if (use_fuzzing_engine && optimize_for_fuzzing) {
527    defines = [ "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ]
528  }
529}
530
531all_sanitizer_configs = [
532  ":common_sanitizer_flags",
533  ":coverage_flags",
534  ":default_sanitizer_ldflags",
535  ":asan_flags",
536  ":cfi_flags",
537  ":lsan_flags",
538  ":msan_flags",
539  ":safestack_flags",
540  ":tsan_flags",
541  ":ubsan_flags",
542  ":ubsan_no_recover",
543  ":ubsan_null_flags",
544  ":ubsan_security_flags",
545  ":ubsan_vptr_flags",
546  ":fuzzing_build_mode",
547]
548
549# This config is applied by default to all targets. It sets the compiler flags
550# for sanitizer usage, or, if no sanitizer is set, does nothing.
551#
552# This needs to be in a separate config so that targets can opt out of
553# sanitizers (by removing the config) if they desire. Even if a target
554# removes this config, executables & shared libraries should still depend on
555# :deps if any of their dependencies have not opted out of sanitizers.
556# Keep this list in sync with default_sanitizer_flags_but_ubsan_vptr.
557config("default_sanitizer_flags") {
558  configs = all_sanitizer_configs
559}
560
561# This config is equivalent to default_sanitizer_flags, but excludes ubsan_vptr.
562# This allows to selectively disable ubsan_vptr, when needed. In particular,
563# if some third_party code is required to be compiled without rtti, which
564# is a requirement for ubsan_vptr.
565config("default_sanitizer_flags_but_ubsan_vptr") {
566  configs = all_sanitizer_configs - [ ":ubsan_vptr_flags" ]
567}
568
569config("default_sanitizer_flags_but_coverage") {
570  configs = all_sanitizer_configs - [ ":coverage_flags" ]
571}
572
573# This config is used by parts of code that aren't targeted in fuzzers and
574# therefore don't need coverage instrumentation and possibly won't need
575# sanitizer instrumentation either. The config also tells the compiler to
576# perform additional optimizations on the configured code and ensures that
577# linking it to the rest of the binary which is instrumented with sanitizers
578# works. The config only does anything if the build is a fuzzing build.
579config("not_fuzzed") {
580  if (use_fuzzing_engine) {
581    # Since we aren't instrumenting with coverage, code size is less of a
582    # concern, so use a more aggressive optimization level than
583    # optimize_for_fuzzing (-O1). When given multiple optimization flags, clang
584    # obeys the last one, so as long as this flag comes after -O1, it should work.
585    # Since this config will always be depended on after
586    # "//build/config/compiler:default_optimization" (which adds -O1 when
587    # optimize_for_fuzzing is true), -O2 should always be the second flag. Even
588    # though this sounds fragile, it isn't a big deal if it breaks, since proto
589    # fuzzers will still work, they will just be slightly slower.
590    cflags = [ "-O2" ]
591
592    # We need to include this config when we remove default_sanitizer_flags or
593    # else there will be linking errors. We would remove default_sanitizer_flags
594    # here as well, but gn doesn't permit this.
