lib/ubsan/enable.mk - trusty/lk/trusty - Git at Google

 #
 # Copyright (c) 2019, Google, Inc. All rights reserved
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files
 # (the "Software"), to deal in the Software without restriction,
 # including without limitation the rights to use, copy, modify, merge,
 # publish, distribute, sublicense, and/or sell copies of the Software,
 # and to permit persons to whom the Software is furnished to do so,
 # subject to the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
 # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #

 # Including this file in your project will enable UBSan.
 #
 # Modules other than the kernel wishing to use UBSan must link in this
 # runtime by adding it to MODULE_DEPS, conditional on the UBSAN_ENABLED
 # variable (which sindicates whether UBSan is on for the build).
 #
 # Userspace apps do not need to worry about this as this runtime is already
 # being pulled in by libc when needed.
 #
 # By default, UBSan will be in hard-fail mode. This means that if a UBSan
 # violation is encountered, the module involved will attempt to terminate
 # itself (panic, nullderef, etc.).
 # To avoid this behavior set UBSAN_HARD_FAIL to false *before* including
 # enable.mk
 #
 # Modules wishing to opt out of UBSan can do so by adding
 # the contents of UBSAN_DISABLE to their MODULE_CFLAGS/MODULE_CPPFLAGS or by
 # adding to trusty/kernel/lib/ubsan/exemptlist.
 #
 # Example reasons to do this include:
 # * Contexts which cannot easily support the ubsan runtime (e.g. test-runner)
 # * External code that is comparatively difficult to change (e.g. boringssl)
 # * Code which is highly sensitive to modification (e.g. crypto or performance
 #   code) and is already thoroughly tested.
 #
 # If the code is trusty-owned, please consider either making the code UBSan
 # clean or using an __attribute__ decorator on a limited function with an
 # appropriate comment explaining why rather than disabling UBSan.
 #
 # The syntax for suppression is
 # __attribute__((no_sanitize("specific-sanitizer")))
 #
 # Please *DO NOT* use __attribute__((no_sanitize("undefined"))), as which
 # sanitizers it disables may expand with compiler revisions and makes it
 # harder for a reader to figure out which sanitizer is expected to generate
 # a false-positive in that code.

 UBSAN_SANITIZERS := \
     alignment \
     bool \
     builtin \
     bounds \
     enum \
     float-cast-overflow \
     float-divide-by-zero \
     implicit-unsigned-integer-truncation \
     implicit-signed-integer-truncation \
     implicit-integer-sign-change \
     integer-divide-by-zero \
     pointer-overflow \
     return \
     shift \
     signed-integer-overflow \
     unreachable \
     unsigned-integer-overflow \
     vla-bound \

 # object-size only works at higher than -O0 and so is not enabled
 #
 # non-null sanitizers are not enabled because we are not using the annotations
 #
 # C++ sanitizers requiring full language features (e.g. RTTI or stdlib) are
 # not enabled

 UBSAN_ENABLE := \
     $(foreach san,$(UBSAN_SANITIZERS),-fsanitize=$(san)) \
     -fsanitize-blacklist=trusty/kernel/lib/ubsan/exemptlist \

 UBSAN_DISABLE := \
     $(foreach san,$(UBSAN_SANITIZERS),-fno-sanitize=$(san))

 GLOBAL_COMPILEFLAGS += $(UBSAN_ENABLE) -DUBSAN_ENABLED

 ifneq ($(UBSAN_HARD_FAIL),false)
     GLOBAL_COMPILEFLAGS += -DUBSAN_HARD_FAIL
 endif

 MODULES += trusty/kernel/lib/ubsan
 UBSAN_ENABLED := true
	#
	# Copyright (c) 2019, Google, Inc. All rights reserved
	#
	# Permission is hereby granted, free of charge, to any person obtaining
	# a copy of this software and associated documentation files
	# (the "Software"), to deal in the Software without restriction,
	# including without limitation the rights to use, copy, modify, merge,
	# publish, distribute, sublicense, and/or sell copies of the Software,
	# and to permit persons to whom the Software is furnished to do so,
	# subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be
	# included in all copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
	# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
	# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
	# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	#

	# Including this file in your project will enable UBSan.
	#
	# Modules other than the kernel wishing to use UBSan must link in this
	# runtime by adding it to MODULE_DEPS, conditional on the UBSAN_ENABLED
	# variable (which sindicates whether UBSan is on for the build).
	#
	# Userspace apps do not need to worry about this as this runtime is already
	# being pulled in by libc when needed.
	#
	# By default, UBSan will be in hard-fail mode. This means that if a UBSan
	# violation is encountered, the module involved will attempt to terminate
	# itself (panic, nullderef, etc.).
	# To avoid this behavior set UBSAN_HARD_FAIL to false before including
	# enable.mk
	#
	# Modules wishing to opt out of UBSan can do so by adding
	# the contents of UBSAN_DISABLE to their MODULE_CFLAGS/MODULE_CPPFLAGS or by
	# adding to trusty/kernel/lib/ubsan/exemptlist.
	#
	# Example reasons to do this include:
	# * Contexts which cannot easily support the ubsan runtime (e.g. test-runner)
	# * External code that is comparatively difficult to change (e.g. boringssl)
	# * Code which is highly sensitive to modification (e.g. crypto or performance
	# code) and is already thoroughly tested.
	#
	# If the code is trusty-owned, please consider either making the code UBSan
	# clean or using an __attribute__ decorator on a limited function with an
	# appropriate comment explaining why rather than disabling UBSan.
	#
	# The syntax for suppression is
	# __attribute__((no_sanitize("specific-sanitizer")))
	#
	# Please DO NOT use __attribute__((no_sanitize("undefined"))), as which
	# sanitizers it disables may expand with compiler revisions and makes it
	# harder for a reader to figure out which sanitizer is expected to generate
	# a false-positive in that code.

	UBSAN_SANITIZERS := \
	alignment \
	bool \
	builtin \
	bounds \
	enum \
	float-cast-overflow \
	float-divide-by-zero \
	implicit-unsigned-integer-truncation \
	implicit-signed-integer-truncation \
	implicit-integer-sign-change \
	integer-divide-by-zero \
	pointer-overflow \
	return \
	shift \
	signed-integer-overflow \
	unreachable \
	unsigned-integer-overflow \
	vla-bound \

	# object-size only works at higher than -O0 and so is not enabled
	#
	# non-null sanitizers are not enabled because we are not using the annotations
	#
	# C++ sanitizers requiring full language features (e.g. RTTI or stdlib) are
	# not enabled

	UBSAN_ENABLE := \
	$(foreach san,$(UBSAN_SANITIZERS),-fsanitize=$(san)) \
	-fsanitize-blacklist=trusty/kernel/lib/ubsan/exemptlist \

	UBSAN_DISABLE := \
	$(foreach san,$(UBSAN_SANITIZERS),-fno-sanitize=$(san))

	GLOBAL_COMPILEFLAGS += $(UBSAN_ENABLE) -DUBSAN_ENABLED

	ifneq ($(UBSAN_HARD_FAIL),false)
	GLOBAL_COMPILEFLAGS += -DUBSAN_HARD_FAIL
	endif

	MODULES += trusty/kernel/lib/ubsan
	UBSAN_ENABLED := true