Commit Graph

247 Commits

Author SHA1 Message Date
Evgenii Stepanov d7344ad0ca Disable new LLVM pass manager for HWASan. am: 1c69e83030
am: b85d386af5

Change-Id: I443bdbf313216591841272cbe51491fd6bd51fbd
2019-06-15 14:13:04 -07:00
Evgenii Stepanov 1c69e83030 Disable new LLVM pass manager for HWASan.
Current Android toolchain does not support hwasan with new pm.

Bug: 135298400
Test: manual, inspect the binaries for calls to __hwasan_init
Change-Id: I126c59e6ecabc3a1699e1bf34c546568b6e8a21f
2019-06-14 18:39:59 -07:00
Mitch Phillips bfeade6424 Fix fuzzer builds [#2].
- Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of
'coverage'.
- Removed an old dependency that made fuzzer builds without ASan
an error.
- Fixed up the build flags to allow fuzzers to be built. Previously, the
coverage flags were manually provided. As the toolchain has moved on,
these flags are no longer compatible with libFuzzer, and so I've updated
them to use the correct, compatible flags.
- Added a dependency mutator for fuzzer coverage.

Bug: 121042685
Test: With all patches in the bug merged, build a fuzzer using
'SANITIZE_TARGET=fuzzer mmma <your_fuzzer>'.

Change-Id: Ib6246980f77bc4babe587b1e88038aa12228fa83
Merged-In: Ib6246980f77bc4babe587b1e88038aa12228fa83
2019-05-30 16:49:42 +00:00
Mitch Phillips 5a6ea6cf3b Fix fuzzer builds [#2].
- Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of
'coverage'.
- Removed an old dependency that made fuzzer builds without ASan
an error.
- Fixed up the build flags to allow fuzzers to be built. Previously, the
coverage flags were manually provided. As the toolchain has moved on,
these flags are no longer compatible with libFuzzer, and so I've updated
them to use the correct, compatible flags.
- Added a dependency mutator for fuzzer coverage.

Bug: 121042685
Test: With all patches in the bug merged, build a fuzzer using
'SANITIZE_TARGET=fuzzer mmma <your_fuzzer>'.

This is the qt-dev-plus-aosp cherrypick of aosp/954925. See the AOSP
commit for further information.

Change-Id: Ib6246980f77bc4babe587b1e88038aa12228fa83
2019-05-28 15:46:11 -07:00
Evgenii Stepanov 6c8b9a0296 Disable malloc fill in HWASan.
am: 2c6484e334

Change-Id: I84cd62a3cc76006c968136b69bf4d88137b2f934
2019-05-15 15:28:45 -07:00
Evgenii Stepanov 2c6484e334 Disable malloc fill in HWASan.
HWASan has a feature to fill malloc() memory with non-zero pattern.
This has found a bug or two in the past, but it also keep causing hard
to debug issues. The main problem is lack of diagnostics - use of
pattern-initialized memory is not an immediate crash. More often than
not it manifests as a subtle change in system behavior.

Having MemorySanitizer on Android would be nice...

This change does not affect any shipping configuration, but improves
stability of testing-only SANITIZE_TARGET=hwaddress build.

Bug: 132803232
Bug: 132652537
Bug: 131438232
Bug: 132810685
Test: SANITIZE_TARGET=hwasan on crosshatch successfully boots in ~100%
      attempt (up from ~99% currently).

Change-Id: I7dcbcdf1b8a5b8556e32690327b32f04879e5db1
2019-05-15 13:53:37 -07:00
Christopher Ferris 422687005a Merge "Remove libc_scudo library when building asan." am: d7e66d9e7c
am: 486b170bbc

Change-Id: Ifd1c9021bad87c4a74104be311a04ba73a4419b6
2019-05-13 17:30:56 -07:00
Christopher Ferris d7e66d9e7c Merge "Remove libc_scudo library when building asan." 2019-05-14 00:12:33 +00:00
Inseob Kim c012b19eb0 Merge "Attach global variables to Context" am: a1591ab08c
am: 66c5cac22b

Change-Id: Icaf7aa78580459fd76605ec66b5bbaac13a30c9e
2019-05-09 19:42:18 -07:00
Christopher Ferris 753d4a69d5 Remove libc_scudo library when building asan.
Running any executable built with asan and libc_scudo results in crashes.

Bug: 131810078

Test: Built the media processes with the sanitizer enabled verifying
Test: that the libc_scudo.so shared library is not listed in the
Test: mediaextractor and the mediaswcodec binaries.
Test: Build the media processes without the sanitizer enabled verifying
Test: that the libc_scudo.so shared library is listed in the
Test: mediaextractor and the mediaswcodec binaries.
Change-Id: Ie55a0414088787ec11d85fffcb04592ed4f23c57
2019-05-09 13:35:37 -07:00
Inseob Kim 9516ee9556 Attach global variables to Context
Global variables make testing difficult, and they should attached to
Context.

Bug: N/A
Test: m
Change-Id: Ic671dda755e99d036c7ddce0eed114496374d7ec
2019-05-09 12:29:58 +09:00
Evgenii Stepanov d98ccb44f2 Disable hwasan memory stats.
Disable a debugging feature in hwasan that seems to be causing flaky selinux
denials in the boot test:

05-02 12:11:11.360  1663  1663 I auditd  : type=1400 audit(0.0:8): avc: denied { read } for comm="iptables-wrappe" path="/proc/1015/statm" dev="proc" ino=30968 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0 tclass=file permissive=0

I could not reproduce this locally, but this feature has no users and
I've verified that things keep working without it.

This does not affect any shipped product.

Bug: 131438232
Bug: 112438058
Bug: 131845076
Test: crosshatch_hwasan boot test
Change-Id: I08d46d19151e6d5221cdd56fd6864dae224fae25
2019-05-02 12:52:32 -07:00
Peter Collingbourne e726ba56ac Pass -fsanitize-hwaddress-abi=platform when building with hwasan.
Reduces size of walleye_hwasan-userdebug system.img by another 4.5MB.

Bug: 122363025
Change-Id: I6d15c237dc5f330ad574a73147b2b2c712fe125e
2019-03-21 16:22:00 -07:00
Peter Collingbourne 967511a4e8 Pass -hwasan-allow-ifunc when building with hwasan.
Now that the toolchain and bionic both support ifuncs in
static executables, we can turn this on. Reduces size of
walleye_hwasan-userdebug system.img by 11MB.

Change-Id: I2f19b22518153328eee3fdca79d0c851cc513c3a
2019-03-20 19:42:42 +00:00
Peter Collingbourne bd19db0da6 Remove workarounds for old compiler versions.
LLVM r349610 was released, so these workarounds are no longer required.

Bug: 112907825
Change-Id: Ia6ba0034881f2ab657d8420df3047c21757c7d9b
2019-03-06 10:48:36 -08:00
Jiyong Park f97782b18c Remove prefer_sanitize.* properties
The properties are no longer required as an APEX module is mutated with
required sanitizers which are gathered by scanning the sanitizers that
are enabled for its direct dependencies.

Bug: 124128094
Test: m on marlin
The extractor libs are found under /system/apex/com.android.media

Merged-In: I55961d400dcbac067a5c0dcecb90e399d4991a70
Change-Id: I55961d400dcbac067a5c0dcecb90e399d4991a70
(cherry picked from commit abda0eb76b)
2019-02-14 12:30:49 +09:00
Colin Cross 571cccfcbc Prepare for a type-safe OnceKey
Add an opaque OnceKey type and use it for all calls to Once in
build/soong.  A future patch will convert the arguments to
Once* to OnceKey once users outside build/soong have been updated.

Test: onceper_test.go
Change-Id: Ifcb338e6e603e804e507203c9508d30ffb2df966
2019-02-06 01:52:41 +00:00
Kostya Kortchinsky d5275c8657 Add option to disable Scudo globally [Soong]
This adds an option in Soong to turn off Scudo globally.

Bug: 123228023
Test: enable Scudo for tombstoned, lunch marlin_svelte-eng && m -j, and
make sure that Scudo is not linked in
out/target/product/marlin/system/bin/tombstoned
Test: enable Scudo for tombstoned, lunch marlin-userdebug && m -j, and
make sure that Scudo is linked in
out/target/product/marlin/system/bin/tombstoned

Change-Id: I0b0992446953fc4074bde94507b66f92764c8143
Merged-In: I0b0992446953fc4074bde94507b66f92764c8143
2019-02-04 12:29:17 -08:00
Jiyong Park a2aca28750 Use bootstrap linker for asan build
This change the asan version of
https://android-review.googlesource.com/c/platform/build/soong/+/879237

Bug: 123725034
Test: forrest run on asan_cf_x86_pasan
Test: SANITIZE_TARGET=address m init_second_stage
inspect /system/bin/init with readelf
DT_INTERP is set to /system/bin/bootstrap/linker_asan

Change-Id: I0fabe08cc63126aadec18ca8e9f2973c33411a4f
2019-02-02 13:28:57 +09:00
Evgenii Stepanov 93c3f5368d [hwasan] Remove deprecated compiler flag (NFC)
-hwasan-with-ifunc=0 matches the default value of the flag, and there
are no plans to change that.

