# Copyright 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/config/coverage/coverage.gni")
import("//build/toolchain/toolchain.gni")
if (!build_xts && defined(ext_sanitizer_check_list_path)) {
import("${ext_sanitizer_check_list_path}")
}
declare_args() {
# Compile for Address Sanitizer to find memory bugs.
is_asan = false
# Compile for Hardware-Assisted Address Sanitizer to find memory bugs.
use_hwasan = false
# Customize asan detection.
asan_detector = false
# Compile for Leak Sanitizer to find leaks.
is_lsan = false
# Compile for Memory Sanitizer to find uninitialized reads.
is_msan = false
# Compile for Thread Sanitizer to find threading bugs.
is_tsan = false
# Compile for Undefined Behavior Sanitizer to find various types of
# undefined behavior (excludes vptr checks).
is_ubsan = false
# Halt the program if a problem is detected.
is_ubsan_no_recover = false
# Compile for Undefined Behavior Sanitizer's null pointer checks.
is_ubsan_null = false
# Compile for Undefined Behavior Sanitizer's vptr checks.
is_ubsan_vptr = false
# Compile with SafeStack shadow stack support.
is_safestack = false
# Track where uninitialized memory originates from. From fastest to slowest:
# 0 - no tracking, 1 - track only the initial allocation site, 2 - track the
# chain of stores leading from allocation site to use site.
msan_track_origins = 2
# Use dynamic libraries instrumented by one of the sanitizers instead of the
# standard system libraries. Set this flag to download prebuilt binaries from
# GCS.
use_prebuilt_instrumented_libraries = false
# Use dynamic libraries instrumented by one of the sanitizers instead of the
# standard system libraries. Set this flag to build the libraries from source.
use_locally_built_instrumented_libraries = false
# Compile with Control Flow Integrity to protect virtual calls and casts.
# See http://clang.llvm.org/docs/ControlFlowIntegrity.html
is_cfi = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
is_official_build
# Enable checks for bad casts: derived cast and unrelated cast.
use_cfi_cast = false
# Enable checks for indirect function calls via a function pointer.
use_cfi_icall = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
is_official_build
# Print detailed diagnostics when Control Flow Integrity detects a violation.
use_cfi_diag = false
# Let Control Flow Integrity continue execution instead of crashing when
# printing diagnostics (use_cfi_diag = true).
use_cfi_recover = false
# Compile for fuzzing with LLVM LibFuzzer.
# See http://www.chromium.org/developers/testing/libfuzzer
use_libfuzzer = false
# Compile for fuzzing with AFL.
use_afl = false
# Enables core ubsan security features. Will later be removed once it matches
# is_ubsan.
is_ubsan_security = false
# Compile for fuzzing with Dr. Fuzz
# See http://www.chromium.org/developers/testing/dr-fuzz
use_drfuzz = false
# Helper variable for testing builds with disabled libfuzzer.
# Not for client use.
disable_libfuzzer = false
# Optimize for coverage guided fuzzing (balance between speed and number of
# branches). Can be also used to remove non-determinism and other issues.
optimize_for_fuzzing = false
# Value for -fsanitize-coverage flag. Setting this causes
# use_sanitizer_coverage to be enabled.
# This flag is not used for libFuzzer (use_libfuzzer=true) unless we are on
# Mac. Instead, we use:
# -fsanitize=fuzzer-no-link
# Default value when unset and use_fuzzing_engine=true:
# trace-pc-guard
# Default value when unset and use_sanitizer_coverage=true:
# trace-pc-guard,indirect-calls
sanitizer_coverage_flags = ""
