Home | History | Annotate | Download | only in core 
      1 ##############################################
      2 ## Perform configuration steps for sanitizers.
      3 ##############################################
      4 
      5 my_sanitize := $(strip $(LOCAL_SANITIZE))
      6 my_sanitize_diag := $(strip $(LOCAL_SANITIZE_DIAG))
      7 
      8 # SANITIZE_HOST is only in effect if the module is already using clang (host
      9 # modules that haven't set `LOCAL_CLANG := false` and device modules that
     10 # have set `LOCAL_CLANG := true`.
     11 my_global_sanitize :=
     12 ifeq ($(my_clang),true)
     13   ifdef LOCAL_IS_HOST_MODULE
     14     my_global_sanitize := $(strip $(SANITIZE_HOST))
     15 
     16     # SANITIZE_HOST=true is a deprecated way to say SANITIZE_HOST=address.
     17     my_global_sanitize := $(subst true,address,$(my_global_sanitize))
     18   else
     19     my_global_sanitize := $(strip $(SANITIZE_TARGET))
     20   endif
     21 endif
     22 
     23 ifneq ($(my_global_sanitize),)
     24   my_sanitize := $(my_global_sanitize) $(my_sanitize)
     25 endif
     26 
     27 # The sanitizer specified in the product configuration wins over the previous.
     28 ifneq ($(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG),)
     29   my_sanitize := $(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG)
     30   ifeq ($(my_sanitize),never)
     31     my_sanitize :=
     32   endif
     33 endif
     34 
     35 ifndef LOCAL_IS_HOST_MODULE
     36   # Add a filter point for 32-bit vs 64-bit sanitization (to lighten the burden)
     37   SANITIZE_TARGET_ARCH ?= $(TARGET_ARCH) $(TARGET_2ND_ARCH)
     38   ifeq ($(filter $(SANITIZE_TARGET_ARCH),$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
     39     my_sanitize :=
     40   endif
     41 endif
     42 
     43 # Add a filter point based on module owner (to lighten the burden). The format is a space- or
     44 # colon-separated list of owner names.
     45 ifneq (,$(SANITIZE_NEVER_BY_OWNER))
     46   ifneq (,$(LOCAL_MODULE_OWNER))
     47     ifneq (,$(filter $(LOCAL_MODULE_OWNER),$(subst :, ,$(SANITIZE_NEVER_BY_OWNER))))
     48       $(warning Not sanitizing $(LOCAL_MODULE) based on module owner.)
     49       my_sanitize :=
     50     endif
     51   endif
     52 endif
     53 
     54 # Don't apply sanitizers to NDK code.
     55 ifdef LOCAL_SDK_VERSION
     56   my_sanitize :=
     57   my_global_sanitize :=
     58 endif
     59 
     60 # Never always wins.
     61 ifeq ($(LOCAL_SANITIZE),never)
     62   my_sanitize :=
     63 endif
     64 
     65 # If CFI is disabled globally, remove it from my_sanitize.
     66 ifeq ($(strip $(ENABLE_CFI)),)
     67   my_sanitize := $(filter-out cfi,$(my_sanitize))
     68   my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
     69 endif
     70 
     71 # Disable CFI for arm32 (b/35157333).
     72 ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
     73   my_sanitize := $(filter-out cfi,$(my_sanitize))
     74   my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
     75 endif
     76 
     77 # CFI needs gold linker, and mips toolchain does not have one.
     78 ifneq ($(filter mips mips64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
     79   my_sanitize := $(filter-out cfi,$(my_sanitize))
     80   my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
     81 endif
     82 
     83 my_nosanitize = $(strip $(LOCAL_NOSANITIZE))
     84 ifneq ($(my_nosanitize),)
     85   my_sanitize := $(filter-out $(my_nosanitize),$(my_sanitize))
     86 endif
     87 
     88 # TSAN is not supported on 32-bit architectures. For non-multilib cases, make
     89 # its use an error. For multilib cases, don't use it for the 32-bit case.
     90 ifneq ($(filter thread,$(my_sanitize)),)
     91   ifeq ($(my_32_64_bit_suffix),32)
     92     ifeq ($(my_module_multilib),both)
     93         my_sanitize := $(filter-out thread,$(my_sanitize))
     94     else
     95         $(error $(LOCAL_PATH): $(LOCAL_MODULE): TSAN cannot be used for 32-bit modules.)
     96     endif
     97   endif
     98 endif
     99 
    100 ifneq ($(filter safe-stack,$(my_sanitize)),)
    101   ifeq ($(my_32_64_bit_suffix),32)
    102     my_sanitize := $(filter-out safe-stack,$(my_sanitize))
    103   endif
    104 endif
    105 
    106 # Undefined symbols can occur if a non-sanitized library links
    107 # sanitized static libraries. That's OK, because the executable
    108 # always depends on the ASan runtime library, which defines these
    109 # symbols.
