1# Copyright 2014 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import("//build/config/clang/clang.gni") 6import("//build/config/ohos/config.gni") 7import("//build/config/sanitizers/sanitizers.gni") 8import("//build/misc/overrides/build.gni") 9import("//build/ohos_var.gni") 10import("//build/toolchain/toolchain.gni") 11 12# Contains the dependencies needed for sanitizers to link into executables and 13# shared_libraries. 14group("deps") { 15 if (using_sanitizer && !is_mingw) { 16 public_configs = [ 17 ":sanitizer_options_link_helper", 18 19 # Even when a target removes default_sanitizer_flags, it may be depending 20 # on a library that did not remove default_sanitizer_flags. Thus, we need 21 # to add the ldflags here as well as in default_sanitizer_flags. 22 ":default_sanitizer_ldflags", 23 ] 24 if (use_musl) { 25 public_configs -= [ ":sanitizer_options_link_helper" ] 26 public_configs -= [ ":default_sanitizer_ldflags" ] 27 } 28 deps = [ ":options_sources" ] 29 if (is_win) { 30 exe = ".exe" 31 } else { 32 exe = "" 33 } 34 data = [ 35 "//tools/valgrind/asan/", 36 "$clang_base_path/bin/llvm-symbolizer${exe}", 37 ] 38 if (use_prebuilt_instrumented_libraries || 39 use_locally_built_instrumented_libraries) { 40 deps += [ "//third_party/instrumented_libraries:deps" ] 41 } 42 43 # ASAN is supported on iOS but the runtime library depends on the compiler 44 # used (Chromium version of clang versus Xcode version of clang). Only copy 45 # the ASAN runtime on iOS if building with Chromium clang. 46 if (is_win || is_mac || !use_xcode_clang) { 47 data_deps = [ ":copy_asan_runtime" ] 48 } 49 if (is_mac || !use_xcode_clang) { 50 public_deps = [ ":asan_runtime_bundle_data" ] 51 } 52 } 53} 54 55if ((is_mac || is_win || !use_xcode_clang || is_ohos) && using_sanitizer) { 56 if (is_mac) { 57 _clang_rt_dso_path = "darwin/libclang_rt.asan_osx_dynamic.dylib" 58 } else if (is_win && target_cpu == "x86") { 59 _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-i386.dll" 60 } else if (is_win && target_cpu == "x64") { 61 _clang_rt_dso_path = "windows/clang_rt.asan_dynamic-x86_64.dll" 62 } else if (is_ohos) { 63 if (target_cpu == "arm64") { 64 if (use_hwasan) { 65 _clang_rt_dso_path = "aarch64-linux-ohos/libclang_rt.hwasan.so" 66 } else { 67 _clang_rt_dso_path = "aarch64-linux-ohos/libclang_rt.asan.so" 68 } 69 } else if (target_cpu == "arm") { 70 _clang_rt_dso_path = "arm-linux-ohos/libclang_rt.asan.so" 71 } else if (target_cpu == "x86_64") { 72 _clang_rt_dso_path = "x86_64-linux-ohos/libclang_rt.asan.so" 73 } else if (target_cpu == "riscv64") { 74 _clang_rt_dso_path = "riscv64-linux-ohos/libclang_rt.asan.so" 75 } else if (target_cpu == "loongarch64") { 76 _clang_rt_dso_path = "loongarch64-linux-ohos/libclang_rt.asan.so" 77 } 78 } 79 80 if (is_tsan && target_cpu == "arm64" && current_os == "ohos" && !is_mingw && 81 !is_win) { 82 _clang_rt_dso_path = "aarch64-linux-ohos/libclang_rt.tsan.so" 83 } 84 85 _clang_rt_dso_full_path = 86 "$clang_base_path/lib/clang/$clang_version/lib/$_clang_rt_dso_path" 87 88 copy("copy_asan_runtime") { 89 sources = [ _clang_rt_dso_full_path ] 90 outputs = [ "$root_out_dir/{{source_file_part}}" ] 91 } 92 93 if (is_mac || !use_xcode_clang) { 94 bundle_data("asan_runtime_bundle_data") { 95 sources = get_target_outputs(":copy_asan_runtime") 96 outputs = [ "{{bundle_executable_dir}}/{{source_file_part}}" ] 97 public_deps = [ ":copy_asan_runtime" ] 98 } 99 } 100} 101 102config("sanitizer_options_link_helper") { 103 if (is_mac) { 104 ldflags = [ "-Wl,-U,_sanitizer_options_link_helper" ] 105 } else if (!is_win && !is_mingw) { 106 ldflags = [ "-Wl,-u_sanitizer_options_link_helper" ] 107 } 108} 109 110static_library("options_sources") { 111 # This is a static_library instead of a source_set, as it shouldn't be 112 # unconditionally linked into targets. 113 visibility = [ 114 ":deps", 115 "//:gn_visibility", 116 ] 117 sources = [ "//build/misc/sanitizers/sanitizer_options.cc" ] 118 119 # Don't compile this target with any sanitizer code. It can be called from 120 # the sanitizer runtimes, so instrumenting these functions could cause 121 # recursive calls into the runtime if there is an error. 122 configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] 123 124 if (is_asan) { 125 if (!defined(asan_suppressions_file)) { 126 asan_suppressions_file = "//build/misc/sanitizers/asan_suppressions.cc" 127 } 128 sources += [ asan_suppressions_file ] 129 } 130 131 if (is_lsan) { 132 if (!defined(lsan_suppressions_file)) { 133 lsan_suppressions_file = "//build/misc/sanitizers/lsan_suppressions.cc" 134 } 135 sources += [ lsan_suppressions_file ] 136 } 137 138 if (is_tsan) { 139 if (!defined(tsan_suppressions_file)) { 140 tsan_suppressions_file = "//build/misc/sanitizers/tsan_suppressions.cc" 141 } 142 sources += [ tsan_suppressions_file ] 143 } 144} 145 146# Applies linker flags necessary when either :deps or :default_sanitizer_flags 147# are used. 148config("default_sanitizer_ldflags") { 149 visibility = [ 150 ":default_sanitizer_flags", 151 ":deps", 152 ] 153 154 if (is_posix && !is_mingw) { 155 ldflags = [] 156 if (is_asan) { 157 if (is_mac) { 158 # https://crbug.com/708707 159 ldflags += [ "-fno-sanitize-address-use-after-scope" ] 160 } else { 161 ldflags += [ "-fsanitize-address-use-after-scope" ] 162 } 163 ldflags += [ "-fsanitize-recover=address" ] 164 if (use_libfuzzer) { 165 ldflags += [ 166 "-fsanitize=address", 167 "-shared-libasan", 168 ] 169 } 170 } 171 if (is_lsan) { 172 ldflags += [ "-fsanitize=leak" ] 173 } 174 if (is_tsan) { 175 ldflags += [ 176 "-fsanitize=thread", 177 "-shared-libsan", 178 ] 179 } 180 if (is_msan) { 181 ldflags += [ "-fsanitize=memory" ] 182 } 183 if (is_ubsan || is_ubsan_security) { 184 ldflags += [ "-fsanitize=undefined" ] 185 } 186 if (is_ubsan_null) { 187 ldflags += [ "-fsanitize=null" ] 188 } 189 if (is_ubsan_vptr) { 190 ldflags += [ "-fsanitize=vptr" ] 191 } 192 if (is_safestack) { 193 ldflags += [ "-fsanitize=safe-stack" ] 194 } 195 196 if (use_sanitizer_coverage) { 197 if (use_libfuzzer && !is_mac) { 198 ldflags += [ "-fsanitize=fuzzer-no-link" ] 199 if (target_cpu == "arm64") { 200 fuzzer_lib_path = rebase_path( 201 "$clang_base_path/lib/clang/$clang_version/lib/$abi_target/libclang_rt.fuzzer_no_main.a", 202 root_build_dir) 203 } else if (target_cpu == "arm") { 204 fuzzer_lib_path = rebase_path( 205 "$clang_base_path/lib/clang/$clang_version/lib/arm-linux-ohos/libclang_rt.fuzzer_no_main.a", 206 root_build_dir) 207 } else if (target_cpu == "x86_64") { 208 fuzzer_lib_path = rebase_path( 209 "$clang_base_path/lib/clang/$clang_version/lib/x86_64-linux-ohos/libclang_rt.fuzzer_no_main.a", 210 root_build_dir) 211 } 212 ldflags += [ 213 "-Wl,--whole-archive", 214 "$fuzzer_lib_path", 215 "-Wl,--no-whole-archive", 216 "-lc++", 217 ] 218 } else { 219 ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ] 220 } 221 } 222 223 if (is_cfi && current_toolchain == default_toolchain) { 224 ldflags += [ "-fsanitize=cfi-vcall" ] 225 if (use_cfi_cast) { 226 ldflags += [ 227 "-fsanitize=cfi-derived-cast", 228 "-fsanitize=cfi-unrelated-cast", 229 ] 230 } 231 if (use_cfi_icall) { 232 ldflags += [ "-fsanitize=cfi-icall" ] 233 } 234 if (use_cfi_diag) { 235 ldflags += [ "-fno-sanitize-trap=cfi" ] 236 if (use_cfi_recover) { 237 ldflags += [ "-fsanitize-recover=cfi" ] 238 } 239 } 240 } 241 } else if (is_win) { 242 # Windows directly calls link.exe instead of the compiler driver when 243 # linking. Hence, pass the runtime libraries instead of -fsanitize=address 244 # or -fsanitize=fuzzer. 245 if (is_asan && is_component_build) { 246 # In the static-library build, ASan libraries are different for 247 # executables and dlls, see link_executable and link_shared_library below. 248 # This here handles only the component build. 249 if (target_cpu == "x64") { 250 # Windows 64-bit. 251 libs = [ 252 "clang_rt.asan_dynamic-x86_64.lib", 253 "clang_rt.asan_dynamic_runtime_thunk-x86_64.lib", 254 ] 255 } else { 256 assert(target_cpu == "x86", "WinASan unsupported architecture") 257 libs = [ 258 "clang_rt.asan_dynamic-i386.lib", 259 "clang_rt.asan_dynamic_runtime_thunk-i386.lib", 260 ] 261 } 262 } 263 if (use_libfuzzer) { 264 assert(target_cpu == "x64", "LibFuzzer unsupported architecture") 265 assert(!is_component_build, 266 "LibFuzzer only supports non-component builds on Windows") 267 268 # Incremental linking causes padding that messes up SanitizerCoverage. 269 # Don't do it. 270 ldflags = [ "/INCREMENTAL:NO" ] 271 libs = [ "clang_rt.fuzzer_no_main-x86_64.lib" ] 272 } 273 } 274} 275 276config("common_sanitizer_flags") { 277 cflags = [] 278 279 if (using_sanitizer && !is_mingw) { 280 assert(is_clang, "sanitizers only supported with clang") 281 assert(!is_official_build, "sanitizers not supported in official builds") 282 283 cflags += [ 284 # Column info in debug data confuses Visual Studio's debugger, so don't 285 # use this by default. However, clusterfuzz needs it for good 286 # attribution of reports to CLs, so turn it on there. 