[libvirt] [PATCH] maint: add sanitizers to the build process
From: Claudio André <claudioandre.br(a)gmail.com>
Sanitizers are based on compile-time instrumentation. They are available in gcc and clang
for a range of supported operation systems and platforms. More info at:
https://github.com/google/sanitizers
The address sanitizer finds bugs related to addressing memory: use after free, heap buffer
overflow, stack buffer overflow, memory leaks, ...
The undefined behavior sanitizer detects situations not prescribed by the language
specification: bound violations, data overflows, ...
The llvm.org states that Sanitizers have found thousands of bugs everywhere.
Sanitizers running during CI can prevent bugs from taking up residence. A helper tool to
keep bugs out.
---
- I mean CI (in general) not only Travis;
- The functionality is not tied to CI; it is useful for local testing;
- A way to think about this (including the ongoing GSOC):
- Phase 1: test with Sanitizers to achieve basic code sanity;
- Phase 2: use fuzzing for stronger security & reliability;
- MISSING: should I add the flag to which Makefile.am? Or, what do you guys think about
this?
configure.ac | 2 ++
m4/virt-compile-sanitizer.m4 | 51 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
create mode 100644 m4/virt-compile-sanitizer.m4
diff --git a/configure.ac b/configure.ac
index 246f4e0..4334614 100644
--- a/configure.ac
+++ b/configure.ac
@@ -237,6 +237,7 @@ LIBVIRT_COMPILE_WARNINGS
LIBVIRT_COMPILE_PIE
LIBVIRT_LINKER_RELRO
LIBVIRT_LINKER_NO_INDIRECT
+LIBVIRT_COMPILE_SANITIZER
LIBVIRT_ARG_APPARMOR
LIBVIRT_ARG_ATTR
@@ -1011,6 +1012,7 @@ AC_MSG_NOTICE([])
AC_MSG_NOTICE([Miscellaneous])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_DEBUG
+LIBVIRT_RESULT_SANITIZER
AC_MSG_NOTICE([ Use -Werror: $enable_werror])
AC_MSG_NOTICE([ Warning Flags: $WARN_CFLAGS])
LIBVIRT_RESULT_DTRACE
diff --git a/m4/virt-compile-sanitizer.m4 b/m4/virt-compile-sanitizer.m4
new file mode 100644
index 0000000..a7cac31
--- /dev/null
+++ b/m4/virt-compile-sanitizer.m4
@@ -0,0 +1,51 @@
+dnl
+dnl Check for support for Sanitizers
+dnl Check for -fsanitize=address and -fsanitize=undefined support
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>;.
+dnl
+
+AC_DEFUN([LIBVIRT_COMPILE_SANITIZER],[
+ LIBVIRT_ARG_ENABLE([ASAN], [Build with address sanitizer support], [no])
+ LIBVIRT_ARG_ENABLE([UBSAN], [Build with undefined behavior sanitizer support], [no])
+
+ SAN_CFLAGS=
+ SAN_LDFLAGS=
+
+ AS_IF([test "x$enable_asan" = "xyes"], [
+ gl_COMPILER_OPTION_IF([-fsanitize=address -fno-omit-frame-pointer], [
+ SAN_CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
+ SAN_LDFLAGS="-fsanitize=address"
+ ])
+
+ AC_SUBST([SAN_CFLAGS])
+ AC_SUBST([SAN_LDFLAGS])
+ ])
+
+ AS_IF([test "x$enable_ubsan" = "xyes"], [
+ gl_COMPILER_OPTION_IF([-fsanitize=undefined -fno-omit-frame-pointer], [
+ SAN_CFLAGS="$SAN_CFLAGS -fsanitize=undefined
-fno-omit-frame-pointer"
+ SAN_LDFLAGS="$SAN_LDFLAGS -fsanitize=undefined"
+ ])
+
+ AC_SUBST([SAN_CFLAGS])
+ AC_SUBST([SAN_LDFLAGS])
+ ])
+])
+
+AC_DEFUN([LIBVIRT_RESULT_SANITIZER], [
+ AC_MSG_NOTICE([ ASan: $enable_asan])
+ AC_MSG_NOTICE([ UBSan: $enable_ubsan])
+])
--
2.11.0