Test: SANITIZE_TARGET=hwaddress keeps working
Change-Id: Ie46ffa6ae3c42a9677c3a9a3b5cdc6fb62c2c2f0
2019-02-01 22:56:03 +00:00
Jiyong Park 8222663f1b Fix: runtime apex is not instrumented with sanitizer
Fixing the problem that IsSanitizerEnabled always returns false due to
the different sanitizer names from config.SanitizerDevice() and
sanitizerType.String().

Bug: 123708856
Test: SANITIZE_TARGET=hwaddress m com.android.runtime.release
$ ls -al out/soong/.intermediates/art/build/apex/com.android.runtime.release/android_common_hwasan_com.android.runtime.release/image.apex/lib | wc -l
34
$ ls -al out/soong/.intermediates/art/build/apex/com.android.runtime.release/android_common_hwasan_com.android.runtime.release/image.apex/lib64 | wc -l
35
$ ls -al out/target/product/blueline/apex/com.android.runtime.release/lib | wc -l
34
$ ls -al out/target/product/blueline/apex/com.android.runtime.release/lib64 | wc -l
35

Test: inspect out/soong/build.ninja
- Variant of com.android.runtime.release is "android_common_hwasan_com.android.runtime.release"
- Dependencies of com.android.runtime.release are hwasan variants: e.g.,
  out/soong/.intermediates/bionic/libc/libc/android_arm64_armv8-2a_kryo385_core_shared_hwasan_com.android.runtime.release/libc.so

Test: ls out/soong/.intermediates/art/build/apex/com.android.runtime.release/android_common_hwasan_com.android.runtime.release/image.apex/lib64/*.so  | xargs readelf -d | grep libclang_rt.hwasan | wc -l
29

Change-Id: Idbb1f68a3ea6bdd02351d6f6048c3eedb9cf32d2
2019-02-01 11:26:04 +09:00
Jiyong Park 3b1746a212 Fix: deps to sanitizer runtime libs are with correct 'image' variant
This change fixes a bug that sanitizer runtime libs for non-core variant
(e.g. recovery, vendor, etc.) are not installed. It happened because the
dependency to the sanitizer runtime lib was without 'image' variant,
which in most case caused only the core variant - which is the first in
the image variants - of the lib to be installed.

Fixing the issue by correctly selecting image variant depending on the
location of the lib having dependency to the runtime lib.

Bug: 123525879
Test: SANITIZE_TARGET=hwaddress m out/target/product/blueline/boot.img
Test: SANITIZE_TARGET=address m out/target/product/blueline/boot.img
libclang_rt.*.so is under
out/target/product/blueline/root/recovery/system/lib64

Change-Id: Iea7d718d4971e36521f0a3f712a454de944cd7ac
2019-01-31 01:58:26 +09:00
Jiyong Park 388ef3f5aa Create sanitizer variants of APEX only when SANITIZE_TARGET is set
This fixes a problem that APEX is unconditionally mutated for all
sanitizer types. This can make an APEX to include sanitized version
of a lib even when SANITIZE_TARGET is not set. It can happen when lib X
is directly depended on by an APEX (e.g. via native_shared_libs) and X
has a sanitized variant due to the dependency from another library Y
which is force sanitized (via 'sanitize' property). In that case,
regardless of lib Y is in the APEX or not, the APEX chooses the
sanitized variant of lib X since the dependency from APEX to the lib is
created with AddFarVariationDependency.

Fixing this problem by mutating the APEX for a sanitizer type only when
the device is requested to be sanitized.

Bug: 122717287
Test: add libnetd_client to com.android.runtime APEX.
Inspect build.ninja to verify that libnetd_client.so in the runtime APEX
is not a sanitized one.

Change-Id: I918bc8407137d74c5456142b3a29de13df68c0b3
2019-01-29 07:10:31 +09:00
Jiyong Park 64a44f231d Make sure that ASAN runtime lib is the first DT_NEEDED one
Introduce a new tag earlySharedDepTag which is added in front of the
ordinary sharedDep dependencies. Dependency to the ASAN runtime lib is
added with the new tag.

Bug: 120894259
Bug: 121038155
Test: m; SANITIZE_TARGET=address m
Use readelf -d to see if the runtime lib is in the first DT_NEEDED one.

Change-Id: I90de6ab95df734a99995532d826564b13fe05316
2019-01-25 14:05:51 +09:00
Pirama Arumuga Nainar 6aa210243c Revert "Revert "Fix: sanitizerRuntimeMutator is not run for host""
Bug: http://b/123254047

This reverts commit 84757ea7ea.

Reason for revert: veridex asan failure is fixed.

Change-Id: Id03180b8d3d1dc1386fd7e4f800d64dc8578139c
2019-01-25 00:21:02 +00:00
Doug Horn c32c6b0d79 Support building for Fuchsia.
This CL adds configs for the arm64 and x64 fuchsia
device targets, sets up the necessary linker flags,
and disables some functionality that is not currently
supported on Fuchsia.

Bug: 119831161
Test: Compile walleye, internal validation against
fuchsia_arm64-eng and fuchsia_x86_64-eng.
Change-Id: I2881b99d2e3a1995e2d8c00a2d86ee101a972c94
2019-01-24 18:59:29 +00:00
Dan Albert 84757ea7ea Revert "Fix: sanitizerRuntimeMutator is not run for host"
This reverts commit 1c29b0e6ec.

Reason for revert: Broke aosp_x86_64

Change-Id: I581200f1c271c3e1a39d5cdad84c782977b13054
2019-01-23 23:33:25 +00:00
Jiyong Park 1c29b0e6ec Fix: sanitizerRuntimeMutator is not run for host
Bug: 123254047
Test: m ASAN_OPTIONS=detect_leaks=0 SANITIZE_HOST=address
FORCE_BUILD_LLVM_COMPONENTS=true out/host/linux-x86/bin/adb
nm -an out/host/linux-x86/bin/adb  | grep -c asan
shows non-zero value

Change-Id: I030e08bd0db38585b1fdaecd00220406f1e8b371
2019-01-23 23:37:45 +09:00
Jiyong Park 379de2fab0 APEXes can be sanitized
This change first introduces the interface "Sanitizeable" that
module types other than cc.Module can use to be handled by the sanitizer
mutator. APEX module, by implementing the interface, gets sanitizer
variants.

In doing so, sanitizer.go is refactored so that modules have explicit
dependencies to the runtime sanitizer libraries. This allows the runtime
library to be packaged into the APEX when required. This also completes
the dependency graph; updating the prebuilt sanitizer runtime will
trigger rebuilding of modules using the runtime.

Bug: 120894259
Bug: 121038155
Test: SANITIZE_TARGET=hwaddress m apex.test
Test: TARGET_FLATTEN_APEX=true SANITIZE_TARGET=address m
Change-Id: Ia91576ff48cda3c996350308b75bf83fcf7c23d7
2019-01-13 00:48:47 +09:00
Evgenii Stepanov 3c5a52a477 [hwasan] Reduce history size to save memory.
Bug: 112437883
Test: adb shell echo $HWASAN_OPTIONS
Change-Id: Ifc4ab10e37efb1a0ce7ea77ad691947d24c2da2b
2018-12-18 17:02:44 -08:00
Ivan Lozano 7929bba218 Add option to avoid recovering with diagnostics.
Add a no_recover option that allows specifying which sanitizers in
diagnostics modes shouldn't recover. This can help debugging as we test
enabling sanitizers in new libraries since it'll cause tombstones to be
generated along with the diagnostics information.

Bug: 80195448
Bug: 110791537
Test: Compiled test module with this flag, checked compiler command.
Test: Test module crashed, tombstone contained diagnostics information.
Change-Id: Ie938923ef95716c2d49d6cd719ee223ad62755c6
2018-12-12 10:01:16 -08:00
Evgenii Stepanov 0a87b664c3 Disable hwasan frame descriptions.
Current implementation does not play nice with -gc-sections.

Bug: 120673911
Test: make SANITIZE_TARGET=hwaddress recovery-persist
Change-Id: I36cd37fb41c0c26c7e747e2c1dd5fadf7a31f4e7
2018-12-07 15:33:24 -08:00
Chih-Hung Hsieh 3567e62f97 Switch to clang-r346389.
* Add -fno-sanitize=implicit-integer-sign-change when
  there is any integer related sanitizer, and this check
  is not explicitly specified.
  Android core does not boot with this new sanitizer yet.
* Filter out -fno-sanitize=implicit-integer-sign-change
  from tooling flags.