287 "-gcolumn-info", 288 ] 289 290 # Frame pointers are controlled in //build/config/compiler:default_stack_frames 291 } 292} 293 294config("asan_flags") { 295 cflags = [] 296 if (is_asan && !is_mingw && !use_hwasan) { 297 cflags += [ "-fsanitize=address" ] 298 if (!is_mac) { 299 cflags += [ "-fsanitize-address-use-after-scope" ] 300 } else { 301 # https://crbug.com/708707 302 cflags += [ "-fno-sanitize-address-use-after-scope" ] 303 } 304 if (!asan_globals) { 305 cflags += [ 306 "-mllvm", 307 "-asan-globals=0", 308 ] 309 } 310 cflags += [ "-fsanitize-recover=address" ] 311 } 312} 313 314config("hwasan_flags") { 315 cflags = [] 316 if (is_asan && use_hwasan && !is_mingw && current_cpu == "arm64") { 317 cflags += [ 318 "-fsanitize=hwaddress", 319 "-fno-emulated-tls", 320 "-mllvm", 321 "-hwasan-globals=0", 322 ] 323 } 324} 325 326config("link_executable") { 327 if (is_asan && is_win && !is_component_build) { 328 if (target_cpu == "x64") { 329 ldflags = [ "-wholearchive:clang_rt.asan-x86_64.lib" ] 330 } else { 331 assert(target_cpu == "x86", "WinASan unsupported architecture") 332 ldflags = [ "-wholearchive:clang_rt.asan-i386.lib" ] 333 } 334 } else if ((is_asan && is_ohos) || (is_tsan && is_ohos)) { 335 libs = [ "$_clang_rt_dso_full_path" ] 336 if (target_cpu == "arm") { 337 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-arm-asan.so.1" ] 338 } else if (target_cpu == "arm64") { 339 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-aarch64-asan.so.1" ] 340 } else if (target_cpu == "riscv64") { 341 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-riscv64-asan.so.1" ] 342 } else if (target_cpu == "loongarch64") { 343 ldflags = [ "-Wl,--dynamic-linker=/lib/ld-musl-loongarch64-asan.so.1" ] 344 } 345 } 346} 347 348config("link_shared_library") { 349 if (is_asan && is_win && !is_component_build) { 350 if (target_cpu == "x64") { 351 libs = [ "clang_rt.asan_dll_thunk-x86_64.lib" ] 352 } else { 353 assert(target_cpu == "x86", "WinASan unsupported architecture") 354 libs = [ "clang_rt.asan_dll_thunk-i386.lib" ] 355 } 356 } else if (is_asan && is_ohos) { 357 libs = [ "$_clang_rt_dso_full_path" ] 358 } else if (is_tsan && is_ohos && !is_mingw && !is_win) { 359 libs = [ "$_clang_rt_dso_full_path" ] 360 } 361} 362 363config("cfi_flags") { 364 cflags = [] 365 if (is_cfi && current_toolchain == default_toolchain) { 366 if (!defined(cfi_blocklist_path)) { 367 cfi_blocklist_path = 368 rebase_path("//tools/cfi/blocklist.txt", root_build_dir) 369 } 370 cflags += [ 371 "-fsanitize=cfi-vcall", 372 "-fsanitize-blacklist=$cfi_blocklist_path", 373 ] 374 375 if (use_cfi_cast) { 376 cflags += [ 377 "-fsanitize=cfi-derived-cast", 378 "-fsanitize=cfi-unrelated-cast", 379 ] 380 } 381 382 if (use_cfi_icall) { 383 cflags += [ "-fsanitize=cfi-icall" ] 384 } 385 386 if (use_cfi_diag) { 387 cflags += [ "-fno-sanitize-trap=cfi" ] 388 if (is_win) { 389 cflags += [ 390 "/Oy-", 391 "/Ob0", 392 ] 393 } else { 394 cflags += [ 395 "-fno-inline-functions", 396 "-fno-inline", 397 "-fno-omit-frame-pointer", 398 "-O1", 399 ] 400 } 401 if (use_cfi_recover) { 402 cflags += [ "-fsanitize-recover=cfi" ] 403 } 404 } 405 } 406} 407 408config("coverage_flags") { 409 cflags = [] 410 if (use_sanitizer_coverage) { 411 # Used by sandboxing code to allow coverage dump to be written on the disk. 412 defines = [ "SANITIZER_COVERAGE" ] 413 414 if (use_libfuzzer && !is_mac) { 415 # Adding -fsanitize=fuzzer-no-link