[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] maint: add sanitizers to the build process



From: Claudio André <claudioandre br gmail com>

Sanitizers are based on compile-time instrumentation. They are available in gcc and clang for a range of supported operation systems and platforms. More info at: https://github.com/google/sanitizers

The address sanitizer finds bugs related to addressing memory: use after free, heap buffer overflow, stack buffer overflow, memory leaks, ...
The undefined behavior sanitizer detects situations not prescribed by the language specification: bound violations, data overflows, ...

The llvm.org states that Sanitizers have found thousands of bugs everywhere.
Sanitizers running during CI can prevent bugs from taking up residence. A helper tool to keep bugs out.
---
- I mean CI (in general) not only Travis;
- The functionality is not tied to CI; it is useful for local testing;
- A way to think about this (including the ongoing GSOC):
  - Phase 1: test with Sanitizers to achieve basic code sanity;
  - Phase 2: use fuzzing for stronger security & reliability;
- MISSING: should I add the flag to which Makefile.am? Or, what do you guys think about this?

 configure.ac                 |  2 ++
 m4/virt-compile-sanitizer.m4 | 51 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 m4/virt-compile-sanitizer.m4

diff --git a/configure.ac b/configure.ac
index 246f4e0..4334614 100644
--- a/configure.ac
+++ b/configure.ac
@@ -237,6 +237,7 @@ LIBVIRT_COMPILE_WARNINGS
 LIBVIRT_COMPILE_PIE
 LIBVIRT_LINKER_RELRO
 LIBVIRT_LINKER_NO_INDIRECT
+LIBVIRT_COMPILE_SANITIZER
 
 LIBVIRT_ARG_APPARMOR
 LIBVIRT_ARG_ATTR
@@ -1011,6 +1012,7 @@ AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
 AC_MSG_NOTICE([])
 LIBVIRT_RESULT_DEBUG
+LIBVIRT_RESULT_SANITIZER
 AC_MSG_NOTICE([       Use -Werror: $enable_werror])
 AC_MSG_NOTICE([     Warning Flags: $WARN_CFLAGS])
 LIBVIRT_RESULT_DTRACE
diff --git a/m4/virt-compile-sanitizer.m4 b/m4/virt-compile-sanitizer.m4
new file mode 100644
index 0000000..a7cac31
--- /dev/null
+++ b/m4/virt-compile-sanitizer.m4
@@ -0,0 +1,51 @@
+dnl
+dnl Check for support for Sanitizers
+dnl Check for -fsanitize=address and -fsanitize=undefined support
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library.  If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_COMPILE_SANITIZER],[
+    LIBVIRT_ARG_ENABLE([ASAN], [Build with address sanitizer support], [no])
+    LIBVIRT_ARG_ENABLE([UBSAN], [Build with undefined behavior sanitizer support], [no])
+
+    SAN_CFLAGS=
+    SAN_LDFLAGS=
+
+    AS_IF([test "x$enable_asan" = "xyes"], [
+        gl_COMPILER_OPTION_IF([-fsanitize=address -fno-omit-frame-pointer], [
+            SAN_CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
+            SAN_LDFLAGS="-fsanitize=address"
+        ])
+
+        AC_SUBST([SAN_CFLAGS])
+        AC_SUBST([SAN_LDFLAGS])
+    ])
+
+    AS_IF([test "x$enable_ubsan" = "xyes"], [
+        gl_COMPILER_OPTION_IF([-fsanitize=undefined -fno-omit-frame-pointer], [
+            SAN_CFLAGS="$SAN_CFLAGS -fsanitize=undefined -fno-omit-frame-pointer"
+            SAN_LDFLAGS="$SAN_LDFLAGS -fsanitize=undefined"
+        ])
+
+        AC_SUBST([SAN_CFLAGS])
+        AC_SUBST([SAN_LDFLAGS])
+    ])
+])
+
+AC_DEFUN([LIBVIRT_RESULT_SANITIZER], [
+  AC_MSG_NOTICE([              ASan: $enable_asan])
+  AC_MSG_NOTICE([             UBSan: $enable_ubsan])
+])
-- 
2.11.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]