Make sanitizer suppressions and blacklists fully configurable.

This will make it possible to fully utilize the sanitizers in other projects that may need to maintain their own suppressions and blacklists. This change also removes the requirement on having {asan,lsan,tsan}_suppressions_file defined in //build_overrides/build.gni, simplifying the build configs. BUG=webrtc:5006 TESTED=CQ dry run + additional sanitizer trybots: mac_chromium_asan_rel_ng linux_chromium_ubsan_rel_ng linux_chromium_msan_rel_ng linux_chromium_tsan_rel_ng linux_chromium_asan_rel_ng Review-Url: https://codereview.chromium.org/2580313002 Cr-Commit-Position: refs/heads/master@{#439452}

Make sanitizer suppressions and blacklists fully configurable.
This will make it possible to fully utilize the sanitizers in other projects that may need to maintain their own suppressions and blacklists. This change also removes the requirement on having {asan,lsan,tsan}_suppressions_file defined in //build_overrides/build.gni, simplifying the build configs. BUG=webrtc:5006 TESTED=CQ dry run + additional sanitizer trybots: mac_chromium_asan_rel_ng linux_chromium_ubsan_rel_ng linux_chromium_msan_rel_ng linux_chromium_tsan_rel_ng linux_chromium_asan_rel_ng Review-Url: https://codereview.chromium.org/2580313002 Cr-Commit-Position: refs/heads/master@{#439452}
83d8599f · kjellander · Commit bot · 7456f5ae · 83d8599f · 83d8599f
Commit 83d8599f authored Dec 19, 2016 by kjellander Committed by Commit bot Dec 19, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 22 deletions