will add -fsanitize-coverage=inline-8bit-counters, 416 # indirect-calls, trace-cmp, pc-table 417 cflags += [ "-fsanitize=fuzzer-no-link" ] 418 } else { 419 cflags += [ 420 "-fsanitize-coverage=$sanitizer_coverage_flags", 421 "-mllvm", 422 "-sanitizer-coverage-prune-blocks=1", 423 ] 424 if (current_cpu == "arm") { 425 # http://crbug.com/517105 426 cflags += [ 427 "-mllvm", 428 "-sanitizer-coverage-block-threshold=0", 429 ] 430 } 431 } 432 } 433} 434 435config("lsan_flags") { 436 if (is_lsan) { 437 cflags = [ "-fsanitize=leak" ] 438 } 439} 440 441config("msan_flags") { 442 if (is_msan) { 443 assert(is_linux, "msan only supported on linux x86_64") 444 if (!defined(msan_blocklist_path)) { 445 msan_blocklist_path = 446 rebase_path("//tools/msan/blocklist.txt", root_build_dir) 447 } 448 cflags = [ 449 "-fsanitize=memory", 450 "-fsanitize-memory-track-origins=$msan_track_origins", 451 "-fsanitize-blacklist=$msan_blocklist_path", 452 ] 453 } 454} 455 456config("safestack_flags") { 457 if (is_safestack) { 458 cflags = [ "-fsanitize=safe-stack" ] 459 } 460} 461 462config("tsan_flags") { 463 if (is_tsan && target_cpu == "arm64" && !is_mingw && !is_win) { 464 if (!defined(tsan_blocklist_path)) { 465 tsan_blocklist_path = rebase_path( 466 "//third_party/node/deps/v8/tools/memory/tsan_v2/ignores.txt", 467 root_build_dir) 468 } 469 cflags = [ 470 "-fsanitize=thread", 471 "-fsanitize-blacklist=$tsan_blocklist_path", 472 "-shared-libsan", 473 ] 474 } 475} 476 477config("ubsan_flags") { 478 cflags = [] 479 if (is_ubsan) { 480 if (!defined(ubsan_blocklist_path)) { 481 ubsan_blocklist_path = 482 rebase_path("//tools/ubsan/blocklist.txt", root_build_dir) 483 } 484 cflags += [ 485 # Yasm dies with an "Illegal instruction" error when bounds checking is 486 # enabled. See http://crbug.com/489901 487 # "-fsanitize=bounds", 488 "-fsanitize=float-divide-by-zero", 489 "-fsanitize=integer-divide-by-zero", 490 "-fsanitize=null", 491 "-fsanitize=object-size", 492 "-fsanitize=pointer-overflow", 493 "-fsanitize=return", 494 "-fsanitize=returns-nonnull-attribute", 495 "-fsanitize=shift-exponent", 496 "-fsanitize=signed-integer-overflow", 497 "-fsanitize=unreachable", 498 "-fsanitize=vla-bound", 499 "-fsanitize-blacklist=$ubsan_blocklist_path", 500 ] 501 502 # Chromecast ubsan builds fail to compile with these 503 # experimental flags, so only add them to non-chromecast ubsan builds. 504 if (!is_chromecast) { 505 cflags += [ 506 # Employ the experimental PBQP register allocator to avoid slow 507 # compilation on files with too many basic blocks. 508 # See http://crbug.com/426271. 509 "-mllvm", 510 "-regalloc=pbqp", 511 512 # Speculatively use coalescing to slightly improve the code generated 513 # by PBQP regallocator. May increase compile time. 514 "-mllvm", 515 "-pbqp-coalescing", 516 ] 517 } 518 } 519} 520 521config("ubsan_no_recover") { 522 if (is_ubsan_no_recover) { 523 cflags = [ "-fno-sanitize-recover=undefined" ] 524 } 525} 526 527config("ubsan_security_flags") { 528 if (is_ubsan_security) { 529 if (!defined(ubsan_security_blocklist_path)) { 530 ubsan_security_blocklist_path = 531 rebase_path("//tools/ubsan/security_blocklist.txt", root_build_dir) 532 } 533 cflags = [ 534 "-fsanitize=function", 535 "-fsanitize=pointer-overflow", 536 "-fsanitize=shift", 537 "-fsanitize=signed-integer-overflow", 538 "-fsanitize=vla-bound", 539 "-fsanitize=vptr", 540 "-fsanitize-blacklist=$ubsan_security_blocklist_path", 541 ] 542 } 543} 544 545config("ubsan_null_flags") { 546 if (is_ubsan_null) { 547 cflags = [ "-fsanitize=null" ] 548 } 549} 550 551config("ubsan_vptr_flags") { 552 if (is_ubsan_vptr) { 553 if (!defined(ubsan_vptr_blocklist_path)) { 554 ubsan_vptr_blocklist_path = 555 rebase_path("//tools/ubsan/vptr_blocklist.txt", root_build_dir) 556 } 557 cflags = [ 558 "-fsanitize=vptr", 559 "-fsanitize-blacklist=$ubsan_vptr_blocklist_path", 560 ] 561 } 562} 563 564config("fuzzing_build_mode") { 565 if (use_fuzzing_engine && optimize_for_fuzzing) { 566 defines = [ "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ] 567 } 568} 569 570all_sanitizer_configs = [ 571 ":common_sanitizer_flags", 572 ":coverage_flags", 573 ":default_sanitizer_ldflags", 574 ":asan_flags", 575 ":hwasan_flags", 576 ":cfi_flags", 577 ":lsan_flags", 578 ":msan_flags", 579 ":safestack_flags", 580 ":tsan_flags", 581 ":ubsan_flags", 582 ":ubsan_no_recover", 583 ":ubsan_null_flags", 584 ":ubsan_security_flags", 585 ":ubsan_vptr_flags", 586 ":fuzzing_build_mode", 587] 588 589# This config is applied by default to all targets. It sets the compiler flags 590# for sanitizer usage, or, if no sanitizer is set, does nothing. 591# 592# This needs to be in a separate config so that targets can opt out of 593# sanitizers (by removing the config) if they desire. Even if a target 594# removes this config, executables & shared libraries should still depend on 595# :deps if any of their dependencies have not opted out of sanitizers. 596# Keep this list in sync with default_sanitizer_flags_but_ubsan_vptr. 597config("default_sanitizer_flags") { 598 configs = all_sanitizer_configs 599} 600 601# This config is equivalent to default_sanitizer_flags, but excludes ubsan_vptr. 602# This allows to selectively disable ubsan_vptr, when needed. In particular, 603# if some third_party code is required to be compiled without rtti, which 604# is a requirement for ubsan_vptr. 605config("default_sanitizer_flags_but_ubsan_vptr") { 606 configs = all_sanitizer_configs - [ ":ubsan_vptr_flags" ] 607} 608 609config("default_sanitizer_flags_but_coverage") { 610 configs = all_sanitizer_configs - [ ":coverage_flags" ] 611} 612 613config("sanitizer_trap_all_flags") { 614 cflags = [ 615 "-fsanitize-trap=all", 616 "-ftrap-function=abort", 617 ] 618 ldflags = cflags 619} 620 621config("cfi_trap_function_flags") { 622 if (is_ohos && target_cpu == "arm64") { 623 cflags = [ "-fcfi-trap-function=__cfi_fail_report" ] 624 ldflags = [ "-fcfi-trap-function=__cfi_fail_report" ] 625 } 626} 627 628# By default, cfi is in release mode 629config("cfi_config_release") { 630 if (is_ohos) { 631 _cfi_blocklist_path = "//build/config/sanitizers/cfi_blocklist.txt" 632 633 configs = [ "//build/config/gcc:symbol_visibility_default" ] 634 cflags = [ 635 "-flto", 636 "-fsanitize=cfi", 637 "-fsanitize-blacklist=" + 638 rebase_path(_cfi_blocklist_path, root_build_dir), 639 ] 640 641 # Remove some platforms because version-script is only meaningful for elf platform that support shared libraries. 