Bug: 119329758
Bug: 119557795
Test: make checkbuild, boot, go/clang-r346389-testing
Change-Id: I709de569cb73d070fc4958e2b4387f4041bc5438
2018-12-04 19:50:45 +00:00
Evgenii Stepanov 98f5b0642c Add sanitizer runtime library to recovery when needed.
Make sanitized targets in recovery depend on ".recovery" flavor of
sanitizer runtime library. This forces installation of the runtime
library in recovery image as long as at least one target depends on it.

Test: hwasan build can boot into recovery
Bug: 112438058
Bug: 119582521
Change-Id: I1b7f9fa4ff5f29acb03c27074512ea24467a3d37
2018-11-29 23:22:20 +00:00
Peter Collingbourne 8c7e6e2626 Add an "scs" flag for enabling shadow call stack on targets.
Shadow call stack (SCS) is a security mitigation that uses a
separate stack (the SCS) for return addresses.

The effect of setting sanitize.scs on a shared library is to build
the library and all of its static library dependencies with SCS. This
is similar to CFI and the other sanitizers.

Bug: 112907825
Bug: 119557795
Change-Id: I82fb2b38b10eac911c4d2d120b74fea4af0622ad
2018-11-19 17:39:23 -08:00
Evgenii Stepanov 1e79844f15 Apply HWASan to libc-in-recovery.
HWASan is disabled in recovery strictly for code size, not for
correctness. With this change, HWASan binaries and libraries can be
used in recovery.

The real reason is the make build system which has no idea of the big
picture, and makes it hard to disable HWASan in _all_ recovery modules
recursively. A few static libraries have sneaked in.

Bug: 119582521
Test: sideload an OTA onto a hwasan device
Change-Id: I6536cc7bf5bfb37f939b585545a23c2068fbd47f
2018-11-15 17:34:18 -08:00
Peter Collingbourne abde584fd1 Stop passing the gold plugin path to llvm-ar.
llvm-ar takes a --plugin argument but it is ignored for compatibility,
so passing it has no effect.

Change-Id: I4fc51d226d66cf2a43462d3d4ccc12e6e5ebb226
2018-11-08 20:13:16 -08:00
Yi Kong 8c3c0f50d0 Revert "Prevent clang from using the x18 register on arm64."
This reverts commit 98d8580c3a.

Change no longer needed with the new LLVM toolchain update.

Bug: 112907825
Bug: 111759196
Change-Id: Ife3ce47a602dd850ac84bb51abc70c0ca157776e
2018-11-08 21:07:08 +00:00
Peter Collingbourne 98d8580c3a Prevent clang from using the x18 register on arm64.
This is achieved via the compiler flag -ffixed-x18 for non-LTO builds
and the linker flag -plugin-opt -mattr=+reserve-x18 for LTO builds.

This change should be reverted once we upgrade past LLVM r340889
which does this by default on Android.

Bug: 112907825
Bug: 111759196
Change-Id: I05473ddbb98319d87d442425b4d715647eae3a38
2018-10-24 23:40:49 +00:00
Evgenii Stepanov 109029fb5c Define HWADDRESS_SANITIZER_GLOBAL_OPTIONS.
It will be exported in device environment as HWASAN_OPTIONS.

Bug: 112438058
Test: none
Change-Id: I574b46060b3193c9f2351116a91ebc35470ae803
2018-10-12 18:18:13 +00:00
Kostya Kortchinsky ad73b2e18a Scudo minimal runtime support for Soong
Scudo is now compatible with the -fsanitize-minimal-runtime, and offers a new
dynamic library that doesn't bundle UBSan.

This patch adds support for this new library in Soong, preferring it over the
full one, unless a UBSan or diagnostic dependency is found.

Test: aosp compiled with m -j
Test: local test enabling Scudo for tombstoned
Change-Id: I17794131db148b33f8a8710ac43302cadf1af314
2018-10-11 11:55:16 -07:00
Ivan Lozano ae6ae1d880 Apply minimal runtime to the rest of ubsan.
Make sure that the minimal runtime gets applied to the rest
of the sanitizers we might use from ubsan.

Bug: 80195448
Test: Build success and checked build flags.
Change-Id: I31b211b80bb1068c153a9b65454a2605933c9568
2018-10-09 08:05:27 -07:00
Dan Willemsen 8536d6b3b7 Remove GCC checks
Clang is always used now, so we can remove all the GCC checks. Removing
GCC-specific configuration will happen in the next CL.

Test: m
Change-Id: I4835ecf6062159315d0dfb07b098e60bff033a8a
2018-10-09 02:16:58 +00:00
Evgenii Stepanov dbf1d4f884 (soong) Add -fsanitize= argument to assembly flags.
It allows use of sanitizer preprocessor macros (like __has_feature())
in assembly files.

Bug: 112438058
Test: SANITIZE_TARGET=hwaddress
Change-Id: Id3fed5492ab9473cbb13cd6c0485302412e8b1de
2018-09-07 10:23:07 -07:00
Evgenii Stepanov d97a6e9483 Add "hwaddress" sanitizer.
This is a new sanitizer similar to ASan, but with a few differences
from the build system perspective:
* Only runs on AArch64.
* Supports static binaries.
* Bionic itself will be built with HWASan.
* Does not have any "if a library is sanitized than the binary must
  be, too" requirements unlike ASan. Even better, individual static
  libraries can be freely sanitized or not. We propagate "nosanitize"
  from binaries to static libraries anyway, because otherwise there
  is no good way to disable hwasan on a binary as a whole.

Same a CFI, we export a list of sanitized static libraries to make.
In fact, we export separate lists for vendor and regular libraries,
because it is possible for one to be sanitized without the other
(i.e. there can be mylib.hwasan.vendor w/o mylib.hwasan or vice
versa).

Bug: 112438058, 112709969
Test: manual, part of a bigger patch set

Change-Id: Ie4fdeb522ac03cf9684526882e84dfee3807b6a7
2018-08-16 13:18:47 -07:00
Pirama Arumuga Nainar b6682c47b8 Merge "Do not enable sanitizers on Windows"
am: d7e5c05eac

Change-Id: I7398e6b08154c5bc7fad0507bd9e1dae8c14da0a
2018-06-26 17:05:30 -07:00
Pirama Arumuga Nainar 83d716c413 Do not enable sanitizers on Windows
Bug: http://b/69933068

Test: m native-host-cross SANITIZE_HOST=address
Change-Id: Ia9ff941fb569b0a2e9c4eef604fd165f94bca31a
2018-06-26 14:18:16 -07:00
Colin Cross e98238b3ab Merge "Use WalkDeps instead of VisitDepsDepthFirst"
am: cbafd0fb48

Change-Id: Ic22ffa9ac8a5e3b5c29cd5e85664acb1afebc04f
2018-06-22 17:14:31 -07:00
Colin Cross 6b75360cbc Use WalkDeps instead of VisitDepsDepthFirst
VisitDepsDepthFirst is almost never correct, as it can't query
dependency tags of multiple dependencies between the same two modules.
Replace VisitDepsDepthFirst with WalkDeps in sanitize.go and
python.go.  Also verify the dependency tag before continuing to
recurse to ensure that they don't recurse through genrules and into
unrelated modules.

Test: m checkbuild
Change-Id: I2f7560126f56b51a40ec39dfbdcc18b5891489f7
2018-06-22 12:44:35 -07:00
Kostya Kortchinsky 9cba8204b1 Soong support for Scudo
am: d18ae5ce98

Change-Id: I0c0fcf29ccd99575de573a915c7da5d51b14cd45
2018-06-19 13:11:58 -07:00
Kostya Kortchinsky d18ae5ce98 Soong support for Scudo
Scudo is a hardened usermode allocator that is part of LLVM's compiler-rt
project (home of the Sanitizers). clang allows for -fsanitize=scudo as a
possible command line option to link the shared Scudo library to a binary.

This patch add Scudo as a potential sanitize option. Scudo is not compatible
with ASan and TSan and will be disabled if either is enabled.

Bug: 72112048
Test: aosp compiled with m -j
Test: local experiment with scudo: true to ensure that a test target
(tombstoned) could be linked with scudo.

Change-Id: I76bb6c60891d4782f6665a112c4c2bf7c31645da
2018-06-19 09:46:09 -07:00
Vishwath Mohan 722b64e0ad Don't enable diagnostics for CFI when setting the CFI sanitizer. am: 05b002dea0
am: dc55e621bb

Change-Id: I04214a9fcb50363bd5d82362b366e5bf69355183
2018-05-31 11:03:56 -07:00
Vishwath Mohan 05b002dea0 Don't enable diagnostics for CFI when setting the CFI sanitizer.
The SetSanitizer() method in cc/sanitize.go was also enabling
diagnostics for CFI when invoked from the sanitizer mutator. We
shouldn't be doing this, so this CL disables that.

