1# Copyright 2015 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import("//build/config/coverage/coverage.gni") 6import("//build/toolchain/toolchain.gni") 7 8if (!build_xts && defined(ext_sanitizer_check_list_path)) { 9 import("${ext_sanitizer_check_list_path}") 10} 11 12declare_args() { 13 # Compile for Address Sanitizer to find memory bugs. 14 is_asan = false 15 16 # Compile for Hardware-Assisted Address Sanitizer to find memory bugs. 17 use_hwasan = false 18 19 # Customize asan detection. 20 asan_detector = false 21 22 # Compile for Leak Sanitizer to find leaks. 23 is_lsan = false 24 25 # Compile for Memory Sanitizer to find uninitialized reads. 26 is_msan = false 27 28 # Compile for Thread Sanitizer to find threading bugs. 29 is_tsan = false 30 31 # Compile for Undefined Behavior Sanitizer to find various types of 32 # undefined behavior (excludes vptr checks). 33 is_ubsan = false 34 35 # Halt the program if a problem is detected. 36 is_ubsan_no_recover = false 37 38 # Compile for Undefined Behavior Sanitizer's null pointer checks. 39 is_ubsan_null = false 40 41 # Compile for Undefined Behavior Sanitizer's vptr checks. 42 is_ubsan_vptr = false 43 44 # Compile with SafeStack shadow stack support. 45 is_safestack = false 46 47 # Track where uninitialized memory originates from. From fastest to slowest: 48 # 0 - no tracking, 1 - track only the initial allocation site, 2 - track the 49 # chain of stores leading from allocation site to use site. 50 msan_track_origins = 2 51 52 # Use dynamic libraries instrumented by one of the sanitizers instead of the 53 # standard system libraries. Set this flag to download prebuilt binaries from 54 # GCS. 55 use_prebuilt_instrumented_libraries = false 56 57 # Use dynamic libraries instrumented by one of the sanitizers instead of the 58 # standard system libraries. Set this flag to build the libraries from source. 59 use_locally_built_instrumented_libraries = false 60 61 # Compile with Control Flow Integrity to protect virtual calls and casts. 62 # See http://clang.llvm.org/docs/ControlFlowIntegrity.html 63 is_cfi = target_os == "linux" && !is_chromeos && target_cpu == "x64" && 64 is_official_build 65 66 # Enable checks for bad casts: derived cast and unrelated cast. 67 use_cfi_cast = false 68 69 # Enable checks for indirect function calls via a function pointer. 70 use_cfi_icall = target_os == "linux" && !is_chromeos && target_cpu == "x64" && 71 is_official_build 72 73 # Print detailed diagnostics when Control Flow Integrity detects a violation. 74 use_cfi_diag = false 75 76 # Let Control Flow Integrity continue execution instead of crashing when 77 # printing diagnostics (use_cfi_diag = true). 78 use_cfi_recover = false 79 80 # Compile for fuzzing with LLVM LibFuzzer. 81 # See http://www.chromium.org/developers/testing/libfuzzer 82 use_libfuzzer = false 83 84 # Compile for fuzzing with AFL. 85 use_afl = false 86 87 # Enables core ubsan security features. Will later be removed once it matches 88 # is_ubsan. 89 is_ubsan_security = false 90 91 # Compile for fuzzing with Dr. Fuzz 92 # See http://www.chromium.org/developers/testing/dr-fuzz 93 use_drfuzz = false 94 95 # Helper variable for testing builds with disabled libfuzzer. 96 # Not for client use. 97 disable_libfuzzer = false 98 99 # Optimize for coverage guided fuzzing (balance between speed and number of 100 # branches). Can be also used to remove non-determinism and other issues. 101 optimize_for_fuzzing = false 102 103 # Value for -fsanitize-coverage flag. Setting this causes 104 # use_sanitizer_coverage to be enabled. 105 # This flag is not used for libFuzzer (use_libfuzzer=true) unless we are on 106 # Mac. Instead, we use: 107 # -fsanitize=fuzzer-no-link 108 # Default value when unset and use_fuzzing_engine=true: 109 # trace-pc-guard 110 # Default value when unset and use_sanitizer_coverage=true: 111 # trace-pc-guard,indirect-calls 112 sanitizer_coverage_flags = "" 113 114 # The global switch of cfi. Disable it to improve compiling efficiency while 115 # being vulnerable to cfi attack. 