• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2015 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/coverage/coverage.gni")
6import("//build/toolchain/toolchain.gni")
7
8if (!build_xts && defined(ext_sanitizer_check_list_path)) {
9  import("${ext_sanitizer_check_list_path}")
10}
11
12declare_args() {
13  # Compile for Address Sanitizer to find memory bugs.
14  is_asan = false
15
16  # Compile for Hardware-Assisted Address Sanitizer to find memory bugs.
17  use_hwasan = false
18
19  # Customize asan detection.
20  asan_detector = false
21
22  # Compile for Leak Sanitizer to find leaks.
23  is_lsan = false
24
25  # Compile for Memory Sanitizer to find uninitialized reads.
26  is_msan = false
27
28  # Compile for Thread Sanitizer to find threading bugs.
29  is_tsan = false
30
31  # Compile for Undefined Behavior Sanitizer to find various types of
32  # undefined behavior (excludes vptr checks).
33  is_ubsan = false
34
35  # Halt the program if a problem is detected.
36  is_ubsan_no_recover = false
37
38  # Compile for Undefined Behavior Sanitizer's null pointer checks.
39  is_ubsan_null = false
40
41  # Compile for Undefined Behavior Sanitizer's vptr checks.
42  is_ubsan_vptr = false
43
44  # Compile with SafeStack shadow stack support.
45  is_safestack = false
46
47  # Track where uninitialized memory originates from. From fastest to slowest:
48  # 0 - no tracking, 1 - track only the initial allocation site, 2 - track the
49  # chain of stores leading from allocation site to use site.
50  msan_track_origins = 2
51
52  # Use dynamic libraries instrumented by one of the sanitizers instead of the
53  # standard system libraries. Set this flag to download prebuilt binaries from
54  # GCS.
55  use_prebuilt_instrumented_libraries = false
56
57  # Use dynamic libraries instrumented by one of the sanitizers instead of the
58  # standard system libraries. Set this flag to build the libraries from source.
59  use_locally_built_instrumented_libraries = false
60
61  # Compile with Control Flow Integrity to protect virtual calls and casts.
62  # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
63  is_cfi = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
64           is_official_build
65
66  # Enable checks for bad casts: derived cast and unrelated cast.
67  use_cfi_cast = false
68
69  # Enable checks for indirect function calls via a function pointer.
70  use_cfi_icall = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
71                  is_official_build
72
73  # Print detailed diagnostics when Control Flow Integrity detects a violation.
74  use_cfi_diag = false
75
76  # Let Control Flow Integrity continue execution instead of crashing when
77  # printing diagnostics (use_cfi_diag = true).
78  use_cfi_recover = false
79
80  # Compile for fuzzing with LLVM LibFuzzer.
81  # See http://www.chromium.org/developers/testing/libfuzzer
82  use_libfuzzer = false
83
84  # Compile for fuzzing with AFL.
85  use_afl = false
86
87  # Enables core ubsan security features. Will later be removed once it matches
88  # is_ubsan.
89  is_ubsan_security = false
90
91  # Compile for fuzzing with Dr. Fuzz
92  # See http://www.chromium.org/developers/testing/dr-fuzz
93  use_drfuzz = false
94
95  # Helper variable for testing builds with disabled libfuzzer.
96  # Not for client use.
97  disable_libfuzzer = false
98
99  # Optimize for coverage guided fuzzing (balance between speed and number of
100  # branches). Can be also used to remove non-determinism and other issues.
101  optimize_for_fuzzing = false
102
103  # Value for -fsanitize-coverage flag. Setting this causes
104  # use_sanitizer_coverage to be enabled.
105  # This flag is not used for libFuzzer (use_libfuzzer=true) unless we are on
106  # Mac. Instead, we use:
107  #     -fsanitize=fuzzer-no-link
108  # Default value when unset and use_fuzzing_engine=true:
109  #     trace-pc-guard
110  # Default value when unset and use_sanitizer_coverage=true:
111  #     trace-pc-guard,indirect-calls
112  sanitizer_coverage_flags = ""
113
114  # The global switch of cfi. Disable it to improve compiling efficiency while
115  # being vulnerable to cfi attack.
116  use_cfi = true
117
118  # The global switch of cfi debug mode.
119  cfi_debug = false
120}
121
122is_v8_host_toolchain =
123    current_toolchain == "//build/toolchain/linux:clang_x64_v8_arm64" ||
124    current_toolchain == "//build/toolchain/linux:clang_x86_v8_arm"
125
126# Disable sanitizers for non-default toolchains.
