# Copyright 2015 The Chromium Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import("//build/config/chrome_build.gni") import("//build/config/chromecast_build.gni") import("//build/config/chromeos/args.gni") import("//build/config/chromeos/ui_mode.gni") import("//build/config/profiling/profiling.gni") import("//build/toolchain/toolchain.gni") declare_args() { # Compile for Address Sanitizer to find memory bugs. is_asan = false # Compile for Hardware-Assisted Address Sanitizer to find memory bugs # (android/arm64 only). # See http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html is_hwasan = false # Compile for Leak Sanitizer to find leaks. is_lsan = false # Compile for Memory Sanitizer to find uninitialized reads. is_msan = false # Compile for Thread Sanitizer to find threading bugs. is_tsan = false # Compile for Undefined Behaviour Sanitizer to find various types of # undefined behaviour (excludes vptr checks). is_ubsan = false # Halt the program if a problem is detected. is_ubsan_no_recover = false # Track where uninitialized memory originates from. From fastest to slowest: # 0 - no tracking, 1 - track only the initial allocation site, 2 - track the # chain of stores leading from allocation site to use site. msan_track_origins = 2 # Use dynamic libraries instrumented by one of the sanitizers instead of the # standard system libraries. Set this flag to build the libraries from source. use_locally_built_instrumented_libraries = false # Compile with Control Flow Integrity to protect virtual calls and casts. # See http://clang.llvm.org/docs/ControlFlowIntegrity.html # # TODO(pcc): Remove this flag if/when CFI is enabled in all official builds. is_cfi = is_official_build && is_clang && ((target_os == "linux" && target_cpu == "x64") || (is_chromeos && is_chromeos_device)) # Enable checks for indirect function calls via a function pointer. # TODO(pcc): remove this when we're ready to add these checks by default. # https://crbug.com/701919 use_cfi_icall = target_os == "linux" && target_cpu == "x64" && is_official_build # Print detailed diagnostics when Control Flow Integrity detects a violation. use_cfi_diag = false # Let Control Flow Integrity continue execution instead of crashing when # printing diagnostics (use_cfi_diag = true). use_cfi_recover = false # Compile for fuzzing with LLVM LibFuzzer. # See http://www.chromium.org/developers/testing/libfuzzer use_libfuzzer = false # Compile for fuzzing with centipede. # See https://github.com/google/centipede use_centipede = false # Compile for fuzzing with AFL. use_afl = false # Compile for fuzzing with an external engine (e.g., Grammarinator). use_external_fuzzing_engine = false # Enables core ubsan security features. Will later be removed once it matches # is_ubsan. is_ubsan_security = false # Helper variable for testing builds with disabled libfuzzer. # Not for client use. disable_libfuzzer = false # Optimize for coverage guided fuzzing (balance between speed and number of # branches). Can be also used to remove non-determinism and other issues. optimize_for_fuzzing = false # Value for -fsanitize-coverage flag. Setting this causes # use_sanitizer_coverage to be enabled. # This flag is not used for libFuzzer (use_libfuzzer=true). Instead, we use: # -fsanitize=fuzzer-no-link # Default value when unset and use_fuzzing_engine=true: # trace-pc-guard # Default value when unset and use_sanitizer_coverage=true: # trace-pc-guard,indirect-calls sanitizer_coverage_flags = "" # When enabled, only relevant sanitizer defines are set, but compilation # happens with no extra flags. This is useful when in component build # enabling sanitizers only in some of the components. use_sanitizer_configs_without_instrumentation = false # When true, seed corpora archives are built. archive_seed_corpus = true # When true, sanitizer warnings will cause test case failures. fail_on_san_warnings = false } declare_args() { # Enable checks for bad casts: derived cast and unrelated cast. # TODO(krasin): remove this, when we're ready to add these checks by default. # https://crbug.com/626794 use_cfi_cast = is_cfi && is_chromeos # Compile for Undefined Behaviour Sanitizer's vptr checks. is_ubsan_vptr = is_ubsan_security } assert(!is_hwasan || (target_os == "android" && target_cpu == "arm64"), "HWASan only supported on Android ARM64 builds.") # Disable sanitizers for non-target toolchains, and for the toolchain using # the prebuilt Rust stdlib which has