1# Copyright 2014 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import("//build/config/clang/clang.gni") 6import("//build/config/ohos/config.gni") 7import("//build/config/sanitizers/sanitizers.gni") 8import("//build/misc/overrides/build.gni") 9import("//build/ohos_var.gni") 10import("//build/toolchain/toolchain.gni") 11 12# Contains the dependencies needed for sanitizers to link into executables and 13# shared_libraries. 14group("deps") { 15 if (using_sanitizer && !is_mingw) { 16 public_configs = [ 17 ":sanitizer_options_link_helper", 18 19 # Even when a target removes default_sanitizer_flags, it may be depending 20 # on a library that did not remove default_sanitizer_flags. Thus, we need 21 # to add the ldflags here as well as in default_sanitizer_flags. 22 ":default_sanitizer_ldflags", 23 ] 24 if (use_musl) { 25 public_configs -= [ ":sanitizer_options_link_helper" ] 26 public_configs -= [ ":default_sanitizer_ldflags" ] 27 } 28 deps = [ ":options_sources" ] 29 if (is_win) { 30 exe = ".exe" 31 } else { 32 exe = "" 33 } 34 data = [ 35 "//tools/valgrind/asan/", 36 "$clang_base_path/bin/llvm-symbolizer${exe}", 37 ] 38 if (use_prebuilt_instrumented_libraries || 39 use_locally_built_instrumented_libraries) { 40 deps += [ "//third_party/instrumented_libraries:deps" ] 41 } 42 43 # ASAN is supported on iOS but the runtime library depends on the compiler 44 # used (Chromium version of clang versus Xcode version of clang). Only copy 45 # the ASAN runtime on iOS if building with Chromium clang. 46 if (is_win || is_mac || !use_xcode_clang) { 47 data_deps = [ ":copy_asan_runtime" ] 48 } 49 if (is_mac || !use_xcode_clang) { 50 public_deps = [ ":asan_runtime_bundle_data" ] 51 } 52 } 53} 54 55if ((is_mac || is_win || !use_xcode_clang || is_ohos) && using_sanitizer) { 56 if (is_mac) { 57 _clang_rt_dso_path = "darwin/libclang_rt.asan_osx_dynamic.dylib" 58 } else if (is_win && target_cpu == "x86") { 59 _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-i386.dll" 60 } else if (is_win && target_cpu == "x64") { 61 _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-x86_64.dll" 62 } else if (is_ohos) { 63 if (target_cpu == "arm64") { 64 if (use_hwasan) { 65 _clang_rt_dso_path = "aarch64-linux-ohos/libclang_rt.hwasan.so" 66 } else { 67 _clang_rt_dso_path = "aarch64-linux-ohos/libclang_rt.asan.so" 68 } 69 } else if (target_cpu == "arm") { 70 _clang_rt_dso_path = "arm-linux-ohos/libclang_rt.asan.so" 71 } else if (target_cpu == "x86_64") { 72 _clang_rt_dso_path = "x86_64-linux-ohos/libclang_rt.asan.so" 73 } else if (target_cpu == "riscv64") { 74 _clang_rt_dso_path = "riscv64-linux-ohos/libclang_rt.asan.so" 75 } 76 } 77 78 _clang_rt_dso_full_path = 79 "$clang_base_path/lib/clang/$clang_version/lib/$_clang_rt_dso_path" 80 81 copy("copy_asan_runtime") { 82 sources = [ _clang_rt_dso_full_path ] 83 outputs = [ "$root_out_dir/{{source_file_part}}" ] 84 } 85 86 if (is_mac || !use_xcode_clang) { 87 bundle_data("asan_runtime_bundle_data") { 88 sources = get_target_outputs(":copy_asan_runtime") 89 outputs = [ "{{bundle_executable_dir}}/{{source_file_part}}" ] 90 public_deps = [ ":copy_asan_runtime" ] 91 } 92 } 93} 94 95config("sanitizer_options_link_helper") { 96 if (is_mac) { 97 ldflags = [ "-Wl,-U,_sanitizer_options_link_helper" ] 98 } else if (!is_win && !is_mingw) { 99 ldflags = [ "-Wl,-u_sanitizer_options_link_helper" ] 100 } 101} 102 103static_library("options_sources") { 104 # This is a static_library instead of a source_set, as it shouldn't be 105 # unconditionally linked into targets. 