| # Copyright 2015 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/config/chrome_build.gni") |
| import("//build/toolchain/toolchain.gni") |
| |
| declare_args() { |
| # Compile for Address Sanitizer to find memory bugs. |
| is_asan = false |
| |
| # Compile for Leak Sanitizer to find leaks. |
| is_lsan = false |
| |
| # Compile for Memory Sanitizer to find uninitialized reads. |
| is_msan = false |
| |
| # Compile for Thread Sanitizer to find threading bugs. |
| is_tsan = false |
| |
| # Compile for Undefined Behaviour Sanitizer to find various types of |
| # undefined behaviour (excludes vptr checks). |
| is_ubsan = false |
| |
| # Halt the program if a problem is detected. |
| is_ubsan_no_recover = false |
| |
| # Compile for Undefined Behaviour Sanitizer's null pointer checks. |
| is_ubsan_null = false |
| |
| # Compile for Undefined Behaviour Sanitizer's vptr checks. |
| is_ubsan_vptr = false |
| |
| # Track where uninitialized memory originates from. From fastest to slowest: |
| # 0 - no tracking, 1 - track only the initial allocation site, 2 - track the |
| # chain of stores leading from allocation site to use site. |
| msan_track_origins = 2 |
| |
| # Use dynamic libraries instrumented by one of the sanitizers instead of the |
| # standard system libraries. Set this flag to download prebuilt binaries from |
| # GCS. |
| use_prebuilt_instrumented_libraries = false |
| |
| # Use dynamic libraries instrumented by one of the sanitizers instead of the |
| # standard system libraries. Set this flag to build the libraries from source. |
| use_locally_built_instrumented_libraries = false |
| |
| # Enable building with SyzyAsan which can find certain types of memory |
| # errors. Only works on Windows. See |
| # https://github.com/google/syzygy/wiki/SyzyASanHowTo |
| is_syzyasan = false |
| |
| # Compile with Control Flow Integrity to protect virtual calls and casts. |
| # See http://clang.llvm.org/docs/ControlFlowIntegrity.html |
| # |
| # TODO(pcc): Remove this flag if/when CFI is enabled in all official builds. |
| is_cfi = target_os == "linux" && !is_chromeos && target_cpu == "x64" && |
| is_official_build && allow_posix_link_time_opt |
| |
| # Enable checks for bad casts: derived cast and unrelated cast. |
| # TODO(krasin): remove this, when we're ready to add these checks by default. |
| # https://crbug.com/626794 |
| use_cfi_cast = false |
| |
| # Enable checks for indirect function calls via a function pointer. |
| # TODO(pcc): remove this when we're ready to add these checks by default. |
| # https://crbug.com/701919 |
| use_cfi_icall = false |
| |
| # By default, Control Flow Integrity will crash the program if it detects a |
| # violation. Set this to true to print detailed diagnostics instead. |
| use_cfi_diag = false |
| |
| # Compile for fuzzing with LLVM LibFuzzer. |
| # See http://www.chromium.org/developers/testing/libfuzzer |
| use_libfuzzer = false |
| |
| # Compile for fuzzing with AFL. |
| use_afl = false |
| |
| # Enables core ubsan security features. Will later be removed once it matches |
| # is_ubsan. |
| is_ubsan_security = false |
| |
| # Compile for fuzzing with Dr. Fuzz |
| # See http://www.chromium.org/developers/testing/dr-fuzz |
| use_drfuzz = false |
| |
| # Helper variable for testing builds with disabled libfuzzer. |
| # Not for client use. |
| disable_libfuzzer = false |
| |
| # Value for -fsanitize-coverage flag. Setting this causes |
| # use_sanitizer_coverage to be enabled. |
| # Default value when unset and use_afl=true or use_libfuzzer=true: |
| # trace-pc-guard |
| # Default value when unset and use_sanitizer_coverage=true: |
| # trace-pc-guard,indirect-calls |
| sanitizer_coverage_flags = "" |
| |
| # Keep symbol level when building with sanitizers. When sanitizers are |
| # enabled, the default is to compile with the minimum debug info level |
| # necessary, overriding any other symbol level arguments that may be set. |