595    if (!is_msan) {
596      # We don't actually remove sanitization when MSan is being used so there
597      # is no need to add default_sanitizer_ldflags in that case
598      configs = [ ":default_sanitizer_ldflags" ]
599    }
600  }
601}
602
603config("sanitizer_trap_all_flags") {
604  cflags = [
605    "-fsanitize-trap=all",
606    "-ftrap-function=abort",
607  ]
608  ldflags = cflags
609}
610
611config("cfi_config") {
612  _cfi_blocklist_path = "//build/config/sanitizers/cfi_blocklist.txt"
613
614  configs = [
615    "//build/config/gcc:symbol_visibility_default",
616    ":sanitizer_trap_all_flags",
617  ]
618  cflags = [
619    "-flto",
620    "-fsanitize=cfi",
621    "-fsanitize-cfi-cross-dso",
622    "-fsanitize-blacklist=" + rebase_path(_cfi_blocklist_path, root_build_dir),
623  ]
624
625  ldflags = [
626    "-flto",
627    "-fsanitize-cfi-cross-dso",
628    "-fsanitize=cfi",
629    "-Wl,-plugin-opt,O1",
630  ]
631}
632
633config("shadow_call_stack_config") {
634  if (target_cpu == "arm64") {
635    cflags = [
636      # See https://clang.llvm.org/docs/ShadowCallStack.html
637      "-fsanitize=shadow-call-stack",
638    ]
639    ldflags = cflags
640    configs = [ ":sanitizer_trap_all_flags" ]
641  }
642}
643
644template("config_plus_compiler_rt") {
645  forward_variables_from(invoker, [ "minimal_rt_lib_names" ])
646  not_needed([ "minimal_rt_lib_names" ])
647
648  _clang_rt_dso_paths = []
649  if ((host_os == "linux" || host_os == "mac") && target_os == "ohos" &&
650      !is_mingw) {
651    _clang_rt_libs_dir = "$clang_base_path/lib64/clang/10.0.1/lib/"
652
653    _dso_names = []
654    foreach(dso_name, minimal_rt_lib_names) {
655      # Add runtime library support
656      if (target_cpu == "arm64") {
657        _dso_names += [ "aarch64-linux-ohos/libclang_rt.${dso_name}.a" ]
658      } else if (target_cpu == "arm") {
659        _dso_names += [ "arm-linux-ohos/libclang_rt.${dso_name}.a" ]
660      } else if (target_cpu == "x86_64") {
661        _dso_names += []
662      }
663    }
664
665    foreach(rt_lib, _dso_names) {
666      _clang_rt_dso_paths += [ "$_clang_rt_libs_dir/${rt_lib}" ]
667    }
668  }
669
670  config(target_name) {
671    forward_variables_from(invoker,
672                           [
673                             "cflags",
674                             "cflags_cc",
675                             "asmflags",
676                             "ldflags",
677                             "libs",
678                             "configs",
679                           ])
680    if (defined(libs)) {
681      libs += _clang_rt_dso_paths
682    } else {
683      libs = _clang_rt_dso_paths
684    }
685
686    foreach(dso, _clang_rt_dso_paths) {
687      if (defined(ldflags)) {
688        ldflags += [ "-Wl,--exclude-libs,${dso}" ]
689      } else {
690        ldflags = [ "-Wl,--exclude-libs,${dso}" ]
691      }
692    }
693  }
694}
695
696config_plus_compiler_rt("scudo_config") {
697  cflags = [ "-fsanitize=scudo" ]
698  configs = [ ":sanitizer_trap_all_flags" ]
699  minimal_rt_lib_names = [ "scudo_minimal" ]
700}
701
702config_plus_compiler_rt("undefined_behavior_sanitize_config") {
703  cflags = [
704    "-fsanitize=bool,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,unreachable,vla-bound",
705    "-fsanitize-minimal-runtime",
706    "-fno-sanitize-trap=integer,undefined",
707    "-fno-sanitize-recover=integer,undefined",
708    "-fno-sanitize=implicit-integer-sign-change",
709  ]
710  configs = [ ":sanitizer_trap_all_flags" ]
711  minimal_rt_lib_names = [
712    "ubsan_standalone",
713    "ubsan_minimal",
714  ]
715}
716
717config_plus_compiler_rt("boundary_sanitize_config") {
718  cflags = [
719    "-fsanitize=bounds",
720    "-fsanitize-minimal-runtime",
721    "-fno-sanitize-trap=integer,undefined",
722    "-fno-sanitize-recover=integer,undefined",
723    "-fno-sanitize=implicit-integer-sign-change",
724  ]
725  configs = [ ":sanitizer_trap_all_flags" ]
726  minimal_rt_lib_names = [ "ubsan_minimal" ]
727}
728
729config_plus_compiler_rt("integer_overflow_config") {
730  _integer_overflow_blocklist = "./integer_overflow_blocklist.txt"
731  cflags = [
732    "-fsanitize-blacklist=" +
733        rebase_path(_integer_overflow_blocklist, root_build_dir),
734    "-fsanitize=unsigned-integer-overflow,signed-integer-overflow",
735    "-fsanitize-minimal-runtime",
736    "-fno-sanitize-trap=integer,undefined",
737    "-fno-sanitize-recover=integer,undefined",
738  ]
739  configs = [ ":sanitizer_trap_all_flags" ]
740  minimal_rt_lib_names = [ "ubsan_minimal" ]
741}
742