106 visibility = [ 107 ":deps", 108 "//:gn_visibility", 109 ] 110 sources = [ "//build/misc/sanitizers/sanitizer_options.cc" ] 111 112 # Don't compile this target with any sanitizer code. It can be called from 113 # the sanitizer runtimes, so instrumenting these functions could cause 114 # recursive calls into the runtime if there is an error. 115 configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] 116 117 if (is_asan) { 118 if (!defined(asan_suppressions_file)) { 119 asan_suppressions_file = "//build/misc/sanitizers/asan_suppressions.cc" 120 } 121 sources += [ asan_suppressions_file ] 122 } 123 124 if (is_lsan) { 125 if (!defined(lsan_suppressions_file)) { 126 lsan_suppressions_file = "//build/misc/sanitizers/lsan_suppressions.cc" 127 } 128 sources += [ lsan_suppressions_file ] 129 } 130 131 if (is_tsan) { 132 if (!defined(tsan_suppressions_file)) { 133 tsan_suppressions_file = "//build/misc/sanitizers/tsan_suppressions.cc" 134 } 135 sources += [ tsan_suppressions_file ] 136 } 137} 138 139# Applies linker flags necessary when either :deps or :default_sanitizer_flags 140# are used. 141config("default_sanitizer_ldflags") { 142 visibility = [ 143 ":default_sanitizer_flags", 144 ":deps", 145 ] 146 147 if (is_posix && !is_mingw) { 148 ldflags = [] 149 if (is_asan) { 150 if (!use_musl) { 151 ldflags += [ "-fsanitize=address" ] 152 } 153 if (is_mac) { 154 # https://crbug.com/708707 155 ldflags += [ "-fno-sanitize-address-use-after-scope" ] 156 } else { 157 ldflags += [ "-fsanitize-address-use-after-scope" ] 158 } 159 ldflags += [ "-fsanitize-recover=address" ] 160 } 161 if (is_lsan) { 162 ldflags += [ "-fsanitize=leak" ] 163 } 164 if (is_tsan) { 165 ldflags += [ "-fsanitize=thread" ] 166 } 167 if (is_msan) { 168 ldflags += [ "-fsanitize=memory" ] 169 } 170 if (is_ubsan || is_ubsan_security) { 171 ldflags += [ "-fsanitize=undefined" ] 172 } 173 if (is_ubsan_null) { 174 ldflags += [ "-fsanitize=null" ] 175 } 176 if (is_ubsan_vptr) { 177 ldflags += [ "-fsanitize=vptr" ] 178 } 179 if (is_safestack) { 180 ldflags += [ "-fsanitize=safe-stack" ] 181 } 182 183 if (use_sanitizer_coverage) { 184 if (use_libfuzzer && !is_mac) { 185 ldflags += [ "-fsanitize=fuzzer-no-link" ] 186 fuzzer_lib_path = rebase_path( 187 "$clang_base_path/lib/clang/$clang_version/lib/$abi_target/libclang_rt.fuzzer_no_main.a", 188 root_build_dir) 189 ldflags += [ 190 "-Wl,--whole-archive", 191 "$fuzzer_lib_path", 192 "-Wl,--no-whole-archive", 193 ] 194 } else { 195 ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ] 196 } 197 } 198 199 if (is_cfi && current_toolchain == default_toolchain) { 200 ldflags += [ "-fsanitize=cfi-vcall" ] 201 if (use_cfi_cast) { 202 ldflags += [ 203 "-fsanitize=cfi-derived-cast", 204 "-fsanitize=cfi-unrelated-cast", 205 ] 206 } 207 if (use_cfi_icall) { 208 ldflags += [ "-fsanitize=cfi-icall" ] 209 } 210 if (use_cfi_diag) { 211 ldflags += [ "-fno-sanitize-trap=cfi" ] 212 if (use_cfi_recover) { 213 ldflags += [ "-fsanitize-recover=cfi" ] 214 } 215 } 216 } 217 } else if (is_win) { 218 # Windows directly calls link.exe instead of the compiler driver when 219 # linking. Hence, pass the runtime libraries instead of -fsanitize=address 220 # or -fsanitize=fuzzer. 