Bug: 79785496
Test: strings libziparchive.so | grep 'ubsan'
Change-Id: Iffe0d4e9c333ac5dfbec3f48e381c232ce5d4463
2018-05-30 20:52:39 -07:00
Vishwath Mohan 4cac067ca1 Disable CFI for vendor variants of all components
am: 9ccbba0200

Change-Id: I6a6a839475f58f92180bfd391035dd538df71a50
2018-05-29 16:36:13 -07:00
Vishwath Mohan 9ccbba0200 Disable CFI for vendor variants of all components
The current VNDK ABI snapshot expects that CFI is disabled for
components that either in the include paths (from cfi-common.mk) OR
enabled directly in the makefile/blueprint. However, on non-arm64
architectures, the build system was only disabling CFI for vendor
components in the include paths.

This topic corrects it by (a) removing the include paths check to
disable CFI for vendor variants (this CL), and (b) inheriting the CFI
include paths in all product configs to ensure that when we update the
ABI we're able to move to relying exclusively
on (PRODUCT_)CFI_INCLUDE_PATHS.

Bug: 66301104
Test: ABI matches for all architectures.
Change-Id: I648edf13346b18fd88b623682e8590ed44709e0d
2018-05-28 13:57:48 -07:00
Vishwath Mohan 40aaea2321 Restrict CFI_INCLUDE_PATHS to Arm64
am: 1c54f66bd5

Change-Id: I379932454f8f18d7029f3fa3eb1654f4f36997c1
2018-05-25 00:24:53 -07:00
Vishwath Mohan 1c54f66bd5 Restrict CFI_INCLUDE_PATHS to Arm64
This CL restricts CFI_INCLUDE_PATHS and PRODUCT_CFI_INCLUDE_PATHS to
Arm64 only.

Bug: 66301104
Test: x86 targets do not respect the include paths variables
Change-Id: I66ec2fb05435535aaf5d59fdfc7a170a4fdd4f26
2018-05-24 18:36:18 -07:00
Vishwath Mohan 9b87f812ea Disable CFI for vendor variants of VNDK libraries
am: 7589c82eec

Change-Id: I3d44d7c66d777df15ce8ecbd7f4577eaf293affb
2018-05-24 14:43:32 -07:00
Vishwath Mohan 7589c82eec Disable CFI for vendor variants of VNDK libraries
Enabling CFI changes the VNDK ABI from the frozen snapshot, so the
only solution for now is to temporarily disable CFI on all vendor
variants for the sake of compatibility.

Bug: 66301104
Test: ABI is consistent.
Change-Id: Ie7dca41e0f647808b08adede09a30f3c746e6bda
2018-05-23 23:39:38 -07:00
Vishwath Mohan 165e01b744 Merge "Allow abi diffs sanitized variants of vndk libraries on production devices." into pi-dev 2018-05-23 17:47:38 +00:00
Ivan Lozano 1838ef9be4 Don't export UBSan minimal runtime symbols.
When linking in the UBSan minimal runtime, don't export the symbols.
This was resulting in an edge case where symbols were sometimes
undefined at runtime on address sanitized builds if static library
dependencies were integer overflow sanitized.

Bug: 78766744
Test: readelf on libraries show either inclusion of the shared library
or no undefined symbols related to the minimal runtime.

Change-Id: Ide85c8c6b53b400ce9166ccaf96d250797fe4b24
Merged-In: Ide85c8c6b53b400ce9166ccaf96d250797fe4b24
(cherry picked from commit 59fdea2ac2)
2018-05-16 10:42:39 -07:00
Ivan Lozano 59fdea2ac2 Don't export UBSan minimal runtime symbols.
When linking in the UBSan minimal runtime, don't export the symbols.
This was resulting in an edge case where symbols were sometimes
undefined at runtime on address sanitized builds if static library
dependencies were integer overflow sanitized.

Bug: 78766744
Test: readelf on libraries show either inclusion of the shared library
or no undefined symbols related to the minimal runtime.

Change-Id: Ide85c8c6b53b400ce9166ccaf96d250797fe4b24
2018-05-15 08:37:18 -07:00
Jayant Chowdhary f267f715eb Allow abi diffs sanitized variants of vndk libraries on production devices.
Previously abi diffs were allowed only on unsanitized variants of vndk
libraries. This CL allows them on all sanitized variants which go onto
production devices, eg: cfi variants.

Bug: 66301104

Test: Without this change, for arm64 libstagefright_foundation doesn't
      get an lsdump file since we don't build an unsanitized variant
      (aosp_arm64_ab).

Test: With this change, for arm64 libstagefright_foundation does
      get an lsdump file (aosp_arm64_ab)

Merged-In: I94f82fd84fc898e4980c3f3619df9677ed723c32
Change-Id: I94f82fd84fc898e4980c3f3619df9677ed723c32
(cherry picked from commit b7e08ca830)
2018-05-14 18:34:40 -07:00
Jayant Chowdhary b7e08ca830 Allow abi diffs sanitized variants of vndk libraries on production devices.
Previously abi diffs were allowed only on unsanitized variants of vndk
libraries. This CL allows them on all sanitized variants which go onto
production devices, eg: cfi variants.

Bug: 66301104

Test: Without this change, for arm64 libstagefright_foundation doesn't
      get an lsdump file since we don't build an unsanitized variant
      (aosp_arm64_ab).

Test: With this change, for arm64 libstagefright_foundation does
      get an lsdump file (aosp_arm64_ab)

Change-Id: I94f82fd84fc898e4980c3f3619df9677ed723c32
2018-05-10 15:32:18 -07:00
Ivan Lozano a9255a8378 Support integer_overflow static lib diagnostics.
This extends the minimal runtime dependency mutator to allow signed
and unsigned integer overflow diagnostics in static libraries and
binaries. This also enables the integer_overflow flag for static
libraries and binaries.

Note compilation will fail if the static library is a dependency
of a Make module that does not also have diagnostics enabled.

Bug: 66952339
Bug: 73283972
Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow
Test: Enabled diagnostics in a static lib, saw results in logcat.
Test: Checked showcommands output for ubsan runtime library inclusion.

Change-Id: Ic52881a0f74cdcac0e4a15335df493b59b002ae5
2018-04-02 12:54:52 -07:00
Vishwath Mohan 3af8ee0288 Revert "Change PRODUCT_CFI_INCLUDE_PATHS to opt-out (Soong)"
This reverts commit 289d548c3e.

Change-Id: Ic284687157d5cb4122899c84a37c5db507aaee2a
2018-03-30 02:55:23 +00:00
TreeHugger Robot be6b6a63f8 Merge "Fix data race on cfiExportsMap" into pi-dev 2018-03-29 04:52:31 +00:00
Vishwath Mohan 289d548c3e Change PRODUCT_CFI_INCLUDE_PATHS to opt-out (Soong)
This CL changes PRODUCT_CFI_INCLUDE_PATHS to be included in all
product configs by default. To maintain the status quo, the sanitizer
logic has been modified to only respect this product config for Arm64
devices (where this was previously enabled).

Bug: 63926619
Test: m -j60 # the device still has CFI enabled thanks to the default
opt-in

Change-Id: Ia613aec545ad3e544dea41a6dbdb4112aef4afab
2018-03-28 20:30:05 -07:00
Colin Cross fe6edc9a70 Fix data race on cfiExportsMap
cfiExportsMap was reinitialized for every module, which caused
data races.  Create the path from the string on each use
instead.

Bug: 77234104
Test: m nothing with race detector turned on
Change-Id: Ibca3149dcbe8a9d4d9f7ec6dd0b164697e7ae5cd
Merged-In: Ibca3149dcbe8a9d4d9f7ec6dd0b164697e7ae5cd
(cherry picked from commit 1218a19f0d)
2018-03-28 19:18:07 -07:00
Colin Cross 1218a19f0d Fix data race on cfiExportsMap
cfiExportsMap was reinitialized for every module, which caused
data races.  Create the path from the string on each use
instead.

Bug: 77234104
Test: m nothing with race detector turned on
Change-Id: Ibca3149dcbe8a9d4d9f7ec6dd0b164697e7ae5cd
2018-03-28 16:19:50 -07:00
Chih-Hung Hsieh 3ede294729 Switch to clang 7.0
* Suppress more noisy new warnings at global level.
* Add -no-pie to partial link .o files, with -r.
* Revert workaround of b/72706604, no need of
  -Wl,-plugin-opt,-emulated-tls
* Filter out clang 7.0 unknown flag "-Wno-extended-offsetof"

Bug: 72706604
Bug: 72412006
Test: make checkbuild
Change-Id: I7ff45465c4bd771991f42b40f68dc35586045656
2018-03-26 18:04:47 -07:00
Ivan Lozano 954f430e97 Add minimal-runtime support for integer overflows.
Adds Soong support for -fsanitze-minimal-runtime when using
the integer overflow sanitizers. This makes the crashes due to these
sanitizers less mysterious.