build/config/sanitizers/BUILD.gn build/config/sanitizers/BUILD.gn +43 -18

build_overrides/build.gni build_overrides/build.gni +13 -4

No files found.
--- a/build/config/sanitizers/BUILD.gn
+++ b/build/config/sanitizers/BUILD.gn
@@ -167,14 +167,23 @@ static_library("options_sources") {
  configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
  if (is_asan) {
+    if (!defined(asan_suppressions_file)) {
+      asan_suppressions_file = "//build/sanitizers/asan_suppressions.cc"
+    }
    sources += [ asan_suppressions_file ]
  }
  if (is_lsan) {
+    if (!defined(lsan_suppressions_file)) {
+      lsan_suppressions_file = "//build/sanitizers/lsan_suppressions.cc"
+    }
    sources += [ lsan_suppressions_file ]
  }
  if (is_tsan) {
+    if (!defined(tsan_suppressions_file)) {
+      tsan_suppressions_file = "//build/sanitizers/tsan_suppressions.cc"
+    }
    sources += [ tsan_suppressions_file ]
  }
 }
@@ -307,14 +316,18 @@ config("asan_flags") {
      ]
    }
    if (is_win) {
-      cflags += [ "-fsanitize-blacklist=" +
+      if (!defined(asan_win_blacklist_path)) {
-                  rebase_path("//tools/memory/asan/blacklist_win.txt",
+        asan_win_blacklist_path =
-                              root_build_dir) ]
+            rebase_path("//tools/memory/asan/blacklist_win.txt", root_build_dir)
+      }
+      cflags += [ "-fsanitize-blacklist=$asan_win_blacklist_path" ]
    } else {
      # TODO(rnk): Remove this as discussed in http://crbug.com/427202.
-      cflags +=
+      if (!defined(asan_blacklist_path)) {
-          [ "-fsanitize-blacklist=" +
+        asan_blacklist_path =
-            rebase_path("//tools/memory/asan/blacklist.txt", root_build_dir) ]
+            rebase_path("//tools/memory/asan/blacklist.txt", root_build_dir)
+      }
+      cflags += [ "-fsanitize-blacklist=$asan_blacklist_path" ]
    }
  }
 }
@@ -348,8 +361,10 @@ config("link_shared_library") {
 config("cfi_flags") {
  cflags = []
  if (is_cfi && !is_nacl) {
-    cfi_blacklist_path =
+    if (!defined(cfi_blacklist_path)) {
-        rebase_path("//tools/cfi/blacklist.txt", root_build_dir)
+      cfi_blacklist_path =
+          rebase_path("//tools/cfi/blacklist.txt", root_build_dir)
+    }
    cflags += [
      "-fsanitize=cfi-vcall",
      "-fsanitize-blacklist=$cfi_blacklist_path",
@@ -406,8 +421,10 @@ config("lsan_flags") {
 config("msan_flags") {
  if (is_msan) {
    assert(is_linux, "msan only supported on linux x86_64")
-    msan_blacklist_path =
+    if (!defined(msan_blacklist_path)) {
-        rebase_path("//tools/msan/blacklist.txt", root_build_dir)
+      msan_blacklist_path =
+          rebase_path("//tools/msan/blacklist.txt", root_build_dir)
+    }
    cflags = [
      "-fsanitize=memory",
      "-fsanitize-memory-track-origins=$msan_track_origins",
@@ -419,8 +436,10 @@ config("msan_flags") {
 config("tsan_flags") {
  if (is_tsan) {
    assert(is_linux, "tsan only supported on linux x86_64")
-    tsan_blacklist_path =
+    if (!defined(tsan_blacklist_path)) {
-        rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
+      tsan_blacklist_path =
+          rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
+    }
    cflags = [
      "-fsanitize=thread",
      "-fsanitize-blacklist=$tsan_blacklist_path",
@@ -434,8 +453,10 @@ config("tsan_flags") {
 config("ubsan_flags") {
  cflags = []
  if (is_ubsan) {
-    ubsan_blacklist_path =
+    if (!defined(ubsan_blacklist_path)) {
-        rebase_path("//tools/ubsan/blacklist.txt", root_build_dir)
+      ubsan_blacklist_path =
+          rebase_path("//tools/ubsan/blacklist.txt", root_build_dir)
+    }
    cflags += [
      # Yasm dies with an "Illegal instruction" error when bounds checking is
      # enabled. See http://crbug.com/489901
@@ -481,8 +502,10 @@ config("ubsan_no_recover") {
 config("ubsan_security_flags") {
  if (is_ubsan_security) {
-    ubsan_security_blacklist_path =
+    if (!defined(ubsan_security_blacklist_path)) {
-        rebase_path("//tools/ubsan/security_blacklist.txt", root_build_dir)
+      ubsan_security_blacklist_path =
+          rebase_path("//tools/ubsan/security_blacklist.txt", root_build_dir)
+    }
    cflags = [
      "-fsanitize=signed-integer-overflow,shift,vptr,function,vla-bound",
      "-fsanitize-blacklist=$ubsan_security_blacklist_path",
@@ -498,8 +521,10 @@ config("ubsan_null_flags") {
 config("ubsan_vptr_flags") {
  if (is_ubsan_vptr) {
-    ubsan_vptr_blacklist_path =
+    if (!defined(ubsan_vptr_blacklist_path)) {
-        rebase_path("//tools/ubsan/vptr_blacklist.txt", root_build_dir)
+      ubsan_vptr_blacklist_path =
+          rebase_path("//tools/ubsan/vptr_blacklist.txt", root_build_dir)
+    }
    cflags = [
      "-fsanitize=vptr",
      "-fsanitize-blacklist=$ubsan_vptr_blacklist_path",

--- a/build_overrides/build.gni
+++ b/build_overrides/build.gni
@@ -23,10 +23,19 @@ enable_java_templates = true
 # Some non-Chromium builds don't use Chromium's third_party/binutils.
 linux_use_bundled_binutils_override = true
-# Allows different projects to specify their own suppressions files.
+# Allows different projects to specify their own suppressions and blacklist
-asan_suppressions_file = "//build/sanitizers/asan_suppressions.cc"
+# files for sanitizer tools.
-lsan_suppressions_file = "//build/sanitizers/lsan_suppressions.cc"
+# asan_suppressions_file = "path/to/asan_suppressions.cc"
-tsan_suppressions_file = "//build/sanitizers/tsan_suppressions.cc"
+# asan_blacklist_path = "path/to/asan/blacklist.txt"
+# asan_win_blacklist_path = "path/to/asan/blacklist_win.txt"
+# lsan_suppressions_file = "path/to/lsan_suppressions.cc"
+# tsan_suppressions_file = "path/to/tsan_suppressions.cc"
+# tsan_blacklist_path = "path/to/tsan/ignores.txt"
+# msan_blacklist_path = "path/to/msan/blacklist.txt"
+# ubsan_blacklist_path = "path/to/ubsan/blacklist.txt"
+# ubsan_vptr_blacklist_path = "path/to/ubsan/vptr_blacklist.txt"
+# ubsan_security_blacklist_path = "path/to/ubsan/security_blacklist.txt"
+# cfi_blacklist_path = "path/to/cfi/blacklist.txt"
 # Uncomment these to specify a different lint suppressions file for android
 # lint_suppressions_file = path/to/your/suppressions/file/suppressions.xml