Commit Graph

23 Commits

Author SHA1 Message Date
Evgenii Stepanov ff7a781512 Disable detection of bugs on global variables.
This is a temporary change pending code cleanup.

We are already disabling detection of ODR violations. As it turns out,
an ODR between an ASan-instrumented library and a non-instrumented library
may actually crash ASan, and there is no obvious way out, and one of those
prevents us from booting a SANITIZE_TARGET image right now.

Bug: 21951850
Change-Id: I49508242ec96089a3d4d8b7e45f36323d62f2be9
2015-07-13 20:03:02 -07:00
Evgenii Stepanov 5adfcb166e SANITIZE_TARGET: allow undef symbols in non-sanitized shared libraries.
These symbols are defined in the ASan runtime library, which is always
present at runtime.

Bug:21785137

Change-Id: Ib8418c66323fd4cdfdc05548048f32380cb84ee5
2015-06-25 17:34:44 -07:00
Evgenii Stepanov d479a7a119 Merge "Enable SANITIZE_TARGET." 2015-06-19 18:15:08 +00:00
Dan Albert abf4bc916a Add support for `LOCAL_SANITIZE := integer`.
This also does a bit of cleanup in config_sanitizers.mk. The result is
that `LOCAL_SANITIZE := <any arbitrary ubsan group>` should function
fine for both host and target.

This is a superset of LOCAL_DETECT_INTEGER_OVERFLOWS, so remove that.
This also checks integer division by zero.  It's supposed to cover
shifting undefined behaviors as well, but apparently it does not
(though `LOCAL_SANITIZE := shift` works fine).

Change-Id: I4ac99eafa6920a3f8cb82af37ce56ff0fdb95223
2015-06-19 10:28:06 -07:00
Evgenii Stepanov 3632cc3241 Enable SANITIZE_TARGET.
The same as SANITIZE_HOST, but for the target.
Also, skip all LOCAL_FORCE_STATIC_EXECUTABLE targets, as ASan does not
support static linking.

Bug: 21785137
Change-Id: Ief53ff8de1fee18f230d6c7dd31845db5bbd415c
2015-06-18 18:24:40 -07:00
Dan Albert b32c0009a3 Remove LOCAL_ADDRESS_SANITIZER.
I've migrated all users of this to the new option now, so we can drop
this.

Dropping `SANITIZE_HOST := true` will have to wait until the build
server configs have been updated.

Change-Id: I591436e197a6c6c079a6cd6a2decb702b574cd71
2015-06-16 22:20:19 -07:00
Dan Albert c27d471742 Merge "Fix libdl inclusion for default-ub." 2015-06-16 21:13:44 +00:00
Nick Kralevich 99d92506ac Add support for LOCAL_DETECT_INTEGER_OVERFLOWS
Add build system support for LOCAL_DETECT_INTEGER_OVERFLOWS. When enabled,
an attempt to perform an integer arithmetic operation which overflows
will result in a call to abort(). This is intended for security
sensitive code, where integer overflow operations are not expected
nor desirable.

Two classes of underflows/overflows are detected and blocked:

1) Signed integer underflow/overflow.
2) Unsigned integer underflow/overflows.

Signed integer overflows are undefined behavior, according to the
C standard. Unsigned integer overflows are defined behavior, but
still undesirable in security sensitive code.

Only clang is supported today. gcc has -ftrapv for handling signed
integer overflow, but it's widely considered broken
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35412) and we're
deliberately avoiding it's use here.

Change-Id: Ib4918dc84e37e83d4205e5035544545d91671e5f
Vaguely-Related-Bug: 11859726
2015-06-15 14:52:09 -07:00
Dan Albert 7508a81d40 Fix libdl inclusion for default-ub.
We shouldn't be using ldlibs for target libraries because it doesn't
add a real dependency.

Change-Id: Ib1ec40b95356feb521e95674b64d04d5ecc06332
2015-06-15 11:39:29 -07:00
Dmitriy Ivanov e24b6f77ff Do not pack relocations for executables
Bug: http://b/20665974
Change-Id: Ibc13b5d6bd05dfbc7ff8475068fe7363f58e7e67
2015-05-07 13:10:02 -07:00
Dan Albert 5619dbec25 Don't pack ASAN executables.
The relocation packer is causing the kernel to load the executable
overlapping ASAN's shadow space.