Bug: 64091660
Test: Compiled and checked the generated compiler commands
Test: Checked program that overflows for the abort reason

Change-Id: Ieeceaf6c35c8371592952d3b8b977aefc11601c5
Merged-In: Ieeceaf6c35c8371592952d3b8b977aefc11601c5
(cherry picked from commit 30c5db2f47)
2018-03-21 10:04:53 -07:00
Ivan Lozano 30c5db2f47 Add minimal-runtime support for integer overflows.
Adds Soong support for -fsanitze-minimal-runtime when using
the integer overflow sanitizers. This makes the crashes due to these
sanitizers less mysterious.

Bug: 64091660
Test: Compiled and checked the generated compiler commands
Test: Checked program that overflows for the abort reason

Change-Id: Ieeceaf6c35c8371592952d3b8b977aefc11601c5
2018-03-07 18:41:20 -08:00
Zhizhou Yang 51be632b95 Fix llvm-ar error caused by using lto and sanitizer together
LLVM-AR does not allow passing --plugin options more than once. The
--plugin ARFLAGS that lto want to add, may already exist if sanitizer is
also turned on.

Fixed this by adding a new bool Flags.ArGoldPlugin. Set this variable to
true whenever LLVM gold plugin is needed for ArFlags. In function
TransformObjToStaticLib(), add this option to arFlags using global value
${config.LLVMGoldPlugin} if the bool value is true.

Bug: http://b/73160350
Test: build the image with make and succeeded.

Change-Id: I62785829b0a4b663225926e4aed98defc1b6da2c
(cherry picked from commit 4917049f6e)
2018-02-14 21:21:14 +08:00
Zhizhou Yang 4917049f6e Fix llvm-ar error caused by using lto and sanitizer together
LLVM-AR does not allow passing --plugin options more than once. The
--plugin ARFLAGS that lto want to add, may already exist if sanitizer is
also turned on.

Fixed this by adding a new bool Flags.ArGoldPlugin. Set this variable to
true whenever LLVM gold plugin is needed for ArFlags. In function
TransformObjToStaticLib(), add this option to arFlags using global value
${config.LLVMGoldPlugin} if the bool value is true.

Bug: http://b/73160350
Test: build the image with make and succeeded.

Change-Id: I62785829b0a4b663225926e4aed98defc1b6da2c
2018-02-09 13:47:52 -08:00
Ryan Prichard 3ed1f70414 Enable emutls with -flto for Android sanitize=cfi
-fsanitize=cfi requires LTO. Normally, the Clang driver automatically
enables emutls, but it's broken with -flto, so work around it by passing
-Wl,-plugin-opt=-emulated-tls.

See https://buganizer.corp.google.com/issues/72706604#comment15

Enable the workaround with ctx.Device(), which is the same condition used
in the existing I18acac41aac885fc6635fbd55f96ba7c845eb5e7 workaround.

Bug: b/72706604
Bug: https://github.com/android-ndk/ndk/issues/498
Test: m libaudioflinger (on internal master); \
  readelf -sW symbols/system/lib64/libaudioflinger.so | grep tlNBLogWriter
  check that __emutls_t.tlNBLogWriter exists
  check that no symbols of type TLS exist

Change-Id: I2cf65574c52476843cc017ee176a7d6777e2ce0b
2018-02-06 15:11:38 -08:00
Dan Albert 7d1eecf3cc Fix static_ndk_lib for sanitized libraries.
Test: build-ndk-prebuilts.sh with libc/libm included in the NDK
Bug: https://github.com/android-ndk/ndk/issues/272
Change-Id: Ic398f541036f6c16f7dc58b9af984c60ed948495
2018-01-22 12:40:13 -08:00
Ivan Lozano b7d0f52337 Revert "Support enabling overflow sanitization by path."
This reverts commit 17df3c1b76.

Change-Id: Id5dab777da591c24113c3048b8606547a661afdd
2018-01-20 01:44:38 +00:00
Ivan Lozano 17df3c1b76 Support enabling overflow sanitization by path.
Handle paths variable provided from Make about where integer overflow
sanitization should be enabled by default, and prepare to enable minimal
runtime diagnostics for integer overflow sanitizers in userdebug/eng builds.

This provides Soong support for on-by-default paths from Make for
integer overflow sanitization.

Bug: 30969751
Bug: 63927620
Test: Include paths passed from Make are being sanitized.
Test: Compilation succeeds with and without diagnostics enabled.
Test: See Make patch for further test notes.

Change-Id: I803a75646cc27ef5b4b5b74b8eb2981c39f8a6a3
2018-01-18 14:16:47 -08:00
Colin Cross 6510f91a1c Replace ModuleContext.AConfig() with Config()
AConfig() now duplicates Config().  Replace the uses of AConfig()
with Config().  Leave AConfig() for now until code in other
projects is cleaned up.

Test: m checkbuild
Change-Id: Ic88be643049d21dba45dbd1a65588ed94bf43bdc
2017-11-30 00:44:18 +00:00
Jeff Gaston 7276539d6a Sort cfi static libs to make them consistent
To make it easier to diff the ninja files with diff_build_graphs.sh
Bug: b/69133815
Test: m -j

Change-Id: Ic08094f7dc3adb773ebb64a7d34125fc24641bf3
2017-11-28 16:39:12 -08:00
Vishwath Mohan e712879d5d Reduce how often both mutated variants are needed.
This CL rolls back how often we bubble up both sanitized and
un-sanitized variants of a component. With this change only
CFI-enabled target static libraries will do this, all other cases
suppress one of the two variants (both from being installed and from
being exposed to Make for make-embedded builds).

This means we shouldn't need a separate sanitizer suffix for ASAN at
all (.asan), and similarly for non static-lib CFI components (.cfi),
so this CL changes that as well.

Lastly, because the version of ar meant for the host is not built
with plugin support (which CFI requires), this CL disables CFI for
host targets.

This CL should fix the following 2 issues:
(1) Removing warnings about multiple rules existing for the same
installable target.

(2) Fixing VTS packaging, which had been broken by the generation of
the .asan suffix.

Bug: 69172424, 69059192, 67507323
Test: m -j40 # Soong generated .mk file does not have duplicate rules.
Test: SANITIZE_TARGET="address" m -j40 libstagefright # installed
correctly.

Change-Id: Ib90fdbc8a6ad3924fc2a691b7277a8a1bc67cda8
2017-11-21 14:09:09 -08:00
Vishwath Mohan 1fa3ac552d CFI include/exclude path support (Soong)
This CL adds the ability to centrally enable or disable CFI for
components using either an environment or product config
variable. This is a better, nore manageable option that enabling CFI
across each component individually.

Bug: 67507323
Test: CFI_INCLUDE_PATHS= system/nfc m -j40
Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40

Change-Id: I38b77946759121aec99ab25f31aaee2e5d993f73
2017-11-08 18:56:10 -08:00
Nan Zhang 0007d810e2 Change bool, and string properties to *bool, and *string for cc
there's no use case for prepending/appending to bool, and string
properties within module struct. Declearing "*bool" and "*string" almost
cover everything user need.

I did see one case that user specify relative_install_path as
path prefix in cc_defaults, and concatenate with the one in real module
to get the final relative install path in Android.bp <bionic/tests/libs>.

Test: m -j checkbuild
Bug: b/68853585
Change-Id: If3a7a2689c3fc307aae136af6bc9c57f27a1e1a0
2017-11-07 15:57:16 -08:00
Pirama Arumuga Nainar bdb17f068c Remove CFI-related WARs that seem no longer necessary
Bug: http://b/33678192

Clang has been updated past the revisions mentioned in the work arounds.
So these seem no longer necessary.

Test: Build

Change-Id: I08fee0db7c5785836a1ad0104688245435865cb7
2017-11-02 23:37:28 -07:00
Vishwath Mohan e21fe42662 Don't install both variants for host or non-make builds.
This CL ensures that only one of the two generated variants are
installed for non-make builds and for host binaries.

Bug: 30227045
Test: OUT_DIR=/tmp/ndk build/soong/scripts/build-ndk-prebuilts.sh
Change-Id: I7ca78af51ea6bd3ae1107a69331abd6ff68f2150
2017-11-02 03:03:50 -07:00
Vishwath Mohan b743e9c16a Revert "Revert "Build system changes for CFI (Soong)""
This reverts commit 33c252c2f1.

