blob: f6b88c718941ac3437109bbe9b3b2ed9db93b8e3 [file] [log] [blame]
# Copyright 2014 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build_overrides/build.gni")
import("//build/config/chrome_build.gni")
import("//build/config/chromecast_build.gni")
import("//build/config/clang/clang.gni")
import("//build/config/sanitizers/sanitizers.gni")
import("//build/toolchain/toolchain.gni")
if (is_ios) {
import("//build/config/ios/ios_sdk.gni")
}
# Contains the dependencies needed for sanitizers to link into
# executables and shared_libraries. Unconditionally depend upon
# "//build/config:exe_and_shlib_deps" to pull in this target.
group("deps") {
visibility = [ "//build/config:exe_and_shlib_deps" ]
public_deps = [
":deps_no_options",
]
if (using_sanitizer) {
public_configs = [
":sanitizer_options_link_helper",
# Even when a target removes default_sanitizer_flags, it may be depending
# on a library that did not remove default_sanitizer_flags. Thus, we need
# to add the ldflags here as well as in default_sanitizer_flags.
":default_sanitizer_ldflags",
]
deps = [
":options_sources",
]
}
if (use_afl) {
deps += [ "//third_party/afl" ]
}
}
group("deps_no_options") {
if (using_sanitizer) {
public_configs = [
# Even when a target removes default_sanitizer_flags, it may be depending
# on a library that did not remove default_sanitizer_flags. Thus, we need
# to add the ldflags here as well as in default_sanitizer_flags.
":default_sanitizer_ldflags",
]
deps = []
public_deps = []
data = [
"//tools/valgrind/asan/",
]
if (is_win) {
exe = ".exe"
} else {
exe = ""
}
data += [ "$clang_base_path/bin/llvm-symbolizer${exe}" ]
if (is_linux) {
# llvm-symbolizer needs this.
data += [ "$clang_base_path/lib/libstdc++.so.6" ]
}
if (use_prebuilt_instrumented_libraries ||
use_locally_built_instrumented_libraries) {
deps += [ "//third_party/instrumented_libraries:deps" ]
}
if (use_custom_libcxx) {
public_deps += [ "//buildtools/third_party/libc++:libcxx_proxy" ]
data += [ "$root_out_dir/libc++.so" ]
}
# ASAN is supported on iOS but the runtime library depends on the compiler
# used (Chromium version of clang versus Xcode version of clang). Only copy
# the ASAN runtime on iOS if building with Chromium clang.
if (is_win || is_mac || (is_ios && !use_xcode_clang)) {
data_deps = [
":copy_asan_runtime",
]
}
if (is_mac || (is_ios && !use_xcode_clang)) {
public_deps += [ ":asan_runtime_bundle_data" ]
}
}
}
if ((is_mac || is_win || (is_ios && !use_xcode_clang)) && using_sanitizer) {
if (is_mac) {
_clang_rt_dso_path = "darwin/libclang_rt.asan_osx_dynamic.dylib"
} else if (is_ios) {
_clang_rt_dso_path = "darwin/libclang_rt.asan_iossim_dynamic.dylib"
} else if (is_win && target_cpu == "x86") {
_clang_rt_dso_path = "windows/clang_rt.asan_dynamic-i386.dll"
} else if (is_win && target_cpu == "x64") {
_clang_rt_dso_path = "windows/clang_rt.asan_dynamic-x86_64.dll"
}
_clang_rt_dso_full_path =
"$clang_base_path/lib/clang/$clang_version/lib/$_clang_rt_dso_path"
if (!is_ios) {
copy("copy_asan_runtime") {
sources = [
_clang_rt_dso_full_path,
]
outputs = [
"$root_out_dir/{{source_file_part}}",
]
}
} else {
# On iOS, the runtime library need to be code signed (adhoc signature)
# starting with Xcode 8, so use an action instead of a copy on iOS.
action("copy_asan_runtime") {
script = "//build/config/ios/codesign.py"
sources = [
_clang_rt_dso_full_path,
]
outputs = [
"$root_out_dir/" + get_path_info(sources[0], "file"),
]
args = [
"code-sign-file",
"--identity=" + ios_code_signing_identity,
"--output=" + rebase_path(outputs[0], root_build_dir),
rebase_path(sources[0], root_build_dir),
]
}
}
if (is_mac || is_ios) {
bundle_data("asan_runtime_bundle_data") {
sources = get_target_outputs(":copy_asan_runtime")
outputs = [
"{{bundle_executable_dir}}/{{source_file_part}}",
]
public_deps = [
":copy_asan_runtime",
]
}
}
}
config("sanitizer_options_link_helper") {
if (is_mac || is_ios) {
ldflags = [ "-Wl,-U,_sanitizer_options_link_helper" ]
} else if (!is_win) {
ldflags = [ "-Wl,-u_sanitizer_options_link_helper" ]