no sanitizer support with it. if (!is_a_target_toolchain || toolchain_for_rust_host_build_tools) { is_asan = false is_cfi = false is_hwasan = false is_lsan = false is_msan = false is_tsan = false is_ubsan = false is_ubsan_no_recover = false is_ubsan_security = false is_ubsan_vptr = false fail_on_san_warnings = false msan_track_origins = 0 sanitizer_coverage_flags = "" use_afl = false use_centipede = false use_cfi_diag = false use_cfi_recover = false use_libfuzzer = false use_locally_built_instrumented_libraries = false use_sanitizer_coverage = false } else if (current_cpu != "arm64") { is_hwasan = false } # Use dynamic libraries instrumented by one of the sanitizers instead of the # standard system libraries. We have instrumented system libraries for msan, # which requires them to prevent false positives. # TODO(thakis): Maybe remove this variable. use_prebuilt_instrumented_libraries = is_msan # Whether we are doing a fuzzer build. Normally this should be checked instead # of checking "use_libfuzzer || use_afl" because often developers forget to # check for "use_afl", and "use_centipede" is new. use_fuzzing_engine = use_libfuzzer || use_afl || use_centipede || use_external_fuzzing_engine # Whether the current fuzzing engine supports libprotobuf_mutator. Right now # this is just libfuzzer, but others are likely to support this in future, # so it's preferable to check this. use_fuzzing_engine_with_lpm = use_libfuzzer || use_centipede # Whether the fuzzing engine supports fuzzers which supply their own # "main" function. fuzzing_engine_supports_custom_main = use_libfuzzer || use_centipede # Args that are in turn dependent on other args must be in a separate # declare_args block. User overrides are only applied at the end of a # declare_args block. declare_args() { # Generates an owners file for each fuzzer test. # TODO(crbug.com/1194183): Remove this arg when finding OWNERS is faster. generate_fuzzer_owners = use_fuzzing_engine use_sanitizer_coverage = !use_clang_coverage && (use_fuzzing_engine || sanitizer_coverage_flags != "") # https://crbug.com/1002058: Code coverage works inside the sandbox via the # help of several helper IPCs. Unfortunately, the sandbox-only path does not # work well for fuzzing builds. Since fuzzing builds already disable the # sandbox when dumping coverage, limit the sandbox-only path to non-fuzzing # builds. # Everything is IPC on Fuchsia, so this workaround for code coverage inside # the sandbox does not apply. use_clang_profiling_inside_sandbox = use_clang_profiling && !use_fuzzing_engine && !is_fuchsia } if (use_fuzzing_engine && sanitizer_coverage_flags == "") { sanitizer_coverage_flags = "trace-pc-guard" if (use_centipede) { # Centipede's minimal flags are listed in //third_party/centipede/src/clang-flags.txt. # But, for users like Chromium using an up-to-date clang, we can also # enable extra optional types of coverage which may make Centipede more # effective. This list is not currently documented and has been derived # from discussion with centipede creators (though one is warned about at # https://github.com/google/centipede/blob/main/centipede_callbacks.cc#L68) sanitizer_coverage_flags = sanitizer_coverage_flags + ",pc-table,trace-cmp,control-flow,trace-loads" } } else if (use_sanitizer_coverage && sanitizer_coverage_flags == "") { sanitizer_coverage_flags = "trace-pc-guard,indirect-calls" } # Whether we are linking against a sanitizer runtime library. Among other # things, this changes the default symbol level and other settings in order to # prepare to create stack traces "live" using the sanitizer runtime. using_sanitizer = is_asan || is_hwasan || is_lsan || is_tsan || is_msan || is_ubsan || is_ubsan_vptr || is_ubsan_security || use_sanitizer_coverage || use_cfi_diag assert(!using_sanitizer || is_clang, "Sanitizers (is_*san) require setting is_clang = true in 'gn args'") assert(!is_cfi || is_clang, "is_cfi requires setting is_clang = true in 'gn args'") prebuilt_instrumented_libraries_available = is_msan && (msan_track_origins == 0 || msan_track_origins == 2) if (use_libfuzzer && (is_linux || is_chromeos)) { if (is_asan) { # We do leak checking with libFuzzer on Linux. Set is_lsan for code that # relies on LEAK_SANITIZER define to avoid false positives. is_lsan = true } } # MSan only links Chrome properly in release builds (brettw -- 9/1/2015). The # same is possibly true for the other non-ASan sanitizers. But regardless of # whether it