# The global switch of cfi. Disable it to improve compiling efficiency while
# being vulnerable to cfi attack.
use_cfi = true
# The global switch of cfi debug mode.
cfi_debug = false
# Policy of security-related compilation configs, based on device performance.
# "high": High-load security policy enabled. Suitable for High-performance devices.
# "standard": Standard security policy enabled. Suitable for Mid-performance devices.
# "basic": Basic security policy enabled. Suitable for Low-performance devices.
# High-load features like CFI are disabled with this value.
build_framework_security_configs_policy = "high"
}
is_v8_host_toolchain =
current_toolchain == "//build/toolchain/linux:clang_x64_v8_arm64" ||
current_toolchain == "//build/toolchain/linux:clang_x86_v8_arm"
# Disable sanitizers for non-default toolchains.
if (current_toolchain == host_toolchain || is_v8_host_toolchain) {
is_asan = false
is_cfi = false
is_lsan = false
is_msan = false
is_tsan = false
is_ubsan = false
is_ubsan_null = false
is_ubsan_no_recover = false
is_ubsan_security = false
is_ubsan_vptr = false
msan_track_origins = 0
sanitizer_coverage_flags = ""
use_hwasan = false
use_afl = false
use_cfi_diag = false
use_cfi_recover = false
use_drfuzz = false
use_libfuzzer = false
use_prebuilt_instrumented_libraries = false
use_locally_built_instrumented_libraries = false
use_sanitizer_coverage = false
}
# Whether we are doing a fuzzer build. Normally this should be checked instead
# of checking "use_libfuzzer || use_afl" because often developers forget to
# check for "use_afl".
use_fuzzing_engine = use_libfuzzer || use_afl
# Args that are in turn dependent on other args must be in a separate
# declare_args block. User overrides are only applied at the end of a
# declare_args block.
declare_args() {
use_sanitizer_coverage =
!use_clang_coverage &&
(use_fuzzing_engine || sanitizer_coverage_flags != "")
# Detect overflow/underflow for global objects.
#
# Mac: http://crbug.com/352073
asan_globals = !is_mac
}
if (use_fuzzing_engine && sanitizer_coverage_flags == "") {
sanitizer_coverage_flags = "trace-pc-guard"
} else if (use_sanitizer_coverage && sanitizer_coverage_flags == "") {
sanitizer_coverage_flags = "trace-pc-guard,indirect-calls"
}
# Whether we are linking against a debugging sanitizer runtime library. Among
# other things, this changes the default symbol level and other settings in
# order to prepare to create stack traces "live" using the sanitizer runtime.
using_sanitizer =
is_asan || is_lsan || is_tsan || is_msan || is_ubsan || is_ubsan_null ||
is_ubsan_vptr || is_ubsan_security || use_sanitizer_coverage || use_cfi_diag
if (!is_ohos) {
using_sanitizer = false
}
assert(!using_sanitizer || is_clang,
"Sanitizers (is_*san) require setting is_clang = true in 'gn args'")
assert(!is_cfi || is_clang,
"is_cfi requires setting is_clang = true in 'gn args'")
assert(!is_safestack || is_clang,
"is_safestack requires setting is_clang = true in 'gn args'")
prebuilt_instrumented_libraries_available =
is_msan && (msan_track_origins == 0 || msan_track_origins == 2)
if (use_libfuzzer && is_linux) {
if (is_asan) {
# We do leak checking with libFuzzer on Linux. Set is_lsan for code that
# relies on LEAK_SANITIZER define to avoid false positives.
is_lsan = true
}
if (is_msan) {
use_prebuilt_instrumented_libraries = true
}
}
# MSan only links Chrome properly in release builds (brettw -- 9/1/2015). The
# same is possibly true for the other non-ASan sanitizers. But regardless of
# whether it links, one would normally never run a sanitizer in debug mode.
# Running in debug mode probably indicates you forgot to set the "is_debug =
# false" flag in the build args. ASan seems to run fine in debug mode.
#
# If you find a use-case where you want to compile a sanitizer in debug mode
# and have verified it works, ask brettw and we can consider removing it from
# this condition. We may also be able to find another way to enable your case
# without having people accidentally get broken builds by compiling an
# unsupported or unadvisable configurations.
#
# For one-off testing, just comment this assertion out.
assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_null || is_ubsan_vptr),
"Sanitizers should generally be used in release (set is_debug=false).")
assert(!is_msan || (is_linux && current_cpu == "x64"),
"MSan currently only works on 64-bit Linux and ChromeOS builds.")
assert(!is_lsan || is_asan, "is_lsan = true requires is_asan = true also.")
# ASAN build on Windows is not working in debug mode. Intercepting memory
# allocation functions is hard on Windows and not yet implemented in LLVM.
assert(!is_win || !is_debug || !is_asan,
"ASan on Windows doesn't work in debug (set is_debug=false).")