221 if (is_asan && is_component_build) { 222 # In the static-library build, ASan libraries are different for 223 # executables and dlls, see link_executable and link_shared_library below. 224 # This here handles only the component build. 225 if (target_cpu == "x64") { 226 # Windows 64-bit. 227 libs = [ 228 "clang_rt.asan_dynamic-x86_64.lib", 229 "clang_rt.asan_dynamic_runtime_thunk-x86_64.lib", 230 ] 231 } else { 232 assert(target_cpu == "x86", "WinASan unsupported architecture") 233 libs = [ 234 "clang_rt.asan_dynamic-i386.lib", 235 "clang_rt.asan_dynamic_runtime_thunk-i386.lib", 236 ] 237 } 238 } 239 if (use_libfuzzer) { 240 assert(target_cpu == "x64", "LibFuzzer unsupported architecture") 241 assert(!is_component_build, 242 "LibFuzzer only supports non-component builds on Windows") 243 244 # Incremental linking causes padding that messes up SanitizerCoverage. 245 # Don't do it. 246 ldflags = [ "/INCREMENTAL:NO" ] 247 libs = [ "clang_rt.fuzzer_no_main-x86_64.lib" ] 248 } 249 } 250} 251 252config("common_sanitizer_flags") { 253 cflags = [] 254 255 if (using_sanitizer && !is_mingw) { 256 assert(is_clang, "sanitizers only supported with clang") 257 assert(!is_official_build, "sanitizers not supported in official builds") 258 259 cflags += [ 260 # Column info in debug data confuses Visual Studio's debugger, so don't 261 # use this by default. However, clusterfuzz needs it for good 262 # attribution of reports to CLs, so turn it on there. 263 "-gcolumn-info", 264 ] 265 266 # Frame pointers are controlled in //build/config/compiler:default_stack_frames 267 } 268} 269 270config("asan_flags") { 271 cflags = [] 272 if (is_asan && !is_mingw && !use_hwasan) { 273 cflags += [ "-fsanitize=address" ] 274 if (!is_mac) { 275 cflags += [ "-fsanitize-address-use-after-scope" ] 276 } else { 277 # https://crbug.com/708707 278 cflags += [ "-fno-sanitize-address-use-after-scope" ] 279 } 280 if (!asan_globals) { 281 cflags += [ 282 "-mllvm", 283 "-asan-globals=0", 284 ] 285 } 286 cflags += [ "-fsanitize-recover=address" ] 287 } 288} 289 290config("hwasan_flags") { 291 cflags = [] 292 if (is_asan && use_hwasan && !is_mingw && current_cpu == "arm64") { 293 cflags += [ 294 "-fsanitize=hwaddress", 295 "-fno-emulated-tls", 296 "-mllvm", 297 "-hwasan-globals=0", 298 ] 299 } 300} 301 302config("link_executable") { 303 if (is_asan && is_win && !is_component_build) { 304 if (target_cpu == "x64") { 305 ldflags = [ "-wholearchive:clang_rt.asan-x86_64.lib" ] 306 } else { 307 assert(target_cpu == "x86", "WinASan unsupported architecture") 308 ldflags = [ "-wholearchive:clang_rt.asan-i386.lib" ] 309 } 310 } else if (is_asan && is_ohos) { 311 libs = [ "$_clang_rt_dso_full_path" ] 312 if (target_cpu == "arm") { 313 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-arm-asan.so.1" ] 314 } else if (target_cpu == "arm64") { 315 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-aarch64-asan.so.1" ] 316 } else if (target_cpu == "riscv64") { 317 