127if (current_toolchain == host_toolchain || is_v8_host_toolchain) {
128  is_asan = false
129  is_cfi = false
130  is_lsan = false
131  is_msan = false
132  is_tsan = false
133  is_ubsan = false
134  is_ubsan_null = false
135  is_ubsan_no_recover = false
136  is_ubsan_security = false
137  is_ubsan_vptr = false
138  msan_track_origins = 0
139  sanitizer_coverage_flags = ""
140  use_hwasan = false
141  use_afl = false
142  use_cfi_diag = false
143  use_cfi_recover = false
144  use_drfuzz = false
145  use_libfuzzer = false
146  use_prebuilt_instrumented_libraries = false
147  use_locally_built_instrumented_libraries = false
148  use_sanitizer_coverage = false
149}
150
151# Whether we are doing a fuzzer build. Normally this should be checked instead
152# of checking "use_libfuzzer || use_afl" because often developers forget to
153# check for "use_afl".
154use_fuzzing_engine = use_libfuzzer || use_afl
155
156# Args that are in turn dependent on other args must be in a separate
157# declare_args block. User overrides are only applied at the end of a
158# declare_args block.
159declare_args() {
160  use_sanitizer_coverage =
161      !use_clang_coverage &&
162      (use_fuzzing_engine || sanitizer_coverage_flags != "")
163
164  # Detect overflow/underflow for global objects.
165  #
166  # Mac: http://crbug.com/352073
167  asan_globals = !is_mac
168}
169
170if (use_fuzzing_engine && sanitizer_coverage_flags == "") {
171  sanitizer_coverage_flags = "trace-pc-guard"
172} else if (use_sanitizer_coverage && sanitizer_coverage_flags == "") {
173  sanitizer_coverage_flags = "trace-pc-guard,indirect-calls"
174}
175
176# Whether we are linking against a debugging sanitizer runtime library. Among
177# other things, this changes the default symbol level and other settings in
178# order to prepare to create stack traces "live" using the sanitizer runtime.
179using_sanitizer =
180    is_asan || is_lsan || is_tsan || is_msan || is_ubsan || is_ubsan_null ||
181    is_ubsan_vptr || is_ubsan_security || use_sanitizer_coverage || use_cfi_diag
182
183if (!is_ohos) {
184  using_sanitizer = false
185}
186
187assert(!using_sanitizer || is_clang,
188       "Sanitizers (is_*san) require setting is_clang = true in 'gn args'")
189
190assert(!is_cfi || is_clang,
191       "is_cfi requires setting is_clang = true in 'gn args'")
192
193assert(!is_safestack || is_clang,
194       "is_safestack requires setting is_clang = true in 'gn args'")
195
196prebuilt_instrumented_libraries_available =
197    is_msan && (msan_track_origins == 0 || msan_track_origins == 2)
198
199if (use_libfuzzer && is_linux) {
200  if (is_asan) {
201    # We do leak checking with libFuzzer on Linux. Set is_lsan for code that
202    # relies on LEAK_SANITIZER define to avoid false positives.
203    is_lsan = true
204  }
205  if (is_msan) {
206    use_prebuilt_instrumented_libraries = true
207  }
208}
209
210# MSan only links Chrome properly in release builds (brettw -- 9/1/2015). The
211# same is possibly true for the other non-ASan sanitizers. But regardless of
212# whether it links, one would normally never run a sanitizer in debug mode.
213# Running in debug mode probably indicates you forgot to set the "is_debug =
214# false" flag in the build args. ASan seems to run fine in debug mode.
215#
216# If you find a use-case where you want to compile a sanitizer in debug mode
217# and have verified it works, ask brettw and we can consider removing it from
218# this condition. We may also be able to find another way to enable your case
219# without having people accidentally get broken builds by compiling an
220# unsupported or unadvisable configurations.
221#
222# For one-off testing, just comment this assertion out.
223assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_null || is_ubsan_vptr),
224       "Sanitizers should generally be used in release (set is_debug=false).")
225
226assert(!is_msan || (is_linux && current_cpu == "x64"),
227       "MSan currently only works on 64-bit Linux and ChromeOS builds.")
228
229assert(!is_lsan || is_asan, "is_lsan = true requires is_asan = true also.")
230
231# ASAN build on Windows is not working in debug mode. Intercepting memory
232# allocation functions is hard on Windows and not yet implemented in LLVM.
233assert(!is_win || !is_debug || !is_asan,
234       "ASan on Windows doesn't work in debug (set is_debug=false).")
235
236# Make sure that if we recover on detection (i.e. not crash), diagnostics are
237# printed.
