Merge "Add integer_overflow sanitization build option."

This commit is contained in:
Ivan Lozano 2017-07-07 20:07:20 +00:00 committed by Gerrit Code Review
commit 05900230fd
3 changed files with 59 additions and 0 deletions

View File

@ -216,6 +216,7 @@ LOCAL_RTTI_FLAG:=
LOCAL_SANITIZE:=
LOCAL_SANITIZE_DIAG:=
LOCAL_SANITIZE_RECOVER:=
LOCAL_SANITIZE_BLACKLIST :=
LOCAL_SDK_RES_VERSION:=
LOCAL_SDK_VERSION:=
LOCAL_SHARED_ANDROID_LIBRARIES:=

View File

@ -9,6 +9,7 @@ my_sanitize_diag := $(strip $(LOCAL_SANITIZE_DIAG))
# modules that haven't set `LOCAL_CLANG := false` and device modules that
# have set `LOCAL_CLANG := true`.
my_global_sanitize :=
my_global_sanitize_diag :=
ifeq ($(my_clang),true)
ifdef LOCAL_IS_HOST_MODULE
my_global_sanitize := $(strip $(SANITIZE_HOST))
@ -17,18 +18,23 @@ ifeq ($(my_clang),true)
my_global_sanitize := $(subst true,address,$(my_global_sanitize))
else
my_global_sanitize := $(strip $(SANITIZE_TARGET))
my_global_sanitize_diag := $(strip $(SANITIZE_TARGET_DIAG))
endif
endif
ifneq ($(my_global_sanitize),)
my_sanitize := $(my_global_sanitize) $(my_sanitize)
endif
ifneq ($(my_global_sanitize_diag),)
my_sanitize_diag := $(my_global_sanitize_diag) $(my_sanitize_diag)
endif
# The sanitizer specified in the product configuration wins over the previous.
ifneq ($(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG),)
my_sanitize := $(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG)
ifeq ($(my_sanitize),never)
my_sanitize :=
my_sanitize_diag :=
endif
endif
@ -37,6 +43,7 @@ ifndef LOCAL_IS_HOST_MODULE
SANITIZE_TARGET_ARCH ?= $(TARGET_ARCH) $(TARGET_2ND_ARCH)
ifeq ($(filter $(SANITIZE_TARGET_ARCH),$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_sanitize :=
my_sanitize_diag :=
endif
endif
@ -47,6 +54,7 @@ ifneq (,$(SANITIZE_NEVER_BY_OWNER))
ifneq (,$(filter $(LOCAL_MODULE_OWNER),$(subst :, ,$(SANITIZE_NEVER_BY_OWNER))))
$(warning Not sanitizing $(LOCAL_MODULE) based on module owner.)
my_sanitize :=
my_sanitize_diag :=
endif
endif
endif
@ -55,11 +63,13 @@ endif
ifdef LOCAL_SDK_VERSION
my_sanitize :=
my_global_sanitize :=
my_sanitize_diag :=
endif
# Never always wins.
ifeq ($(LOCAL_SANITIZE),never)
my_sanitize :=
my_sanitize_diag :=
endif
# If CFI is disabled globally, remove it from my_sanitize.
@ -86,6 +96,22 @@ ifneq ($(filter mips mips64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif
# Support for local sanitize blacklist paths.
ifneq ($(my_sanitize)$(my_global_sanitize),)
ifneq ($(LOCAL_SANITIZE_BLACKLIST),)
my_cflags += -fsanitize-blacklist=$(LOCAL_PATH)/$(LOCAL_SANITIZE_BLACKLIST)
endif
endif
# Disable integer_overflow if LOCAL_NOSANITIZE=integer.
ifneq ($(filter integer_overflow, $(my_global_sanitize) $(my_sanitize)),)
ifneq ($(filter integer, $(strip $(LOCAL_NOSANITIZE))),)
my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
endif
endif
my_nosanitize = $(strip $(LOCAL_NOSANITIZE))
ifneq ($(my_nosanitize),)
my_sanitize := $(filter-out $(my_nosanitize),$(my_sanitize))
@ -142,6 +168,37 @@ ifneq ($(filter coverage,$(my_sanitize)),)
my_sanitize := $(filter-out coverage,$(my_sanitize))
endif
ifneq ($(filter integer_overflow,$(my_sanitize)),)
ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
# Respect LOCAL_NOSANITIZE for integer-overflow flags.
ifeq ($(filter signed-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
my_cflags += -fsanitize=signed-integer-overflow
endif
ifeq ($(filter unsigned-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
my_cflags += -fsanitize=unsigned-integer-overflow
endif
my_cflags += -fsanitize-trap=all
my_cflags += -ftrap-function=abort
my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
# Check for diagnostics mode (on by default).
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow
my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries)
endif
endif
endif
my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
endif
# Makes sure integer_overflow diagnostics is removed from the diagnostics list
# even if integer_overflow is not set for some reason.
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
endif
ifneq ($(my_sanitize),)
fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize))
my_cflags += -fsanitize=$(fsanitize_arg)

View File

@ -41,6 +41,7 @@ $(SOONG_VARIABLES): FORCE
echo ' "Allow_missing_dependencies": $(if $(ALLOW_MISSING_DEPENDENCIES),true,false),'; \
echo ' "SanitizeHost": $(call json_list,$(SANITIZE_HOST)),'; \
echo ' "SanitizeDevice": $(call json_list,$(SANITIZE_TARGET)),'; \
echo ' "SanitizeDeviceDiag": $(call json_list,$(SANITIZE_TARGET_DIAG)),'; \
echo ' "SanitizeDeviceArch": $(call json_list,$(SANITIZE_TARGET_ARCH)),'; \
echo ' "HostStaticBinaries": $(if $(strip $(BUILD_HOST_static)),true,false),'; \
echo ' "Binder32bit": $(if $(BINDER32BIT),true,false),'; \