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-riscv64-asan.so.1" ] 318 } 319 } 320} 321 322config("link_shared_library") { 323 if (is_asan && is_win && !is_component_build) { 324 if (target_cpu == "x64") { 325 libs = [ "clang_rt.asan_dll_thunk-x86_64.lib" ] 326 } else { 327 assert(target_cpu == "x86", "WinASan unsupported architecture") 328 libs = [ "clang_rt.asan_dll_thunk-i386.lib" ] 329 } 330 } else if (is_asan && is_ohos) { 331 libs = [ "$_clang_rt_dso_full_path" ] 332 } 333} 334 335config("cfi_flags") { 336 cflags = [] 337 if (is_cfi && current_toolchain == default_toolchain) { 338 if (!defined(cfi_blocklist_path)) { 339 cfi_blocklist_path = 340 rebase_path("//tools/cfi/blocklist.txt", root_build_dir) 341 } 342 cflags += [ 343 "-fsanitize=cfi-vcall", 344 "-fsanitize-blacklist=$cfi_blocklist_path", 345 ] 346 347 if (use_cfi_cast) { 348 cflags += [ 349 "-fsanitize=cfi-derived-cast", 350 "-fsanitize=cfi-unrelated-cast", 351 ] 352 } 353 354 if (use_cfi_icall) { 355 cflags += [ "-fsanitize=cfi-icall" ] 356 } 357 358 if (use_cfi_diag) { 359 cflags += [ "-fno-sanitize-trap=cfi" ] 360 if (is_win) { 361 cflags += [ 362 "/Oy-", 363 "/Ob0", 364 ] 365 } else { 366 cflags += [ 367 "-fno-inline-functions", 368 "-fno-inline", 369 "-fno-omit-frame-pointer", 370 "-O1", 371 ] 372 } 373 if (use_cfi_recover) { 374 cflags += [ "-fsanitize-recover=cfi" ] 375 } 376 } 377 } 378} 379 380config("coverage_flags") { 381 cflags = [] 382 if (use_sanitizer_coverage) { 383 # Used by sandboxing code to allow coverage dump to be written on the disk. 384 defines = [ "SANITIZER_COVERAGE" ] 385 386 if (use_libfuzzer && !is_mac) { 387 # Adding -fsanitize=fuzzer-no-link will add -fsanitize-coverage=inline-8bit-counters, 388 # indirect-calls, trace-cmp, pc-table 389 cflags += [ "-fsanitize=fuzzer-no-link" ] 390 } else { 391 cflags += [ 392 "-fsanitize-coverage=$sanitizer_coverage_flags", 393 "-mllvm", 394 "-sanitizer-coverage-prune-blocks=1", 395 ] 396 if (current_cpu == "arm") { 397 # http://crbug.com/517105 398 cflags += [ 399 "-mllvm", 400 "-sanitizer-coverage-block-threshold=0", 401 ] 402 } 403 } 404 } 405} 406 407config("lsan_flags") { 408 if (is_lsan) { 409 cflags = [ "-fsanitize=leak" ] 410 } 411} 412 413config("msan_flags") { 414 if (is_msan) { 415 assert(is_linux, "msan only supported on linux x86_64") 416 if (!defined(msan_blocklist_path)) { 417 msan_blocklist_path = 418 rebase_path("//tools/msan/blocklist.txt", root_build_dir) 419 } 420 cflags = [ 421 "-fsanitize=memory", 422 "-fsanitize-memory-track-origins=$msan_track_origins", 423 "-fsanitize-blacklist=$msan_blocklist_path", 424 ] 425 } 426} 427 428config("safestack_flags") { 429 if (is_safestack) { 430 cflags = [ "-fsanitize=safe-stack" ] 431 } 432} 433 434config("tsan_flags") { 435 if (is_tsan) { 436 assert(is_linux, "tsan only supported on linux x86_64") 437 if (!defined(tsan_blocklist_path)) { 438 tsan_blocklist_path = 439 rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir) 440 } 441 cflags = [ 442 "-fsanitize=thread", 443 "-fsanitize-blacklist=$tsan_blocklist_path", 444 ] 445 } 446} 447 448config("ubsan_flags") { 449 cflags = [] 450 if (is_ubsan) { 451 if (!defined(ubsan_blocklist_path)) { 452 ubsan_blocklist_path = 453 