116 use_cfi = true 117 118 # The global switch of cfi debug mode. 119 cfi_debug = false 120} 121 122is_v8_host_toolchain = 123 current_toolchain == "//build/toolchain/linux:clang_x64_v8_arm64" || 124 current_toolchain == "//build/toolchain/linux:clang_x86_v8_arm" 125 126# Disable sanitizers for non-default toolchains. 127if (current_toolchain == host_toolchain || is_v8_host_toolchain) { 128 is_asan = false 129 is_cfi = false 130 is_lsan = false 131 is_msan = false 132 is_tsan = false 133 is_ubsan = false 134 is_ubsan_null = false 135 is_ubsan_no_recover = false 136 is_ubsan_security = false 137 is_ubsan_vptr = false 138 msan_track_origins = 0 139 sanitizer_coverage_flags = "" 140 use_afl = false 141 use_cfi_diag = false 142 use_cfi_recover = false 143 use_drfuzz = false 144 use_libfuzzer = false 145 use_prebuilt_instrumented_libraries = false 146 use_locally_built_instrumented_libraries = false 147 use_sanitizer_coverage = false 148} 149 150# Whether we are doing a fuzzer build. Normally this should be checked instead 151# of checking "use_libfuzzer || use_afl" because often developers forget to 152# check for "use_afl". 153use_fuzzing_engine = use_libfuzzer || use_afl 154 155# Args that are in turn dependent on other args must be in a separate 156# declare_args block. User overrides are only applied at the end of a 157# declare_args block. 158declare_args() { 159 use_sanitizer_coverage = 160 !use_clang_coverage && 161 (use_fuzzing_engine || sanitizer_coverage_flags != "") 162 163 # Detect overflow/underflow for global objects. 164 # 165 # Mac: http://crbug.com/352073 166 asan_globals = !is_mac 167} 168 169if (use_fuzzing_engine && sanitizer_coverage_flags == "") { 170 sanitizer_coverage_flags = "trace-pc-guard" 171} else if (use_sanitizer_coverage && sanitizer_coverage_flags == "") { 172 sanitizer_coverage_flags = "trace-pc-guard,indirect-calls" 173} 174 175# Whether we are linking against a debugging sanitizer runtime library. Among 176# other things, this changes the default symbol level and other settings in 177# order to prepare to create stack traces "live" using the sanitizer runtime. 178using_sanitizer = 179 is_asan || is_lsan || is_tsan || is_msan || is_ubsan || is_ubsan_null || 180 is_ubsan_vptr || is_ubsan_security || use_sanitizer_coverage || use_cfi_diag 181 182if (!is_ohos) { 183 using_sanitizer = false 184} 185 186assert(!using_sanitizer || is_clang, 187 "Sanitizers (is_*san) require setting is_clang = true in 'gn args'") 188 189assert(!is_cfi || is_clang, 190 "is_cfi requires setting is_clang = true in 'gn args'") 191 192assert(!is_safestack || is_clang, 193 "is_safestack requires setting is_clang = true in 'gn args'") 194 195prebuilt_instrumented_libraries_available = 196 is_msan && (msan_track_origins == 0 || msan_track_origins == 2) 197 198if (use_libfuzzer && is_linux) { 199 if (is_asan) { 200 # We do leak checking with libFuzzer on Linux. Set is_lsan for code that 201 # relies on LEAK_SANITIZER define to avoid false positives. 202 is_lsan = true 203 } 204 if (is_msan) { 205 use_prebuilt_instrumented_libraries = true 206 } 207} 208 209# MSan only links Chrome properly in release builds (brettw -- 9/1/2015). The 210# same is possibly true for the other non-ASan sanitizers. But regardless of 211# whether it links, one would normally never run a sanitizer in debug mode. 212# Running in debug mode probably indicates you forgot to set the "is_debug = 213# false" flag in the build args. ASan seems to run fine in debug mode. 214# 215# If you find a use-case where you want to compile a sanitizer in debug mode 216# and have verified it works, ask brettw and we can consider removing it from 217# this condition. We may also be able to find another way to enable your case 218# without having people accidentally get broken builds by compiling an 219# unsupported or unadvisable configurations. 