I have a fix to the crashes that this CL set was causing, and have
uploaded it as a patchset to this revert.

This also contains a partial fix that was initially submitted
separately as
https://android-review.googlesource.com/#/c/platform/build/soong/+/524295/

Bug: 30227045
Test: ./art/test/testrunner/run_build_test_target.py -j110 art-asan #no
build errors
Test: m -j50 ASAN_OPTIONS=detect_leaks=0 SANITIZE_HOST=address # no
build errors

Change-Id: I3e53549fa03413d35d9a952f04de1e7629e1f06d
2017-11-01 12:50:01 -07:00
Orion Hodson 33c252c2f1 Revert "Build system changes for CFI (Soong)"
This reverts commit d4b484b070.

Rationale: second in group of commits that left aosp_x86_64 not
building. (See https://android-build.googleplex.com/builds/
submitted/4426589/aosp_x86_64-eng/latest/logs/build_error.log)

Bug: 30227045
Test: builds
Change-Id: I38ab5284c614d6ee68e7359219bd75c7d50131be
2017-10-31 21:01:00 +00:00
Orion Hodson da11d7422f Revert "Hide mutated variant in non-make builds."
This reverts commit 6147c6972a.

Rationale: first in group of commits that left aosp_x86_64 not
building. (See https://android-build.googleplex.com/builds/
submitted/4426589/aosp_x86_64-eng/latest/logs/build_error.log)

Bug: 30227045
Test: builds
Change-Id: I632869d13d09b43e2040da187d7ced4f05c332de
2017-10-31 20:47:44 +00:00
Vishwath Mohan 6147c6972a Hide mutated variant in non-make builds.
This CL hides (using Module.Properties.PreventInstall) either the
sanitized or stock variant for non-make embedded builds (based on
whether a sanitizer is enabled or not) so we don't have duplicate
rules for installing the same target.

Bug: 30227045
Test: OUT_DIR=out build/soong/scripts/build-ndk-prebuilts.sh # no
longer generates a duplicate build error.

Change-Id: I0b2dbb0afd5d426b32da67f951e2a4f9fbb3f3b9
2017-10-30 20:33:41 -07:00
Vishwath Mohan d4b484b070 Build system changes for CFI (Soong)
This CL makes multiples changes in preparation for platform-wide CFI.

(a) Adds a second -version-script=... to the command line
when building components that use a version script. This ensures that
__cfi_check is also exported, and allows CFI to be enabled for these
components.

(b) Adds both topdown and bottom up mutators for CFI to help propagate
dependencies correctly for components that may need CFI disabled.

(c) Fixes an issue with the mutators to correctly apply settings to
both generated variants

(d) Fixes issues when components have more than a single visibility
flag.

Bug: 30227045
Test: SANITIZE_TARGET=cfi m -j40 # dependencies are correctly built
                                 # with/without CFI

Change-Id: I44793cc03bcbcdaa957cc49c7240b87d7c9db327
2017-10-30 01:42:31 -07:00
Colin Cross d11fcda940 Convert Visit*Deps from blueprint.Module to android.Module
Also adds checks that the dependencies are android.Modules and
are not disabled.

Test: m checkbuild
Change-Id: I05e945f38915d49cd3c0ab72a86576949bc7eff2
2017-10-24 13:01:03 -07:00
Yabin Cui 6be405ef69 Support tsan in Android.bp.
Bug: http://b/25392375
Test: build a unit test with tsan.

Change-Id: Ifbd30e41e3a9558a8f106750c2a08778db5d5c81
2017-10-19 15:53:02 -07:00
Jeff Gaston af3cc2d23c Some clarifications in preparation to automatically order linker dependencies
Test: Browse the code and determine whether it's easier to understand
Bug: 66260943
Change-Id: I88c24a8a31ef68f428919087d206433659265684
2017-10-18 18:06:02 +00:00
Jeff Gaston 7b6118be6b Revert "Some clarifications in preparation to automatically order linker dependencies"
This reverts commit 2370af0e23.

Reason for revert: New Build Breakage: aosp-master/aosp_arm64_ab-userdebug @ 4376965

Change-Id: Ibe4b819c4292457c454bf42e6d94fba3071ec04b
2017-10-04 21:07:42 +00:00
Jeff Gaston 2370af0e23 Some clarifications in preparation to automatically order linker dependencies
Test: Browse the code and determine whether it's easier to understand
Bug: 66260943
Change-Id: Ia3fdb8f38e83ad8225a72c8de2804db23a90ef9b
2017-10-03 17:18:01 -07:00
Dan Willemsen 27991b7652 Add -lm to the default libs for Linux & Darwin
libm is a default library for device builds, so default it for host
builds as well.

Also removes duplicate additions of -ldl, -lpthread, -lm and -lrt.

Test: m host
Change-Id: I8f7e799d48a1f427e48dcfb1d0ccba93c5f9780b
2017-09-26 20:25:09 -07:00
Zach Riggle 06bbd89c16 Enhance coverage options to include those needed by Honggfuzz for coverage-driven fuzzing
Test: make m
Bug: 64903541
Change-Id: Id5f10b6d7c122444f875134883f7c0a95d71e12d
2017-08-24 19:25:05 +00:00
Colin Cross ef88ae2369 Make libdl.so be loaded after libc.so
Make sure that libdl is always after libc on the command line.
Simplifies the logic to always support system_shared_libs for
sdk and vndk builds.

For backwards compatibility without updating lots of Android.bp
files, allow libdl to be listed in shared_libs as long as it
is also in system_shared_libs or libc is not in system_shared_libs.

Remove all the places that libdl is added as a dependency, since
it will always be present unless explicitly removed now.

Bug: 62815515
Test: m -j checkbuild
Change-Id: I0233178ffea87a2f0b82190746022476304a68e2
2017-08-23 12:54:54 +09:00
Colin Cross 27a4b05441 Remove error from AndroidMkData.Extra
It's never anything except nil, and it unnecessarily complicates
the implementations.

Test: m -j checkbuild
Change-Id: I8a117a86aa39aeb07d9d8d0686ef869c52784f19
2017-08-11 15:24:11 -07:00
Vishwath Mohan 952293044f Revert "Fix ASAN mutator."
This reverts commit 12758d0cec.

Change-Id: I475e63d7e56ff166c2046fc423a1729ed098ff66
2017-08-11 00:56:44 +00:00
Vishwath Mohan e615345f28 Revert "Don't apply sanitizer mutators to host modules."
This reverts commit bba1927bde.

Change-Id: Ie895d8eae5abb533468b836639e0835e7adbf8c9
2017-08-11 00:52:44 +00:00
Vishwath Mohan bba1927bde Don't apply sanitizer mutators to host modules.
This CL blocks modules intended for the host from having the bottom up
sanitizer mutator applied. We only maintain a single copy of host
binaries, so generating variants doesn't make sense
anyway. Additionally, the existing logic was causing an error with
builds not embedded in make (eg: aosp-build-tools which uses
soong_ui.bash) where the wrong variant was installed on the host. This
change should fix that.

Bug: 64536751
Test: m -j40 && SANITIZE_TARGET="address" m -j40
Test: aosp-build-tools build breakage is fixed.
Change-Id: Ia79b4661f69ce26a7be17c4339c18ca0f397d760
2017-08-10 11:05:00 -07:00
Vishwath Mohan 12758d0cec Fix ASAN mutator.
This CL fixes a bug in the ASAN top down mutator which was incorrectly
checking (and setting) SanitizeDep to true only for the parent module
and not for the visited child modules.

Fixing this also requires some changes to the variant creation logic
to ensure that the correct variant is passed to make for
installation. This will eventually be replaced by logic that appends
an appropriate suffix to sanitized libraries (eg: libc++.asan), which
will allow both variants to be passed to make.

Bug: 64536751
Test: m -j40 && SANITIZE_TARGET="address" m -j40
Change-Id: Id5e5a5946192adf07418dd433bca503047177007
2017-08-09 16:58:36 -07:00
Jiyong Park 27b188bc86 .vendor suffix is added only for libs having core/vendor variants
When the lib is vendor-only, then .vendor suffix is not added.
Furthermore, this change correctly adds .vendor suffix even to the names
listed in LOCAL_SHARED_LIBRARIES so that we don't need to add the suffix
in the make world.

This also allows us to use the original name (without the .vendor
suffix) of the vendor-only modules in make (e.g. in PRODUCT_PACKAGES or
as a make target).