rebase_path("//tools/ubsan/blocklist.txt", root_build_dir) 454 } 455 cflags += [ 456 # Yasm dies with an "Illegal instruction" error when bounds checking is 457 # enabled. See http://crbug.com/489901 458 # "-fsanitize=bounds", 459 "-fsanitize=float-divide-by-zero", 460 "-fsanitize=integer-divide-by-zero", 461 "-fsanitize=null", 462 "-fsanitize=object-size", 463 "-fsanitize=pointer-overflow", 464 "-fsanitize=return", 465 "-fsanitize=returns-nonnull-attribute", 466 "-fsanitize=shift-exponent", 467 "-fsanitize=signed-integer-overflow", 468 "-fsanitize=unreachable", 469 "-fsanitize=vla-bound", 470 "-fsanitize-blacklist=$ubsan_blocklist_path", 471 ] 472 473 # Chromecast ubsan builds fail to compile with these 474 # experimental flags, so only add them to non-chromecast ubsan builds. 475 if (!is_chromecast) { 476 cflags += [ 477 # Employ the experimental PBQP register allocator to avoid slow 478 # compilation on files with too many basic blocks. 479 # See http://crbug.com/426271. 480 "-mllvm", 481 "-regalloc=pbqp", 482 483 # Speculatively use coalescing to slightly improve the code generated 484 # by PBQP regallocator. May increase compile time. 485 "-mllvm", 486 "-pbqp-coalescing", 487 ] 488 } 489 } 490} 491 492config("ubsan_no_recover") { 493 if (is_ubsan_no_recover) { 494 cflags = [ "-fno-sanitize-recover=undefined" ] 495 } 496} 497 498config("ubsan_security_flags") { 499 if (is_ubsan_security) { 500 if (!defined(ubsan_security_blocklist_path)) { 501 ubsan_security_blocklist_path = 502 rebase_path("//tools/ubsan/security_blocklist.txt", root_build_dir) 503 } 504 cflags = [ 505 "-fsanitize=function", 506 "-fsanitize=pointer-overflow", 507 "-fsanitize=shift", 508 "-fsanitize=signed-integer-overflow", 509 "-fsanitize=vla-bound", 510 "-fsanitize=vptr", 511 "-fsanitize-blacklist=$ubsan_security_blocklist_path", 512 ] 513 } 514} 515 516config("ubsan_null_flags") { 517 if (is_ubsan_null) { 518 cflags = [ "-fsanitize=null" ] 519 } 520} 521 522config("ubsan_vptr_flags") { 523 if (is_ubsan_vptr) { 524 if (!defined(ubsan_vptr_blocklist_path)) { 525 ubsan_vptr_blocklist_path = 526 rebase_path("//tools/ubsan/vptr_blocklist.txt", root_build_dir) 527 } 528 cflags = [ 529 "-fsanitize=vptr", 530 "-fsanitize-blacklist=$ubsan_vptr_blocklist_path", 531 ] 532 } 533} 534 535config("fuzzing_build_mode") { 536 if (use_fuzzing_engine && optimize_for_fuzzing) { 537 defines = [ "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ] 538 } 539} 540 541all_sanitizer_configs = [ 542 ":common_sanitizer_flags", 543 ":coverage_flags", 544 ":default_sanitizer_ldflags", 545 ":asan_flags", 546 ":hwasan_flags", 547 ":cfi_flags", 548 ":lsan_flags", 549 ":msan_flags", 550 ":safestack_flags", 551 ":tsan_flags", 552 ":ubsan_flags", 553 ":ubsan_no_recover", 554 ":ubsan_null_flags", 555 ":ubsan_security_flags", 556 ":ubsan_vptr_flags", 557 ":fuzzing_build_mode", 558] 559 560# This config is applied by default to all targets. It sets the compiler flags 561# for sanitizer usage, or, if no sanitizer is set, does nothing. 562# 563# This needs to be in a separate config so that targets can opt out of 564# sanitizers (by removing the config) if they desire. Even if a target 565# removes this config, executables & shared libraries should still depend on 566# :deps if any of their dependencies have not opted out of sanitizers. 