238assert(!use_cfi_recover || use_cfi_diag,
239       "Only use CFI recovery together with diagnostics.")
240
241assert(
242    !(use_sanitizer_coverage && is_mac && target_os == "ios"),
243    "crbug.com/753445: use_sanitizer_coverage=true is not supported by the " +
244        "Chromium mac_clang_x64 toolchain on iOS distribution. Please set " +
245        "the argument value to false.")
246
247# Use these lists of configs to disable instrumenting code that is part of a
248# fuzzer, but which isn't being targeted (such as libprotobuf-mutator, *.pb.cc
249# and libprotobuf when they are built as part of a proto fuzzer). Adding or
250# removing these lists does not have any effect if use_libfuzzer or use_afl are
251# not passed as arguments to gn.
252not_fuzzed_remove_configs = []
253not_fuzzed_remove_nonasan_configs = []
254
255if (use_fuzzing_engine) {
256  # Removing coverage should always just work.
257  not_fuzzed_remove_configs += [ "//build/config/coverage:default_coverage" ]
258  not_fuzzed_remove_nonasan_configs +=
259      [ "//build/config/coverage:default_coverage" ]
260
261  if (!is_msan) {
262    # Allow sanitizer instrumentation to be removed if we are not using MSan
263    # since binaries cannot be partially instrumented with MSan.
264    not_fuzzed_remove_configs +=
265        [ "//build/config/sanitizers:default_sanitizer_flags" ]
266
267    # Certain parts of binaries must be instrumented with ASan if the rest of
268    # the binary is. For these, only remove non-ASan sanitizer instrumentation.
269    if (!is_asan && !is_tsan) {
270      not_fuzzed_remove_nonasan_configs +=
271          [ "//build/config/sanitizers:default_sanitizer_flags" ]
272      assert(not_fuzzed_remove_nonasan_configs == not_fuzzed_remove_configs)
273    }
274  }
275}
276
277template("ohos_sanitizer_config") {
278  config(target_name) {
279    forward_variables_from(invoker, [ "sanitize" ])
280    if (defined(sanitize)) {
281      configs = [ "//build/config/sanitizers:sanitizer_trap_all_flags" ]
282      _mode = "release"
283      _debug = (defined(sanitize.debug) && sanitize.debug) || is_asan || is_tsan
284      if (_debug) {
285        _mode = "debug"
286      }
287      _scudo = defined(sanitize.scudo) && sanitize.scudo && !is_asan && !is_tsan
288      if (_scudo) {
289        configs += [ "//build/config/sanitizers:scudo_config" ]
290      }
291      _ubsan = defined(sanitize.ubsan) && sanitize.ubsan && !is_asan && !is_tsan
292      if (_ubsan) {
293        configs +=
294            [ "//build/config/sanitizers:undefined_behavior_sanitize_config_" +
295              _mode ]
296      }
297      _all_ubsan = defined(sanitize.all_ubsan) && sanitize.all_ubsan &&
298                   !is_asan && !is_tsan
299      if (_all_ubsan) {
300        configs += [
301          "//build/config/sanitizers:all_undefined_behavior_sanitize_config_" +
302              _mode,
303        ]
304      }
305      _scs = defined(sanitize.scs) && sanitize.scs
306      if (_scs) {
307        configs += [ "//build/config/sanitizers:shadow_call_stack_config" ]
308      }
309      _boundary_sanitize = defined(sanitize.boundary_sanitize) &&
310                           sanitize.boundary_sanitize && !is_asan && !is_tsan
311      if (_boundary_sanitize) {
312        configs +=
313            [ "//build/config/sanitizers:boundary_sanitize_config_" + _mode ]
314      }
315
316      _integer_overflow = defined(sanitize.integer_overflow) &&
317                          sanitize.integer_overflow && !is_asan && !is_tsan
318      _unsigned_integer_overflow =
319          defined(sanitize.unsigned_integer_overflow) &&
320          sanitize.unsigned_integer_overflow && !is_asan && !is_tsan
321      _signed_integer_overflow =
322          defined(sanitize.signed_integer_overflow) &&
323          sanitize.signed_integer_overflow && !is_asan && !is_tsan
324      if (_unsigned_integer_overflow || _integer_overflow) {
325        configs +=
326            [ "//build/config/sanitizers:unsigned_integer_overflow_config" ]
327      }
328      if (_signed_integer_overflow || _integer_overflow) {
329        configs +=
330            [ "//build/config/sanitizers:signed_integer_overflow_config" ]
331      }
332      if (_integer_overflow || _unsigned_integer_overflow ||
333          _signed_integer_overflow) {
334        configs +=
335            [ "//build/config/sanitizers:common_integer_overflow_config_" +
336              _mode ]