}
}
static_library("options_sources") {
# This is a static_library instead of a source_set, as it shouldn't be
# unconditionally linked into targets.
visibility = [
":deps",
"//:gn_visibility",
]
sources = [
"//build/sanitizers/sanitizer_options.cc",
]
# Don't compile this target with any sanitizer code. It can be called from
# the sanitizer runtimes, so instrumenting these functions could cause
# recursive calls into the runtime if there is an error.
configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
if (is_asan) {
if (!defined(asan_suppressions_file)) {
asan_suppressions_file = "//build/sanitizers/asan_suppressions.cc"
}
sources += [ asan_suppressions_file ]
}
if (is_lsan) {
if (!defined(lsan_suppressions_file)) {
lsan_suppressions_file = "//build/sanitizers/lsan_suppressions.cc"
}
sources += [ lsan_suppressions_file ]
}
if (is_tsan) {
if (!defined(tsan_suppressions_file)) {
tsan_suppressions_file = "//build/sanitizers/tsan_suppressions.cc"
}
sources += [ tsan_suppressions_file ]
}
}
# Applies linker flags necessary when either :deps or :default_sanitizer_flags
# are used.
config("default_sanitizer_ldflags") {
visibility = [
":default_sanitizer_flags",
":deps",
]
if (is_posix) {
ldflags = []
if (is_asan) {
ldflags += [ "-fsanitize=address" ]
if (is_mac) {
# https://crbug.com/708707
ldflags += [ "-fno-sanitize-address-use-after-scope" ]
} else {
ldflags += [ "-fsanitize-address-use-after-scope" ]
}
}
if (is_lsan) {
ldflags += [ "-fsanitize=leak" ]
}
if (is_tsan) {
ldflags += [ "-fsanitize=thread" ]
}
if (is_msan) {
ldflags += [ "-fsanitize=memory" ]
}
if (is_ubsan || is_ubsan_security) {
ldflags += [ "-fsanitize=undefined" ]
}
if (is_ubsan_null) {
ldflags += [ "-fsanitize=null" ]
}
if (is_ubsan_vptr) {
ldflags += [ "-fsanitize=vptr" ]
}
if (use_sanitizer_coverage) {
ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ]
}
if (is_cfi && !is_nacl) {
ldflags += [ "-fsanitize=cfi-vcall" ]
if (use_cfi_cast) {
ldflags += [
"-fsanitize=cfi-derived-cast",
"-fsanitize=cfi-unrelated-cast",
]
}
if (use_cfi_diag) {
ldflags += [
"-fno-sanitize-trap=cfi",
"-fsanitize-recover=cfi",
]
}
}
} else if (is_win && is_asan) {
# Windows directly calls link.exe instead of the compiler driver when
# linking. Hence, pass the runtime libraries instead of -fsanitize=address.
# In the static-library build, libraries are different for executables
# and dlls, see link_executable and link_shared_library below.
# This here handles only the component build.
if (target_cpu == "x64") {
# Windows 64-bit. TODO(etienneb): Remove the assert when this is ready.
if (is_component_build) {
assert(false, "win/asan does not work in 64-bit yet")
libs = [
"clang_rt.asan_dynamic-x86_64.lib",
"clang_rt.asan_dynamic_runtime_thunk-x86_64.lib",
]
}
} else {
assert(target_cpu == "x86", "WinASan unsupported architecture")
if (is_component_build) {
libs = [
"clang_rt.asan_dynamic-i386.lib",
"clang_rt.asan_dynamic_runtime_thunk-i386.lib",
]
}
}
}
}
config("common_sanitizer_flags") {
cflags = []
cflags_cc = []
# Sanitizers need line table info for stack traces. They don't need type info
# or variable info, so we can leave that out to speed up the build (unless
# it's explicitly asked for by setting |sanitizer_keep_symbols| to true).
if (using_sanitizer) {
assert(is_clang, "sanitizers only supported with clang")
if (!sanitizer_keep_symbols) {
cflags += [ "-gline-tables-only" ]