    110 ifneq ($(filter address thread,$(strip $(SANITIZE_TARGET))),)
    111   ifndef LOCAL_IS_HOST_MODULE
    112     ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
    113       ifeq ($(my_sanitize),)
    114         my_allow_undefined_symbols := true
    115       endif
    116     endif
    117   endif
    118 endif
    119 
    120 # Sanitizers can only be used with clang.
    121 ifneq ($(my_clang),true)
    122   ifneq ($(my_sanitize),)
    123     $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of sanitizers requires LOCAL_CLANG := true)
    124   endif
    125 endif
    126 
    127 ifneq ($(filter default-ub,$(my_sanitize)),)
    128   my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
    129 endif
    130 
    131 ifneq ($(filter coverage,$(my_sanitize)),)
    132   ifeq ($(filter address,$(my_sanitize)),)
    133     $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
    134   endif
    135   my_cflags += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
    136   my_sanitize := $(filter-out coverage,$(my_sanitize))
    137 endif
    138 
    139 ifneq ($(my_sanitize),)
    140   fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize))
    141   my_cflags += -fsanitize=$(fsanitize_arg)
    142 
    143   ifdef LOCAL_IS_HOST_MODULE
    144     my_cflags += -fno-sanitize-recover=all
    145     my_ldflags += -fsanitize=$(fsanitize_arg)
    146     my_ldlibs += -lrt -ldl
    147   else
    148     my_cflags += -fsanitize-trap=all
    149     my_cflags += -ftrap-function=abort
    150     ifneq ($(filter address thread,$(my_sanitize)),)
    151       my_cflags += -fno-sanitize-trap=address,thread
    152       my_shared_libraries += libdl
    153     endif
    154   endif
    155 endif
    156 
    157 ifneq ($(filter cfi,$(my_sanitize)),)
    158   # __cfi_check needs to be built as Thumb (see the code in linker_cfi.cpp).
    159   # LLVM is not set up to do this on a function basis, so force Thumb on the
    160   # entire module.
    161   LOCAL_ARM_MODE := thumb
    162   my_cflags += $(CFI_EXTRA_CFLAGS)
    163   my_ldflags += $(CFI_EXTRA_LDFLAGS)
    164   my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so
    165   # Workaround for b/33678192. CFI jumptables need Thumb2 codegen.  Revert when
    166   # Clang is updated past r290384.
    167   ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
    168     my_ldflags += -march=armv7-a
    169   endif
    170 endif
    171 
    172 # If local or global modules need ASAN, add linker flags.
    173 ifneq ($(filter address,$(my_global_sanitize) $(my_sanitize)),)
    174   my_ldflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_LDFLAGS)
    175   ifdef LOCAL_IS_HOST_MODULE
    176     # -nodefaultlibs (provided with libc++) prevents the driver from linking
    177     # libraries needed with -fsanitize=address. http://b/18650275 (WAI)
    178     my_ldlibs += -lm -lpthread
    179     my_ldflags += -Wl,--no-as-needed
    180   else
    181     # Add asan libraries unless LOCAL_MODULE is the asan library.
    182     # ASan runtime library must be the first in the link order.
    183     ifeq (,$(filter $(LOCAL_MODULE),$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY)))
    184       my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
    185                              $(my_shared_libraries)
    186     endif
    187     ifeq (,$(filter $(LOCAL_MODULE),$(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)))
    188       my_static_libraries += $(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)
    189     endif
    190 
    191     # Do not add unnecessary dependency in shared libraries.
    192     ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
    193       my_ldflags += -Wl,--as-needed
    194     endif
    195 
    196     ifeq ($(LOCAL_MODULE_CLASS),EXECUTABLES)
    197       ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
    198         my_linker := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER)
    199         # Make sure linker_asan get installed.
    200         $(LOCAL_INSTALLED_MODULE) : | $(PRODUCT_OUT)$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER)
    201       endif
    202     endif
    203   endif
    204 endif
    205 
    206 # If local module needs ASAN, add compiler flags.
    207 ifneq ($(filter address,$(my_sanitize)),)
    208   # Frame pointer based unwinder in ASan requires ARM frame setup.
    209   LOCAL_ARM_MODE := arm
    210   my_cflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
    211   ifndef LOCAL_IS_HOST_MODULE
    212     my_cflags += -mllvm -asan-globals=0
    213   endif
    214 endif
    215 
    216 ifneq ($(filter undefined,$(my_sanitize)),)
    217   ifndef LOCAL_IS_HOST_MODULE
    218     $(error ubsan is not yet supported on the target)
    219   endif
    220 endif
    221 
    222 ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
    223   recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
    224   my_cflags += -fsanitize-recover=$(recover_arg)
    225 endif
    226 
    227 ifneq ($(my_sanitize_diag),)
    228   notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
    229   my_cflags += -fno-sanitize-trap=$(notrap_arg)
    230   # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
    231   ifeq ($(filter address thread,$(my_sanitize)),)
    232     # Does not have to be the first DT_NEEDED unlike ASan.
    233     my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
    234   endif
    235 endif
    236