# Make sure that if we recover on detection (i.e. not crash), diagnostics are
# printed.
assert(!use_cfi_recover || use_cfi_diag,
"Only use CFI recovery together with diagnostics.")
assert(
!(use_sanitizer_coverage && is_mac && target_os == "ios"),
"crbug.com/753445: use_sanitizer_coverage=true is not supported by the " +
"Chromium mac_clang_x64 toolchain on iOS distribution. Please set " +
"the argument value to false.")
# Use these lists of configs to disable instrumenting code that is part of a
# fuzzer, but which isn't being targeted (such as libprotobuf-mutator, *.pb.cc
# and libprotobuf when they are built as part of a proto fuzzer). Adding or
# removing these lists does not have any effect if use_libfuzzer or use_afl are
# not passed as arguments to gn.
not_fuzzed_remove_configs = []
not_fuzzed_remove_nonasan_configs = []
if (use_fuzzing_engine) {
# Removing coverage should always just work.
not_fuzzed_remove_configs += [ "//build/config/coverage:default_coverage" ]
not_fuzzed_remove_nonasan_configs +=
[ "//build/config/coverage:default_coverage" ]
if (!is_msan) {
# Allow sanitizer instrumentation to be removed if we are not using MSan
# since binaries cannot be partially instrumented with MSan.
not_fuzzed_remove_configs +=
[ "//build/config/sanitizers:default_sanitizer_flags" ]
# Certain parts of binaries must be instrumented with ASan if the rest of
# the binary is. For these, only remove non-ASan sanitizer instrumentation.
if (!is_asan && !is_tsan) {
not_fuzzed_remove_nonasan_configs +=
[ "//build/config/sanitizers:default_sanitizer_flags" ]
assert(not_fuzzed_remove_nonasan_configs == not_fuzzed_remove_configs)
}
}
}
template("ohos_sanitizer_config") {
config(target_name) {
forward_variables_from(invoker, [ "sanitize" ])
if (defined(sanitize)) {
configs = [ "//build/config/sanitizers:sanitizer_trap_all_flags" ]
_mode = "release"
_debug = (defined(sanitize.debug) && sanitize.debug) || is_asan || is_tsan
if (_debug) {
_mode = "debug"
}
_scudo = defined(sanitize.scudo) && sanitize.scudo && !is_asan && !is_tsan
if (_scudo) {
configs += [ "//build/config/sanitizers:scudo_config" ]
}
_ubsan = defined(sanitize.ubsan) && sanitize.ubsan && !is_asan && !is_tsan
if (_ubsan) {
configs +=
[ "//build/config/sanitizers:undefined_behavior_sanitize_config_" +
_mode ]
}
_all_ubsan = defined(sanitize.all_ubsan) && sanitize.all_ubsan &&
!is_asan && !is_tsan
if (_all_ubsan) {
configs += [
"//build/config/sanitizers:all_undefined_behavior_sanitize_config_" +
_mode,
]
}
_scs = defined(sanitize.scs) && sanitize.scs
if (_scs) {
configs += [ "//build/config/sanitizers:shadow_call_stack_config" ]
}
_boundary_sanitize = defined(sanitize.boundary_sanitize) &&
sanitize.boundary_sanitize && !is_asan && !is_tsan
if (_boundary_sanitize) {
configs +=
[ "//build/config/sanitizers:boundary_sanitize_config_" + _mode ]
}
_integer_overflow = defined(sanitize.integer_overflow) &&
sanitize.integer_overflow && !is_asan && !is_tsan
_unsigned_integer_overflow =
defined(sanitize.unsigned_integer_overflow) &&
sanitize.unsigned_integer_overflow && !is_asan && !is_tsan
_signed_integer_overflow =
defined(sanitize.signed_integer_overflow) &&
sanitize.signed_integer_overflow && !is_asan && !is_tsan
if (_unsigned_integer_overflow || _integer_overflow) {
configs +=
[ "//build/config/sanitizers:unsigned_integer_overflow_config" ]
}
if (_signed_integer_overflow || _integer_overflow) {
configs +=
[ "//build/config/sanitizers:signed_integer_overflow_config" ]
}
if (_integer_overflow || _unsigned_integer_overflow ||
_signed_integer_overflow) {
configs +=
[ "//build/config/sanitizers:common_integer_overflow_config_" +