}
cflags += [
# Column info in debug data confuses Visual Studio's debugger, so don't
# use this by default. However, clusterfuzz needs it for good attribution
# of reports to CLs, so turn it on there.
"-gcolumn-info",
]
}
# Common options for AddressSanitizer, LeakSanitizer, ThreadSanitizer,
# MemorySanitizer and non-official CFI builds.
if (using_sanitizer || (is_cfi && !is_official_build)) {
if (is_posix) {
cflags += [ "-fno-omit-frame-pointer" ]
} else {
cflags += [ "/Oy-" ]
}
}
if (use_custom_libcxx) {
prefix = "//buildtools/third_party"
include = "trunk/include"
cflags_cc += [
"-nostdinc++",
"-isystem" + rebase_path("$prefix/libc++/$include", root_build_dir),
"-isystem" + rebase_path("$prefix/libc++abi/$include", root_build_dir),
]
}
}
config("asan_flags") {
cflags = []
if (is_asan) {
cflags += [ "-fsanitize=address" ]
if (!is_mac) {
cflags += [ "-fsanitize-address-use-after-scope" ]
} else {
# https://crbug.com/708707
cflags += [ "-fno-sanitize-address-use-after-scope" ]
}
if (!asan_globals) {
cflags += [
"-mllvm",
"-asan-globals=0",
]
}
if (is_win) {
if (!defined(asan_win_blacklist_path)) {
asan_win_blacklist_path =
rebase_path("//tools/memory/asan/blacklist_win.txt", root_build_dir)
}
cflags += [ "-fsanitize-blacklist=$asan_win_blacklist_path" ]
} else {
# TODO(rnk): Remove this as discussed in http://crbug.com/427202.
if (!defined(asan_blacklist_path)) {
asan_blacklist_path =
rebase_path("//tools/memory/asan/blacklist.txt", root_build_dir)
}
cflags += [ "-fsanitize-blacklist=$asan_blacklist_path" ]
}
}
}
config("link_executable") {
if (is_asan && is_win && !is_component_build) {
if (target_cpu == "x64") {
# Windows 64-bit. TODO(etienneb): Remove the assert when this is ready.
assert(false, "win/asan does not work in 64-bit yet")
libs = [ "clang_rt.asan-x86_64.lib" ]
ldflags = [ "-wholearchive:clang_rt.asan-x86_64.lib" ]
} else {
assert(target_cpu == "x86", "WinASan unsupported architecture")
libs = [ "clang_rt.asan-i386.lib" ]
ldflags = [ "-wholearchive:clang_rt.asan-i386.lib" ]
}
}
}
config("link_shared_library") {
if (is_asan && is_win && !is_component_build) {
if (target_cpu == "x64") {
# Windows 64-bit. TODO(etienneb): Remove the assert when this is ready.
assert(false, "win/asan does not work in 64-bit yet")
libs = [ "clang_rt.asan_dll_thunk-x86_64.lib" ]
} else {
assert(target_cpu == "x86", "WinASan unsupported architecture")
libs = [ "clang_rt.asan_dll_thunk-i386.lib" ]
}
}
}
config("cfi_flags") {
cflags = []
if (is_cfi && !is_nacl) {
if (!defined(cfi_blacklist_path)) {
cfi_blacklist_path =
rebase_path("//tools/cfi/blacklist.txt", root_build_dir)
}
cflags += [
"-fsanitize=cfi-vcall",
"-fsanitize-blacklist=$cfi_blacklist_path",
]
if (use_cfi_cast) {
cflags += [
"-fsanitize=cfi-derived-cast",
"-fsanitize=cfi-unrelated-cast",
]
}
if (use_cfi_icall) {
cflags += [ "-fsanitize=cfi-icall" ]
}
if (use_cfi_diag) {
cflags += [
"-fno-sanitize-trap=cfi",
"-fsanitize-recover=cfi",
"-fno-inline-functions",
"-fno-inline",
"-fno-omit-frame-pointer",
"-O1",
]
} else {
defines = [ "CFI_ENFORCEMENT" ]
}
}
}
config("coverage_flags") {
cflags = []
if (use_sanitizer_coverage) {
cflags += [
"-fsanitize-coverage=$sanitizer_coverage_flags",
"-mllvm",
"-sanitizer-coverage-prune-blocks=1",
]
if (current_cpu == "arm") {
# http://crbug.com/517105
cflags += [
"-mllvm",
"-sanitizer-coverage-block-threshold=0",
]
}
defines = [ "SANITIZER_COVERAGE" ]
}
}
config("lsan_flags") {
if (is_lsan) {
cflags = [ "-fsanitize=leak" ]
}
}
config("msan_flags") {
if (is_msan) {
assert(is_linux, "msan only supported on linux x86_64")
if (!defined(msan_blacklist_path)) {
msan_blacklist_path =
rebase_path("//tools/msan/blacklist.txt", root_build_dir)
}
cflags = [
"-fsanitize=memory",
"-fsanitize-memory-track-origins=$msan_track_origins",