567# Keep this list in sync with default_sanitizer_flags_but_ubsan_vptr. 568config("default_sanitizer_flags") { 569 configs = all_sanitizer_configs 570} 571 572# This config is equivalent to default_sanitizer_flags, but excludes ubsan_vptr. 573# This allows to selectively disable ubsan_vptr, when needed. In particular, 574# if some third_party code is required to be compiled without rtti, which 575# is a requirement for ubsan_vptr. 576config("default_sanitizer_flags_but_ubsan_vptr") { 577 configs = all_sanitizer_configs - [ ":ubsan_vptr_flags" ] 578} 579 580config("default_sanitizer_flags_but_coverage") { 581 configs = all_sanitizer_configs - [ ":coverage_flags" ] 582} 583 584config("sanitizer_trap_all_flags") { 585 cflags = [ 586 "-fsanitize-trap=all", 587 "-ftrap-function=abort", 588 ] 589 ldflags = cflags 590} 591 592# By default, cfi is in release mode 593config("cfi_config_release") { 594 if (is_ohos) { 595 _cfi_blocklist_path = "//build/config/sanitizers/cfi_blocklist.txt" 596 597 configs = [ "//build/config/gcc:symbol_visibility_default" ] 598 cflags = [ 599 "-flto", 600 "-fsanitize=cfi", 601 "-fsanitize-blacklist=" + 602 rebase_path(_cfi_blocklist_path, root_build_dir), 603 ] 604 605 # Remove some platforms because version-script is only meaningful for elf platform that support shared libraries. 606 # Add a cfi version script to ensure cfi related symbols can be exported. 607 if (!is_win) { 608 _cfi_version_script = 609 rebase_path("//build/config/sanitizers/cfi.versionscript") 610 ldflags = [ "-Wl,--version-script=${_cfi_version_script}" ] 611 } 612 } 613} 614 615# Debug mode, add no-trap and recover options over release mode 616config("cfi_config_debug") { 617 if (is_ohos) { 618 configs = [ ":cfi_config_release" ] 619 cflags = [ 620 "-fno-sanitize-trap=cfi", 621 "-fsanitize-recover=cfi,undefined", 622 ] 623 } 624} 625 626config("cfi_cross_dso_release") { 627 configs = [ ":cfi_config_release" ] 628 cflags = [ "-fsanitize-cfi-cross-dso" ] 629 ldflags = [ 630 "-flto", 631 "-fsanitize=cfi", 632 "-fsanitize-cfi-cross-dso", 633 ] 634} 635 636config("cfi_cross_dso_debug") { 637 configs = [ ":cfi_cross_dso_release" ] 638 cflags = [ 639 "-fno-sanitize-trap=cfi", 640 "-fsanitize-recover=cfi,undefined", 641 ] 642 ldflags = cflags 643} 644 645config("shadow_call_stack_config") { 646 if (target_cpu == "arm64") { 647 cflags = [ 648 # See https://clang.llvm.org/docs/ShadowCallStack.html 649 "-fsanitize=shadow-call-stack", 650 ] 651 ldflags = cflags 652 configs = [ ":sanitizer_trap_all_flags" ] 653 } 654} 655 656template("config_plus_compiler_rt") { 657 forward_variables_from(invoker, [ "compiler_rt_shared_lib_names" ]) 658 not_needed([ "compiler_rt_shared_lib_names" ]) 659 660 _clang_rt_dso_paths = [] 661 if ((host_os == "linux" || host_os == "mac") && target_os == "ohos" && 662 !is_mingw && is_ohos) { 663 _dso_names = [] 664 foreach(dso_name, compiler_rt_shared_lib_names) { 665 # Add runtime shared library support 666 _dso_names += [ "${abi_target}/libclang_rt.