_mode ]
}
if (defined(sanitize.blocklist)) {
cflags = [ "-fsanitize-blacklist=" +
rebase_path(get_path_info(sanitize.blocklist, "abspath"),
root_build_dir) ]
}
if (defined(sanitize.cfi) && sanitize.cfi && cfi_debug) {
_mode = "debug"
}
_cfi = use_cfi && defined(sanitize.cfi) && sanitize.cfi && !is_asan &&
!is_tsan
if (_cfi) {
_cfi_enable = true
if (build_framework_security_configs_policy == "basic") {
if (defined(sanitize.cfi_policy) && sanitize.cfi_policy == "adaptive") {
_cfi_enable = false
}
}
if (_cfi_enable) {
if (defined(sanitize.cfi_cross_dso) && sanitize.cfi_cross_dso) {
configs += [ "//build/config/sanitizers:cfi_cross_dso_" + _mode ]
} else {
configs += [ "//build/config/sanitizers:cfi_config_" + _mode ]
}
if (!defined(sanitize.cfi_check_std) || !sanitize.cfi_check_std) {
configs += [ "//build/config/sanitizers:cfi_config_skip_std" ]
}
if (defined(sanitize.cfi_no_nvcall) && sanitize.cfi_no_nvcall) {
configs += [ "//build/config/sanitizers:cfi_no_nvcall" ]
}
if (defined(sanitize.cfi_vcall_icall_only) &&
sanitize.cfi_vcall_icall_only) {
configs += [ "//build/config/sanitizers:cfi_no_all" ]
configs += [ "//build/config/sanitizers:cfi_vcall" ]
configs += [ "//build/config/sanitizers:cfi_icall" ]
}
configs += [ "//build/config/sanitizers:cfi_trap_function_flags" ]
}
} else {
if (defined(sanitize.cfi_policy)) {
# Still keep the '-flto' flag to reduce binary size and memory usage
cflags = [ "-flto" ]
}
}
configs += [ "//build/config/sanitizers:compiler_rt_" + _mode ]
}
}
}
template("ohos_sanitizer_check") {
config(target_name) {
forward_variables_from(invoker,
[
"sanitize",
"build_name",
"part_name",
])
need_check_cfi = false
need_check_intsan = false
need_check_debug = true
bypass_cfi_target_list = []
foreach(config_name, bypass_config_debug_list) {
if (part_name == config_name) {
need_check_debug = false
}
}
if (need_check_debug && defined(sanitize) && defined(sanitize.debug)) {
assert(
sanitize.debug == false,
"Enable CFI can't configure 'debug=true'. Please check this target ${build_name} in ${part_name}. For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check.")
}
foreach(component_name, enable_cfi_part_and_bypass_list) {
if (part_name == component_name[0]) {
need_check_cfi = true
bypass_cfi_target_list = component_name[1]
}
}
foreach(component_name, enable_intsan_part_list) {
if (part_name == component_name) {
need_check_intsan = true
}
}
foreach(cfi_target, bypass_cfi_target_list) {
if (build_name == cfi_target) {
need_check_cfi = false
}
}
foreach(intsan_target, bypass_intsan_target_list) {
if (build_name == intsan_target) {
need_check_intsan = false
}
}
if (need_check_cfi) {
assert(
defined(sanitize) && defined(sanitize.cfi) && sanitize.cfi == true &&
defined(sanitize.cfi_cross_dso) &&
sanitize.cfi_cross_dso == true &&
((defined(sanitize.debug) && sanitize.debug == false) ||
!defined(sanitize.debug)) && !defined(sanitize.blocklist),
"Build targets in ${part_name} should fully enable cfi(cfi, cfi_cross_dso, !debug). For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check. If this target ${build_name} cannot enable cfi, add the target to ${ext_sanitizer_check_list_path} in bypass_${build_name}.")
}
if (need_check_intsan) {
assert(
defined(sanitize) && defined(sanitize.integer_overflow) &&
sanitize.integer_overflow,
"Build targets in ${part_name} should enable intsan. For local debug, try to build with '--gn-args allow_sanitize_debug=true' to bypass sanitize check. If this target ${build_name} cannot enable intsan, add the target to ${ext_sanitizer_check_list_path} in bypass_intsan_target_list.")
}
not_needed([
"sanitize",
"build_name",
"part_name",
])
}
}