642 # Add a cfi version script to ensure cfi related symbols can be exported. 643 if (!is_win) { 644 _cfi_version_script = 645 rebase_path("//build/config/sanitizers/cfi.versionscript") 646 ldflags = [ "-Wl,--version-script=${_cfi_version_script}" ] 647 } 648 } 649} 650 651# Temporarily skip cfi check of namespace std 652config("cfi_config_skip_std") { 653 if (is_ohos) { 654 _cfi_blocklist_path = "//build/config/sanitizers/cfi_blocklist_std.txt" 655 cflags = [ "-fsanitize-blacklist=" + 656 rebase_path(_cfi_blocklist_path, root_build_dir) ] 657 } 658} 659 660# Debug mode, add no-trap and recover options over release mode 661config("cfi_config_debug") { 662 if (is_ohos) { 663 configs = [ ":cfi_config_release" ] 664 cflags = [ 665 "-fno-sanitize-trap=cfi", 666 "-fsanitize-recover=cfi,undefined", 667 ] 668 } 669} 670 671config("cfi_cross_dso_release") { 672 configs = [ ":cfi_config_release" ] 673 cflags = [ "-fsanitize-cfi-cross-dso" ] 674 ldflags = [ 675 "-flto", 676 "-fsanitize=cfi", 677 "-fsanitize-cfi-cross-dso", 678 ] 679} 680 681# Disable cfi nvcall 682config("cfi_no_nvcall") { 683 cflags = [ "-fno-sanitize=cfi-nvcall" ] 684 ldflags = [ "-fno-sanitize=cfi-nvcall" ] 685} 686 687# Disable cfi all 688config("cfi_no_all") { 689 cflags = [ "-fno-sanitize=cfi" ] 690 ldflags = [ "-fno-sanitize=cfi" ] 691} 692 693# Enable cfi vcall 694config("cfi_vcall") { 695 cflags = [ "-fsanitize=cfi-vcall" ] 696 ldflags = [ "-fsanitize=cfi-vcall" ] 697} 698 699# Enable cfi icall 700config("cfi_icall") { 701 cflags = [ "-fsanitize=cfi-icall" ] 702 ldflags = [ "-fsanitize=cfi-icall" ] 703} 704 705config("cfi_cross_dso_debug") { 706 configs = [ ":cfi_cross_dso_release" ] 707 cflags = [ 708 "-fno-sanitize-trap=cfi", 709 "-fsanitize-recover=cfi,undefined", 710 ] 711 ldflags = cflags 712} 713 714config("shadow_call_stack_config") { 715 if (target_cpu == "arm64") { 716 cflags = [ 717 # See https://clang.llvm.org/docs/ShadowCallStack.html 718 "-fsanitize=shadow-call-stack", 719 ] 720 ldflags = cflags 721 configs = [ ":sanitizer_trap_all_flags" ] 722 } 723} 724 725template("config_plus_compiler_rt") { 726 forward_variables_from(invoker, [ "compiler_rt_shared_lib_names" ]) 727 not_needed([ "compiler_rt_shared_lib_names" ]) 728 729 _clang_rt_dso_paths = [] 730 if ((host_os == "linux" || host_os == "mac") && target_os == "ohos" && 731 !is_mingw && is_ohos) { 732 _dso_names = [] 733 foreach(dso_name, compiler_rt_shared_lib_names) { 734 # Add runtime shared library support 735 _dso_names += [ "${abi_target}/libclang_rt.