From 17df3c1b768496f26dc5021b3854c2dcb42f6207 Mon Sep 17 00:00:00 2001 From: Ivan Lozano Date: Tue, 9 Jan 2018 09:57:19 -0800 Subject: [PATCH] Support enabling overflow sanitization by path. Handle paths variable provided from Make about where integer overflow sanitization should be enabled by default, and prepare to enable minimal runtime diagnostics for integer overflow sanitizers in userdebug/eng builds. This provides Soong support for on-by-default paths from Make for integer overflow sanitization. Bug: 30969751 Bug: 63927620 Test: Include paths passed from Make are being sanitized. Test: Compilation succeeds with and without diagnostics enabled. Test: See Make patch for further test notes. Change-Id: I803a75646cc27ef5b4b5b74b8eb2981c39f8a6a3 --- android/config.go | 7 +++++++ android/variable.go | 1 + cc/sanitize.go | 22 +++++++++++++++++++++- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/android/config.go b/android/config.go index 43d743b6b..5d38d7180 100644 --- a/android/config.go +++ b/android/config.go @@ -712,6 +712,13 @@ func (c *config) CFIDisabledForPath(path string) bool { return PrefixInList(path, *c.ProductVariables.CFIExcludePaths) } +func (c *config) IntegerOverflowEnabledForPath(path string) bool { + if c.ProductVariables.IntegerOverflowIncludePaths == nil { + return false + } + return PrefixInList(path, *c.ProductVariables.IntegerOverflowIncludePaths) +} + func (c *config) CFIEnabledForPath(path string) bool { if c.ProductVariables.CFIIncludePaths == nil { return false diff --git a/android/variable.go b/android/variable.go index d58ed6a9f..aa751a04f 100644 --- a/android/variable.go +++ b/android/variable.go @@ -167,6 +167,7 @@ type productVariables struct { MinimizeJavaDebugInfo *bool `json:",omitempty"` IntegerOverflowExcludePaths *[]string `json:",omitempty"` + IntegerOverflowIncludePaths *[]string `json:",omitempty"` EnableCFI *bool `json:",omitempty"` CFIExcludePaths *[]string `json:",omitempty"` diff --git a/cc/sanitize.go b/cc/sanitize.go index 1afec2653..859478bb5 100644 --- a/cc/sanitize.go +++ b/cc/sanitize.go @@ -232,6 +232,14 @@ func (sanitize *sanitize) begin(ctx BaseModuleContext) { } } + // Enable Integer Overflow for all components in the include paths + if !ctx.Host() && ctx.Config().IntegerOverflowEnabledForPath(ctx.ModuleDir()) && s.Integer_overflow == nil { + s.Integer_overflow = boolPtr(true) + if inList("integer_overflow", ctx.Config().SanitizeDeviceDiag()) { + s.Diag.Integer_overflow = boolPtr(true) + } + } + // CFI needs gold linker, and mips toolchain does not have one. if !ctx.Config().EnableCFI() || ctx.Arch().ArchType == android.Mips || ctx.Arch().ArchType == android.Mips64 { s.Cfi = nil @@ -417,6 +425,7 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags { sanitizers = append(sanitizers, "unsigned-integer-overflow") sanitizers = append(sanitizers, "signed-integer-overflow") flags.CFlags = append(flags.CFlags, intOverflowCflags...) + if Bool(sanitize.Properties.Sanitize.Diag.Integer_overflow) { diagSanitizers = append(diagSanitizers, "unsigned-integer-overflow") diagSanitizers = append(diagSanitizers, "signed-integer-overflow") @@ -424,6 +433,8 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags { } } + diagSanitizeArgs := "-fno-sanitize-trap=" + strings.Join(diagSanitizers, ",") + if len(sanitizers) > 0 { sanitizeArg := "-fsanitize=" + strings.Join(sanitizers, ",") flags.CFlags = append(flags.CFlags, sanitizeArg) @@ -436,10 +447,19 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags { } else { flags.CFlags = append(flags.CFlags, "-fsanitize-trap=all", "-ftrap-function=abort") } + + // Specific settings for userdebug and eng builds + if Bool(ctx.Config().ProductVariables.Debuggable) { + // TODO(ivanlozano): uncomment after switch to clang-4536805. + // Run integer overflow sanitizers with the minimal runtime diagnostics. + if strings.Contains(sanitizeArg, "integer") && !strings.Contains(diagSanitizeArgs, "integer") && !Bool(sanitize.Properties.Sanitize.Address) { + //flags.CFlags = append(flags.CFlags, "-fsanitize-minimal-runtime") + } + } } if len(diagSanitizers) > 0 { - flags.CFlags = append(flags.CFlags, "-fno-sanitize-trap="+strings.Join(diagSanitizers, ",")) + flags.CFlags = append(flags.CFlags, diagSanitizeArgs) } // FIXME: enable RTTI if diag + (cfi or vptr)