fortify: allow diagnostics without run-time checks (attempt #2)
In configs like ASAN, we can't use _chk functions. This CL builds off of
previous work to allow us to still emit diagnostics in conditions like
these.
Wasn't 100% sure what a good test story would look like here. Opinions
appreciated.
Bug: 141267932
Test: checkbuild on internal-master. TreeHugger for x86_64.
Change-Id: I65da9ecc9903d51a09f740e38ab413b9beaeed88
diff --git a/tests/Android.bp b/tests/Android.bp
index 1755053..ee4f02e 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -312,26 +312,20 @@
},
}
-// If building this fails, then we have both FORTIFY and ASAN enabled, which
-// isn't desirable. (Ideally, we'd emit FORTIFY diagnostics even with ASAN
-// enabled, but that's not a reality today.) This is meant to be otherwise
-// unused.
-cc_test_library {
- name: "fortify_disabled_for_asan",
+// Ensures that FORTIFY checks aren't run when ASAN is on.
+cc_test {
+ name: "bionic-fortify-runtime-asan-test",
defaults: [
"bionic_clang_fortify_tests_w_flags",
],
cflags: [
"-Werror",
"-D_FORTIFY_SOURCE=2",
- // "sanitize: address" doesn't work on platforms where libasan isn't
- // enabled. Since the intent is just to build this, we can get away with
- // passing this flag on its own.
- "-fsanitize=address",
],
- // Ignore that we don't have ASAN symbols linked in.
- allow_undefined_symbols: true,
- srcs: ["clang_fortify_tests.cpp"],
+ sanitize: {
+ address: true,
+ },
+ srcs: ["clang_fortify_asan.cpp"],
}
// Ensure we don't use FORTIFY'ed functions with the static analyzer/clang-tidy:
diff --git a/tests/clang_fortify_asan.cpp b/tests/clang_fortify_asan.cpp
new file mode 100644
index 0000000..51656eb
--- /dev/null
+++ b/tests/clang_fortify_asan.cpp
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * This test ensures that ensures that FORTIFY's run-time bits aren't enabled with ASAN on. Most
+ * ways of getting FORTIFY to break turn into UB unless you get creative. Rather than remaking the
+ * entire FORTIFY test-suite with this added constraint, we pick a function with well-defined
+ * behavior when a FORTIFY check would fail (umask), and hope that the success of that is indicative
+ * of the rest working.
+ */
+
+#ifndef __clang__
+#error "Non-clang isn't supported"
+#endif
+
+#ifndef _FORTIFY_SOURCE
+#error "_FORTIFY_SOURCE must be defined"
+#endif
+
+#include <sys/cdefs.h>
+
+#if defined(__BIONIC__) && __has_feature(address_sanitizer)
+#include <sys/stat.h>
+#include <gtest/gtest.h>
+
+TEST(ClangFortifyASAN, NoRuntimeChecksAreEnabled) {
+ volatile mode_t unknown = 01000;
+ mode_t previous = umask(unknown);
+
+ // Not necessary, but polite.
+ umask(previous);
+}
+#endif