${dso_name}.so" ] 736 } 737 738 foreach(rt_lib, _dso_names) { 739 _clang_rt_dso_paths += [ "$clang_lib_base_path/${rt_lib}" ] 740 } 741 } 742 743 config(target_name) { 744 forward_variables_from(invoker, 745 [ 746 "cflags", 747 "cflags_cc", 748 "asmflags", 749 "ldflags", 750 "libs", 751 "configs", 752 ]) 753 754 # Link library by its fullpath 755 if (defined(libs)) { 756 libs += _clang_rt_dso_paths 757 } else { 758 libs = _clang_rt_dso_paths 759 } 760 } 761} 762 763config_plus_compiler_rt("scudo_config") { 764 cflags = [ "-fsanitize=scudo" ] 765 configs = [ ":sanitizer_trap_all_flags" ] 766 compiler_rt_shared_lib_names = [ "scudo_minimal" ] 767} 768 769config("all_undefined_behavior_sanitize_config_release") { 770 cflags = [ 771 "-fsanitize=undefined", 772 "-fno-sanitize-trap=integer,undefined", 773 "-fno-sanitize-recover=integer,undefined", 774 ] 775} 776 777config("all_undefined_behavior_sanitize_config_debug") { 778 cflags = [ 779 "-fsanitize=undefined", 780 "-fno-sanitize-trap=integer,undefined", 781 "-fsanitize-recover=integer,undefined", 782 ] 783} 784 785config("undefined_behavior_sanitize_config_release") { 786 cflags = [ 787 "-fsanitize=bool,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,unreachable,vla-bound", 788 "-fno-sanitize-trap=integer,undefined", 789 "-fno-sanitize-recover=integer,undefined", 790 "-fno-sanitize=implicit-integer-sign-change", 791 ] 792} 793 794config("undefined_behavior_sanitize_config_debug") { 795 cflags = [ 796 "-fsanitize=bool,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,unreachable,vla-bound", 797 "-fno-sanitize-trap=integer,undefined", 798 "-fsanitize-recover=integer,undefined", 799 "-fno-sanitize=implicit-integer-sign-change", 800 ] 801} 802 803config("boundary_sanitize_config_release") { 804 cflags = [ 805 "-fsanitize=bounds", 806 "-fno-sanitize-trap=integer,undefined", 807 "-fno-sanitize-recover=integer,undefined", 808 "-fno-sanitize=implicit-integer-sign-change", 809 ] 810} 811 812config("boundary_sanitize_config_debug") { 813 cflags = [ 814 "-fsanitize=bounds", 815 "-fno-sanitize-trap=integer,undefined", 816 "-fsanitize-recover=integer,undefined", 817 "-fno-sanitize=implicit-integer-sign-change", 818 ] 819} 820 821config("common_integer_overflow_config_release") { 822 _integer_overflow_blocklist = "./integer_overflow_blocklist.txt" 823 cflags = [ 824 "-fsanitize-blacklist=" + 825 rebase_path(_integer_overflow_blocklist, root_build_dir), 826 "-fno-sanitize-trap=integer,undefined", 827 "-fno-sanitize-recover=integer,undefined", 828 ] 829} 830 831config("common_integer_overflow_config_debug") { 832 _integer_overflow_blocklist = "./integer_overflow_blocklist.txt" 833 cflags = [ 834 "-fsanitize-blacklist=" + 835 rebase_path(_integer_overflow_blocklist, root_build_dir), 836 "-fno-sanitize-trap=integer,undefined", 837 "-fsanitize-recover=integer,undefined", 838 ] 839} 840 841config("signed_integer_overflow_config") { 842 cflags = [ "-fsanitize=signed-integer-overflow" ] 843} 844 845config("unsigned_integer_overflow_config") { 846 cflags = [ "-fsanitize=unsigned-integer-overflow" ] 847} 848 849config_plus_compiler_rt("compiler_rt_debug") { 850 compiler_rt_shared_lib_names = [ "ubsan_standalone" ] 851} 852 853config_plus_compiler_rt("compiler_rt_release") { 854 if (!is_tsan) { 855 cflags = [ "-fsanitize-minimal-runtime" ] 856 } 857 compiler_rt_shared_lib_names = [ "ubsan_minimal" ] 858} 859