${dso_name}.so" ] 667 } 668 669 foreach(rt_lib, _dso_names) { 670 _clang_rt_dso_paths += [ "$clang_lib_base_path/${rt_lib}" ] 671 } 672 } 673 674 config(target_name) { 675 forward_variables_from(invoker, 676 [ 677 "cflags", 678 "cflags_cc", 679 "asmflags", 680 "ldflags", 681 "libs", 682 "configs", 683 ]) 684 685 # Link library by its fullpath 686 if (defined(libs)) { 687 libs += _clang_rt_dso_paths 688 } else { 689 libs = _clang_rt_dso_paths 690 } 691 } 692} 693 694config_plus_compiler_rt("scudo_config") { 695 cflags = [ "-fsanitize=scudo" ] 696 configs = [ ":sanitizer_trap_all_flags" ] 697 compiler_rt_shared_lib_names = [ "scudo_minimal" ] 698} 699 700config("all_undefined_behavior_sanitize_config_release") { 701 cflags = [ 702 "-fsanitize=undefined", 703 "-fno-sanitize-trap=integer,undefined", 704 "-fno-sanitize-recover=integer,undefined", 705 ] 706} 707 708config("all_undefined_behavior_sanitize_config_debug") { 709 cflags = [ 710 "-fsanitize=undefined", 711 "-fno-sanitize-trap=integer,undefined", 712 "-fsanitize-recover=integer,undefined", 713 ] 714} 715 716config("undefined_behavior_sanitize_config_release") { 717 cflags = [ 718 "-fsanitize=bool,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,unreachable,vla-bound", 719 "-fno-sanitize-trap=integer,undefined", 720 "-fno-sanitize-recover=integer,undefined", 721 "-fno-sanitize=implicit-integer-sign-change", 722 ] 723} 724 725config("undefined_behavior_sanitize_config_debug") { 726 cflags = [ 727 "-fsanitize=bool,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,unreachable,vla-bound", 728 "-fno-sanitize-trap=integer,undefined", 729 "-fsanitize-recover=integer,undefined", 730 "-fno-sanitize=implicit-integer-sign-change", 731 ] 732} 733 734config("boundary_sanitize_config_release") { 735 cflags = [ 736 "-fsanitize=bounds", 737 "-fno-sanitize-trap=integer,undefined", 738 "-fno-sanitize-recover=integer,undefined", 739 "-fno-sanitize=implicit-integer-sign-change", 740 ] 741} 742 743config("boundary_sanitize_config_debug") { 744 cflags = [ 745 "-fsanitize=bounds", 746 "-fno-sanitize-trap=integer,undefined", 747 "-fsanitize-recover=integer,undefined", 748 "-fno-sanitize=implicit-integer-sign-change", 749 ] 750} 751 752config("common_integer_overflow_config_release") { 753 _integer_overflow_blocklist = "./integer_overflow_blocklist.txt" 754 cflags = [ 755 "-fsanitize-blacklist=" + 756 rebase_path(_integer_overflow_blocklist, root_build_dir), 757 "-fno-sanitize-trap=integer,undefined", 758 "-fno-sanitize-recover=integer,undefined", 759 ] 760} 761 762config("common_integer_overflow_config_debug") { 763 _integer_overflow_blocklist = "./integer_overflow_blocklist.txt" 764 cflags = [ 765 "-fsanitize-blacklist=" + 766 rebase_path(_integer_overflow_blocklist, root_build_dir), 767 "-fno-sanitize-trap=integer,undefined", 768 "-fsanitize-recover=integer,undefined", 769 ] 770} 771 772config("signed_integer_overflow_config") { 773 cflags = [ "-fsanitize=signed-integer-overflow" ] 774} 775 776config("unsigned_integer_overflow_config") { 777 cflags = [ "-fsanitize=unsigned-integer-overflow" ] 778} 779 780config_plus_compiler_rt("compiler_rt_debug") { 781 compiler_rt_shared_lib_names = [ "ubsan_standalone" ] 782} 783 784config_plus_compiler_rt("compiler_rt_release") { 785 cflags = [ "-fsanitize-minimal-runtime" ] 786 compiler_rt_shared_lib_names = [ "ubsan_minimal" ] 787} 788