From 3be36a66e32c1a660fa2067a0ac05992a4dfc466 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Sat, 1 Apr 2023 14:09:23 +1030 Subject: [PATCH] configure: support sanitizers properly. For example, if we use -fsanitize=undefined, we can't do unaligned integer access, but since we didn't test with the sanitizer flags, we didn't know this, and set `HAVE_UNALIGNED_ACCESS=1`. Also, add -fno-sanitize-recover= in developer mode, so we actually fail binaries if something is detected. Signed-off-by: Rusty Russell --- Makefile | 19 ++----------------- configure | 22 ++++++++++++++++++++-- doc/FUZZING.md | 2 +- 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index 4487e47d7..bbe918127 100644 --- a/Makefile +++ b/Makefile @@ -43,20 +43,6 @@ VG=VALGRIND=1 valgrind -q --error-exitcode=7 VG_TEST_ARGS = --track-origins=yes --leak-check=full --show-reachable=yes --errors-for-leak-kinds=all endif -SANITIZER_FLAGS := - -ifneq ($(ASAN),0) -SANITIZER_FLAGS += -fsanitize=address -endif - -ifneq ($(UBSAN),0) -SANITIZER_FLAGS += -fsanitize=undefined -endif - -ifneq ($(FUZZING), 0) -SANITIZER_FLAGS += -fsanitize=fuzzer-no-link -endif - ifeq ($(DEVELOPER),1) DEV_CFLAGS=-DCCAN_TAKE_DEBUG=1 -DCCAN_TAL_DEBUG=1 -DCCAN_JSON_OUT_DEBUG=1 else @@ -256,7 +242,7 @@ LIBRARY_PATH := /usr/local/lib endif CPPFLAGS += -DBINTOPKGLIBEXECDIR="\"$(shell sh tools/rel.sh $(bindir) $(pkglibexecdir))\"" -CFLAGS = $(CPPFLAGS) $(CWARNFLAGS) $(CDEBUGFLAGS) $(COPTFLAGS) -I $(CCANDIR) $(EXTERNAL_INCLUDE_FLAGS) -I . -I$(CPATH) $(SQLITE3_CFLAGS) $(POSTGRES_INCLUDE) $(FEATURES) $(COVFLAGS) $(DEV_CFLAGS) -DSHACHAIN_BITS=48 -DJSMN_PARENT_LINKS $(PIE_CFLAGS) $(COMPAT_CFLAGS) -DBUILD_ELEMENTS=1 +CFLAGS = $(CPPFLAGS) $(CWARNFLAGS) $(CDEBUGFLAGS) $(COPTFLAGS) -I $(CCANDIR) $(EXTERNAL_INCLUDE_FLAGS) -I . -I$(CPATH) $(SQLITE3_CFLAGS) $(POSTGRES_INCLUDE) $(FEATURES) $(COVFLAGS) $(DEV_CFLAGS) -DSHACHAIN_BITS=48 -DJSMN_PARENT_LINKS $(PIE_CFLAGS) $(COMPAT_CFLAGS) $(CSANFLAGS) -DBUILD_ELEMENTS=1 # If CFLAGS is already set in the environment of make (to whatever value, it # does not matter) then it would export it to subprocesses with the above value @@ -268,8 +254,7 @@ unexport CFLAGS # We can get configurator to run a different compile cmd to cross-configure. CONFIGURATOR_CC := $(CC) -LDFLAGS += $(PIE_LDFLAGS) $(SANITIZER_FLAGS) $(COPTFLAGS) -CFLAGS += $(SANITIZER_FLAGS) +LDFLAGS += $(PIE_LDFLAGS) $(CSANFLAGS) $(COPTFLAGS) ifeq ($(STATIC),1) # For MacOS, Jacob Rapoport changed this to: diff --git a/configure b/configure index a943baedf..9295c461a 100755 --- a/configure +++ b/configure @@ -147,12 +147,29 @@ set_defaults() STATIC=${STATIC:-0} ASAN=${ASAN:-0} UBSAN=${UBSAN:-0} + FUZZING=${FUZZING:-0} + CSANFLAGS="" + if [ "$ASAN" != 0 ]; then + CSANFLAGS="$CSANFLAGS -fsanitize=address" + if [ "$DEVELOPER" != 0 ]; then + CSANFLAGS="$CSANFLAGS -fno-sanitize-recover=address" + fi + fi + if [ "$UBSAN" != 0 ]; then + CSANFLAGS="$CSANFLAGS -fsanitize=undefined" + if [ "$DEVELOPER" != 0 ]; then + CSANFLAGS="$CSANFLAGS -fno-sanitize-recover=undefined" + fi + fi + if [ "$FUZZING" != 0 ]; then + CSANFLAGS="$CSANFLAGS -fsanitize=fuzzer-no-link" + fi + echo CSANFLAGS = $CSANFLAGS PYTEST=${PYTEST-$(default_pytest)} COPTFLAGS=${COPTFLAGS-$(default_coptflags "$DEVELOPER")} CONFIGURATOR_CC=${CONFIGURATOR_CC-$CC} VALGRIND=${VALGRIND:-$(default_valgrind_setting)} TEST_NETWORK=${TEST_NETWORK:-regtest} - FUZZING=${FUZZING:-0} RUST=${RUST:-$(default_rust_setting)} } @@ -309,7 +326,7 @@ fi # Clean up on exit. trap "rm -f $CONFIG_VAR_FILE.$$" 0 -$CONFIGURATOR --extra-tests --autotools-style --var-file=$CONFIG_VAR_FILE.$$ --header-file=$CONFIG_HEADER.$$ --configurator-cc="$CONFIGURATOR_CC" --wrapper="$CONFIGURATOR_WRAPPER" "$CC" ${CWARNFLAGS-$BASE_WARNFLAGS} $CDEBUGFLAGS $COPTFLAGS -I$CPATH -L$LIBRARY_PATH $SQLITE3_CFLAGS $POSTGRES_INCLUDE <