Bug: 37480243
Test: BOARD_VNDK_VERSION=current m -j <name> is successful, where <name>
is one of the vendor-only libraries in Soong. (i.e.
android.hardware.renderscript@1.0-impl)
Test: m -j does not break anything

Change-Id: I203e546ff941878a40c5e7cfbb9f70b617df272d
2017-07-27 08:54:52 +09:00
liuchao c5996de4ce Enable ubsan check flag in build
Ubsan is currently support ARM/ARM64,
so It's OK to enable the build Flag

Test: build test module with flags in Android.bp:
      sanitize: {
          all_undefined: true,
          diag: {
              undefined: true,
          },
      },
BUG:38250996
Change-Id: I37a01b4610132f58315e68335b3c3cdfb148357d
2017-07-21 02:31:37 +00:00
Ivan Lozano 5f59553bca Allow integer_overflow sanitizer path exclusion.
Add support for excluding paths from having integer_overflow applied to
them when using SANITIZE_TARGET=integer_overflow via an
INTEGER_OVERFLOW_EXCLUDE_PATHS make variable. This covers the soong side
of the change.

Bug: 30969751
Test: Build with SANITIZE_TARGET=integer_overflow
SANITIZE_TARGET_DIAG=integer_overflow
INTEGER_OVERFLOW_EXCLUDE_PATHS=<path> and confirmed this was no
longer being applied to binaries in that path.

Change-Id: I298b772f5425da28dff1cf007825be19558db3a8
2017-07-18 13:38:20 -07:00
Ivan Lozano 0c3a1efae4 Add integer_overflow sanitization build option.
Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and
unsigned integer overflow sanitization globally. This implements the
Soong side of the build option.

An additional build option is provided to control whether or not to run
in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the
same way that SANITIZE_TARGET does and currently only supports
'integer_overflow' as an option.

A default sanitizer blacklist is added to avoid applying sanitization
to functions that are likely to exhibit benign overflows.

Bug: 30969751
Test: Building with and without the new flags, device boot-up, tested
various permutations of controlling the new flags from build files.

Change-Id: Ibc8a8615d3132f1a23faaf1cb4861f24c5ef734a
2017-07-07 09:52:23 -07:00
Dan Austin 8241abba87 Update coverage sanitizer flags in soong
Update the coverage sanitizer flags in soong to use the new
flavor of coverage sanitization.

Bug: 63108942

Test: Fuzzer runs with coverage guards.
Change-Id: I2e817a5282cf7dab49aee6985743defd4fb74628
2017-06-29 08:55:13 -07:00
Jayant Chowdhary 9677e8c6ad Black-list for clang LibTooling Cflags.
Add a list of flags which are not understood by clang LibTooling tools
and filter them out of the Cflags the tools are invoked with.

Test: In frameworks/av, make libmedia vendor_available (this invokes
header-abi-dumper on this module), mm -j64.

Bug: 62447349

Change-Id: I46f017212b89f4331145c999103d0ed44da0abaf
2017-06-19 19:43:03 -07:00
Ivan Lozano 651275ba90 Add support for misc_undefined diagnostics
Setting Sanitize.Diag.Undefined to true does not enable diagnostics for
all possible UBSan sanitizers that might be declared in Sanitize.Misc_undefined
(specifically unsigned-integer-overflow and nullability-*). This adds an
equivalent Sanitize.Diag.Misc_undefined string array to allow diagnostics to
be enabled in these sanitizers.

Bug: 62546512
Test: make works and device boots.
Test: Tested an Android.bp generated binary with the new field enabling
unsigned-integer-overflow diagnostics.

Change-Id: I9aa7cb2555ab4f94ae1aa290715a617718d936ff
2017-06-19 10:11:56 -07:00
Evgenii Stepanov c6482d69c2 Don't add -lrt on Darwin for sanitized targets.
Bug: 34719251

Change-Id: Iff81c4d891a2341a8152e5603391b55b0222ebd7
2017-06-07 16:19:17 -07:00
Evgenii Stepanov 76cee23144 Fix -fsanitize=integer not passed for soong builds.
Also filter out -Wl,--no-undefined for all host sanitizers, not just ASan.
UBSan on host defaults to no-trap (i.e. diagnostic mode), and that requires
the runtime library and runs into the same problem with undefined symbols as ASan.

Bug: 34719251
Test: Misc_undefined: ["integer"] on a soong target
Change-Id: I1fb4781f663a11f5f427d50c0bf9beb8e181cd5e
Merged-In: I1fb4781f663a11f5f427d50c0bf9beb8e181cd5e
(cherry picked from commit fe9bc1dccb)
2017-06-07 11:01:02 -07:00
Andreas Gampe 9707116867 Soong: Change Sanitize.Recover order
Add Sanitize.Order cflags after the general sanitizer options, so
it can override the global -fno-sanitize-recover=all.

Bug: 38128476
Test: m SANITIZE_HOST=address
Test: manual test
Change-Id: Ied5600507b66bd25d9d2a8bba428162ed4eb01e4
2017-05-08 23:37:51 +00:00
Colin Cross 8ff9ef4c30 Declare dependency on sanitizer runtime libraries
Moving the last users of a sanitizer runtime library to soong was
causing the runtime library to stop getting installed.  Declare
the dependency so make keeps installing it.

Test: builds
Change-Id: Ieeb9ad5c04ac8df0d1a74239da393dac5cab2b03
2017-05-08 15:57:05 -07:00
Vishwath Mohan 8f4fdd8f76 Disable CFI for ASAN targets. (Soong)
This CL disables CFI if both CFI and ASAN flags are enabled. This
allows ASAN to take precedence where needed, preventing build errors
that would otherwise arise.

Bug: 30227045
Test: SANITIZE_TARGET="address" m -j40
Change-Id: Id336bf2bf5498d4c3ea6492e36b366c76c06376e
2017-04-20 08:06:09 -07:00
Vishwath Mohan 1dd8839286 Refactor sanitized library on-disk layout - Soong.
This CL moves the location of ASAN-ified libraries on disk in the
following manner:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.

Change-Id: I06bf459260ec451d4495a02562f640ad622f34c2
2017-03-31 01:03:56 +00:00
Vishwath Mohan 7a5b46db91 Add ar flags for CFI enabled components in Soong.
CFI enabled components need ar to use the gold linker. This CL adds
that.

Bug: 36290748
Test: Enabling CFI for a Soong component builds without error.
Change-Id: Icbf78fa1ca0d845350516b4dd345b54fbb7ef847
2017-03-16 16:36:16 -07:00
Vishwath Mohan f3918d37fb Blacklist code for CFI.
Adds the -fsanitize-blacklist option for CFI, using the built in
blacklist at external/compiler-rt/lib/cfi/cfi_blacklist.txt.

Also refactors the CFI cflags and ldflags into cc/makevars.go to
ensure they're consistent across Soong and make projects.

Bug: 30227045
Test: ENABLE_CFI=true m -j40 builds and boots.
Test: The blacklist prevents runtime errors that otherwise occur.
Change-Id: I91c5420478e7290061d89338a86abdef69c67fe2
2017-02-15 12:46:52 -08:00
Vishwath Mohan 6d67e6e68e Disble CFI for ARM32 processes.
This CL disables CFI for 32-bit ARM processes, which is broken due to
a compiler error in the most recent version of clang.

Bug: 35157333
Test: ENABLE_CFI=true m -j40 does not enable CFI for 32-bit processes
Change-Id: I52ccf60d91ff1a2af4cf024376b7d70f87040674
2017-02-08 19:46:27 -08:00
Evgenii Stepanov a83fdacf7c Disable CFI on Mips and add -march to linkflags on ARM.
Mips toolchain does not have ld.gold.
ARM change is a workaround for LLVM r290384.

Bug: 33678192
Test: make ENABLE_CFI=1
Change-Id: I189ffd42760f0ea8d151717337b9355b37cb207b
2017-02-03 23:50:28 +00:00
Evgenii Stepanov cb3f890263 Remove duplicate code.
Test: NFC
Change-Id: I63a1b1ee244c2ab015914e1879aefc3ba8f886b0
2017-02-03 13:25:03 -08:00
Evgenii Stepanov 774cb81796 Disable global coverage when a module disables asan.
With SANITIZE_TARGET="address coverage", if a module disables ASan
(address: false), it is left with just coverage, which is not
supported. In that case, disable coverage as well.

Bug: 33091541
Test: see above
Change-Id: Idcd04dad8cab7c7e2644d2408b1b8a381490e5af
2017-01-24 20:55:11 +00:00
Evgenii Stepanov 7ebf9fa3c9 Force Thumb for CFI targets.
Bug: 22033465
Test: bionic device tests
Change-Id: I672ccc970309631fa895b7134a32c0d403a2151e
2017-01-20 14:13:32 -08:00
Vishwath Mohan 1b017a76e1 Hide CFI behind a global flag.
This CL ensures that locally enabling CFI in a .bp file is not honored
unless it is enabled globally using ENABLE_CFI=true first, effectively
hiding it behind a flag.