220# 221# For one-off testing, just comment this assertion out. 222assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_null || is_ubsan_vptr), 223 "Sanitizers should generally be used in release (set is_debug=false).") 224 225assert(!is_msan || (is_linux && current_cpu == "x64"), 226 "MSan currently only works on 64-bit Linux and ChromeOS builds.") 227 228assert(!is_lsan || is_asan, "is_lsan = true requires is_asan = true also.") 229 230# ASAN build on Windows is not working in debug mode. Intercepting memory 231# allocation functions is hard on Windows and not yet implemented in LLVM. 232assert(!is_win || !is_debug || !is_asan, 233 "ASan on Windows doesn't work in debug (set is_debug=false).") 234 235# Make sure that if we recover on detection (i.e. not crash), diagnostics are 236# printed. 237assert(!use_cfi_recover || use_cfi_diag, 238 "Only use CFI recovery together with diagnostics.") 239 240assert( 241 !(use_sanitizer_coverage && is_mac && target_os == "ios"), 242 "crbug.com/753445: use_sanitizer_coverage=true is not supported by the " + 243 "Chromium mac_clang_x64 toolchain on iOS distribution. Please set " + 244 "the argument value to false.") 245 246# Use these lists of configs to disable instrumenting code that is part of a 247# fuzzer, but which isn't being targeted (such as libprotobuf-mutator, *.pb.cc 248# and libprotobuf when they are built as part of a proto fuzzer). Adding or 249# removing these lists does not have any effect if use_libfuzzer or use_afl are 250# not passed as arguments to gn. 251not_fuzzed_remove_configs = [] 252not_fuzzed_remove_nonasan_configs = [] 253 254if (use_fuzzing_engine) { 255 # Removing coverage should always just work. 256 not_fuzzed_remove_configs += [ "//build/config/coverage:default_coverage" ] 257 not_fuzzed_remove_nonasan_configs += 258 [ "//build/config/coverage:default_coverage" ] 259 260 if (!is_msan) { 261 # Allow sanitizer instrumentation to be removed if we are not using MSan 262 # since binaries cannot be partially instrumented with MSan. 263 not_fuzzed_remove_configs += 264 [ "//build/config/sanitizers:default_sanitizer_flags" ] 265 266 # Certain parts of binaries must be instrumented with ASan if the rest of 267 # the binary is. For these, only remove non-ASan sanitizer instrumentation. 268 if (!is_asan) { 269 not_fuzzed_remove_nonasan_configs += 270 [ "//build/config/sanitizers:default_sanitizer_flags" ] 271 assert(not_fuzzed_remove_nonasan_configs == not_fuzzed_remove_configs) 272 } 273 } 274} 275 276template("ohos_sanitizer_config") { 277 config(target_name) { 278 forward_variables_from(invoker, [ "sanitize" ]) 279 if (defined(sanitize)) { 280 configs = [ "//build/config/sanitizers:sanitizer_trap_all_flags" ] 281 _mode = "release" 282 _debug = (defined(sanitize.debug) && sanitize.debug) || is_asan 283 if (_debug) { 284 _mode = "debug" 285 } 286 _scudo = defined(sanitize.scudo) && sanitize.scudo && !is_asan && !is_tsan 287 if (_scudo) { 288 configs += [ "//build/config/sanitizers:scudo_config" ] 289 } 290 _ubsan = defined(sanitize.ubsan) && sanitize.ubsan && !is_asan 291 if (_ubsan) { 292 configs += 293 [ "//build/config/sanitizers:undefined_behavior_sanitize_config_" + 294 _mode ] 295 } 296 _all_ubsan = defined(sanitize.all_ubsan) && sanitize.all_ubsan && !is_asan 297 if (_all_ubsan) { 298 configs += [ 299 "//build/config/sanitizers:all_undefined_behavior_sanitize_config_" + 300 _mode, 301 ] 302 } 303 _scs = defined(sanitize.scs) && sanitize.scs 304 if (_scs) { 305 configs += [ "//build/config/sanitizers:shadow_call_stack_config" ] 306 } 307 _boundary_sanitize = defined(sanitize.boundary_sanitize) && 308 sanitize.boundary_sanitize && !is_asan 309 if (_boundary_sanitize) { 310 configs += 311 [ "//build/config/sanitizers:boundary_sanitize_config_" + _mode ] 312 } 313 314 _integer_overflow = defined(sanitize.integer_overflow) && 315 sanitize.integer_overflow && !is_asan 316 _unsigned_integer_overflow = 317 defined(sanitize.unsigned_integer_overflow) && 318 sanitize.unsigned_integer_overflow && !is_asan 319 _signed_integer_overflow = defined(sanitize.signed_integer_overflow) && 320 sanitize.signed_integer_overflow && !is_asan 321 if (_unsigned_integer_overflow || _integer_overflow) { 322 configs += 323 [ "//build/config/sanitizers:unsigned_integer_overflow_config" ] 324 } 325 if (_signed_integer_overflow || _integer_overflow) { 326 configs += 327 [ "//build/config/sanitizers:signed_integer_overflow_config" ] 328 } 329 if (_integer_overflow || _unsigned_integer_overflow || 330 _signed_integer_overflow) { 331 configs += 332 [ "//build/config/sanitizers:common_integer_overflow_config_" + 333 _mode ] 334 } 335 336 if (defined(sanitize.blocklist)) { 337 cflags = [ "-fsanitize-blacklist=" + 338 rebase_path(get_path_info(sanitize.blocklist, "abspath"), 339 root_build_dir) ] 340 } 341 if (defined(sanitize.cfi) && sanitize.cfi && cfi_debug) { 342 _mode = "debug" 343 } 344 _cfi = use_cfi && defined(sanitize.cfi) && sanitize.cfi && !is_asan 345 if (_cfi) { 346 if (defined(sanitize.cfi_cross_dso) && sanitize.cfi_cross_dso) { 347 configs += [ "//build/config/sanitizers:cfi_cross_dso_" + _mode ] 348 } else { 349 configs += [ "//build/config/sanitizers:cfi_config_" + _mode ] 350 } 351 if (defined(sanitize.cfi_no_nvcall) && sanitize.cfi_no_nvcall) { 352 configs += [ "//build/config/sanitizers:cfi_no_nvcall" ] 353 } 354 if (defined(sanitize.cfi_vcall_icall_only) && 355 sanitize.cfi_vcall_icall_only) { 356 configs += [ "//build/config/sanitizers:cfi_no_all" ] 357 configs += [ "//build/config/sanitizers:cfi_vcall" ] 358 configs += [ "//build/config/sanitizers:cfi_icall" ] 359 } 360 } 361 configs += [ "//build/config/sanitizers:compiler_rt_" + _mode ] 362 } 363 } 364} 365 366template("ohos_sanitizer_check") { 367 config(target_name) { 368 forward_variables_from(invoker, 369 [ 370 "sanitize", 371 "build_name", 372 "part_name", 373 ]) 374 need_check_cfi = false 375 need_check_intsan = false 376 bypass_cfi_target_list = [] 377 foreach(component_name, enable_cfi_part_and_bypass_list) { 378 if (part_name == component_name[0]) { 379 need_check_cfi = true 380 bypass_cfi_target_list = component_name[1] 381 } 382 } 383 foreach(component_name, enable_intsan_part_list) { 384 if (part_name == component_name) { 385 need_check_intsan = true 386 } 387 } 388 foreach(cfi_target, bypass_cfi_target_list) { 389 if (build_name == cfi_target) { 390 need_check_cfi = false 391 } 392 } 393 foreach(intsan_target, bypass_intsan_target_list) { 394 if (build_name == intsan_target) { 395 need_check_intsan = false 396 } 397 } 398 399 if (need_check_cfi) { 400 assert( 401 defined(sanitize) && defined(sanitize.cfi) && sanitize.cfi == true && 402 defined(sanitize.cfi_cross_dso) && 403 sanitize.cfi_cross_dso == true && 404 ((defined(sanitize.debug) && sanitize.debug == false) || 405 !defined(sanitize.debug)) && !defined(sanitize.blocklist), 406 "Build targets in ${part_name} should fully enable cfi(cfi, cfi_cross_dso, !debug). For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check. If this target ${build_name} cannot enable cfi, add the target to ${ext_sanitizer_check_list_path} in bypass_cfi_target_list.") 407 } 408 if (need_check_intsan) { 409 assert( 410 defined(sanitize) && defined(sanitize.integer_overflow) && 411 sanitize.integer_overflow, 412 "Build targets in ${part_name} should enable intsan. For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check. If this target ${build_name} cannot enable intsan, add the target to ${ext_sanitizer_check_list_path} in bypass_intsan_target_list.") 413 } 414 not_needed([ 415 "sanitize", 416 "build_name", 417 "part_name", 418 ]) 419 } 420} 421