Bug: http://b/20665974
Change-Id: Ifc5914f4fbed5f4f00ed1c795d01cf2fcb849cfe
2015-04-28 15:00:15 -07:00
Dan Albert 1f0d53080b --no-as-needed needs -Wl.
Not sure why my checkbuild passed.

Change-Id: Iead84121daaaa32c5dd1f0712e9b7caaffd58352
2015-04-28 14:55:50 -07:00
Dan Albert 8a31153ae0 Make asan more closely match clang behavior.
Always link libm with asan. Hasn't been a problem before because ASAN
was only ever used when libc++ was as well, which already links libm.

Pass --no-as-needed for host modules.

These aren't needed for the target builds because the target uses the
shared RTL.

Change-Id: I5d6a3c2dd557b5231be2b7711df6438693753a88
2015-04-28 14:09:34 -07:00
Dan Albert 9f17655453 Fix bad variable names.
My working tree was still dirty when I verified the original change.

Change-Id: I3e6fa6908b809c016231b398c5d30d8cce3b87ab
2015-04-28 11:26:45 -07:00
Evgenii Stepanov 55f3c4c25e Merge "Fix AddressSanitizer link order and multilib setup." 2015-04-27 22:46:41 +00:00
Evgenii Stepanov f0b15e173b Fix AddressSanitizer link order and multilib setup.
ASan runtime library (when using dynamic linking) must be the first
dependency of the main executable to achieve correct symbol
interposition. This matches how the clang driver works.

In multilib setup, ASan-RT name depends on the target arch:
  /system/lib/libclang_rt.asan-arm-android.so
  /system/lib64/libclang_rt.asan-arm64-android.so

We also set RPATH to /system/lib/asan or /system/lib64/asan
to have a place for ASan-only versions of system libraries.

Change-Id: I5c0cdb89e5e08a1950eb276e406da9f31a6e52dd
2015-04-27 14:48:35 -07:00
Dan Albert 4111d4804a Add LOCAL_SANITIZE_RECOVER.
This is needed for projects that have known ubsan issues that we can't
fix right away (perhaps because it's an upstream project that we're
diligent about keeping in sync with upsteam).

Also make the normal ubsan use -fno-sanitize-recover=all by default.

Change-Id: I1b0f3309792f32dbd08c18816d7306e76c8d7c30
2015-04-27 11:07:38 -07:00
Dan Albert b5b2ffe3be Add support for a partial ubsan build.
Some of the ubsan checks expose a few pathological performance cases
in clang, and thus aren't suited to be used in SANITIZE_HOST.

This mode is also supported on the target despite not having the
target runtime libraries for ubsan by generating traps.

Change-Id: I0b0f0a08ca84d72e44e2174a66726b1c5e5cad7e
2015-04-17 11:37:03 -07:00
Dan Albert 4c92a68127 Fix misuse of my_sanitize_host.
Ying pointed out in https://android-review.googlesource.com/#/c/147290
that my_sanitize_host would be read as some garbage value for target
builds. Move the configuration later and don't use the local at all.

Change-Id: Id8a095821d000a184e72f950b9481597073a7044
2015-04-17 11:32:57 -07:00
Dan Albert 94b579166f Make use of sanitizers without clang an error.
Previously using a sanitizer would imply clang. It should be an error
instead so it's more obvious.

Change-Id: I67c949bfda3718a0d19da7e358b5fde447fce334
2015-04-17 11:06:24 -07:00
Dan Albert 27ccb75af7 Clean up sanitizer configuration.
* Refactor a few pieces to avoid deeply nested conditionals.
 * LOCAL_SANITIZE := never replaces LOCAL_ADDRESS_SANITIZER := false.

Change-Id: I68bb8c5edda6ecd40179c5ba9f18d06e96aaa260
2015-04-17 09:39:12 -07:00
Dan Albert 08cca28f92 Add support for ubsan.
Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for
each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of
LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>.

For example, the following will use both asan and ubsan:

    LOCAL_SANITIZE := address undefined

We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we
can clean up the tree.

Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
2015-04-08 15:52:04 -07:00
Dan Albert 4ae5d4b331 Add a SANITIZE_HOST flag.
We had discussed the idea of making all host tools default to using
ASAN. Even if we don't make it the default, this makes it easy for the
user to switch all host binaries over.

Change-Id: I64a5c741b1b4e9aefed3a6be8dcd4f386e06b29c
2014-12-05 22:20:37 -08:00