Add integer_overflow sanitization build option.
Adds the SANITIZE_TARGET=integer_overflow build option to apply signed and
unsigned integer overflow sanitization globally. This implements the
Soong side of the build option.
An additional build option is provided to control whether or not to run
in diagnostics mode, controlled by SANITIZE_TARGET_DIAG. This works the
same way that SANITIZE_TARGET does and currently only supports
'integer_overflow' as an option.
A default sanitizer blacklist is added to avoid applying sanitization
to functions that are likely to exhibit benign overflows.
Bug: 30969751
Test: Building with and without the new flags, device boot-up, tested
various permutations of controlling the new flags from build files.
Change-Id: Ibc8a8615d3132f1a23faaf1cb4861f24c5ef734a
diff --git a/cc/sanitize.go b/cc/sanitize.go
index e54ece6..49bd0f3 100644
--- a/cc/sanitize.go
+++ b/cc/sanitize.go
@@ -40,6 +40,8 @@
cfiLdflags = []string{"-flto", "-fsanitize-cfi-cross-dso", "-fsanitize=cfi",
"-Wl,-plugin-opt,O1 -Wl,-export-dynamic-symbol=__cfi_check"}
cfiArflags = []string{"--plugin ${config.ClangBin}/../lib64/LLVMgold.so"}
+
+ intOverflowCflags = []string{"-fsanitize-blacklist=build/soong/cc/config/integer_overflow_blacklist.txt"}
)
type sanitizerType int
@@ -55,6 +57,7 @@
const (
asan sanitizerType = iota + 1
tsan
+ intOverflow
)
func (t sanitizerType) String() string {
@@ -63,6 +66,8 @@
return "asan"
case tsan:
return "tsan"
+ case intOverflow:
+ return "intOverflow"
default:
panic(fmt.Errorf("unknown sanitizerType %d", t))
}
@@ -78,20 +83,22 @@
Thread *bool `android:"arch_variant"`
// local sanitizers
- Undefined *bool `android:"arch_variant"`
- All_undefined *bool `android:"arch_variant"`
- Misc_undefined []string `android:"arch_variant"`
- Coverage *bool `android:"arch_variant"`
- Safestack *bool `android:"arch_variant"`
- Cfi *bool `android:"arch_variant"`
+ Undefined *bool `android:"arch_variant"`
+ All_undefined *bool `android:"arch_variant"`
+ Misc_undefined []string `android:"arch_variant"`
+ Coverage *bool `android:"arch_variant"`
+ Safestack *bool `android:"arch_variant"`
+ Cfi *bool `android:"arch_variant"`
+ Integer_overflow *bool `android:"arch_variant"`
// Sanitizers to run in the diagnostic mode (as opposed to the release mode).
// Replaces abort() on error with a human-readable error message.
// Address and Thread sanitizers always run in diagnostic mode.
Diag struct {
- Undefined *bool `android:"arch_variant"`
- Cfi *bool `android:"arch_variant"`
- Misc_undefined []string `android:"arch_variant"`
+ Undefined *bool `android:"arch_variant"`
+ Cfi *bool `android:"arch_variant"`
+ Integer_overflow *bool `android:"arch_variant"`
+ Misc_undefined []string `android:"arch_variant"`
}
// value to pass to -fsanitize-recover=
@@ -130,6 +137,8 @@
}
var globalSanitizers []string
+ var globalSanitizersDiag []string
+
if ctx.clang() {
if ctx.Host() {
globalSanitizers = ctx.AConfig().SanitizeHost()
@@ -137,6 +146,7 @@
arches := ctx.AConfig().SanitizeDeviceArch()
if len(arches) == 0 || inList(ctx.Arch().ArchType.Name, arches) {
globalSanitizers = ctx.AConfig().SanitizeDevice()
+ globalSanitizersDiag = ctx.AConfig().SanitizeDeviceDiag()
}
}
}
@@ -177,9 +187,22 @@
s.Cfi = boolPtr(true)
}
+ if found, globalSanitizers = removeFromList("integer_overflow", globalSanitizers); found && s.Integer_overflow == nil {
+ s.Integer_overflow = boolPtr(true)
+ }
+
if len(globalSanitizers) > 0 {
ctx.ModuleErrorf("unknown global sanitizer option %s", globalSanitizers[0])
}
+
+ if found, globalSanitizersDiag = removeFromList("integer_overflow", globalSanitizersDiag); found &&
+ s.Diag.Integer_overflow == nil && Bool(s.Integer_overflow) {
+ s.Diag.Integer_overflow = boolPtr(true)
+ }
+
+ if len(globalSanitizersDiag) > 0 {
+ ctx.ModuleErrorf("unknown global sanitizer diagnostics option %s", globalSanitizersDiag[0])
+ }
}
// CFI needs gold linker, and mips toolchain does not have one.
@@ -218,7 +241,7 @@
}
if ctx.Os() != android.Windows && (Bool(s.All_undefined) || Bool(s.Undefined) || Bool(s.Address) || Bool(s.Thread) ||
- Bool(s.Coverage) || Bool(s.Safestack) || Bool(s.Cfi) || len(s.Misc_undefined) > 0) {
+ Bool(s.Coverage) || Bool(s.Safestack) || Bool(s.Cfi) || Bool(s.Integer_overflow) || len(s.Misc_undefined) > 0) {
sanitize.Properties.SanitizerEnabled = true
}
@@ -349,6 +372,18 @@
}
}
+ if Bool(sanitize.Properties.Sanitize.Integer_overflow) {
+ if !ctx.static() {
+ sanitizers = append(sanitizers, "unsigned-integer-overflow")
+ sanitizers = append(sanitizers, "signed-integer-overflow")
+ flags.CFlags = append(flags.CFlags, intOverflowCflags...)
+ if Bool(sanitize.Properties.Sanitize.Diag.Integer_overflow) {
+ diagSanitizers = append(diagSanitizers, "unsigned-integer-overflow")
+ diagSanitizers = append(diagSanitizers, "signed-integer-overflow")
+ }
+ }
+ }
+
if len(sanitizers) > 0 {
sanitizeArg := "-fsanitize=" + strings.Join(sanitizers, ",")
flags.CFlags = append(flags.CFlags, sanitizeArg)
@@ -426,6 +461,8 @@
return Bool(sanitize.Properties.Sanitize.Address)
case tsan:
return Bool(sanitize.Properties.Sanitize.Thread)
+ case intOverflow:
+ return Bool(sanitize.Properties.Sanitize.Integer_overflow)
default:
panic(fmt.Errorf("unknown sanitizerType %d", t))
}
@@ -440,6 +477,8 @@
}
case tsan:
sanitize.Properties.Sanitize.Thread = boolPtr(b)
+ case intOverflow:
+ sanitize.Properties.Sanitize.Integer_overflow = boolPtr(b)
default:
panic(fmt.Errorf("unknown sanitizerType %d", t))
}