links, one would normally never run a sanitizer in debug mode. # Running in debug mode probably indicates you forgot to set the "is_debug = # false" flag in the build args. ASan seems to run fine in debug mode. # # If you find a use-case where you want to compile a sanitizer in debug mode # and have verified it works, ask brettw and we can consider removing it from # this condition. We may also be able to find another way to enable your case # without having people accidentally get broken builds by compiling an # unsupported or unadvisable configurations. # # For one-off testing, just comment this assertion out. assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_vptr), "Sanitizers should generally be used in release (set is_debug=false).") assert(!is_msan || ((is_linux || is_chromeos) && current_cpu == "x64"), "MSan currently only works on 64-bit Linux and ChromeOS builds.") assert(!is_lsan || is_asan, "is_lsan = true requires is_asan = true also.") # ASAN build on Windows is not working in debug mode. Intercepting memory # allocation functions is hard on Windows and not yet implemented in LLVM. assert(!is_win || !is_debug || !is_asan, "ASan on Windows doesn't work in debug (set is_debug=false).") # libFuzzer targets can fail to build or behave incorrectly when built without # ASAN on Windows. assert(!is_win || !use_libfuzzer || is_asan, "use_libfuzzer on Windows requires setting is_asan = true") # Make sure that if we recover on detection (i.e. not crash), diagnostics are # printed. assert(!use_cfi_recover || use_cfi_diag, "Only use CFI recovery together with diagnostics.") # TODO(crbug.com/753445): the use_sanitizer_coverage arg is currently # not supported by the Chromium mac_clang_x64 toolchain on iOS distribution. # The coverage works with iOS toolchain but it is broken when the mac # toolchain is used as a secondary one on iOS distribution. E.g., it should be # possible to build the "net" target for iOS with the sanitizer coverage # enabled. assert( !(use_sanitizer_coverage && is_mac && target_os == "ios"), "crbug.com/753445: use_sanitizer_coverage=true is not supported by the " + "Chromium mac_clang_x64 toolchain on iOS distribution. Please set " + "the argument value to false.") # Use these lists of configs to disable instrumenting code that is part of a # fuzzer, but which isn't being targeted (such as libprotobuf-mutator, *.pb.cc # and libprotobuf when they are built as part of a proto fuzzer). Adding or # removing these lists does not have any effect if use_libfuzzer or use_afl are # not passed as arguments to gn. not_fuzzed_remove_configs = [] not_fuzzed_remove_nonasan_configs = [] if (use_fuzzing_engine) { # Removing coverage should always just work. not_fuzzed_remove_configs += [ "//build/config/coverage:default_coverage" ] not_fuzzed_remove_nonasan_configs += [ "//build/config/coverage:default_coverage" ] if (!is_msan) { # Allow sanitizer instrumentation to be removed if we are not using MSan # since binaries cannot be partially instrumented with MSan. not_fuzzed_remove_configs += [ "//build/config/sanitizers:default_sanitizer_flags" ] # Certain parts of binaries must be instrumented with ASan if the rest of # the binary is. For these, only remove non-ASan sanitizer instrumentation. if (!is_asan) { not_fuzzed_remove_nonasan_configs += [ "//build/config/sanitizers:default_sanitizer_flags" ] assert(not_fuzzed_remove_nonasan_configs == not_fuzzed_remove_configs) } } } # Options common to different fuzzer engines. # Engine should be compiled without coverage (infinite loop in trace_cmp). fuzzing_engine_remove_configs = [ "//build/config/coverage:default_coverage", "//build/config/sanitizers:default_sanitizer_flags", ] # Add any sanitizer flags back. In MSAN builds, instrumenting libfuzzer with # MSAN is necessary since all parts of the binary need to be instrumented for it # to work. ASAN builds are more subtle: libfuzzer depends on features from the # C++ STL. If it were not instrumented, templates would be insantiated without # ASAN from libfuzzer and with ASAN in other TUs. The linker might merge # instrumented template instantiations with non-instrumented ones (which could # have a different ABI) in the final binary, which is problematic for TUs # expecting one particular ABI (https://crbug.com/915422). The other sanitizers # are added back for the same reason. fuzzing_engine_add_configs = [ "//build/config/sanitizers:default_sanitizer_flags_but_coverage" ]