Bug: 30227045
Bug: 22033465
Test: m -j40 works and device boots
Test: cfi is correctly honored only when the global flag is set.
Change-Id: Iccc6e4bf5e7828ab8ce6056f3e40922712faa0d8
2017-01-19 14:40:34 -08:00
Colin Cross 23ae82a2b2 Support sanitizing a single device arch
Allow specifying one or more architectures to sanitize for.  Defaults to
sanitizing all architectures.  Allows reducing the cost of sanitization
by only sanitizing half of the platform.

Bug: 29498013
Test: No change to build.ninja files with m -j SANITIZE_TARGET=address
Test: m -j SANITIZE_TARGET=address SANITIZE_TARGET_ARCH=arm
Test: nm -D $OUT/system/bin/app_process64 | grep asan, no asan symbols found
Change-Id: I972cccc2f19443895d47b44bd8104105f93ffb7d
2016-11-02 15:18:19 -07:00
Evgenii Stepanov 1e405e160a [soong] Enable LOCAL_SANITIZE:=cfi and add LOCAL_SANITIZE_DIAG.
LOCAL_SANITIZE_DIAG works for ubsan, too.

Bug: 22033465
Test: build a test target with cfi and diag { cfi } properties.

Change-Id: I9cd8e8df9b330430b321709d7f05b4da0294e771
2016-10-31 15:29:08 -07:00
Colin Cross 46974e2457 Don't pass -Wl,--no-undefined to host targets
Host builds were compiling without -Wl,--no-undefined because of an ASAN
issue.  Pass -Wl,--no-undefined for host builds unless sanitzers are
enabled.  Also fix LOCAL_ALLOW_UNDEFINED_SYMBOLS on darwin, where
disallowing undefined symbols is the default.

Test: m -j host
Test: m -j SANITIZE_HOST=address host
Bug: 32305815
Change-Id: Ia4bb305a50b1c1048b119f75726d52f82e21438c
2016-10-21 18:20:23 +00:00
Dan Willemsen 78ffeea24e Fix gofmt problems and add gofmt to preupload checks
Test: gofmt -d .
Test: <bad change>, repo upload
Change-Id: I5ca0676461616f166a842d307c600dc50a50ec48
2016-10-20 18:48:20 -07:00
Dan Willemsen cbceaab39c Export asan configuration to make
Test: Ninja files for ASAN'd aosp_flounder-eng identical
Change-Id: Ib29cac0bc391dadd9ff27992c7b356415182767f
2016-10-13 23:46:10 +00:00
Colin Cross b0f28957ae Support mixed ASAN and non-ASAN host builds
Host builds may build binaries that must have ASAN disabled.  Convert
host ASAN to use variants.  Since there is only one install location for
shared libraries, don't install the non-ASAN variant at all for now.

Test: mmma -j art SANITIZE_HOST=address
Change-Id: Iacefecac93df44823316624b4c540c24f643fb80
2016-09-19 16:50:35 -07:00
Colin Cross 9461040154 Fix installation path for asan libraries
Check c.sanitize.inData() when deciding on install paths.
Don't set inData() for sanitized binaries.

Bug: 30773053
Change-Id: I24be75ccc1b25ae53f7f0a98d1632b30735d0931
2016-08-29 13:50:24 -07:00
Evgenii Stepanov af36db1178 Add ubsan_standalone library name to the toolchain.
and export the library name to make. Refactor the code a bit to avoid repeating the library name
multiple times.

Bug: 22033465
Test: Ran external/clang/build.py for aosp-llvm

Change-Id: I25eb3858eb92e1dd493b09524d559802551b2547
2016-08-15 17:05:04 -07:00
Colin Cross 91169fe8ea Fix coverage sanitizer builds
Disable coverage for static binaries where address sanitizer is
disabled, and disable coverage in the mutator when disabling address
sanitizer.

Bug: 29188876
Change-Id: Ia1a21878c3f34cd295a6dec49608c412eb09e7b1
2016-08-11 16:54:01 -07:00
Colin Cross b916a38233 Refactor cc modules to use decorators instead of inheritance
For example , instead of trying to have libraryLinker inherit from
baseLinker and libraryCompiler inherit from baseCompiler, create a
single decorator object that wraps both baseLinker and baseCompiler.

Test: Builds, no unexpected changes to build.ninja
Change-Id: I2468adaea8466c203a240259ba5694b8b1df7a52
2016-08-05 10:25:09 -07:00
Colin Cross b98c8b0595 Move toolchain and global variables into separate package
Move all of the configuration into a cc/config package

Change-Id: If56fc7242062ed1ce3cb297f78a1e0ef7537373c
2016-08-01 13:37:01 -07:00
Colin Cross 3c344ef29e Disable asan for static binaries
build/core/executable.mk has an extra check to disable asan for static
binaries, do the same in soong.

Bug: 30191800
Change-Id: Ia78063264f3280eb889ba9e45c45dd66e4c64a96
2016-07-18 16:14:12 -07:00
Colin Cross 263abbd5e9 Support global and local sanitizers
Mixing undefined and address sanitizers requires updating cflags.
Matches makefile change Ifee350da4877008fb061bc7f6c700e7fade405bc

Bug: 30163657
Change-Id: Iea4364b912b496400581a475bc79bd9b9c4dd76d
2016-07-15 13:12:58 -07:00
Evgenii Stepanov fcfe56d194 Target sanitize properties can disable the global sanitizer.
With this change, sanitize: { address: false } disables
SANITIZE_TARGET=address for one target.

Also rename SafeStack to Safestack, because the former can not be
used as a target property.

Bug: 27729263
2016-07-07 10:54:42 -07:00
Evgenii Stepanov 05bafd3784 Revert "Target sanitize properties can disable the global sanitizer."
This reverts commit bb02886451.

Breaks SANITIZE_HOST=address

Change-Id: I9791a034e32a83d567b8739a7ec7b61890cb1b97
2016-07-07 17:38:41 +00:00
Evgenii Stepanov bb02886451 Target sanitize properties can disable the global sanitizer.
With this change, sanitize: { address: false } disables
SANITIZE_TARGET=address for one target.

Also rename SafeStack to Safestack, because the former can not be
used as a target property.

Bug: 27729263
Change-Id: I20f55c0e62b2fdd191ba66c0f661a039109bd78f
2016-07-06 16:38:58 -07:00
Colin Cross b36ab1a1a0 Fix sanitize host builds
Host builds don't have a separate place to install asan modules, so only
create a single variant for them.

Change-Id: I81f7090debd7935db778f8600d8cbc86dd53b1cb
2016-05-25 12:35:53 -07:00
Colin Cross bc6fb16b26 Support sanitizer variants inside make builds
Create both sanitized and unsanitized variants inside make builds with
sanitizers enabled.  Only export the sanitized version to make, and
always install the sanitized version in /data to match the make build.

Change-Id: I5a17bcbddc7a9d871c929c84d3c116228ef3258f
2016-05-24 17:14:15 -07:00
Colin Cross 635c3b0157 Rename common to android
Rename the "common" package to "android", because common is too
generic.  Also removes all android.Android naming stutter.

Ran:
gomvpkg -from 'android/soong/common' -to 'android/soong/android'
gorename -from '"android/soong/android".AndroidModuleContext' -to 'ModuleContext'
gorename -from '"android/soong/android".AndroidBaseContext' -to 'BaseContext'
gorename -from '"android/soong/android".AndroidModuleBase' -to 'ModuleBase'
gorename -from '"android/soong/android".AndroidBottomUpMutatorContext' -to 'BottomUpMutatorContext'
gorename -from '"android/soong/android".AndroidTopDownMutatorContext' -to 'TopDownMutatorContext'
gorename -from '"android/soong/android".AndroidModule' -to 'Module'

Change-Id: I3b23590b8ce7c8a1ea1139411d84a53163288da7
2016-05-18 15:37:25 -07:00
Evgenii Stepanov 0a8a0d09d1 Support SANITIZE_TARGET=safe-stack in soong.
Change-Id: I570a7033ece82c5e76815dc1b81622b481930de4
2016-05-12 13:54:53 -07:00
Colin Cross 30d5f514dd Support sanitizer builds inside make
Make expects libraries built with address sanitizer to be installed into
/data, and can't handle multiple variants of modules.

Change-Id: Ice575ff6f0788a88f296e7b3ee521a2b9771f55f
2016-05-03 18:02:42 -07:00
Colin Cross 16b2349190 Add support for sanitizer property
Add a new feature to cc modules that adds the cflags and libraries
necessary to implement AddressSanitizer, ThreadSanitizer, and
UndefinedBehaviorSanitizer.

Change-Id: Ibe5ffadc7ece56080a2521f2c7c00da9ef712584
2016-04-21 16:42:08 -07:00