337      }
338
339      if (defined(sanitize.blocklist)) {
340        cflags = [ "-fsanitize-blacklist=" +
341                   rebase_path(get_path_info(sanitize.blocklist, "abspath"),
342                               root_build_dir) ]
343      }
344      if (defined(sanitize.cfi) && sanitize.cfi && cfi_debug) {
345        _mode = "debug"
346      }
347      _cfi = use_cfi && defined(sanitize.cfi) && sanitize.cfi && !is_asan &&
348             !is_tsan
349      if (_cfi) {
350        if (defined(sanitize.cfi_cross_dso) && sanitize.cfi_cross_dso) {
351          configs += [ "//build/config/sanitizers:cfi_cross_dso_" + _mode ]
352        } else {
353          configs += [ "//build/config/sanitizers:cfi_config_" + _mode ]
354        }
355        if (!defined(sanitize.cfi_check_std) || !sanitize.cfi_check_std) {
356          configs += [ "//build/config/sanitizers:cfi_config_skip_std" ]
357        }
358        if (defined(sanitize.cfi_no_nvcall) && sanitize.cfi_no_nvcall) {
359          configs += [ "//build/config/sanitizers:cfi_no_nvcall" ]
360        }
361        if (defined(sanitize.cfi_vcall_icall_only) &&
362            sanitize.cfi_vcall_icall_only) {
363          configs += [ "//build/config/sanitizers:cfi_no_all" ]
364          configs += [ "//build/config/sanitizers:cfi_vcall" ]
365          configs += [ "//build/config/sanitizers:cfi_icall" ]
366        }
367        configs += [ "//build/config/sanitizers:cfi_trap_function_flags" ]
368      }
369      configs += [ "//build/config/sanitizers:compiler_rt_" + _mode ]
370    }
371  }
372}
373
374template("ohos_sanitizer_check") {
375  config(target_name) {
376    forward_variables_from(invoker,
377                           [
378                             "sanitize",
379                             "build_name",
380                             "part_name",
381                           ])
382    need_check_cfi = false
383    need_check_intsan = false
384    need_check_debug = true
385    bypass_cfi_target_list = []
386
387    foreach(config_name, bypass_config_debug_list) {
388      if (part_name == config_name) {
389        need_check_debug = false
390      }
391    }
392
393    if (need_check_debug && defined(sanitize) && defined(sanitize.debug)) {
394      assert(
395          sanitize.debug == false,
396          "Enable CFI can't configure 'debug=true'. Please check this target ${build_name} in ${part_name}. For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check.")
397    }
398
399    foreach(component_name, enable_cfi_part_and_bypass_list) {
400      if (part_name == component_name[0]) {
401        need_check_cfi = true
402        bypass_cfi_target_list = component_name[1]
403      }
404    }
405    foreach(component_name, enable_intsan_part_list) {
406      if (part_name == component_name) {
407        need_check_intsan = true
408      }
409    }
410    foreach(cfi_target, bypass_cfi_target_list) {
411      if (build_name == cfi_target) {
412        need_check_cfi = false
413      }
414    }
415    foreach(intsan_target, bypass_intsan_target_list) {
416      if (build_name == intsan_target) {
417        need_check_intsan = false
418      }
419    }
420
421    if (need_check_cfi) {
422      assert(
423          defined(sanitize) && defined(sanitize.cfi) && sanitize.cfi == true &&
424              defined(sanitize.cfi_cross_dso) &&
425              sanitize.cfi_cross_dso == true &&
426              ((defined(sanitize.debug) && sanitize.debug == false) ||
427                   !defined(sanitize.debug)) && !defined(sanitize.blocklist),
428          "Build targets in ${part_name} should fully enable cfi(cfi, cfi_cross_dso, !debug). For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check. If this target ${build_name} cannot enable cfi, add the target to ${ext_sanitizer_check_list_path} in bypass_${build_name}.")
429    }
430    if (need_check_intsan) {
431      assert(
432          defined(sanitize) && defined(sanitize.integer_overflow) &&
433              sanitize.integer_overflow,
434          "Build targets in ${part_name} should enable intsan. For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check. If this target ${build_name} cannot enable intsan, add the target to ${ext_sanitizer_check_list_path} in bypass_intsan_target_list.")
435    }
436    not_needed([
437                 "sanitize",
438                 "build_name",
439                 "part_name",
440               ])
441  }
442}
443