"-fsanitize-blacklist=$msan_blacklist_path",
]
}
}
config("tsan_flags") {
if (is_tsan) {
assert(is_linux, "tsan only supported on linux x86_64")
if (!defined(tsan_blacklist_path)) {
tsan_blacklist_path =
rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
}
cflags = [
"-fsanitize=thread",
"-fsanitize-blacklist=$tsan_blacklist_path",
]
}
}
config("ubsan_flags") {
cflags = []
if (is_ubsan) {
if (!defined(ubsan_blacklist_path)) {
ubsan_blacklist_path =
rebase_path("//tools/ubsan/blacklist.txt", root_build_dir)
}
cflags += [
# Yasm dies with an "Illegal instruction" error when bounds checking is
# enabled. See http://crbug.com/489901
# "-fsanitize=bounds",
"-fsanitize=float-divide-by-zero",
"-fsanitize=integer-divide-by-zero",
"-fsanitize=null",
"-fsanitize=object-size",
"-fsanitize=return",
"-fsanitize=returns-nonnull-attribute",
"-fsanitize=shift-exponent",
"-fsanitize=signed-integer-overflow",
"-fsanitize=unreachable",
"-fsanitize=vla-bound",
"-fsanitize-blacklist=$ubsan_blacklist_path",
]
# Chromecast ubsan builds fail to compile with these
# experimental flags, so only add them to non-chromecast ubsan builds.
if (!is_chromecast) {
cflags += [
# Employ the experimental PBQP register allocator to avoid slow
# compilation on files with too many basic blocks.
# See http://crbug.com/426271.
"-mllvm",
"-regalloc=pbqp",
# Speculatively use coalescing to slightly improve the code generated
# by PBQP regallocator. May increase compile time.
"-mllvm",
"-pbqp-coalescing",
]
}
}
}
config("ubsan_no_recover") {
if (is_ubsan_no_recover) {
cflags = [ "-fno-sanitize-recover=undefined" ]
}
}
config("ubsan_security_flags") {
if (is_ubsan_security) {
if (!defined(ubsan_security_blacklist_path)) {
ubsan_security_blacklist_path =
rebase_path("//tools/ubsan/security_blacklist.txt", root_build_dir)
}
cflags = [
"-fsanitize=signed-integer-overflow,shift,vptr,function,vla-bound",
"-fsanitize-blacklist=$ubsan_security_blacklist_path",
]
}
}
config("ubsan_null_flags") {
if (is_ubsan_null) {
cflags = [ "-fsanitize=null" ]
}
}
config("ubsan_vptr_flags") {
if (is_ubsan_vptr) {
if (!defined(ubsan_vptr_blacklist_path)) {
ubsan_vptr_blacklist_path =
rebase_path("//tools/ubsan/vptr_blacklist.txt", root_build_dir)
}
cflags = [
"-fsanitize=vptr",
"-fsanitize-blacklist=$ubsan_vptr_blacklist_path",
]
}
}
config("fuzzing_build_mode") {
if (use_libfuzzer || use_afl) {
defines = [ "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ]
}
}
all_sanitizer_configs = [
":common_sanitizer_flags",
":coverage_flags",
":default_sanitizer_ldflags",
":asan_flags",
":cfi_flags",
":lsan_flags",
":msan_flags",
":tsan_flags",
":ubsan_flags",
":ubsan_no_recover",
":ubsan_null_flags",
":ubsan_security_flags",
":ubsan_vptr_flags",
":fuzzing_build_mode",
]
# This config is applied by default to all targets. It sets the compiler flags
# for sanitizer usage, or, if no sanitizer is set, does nothing.
#
# This needs to be in a separate config so that targets can opt out of
# sanitizers (by removing the config) if they desire. Even if a target
# removes this config, executables & shared libraries should still depend on
# :deps if any of their dependencies have not opted out of sanitizers.
# Keep this list in sync with default_sanitizer_flags_but_ubsan_vptr.
config("default_sanitizer_flags") {
configs = all_sanitizer_configs
}
# This config is equivalent to default_sanitizer_flags, but excludes ubsan_vptr.
# This allows to selectively disable ubsan_vptr, when needed. In particular,
# if some third_party code is required to be compiled without rtti, which
# is a requirement for ubsan_vptr.
config("default_sanitizer_flags_but_ubsan_vptr") {
configs = all_sanitizer_configs - [ ":ubsan_vptr_flags" ]
}
config("default_sanitizer_flags_but_coverage") {
configs = all_sanitizer_configs - [ ":coverage_flags" ]
}