| # Setting this to true prevents this. |
| sanitizer_keep_symbols = false |
| } |
| |
| # Disable sanitizers for non-default toolchains. |
| if (current_toolchain != default_toolchain) { |
| is_asan = false |
| is_cfi = false |
| is_lsan = false |
| is_msan = false |
| is_syzyasan = false |
| is_tsan = false |
| is_ubsan = false |
| is_ubsan_null = false |
| is_ubsan_no_recover = false |
| is_ubsan_security = false |
| is_ubsan_vptr = false |
| msan_track_origins = 0 |
| sanitizer_coverage_flags = "" |
| use_afl = false |
| use_cfi_diag = false |
| use_custom_libcxx = false |
| use_drfuzz = false |
| use_libfuzzer = false |
| use_prebuilt_instrumented_libraries = false |
| use_locally_built_instrumented_libraries = false |
| use_sanitizer_coverage = false |
| } |
| |
| # Args that are in turn dependent on other args must be in a separate |
| # declare_args block. User overrides are only applied at the end of a |
| # declare_args block. |
| declare_args() { |
| # Use libc++ (buildtools/third_party/libc++ and |
| # buildtools/third_party/libc++abi) instead of stdlibc++ as standard library. |
| # This is intended to be used for instrumented builds. |
| use_custom_libcxx = |
| (is_asan && is_linux && !is_chromeos) || is_tsan || is_msan || is_ubsan || |
| is_ubsan_security || use_libfuzzer || use_afl |
| |
| # Enable -fsanitize-coverage. |
| use_sanitizer_coverage = |
| use_libfuzzer || use_afl || sanitizer_coverage_flags != "" |
| |
| # Detect overflow/underflow for global objects. |
| # |
| # Mac: http://crbug.com/352073 |
| asan_globals = !is_mac |
| } |
| |
| if ((use_afl || use_libfuzzer) && sanitizer_coverage_flags == "") { |
| sanitizer_coverage_flags = "trace-pc-guard" |
| } else if (use_sanitizer_coverage && sanitizer_coverage_flags == "") { |
| sanitizer_coverage_flags = "trace-pc-guard,indirect-calls" |
| } |
| |
| using_sanitizer = |
| is_asan || is_lsan || is_tsan || is_msan || is_ubsan || is_ubsan_null || |
| is_ubsan_vptr || is_ubsan_security || use_sanitizer_coverage |
| |
| assert(!using_sanitizer || is_clang, |
| "Sanitizers (is_*san) require setting is_clang = true in 'gn args'") |
| |
| prebuilt_instrumented_libraries_available = |
| is_msan && (msan_track_origins == 0 || msan_track_origins == 2) |
| |
| if (use_libfuzzer && is_linux) { |
| if (is_asan) { |
| # We do leak checking with libFuzzer on Linux. Set is_lsan for code that |
| # relies on LEAK_SANITIZER define to avoid false positives. |
| is_lsan = true |
| } |
| if (is_msan) { |
| use_prebuilt_instrumented_libraries = true |
| } |
| } |
| |
| # MSan only links Chrome properly in release builds (brettw -- 9/1/2015). The |
| # same is possibly true for the other non-ASan sanitizers. But regardless of |
| # whether it links, one would normally never run a sanitizer in debug mode. |
| # Running in debug mode probably indicates you forgot to set the "is_debug = |
| # false" flag in the build args. ASan seems to run fine in debug mode. |
| # |
| # If you find a use-case where you want to compile a sanitizer in debug mode |
| # and have verified it works, ask brettw and we can consider removing it from |
| # this condition. We may also be able to find another way to enable your case |
| # without having people accidentally get broken builds by compiling an |
| # unsupported or unadvisable configurations. |
| # |
| # For one-off testing, just comment this assertion out. |
| assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_null || is_ubsan_vptr), |
| "Sanitizers should generally be used in release (set is_debug=false).") |
| |
| assert(!is_msan || (is_linux && current_cpu == "x64"), |
| "MSan currently only works on 64-bit Linux and ChromeOS builds.") |
| |
| # ASAN build on Windows is not working in debug mode. Intercepting memory |
| # allocation functions is hard on Windows and not yet implemented in LLVM. |
| assert(!is_win || !is_debug || !is_asan, |
| "ASan on Windows doesn't work in debug (set is_debug=false).") |