From: Claudio André <claudioandre.br@xxxxxxxxx> Sanitizers are based on compile-time instrumentation. They are available in gcc and clang for a range of supported operation systems and platforms. More info at: https://github.com/google/sanitizers The address sanitizer finds bugs related to addressing memory: use after free, heap buffer overflow, stack buffer overflow, memory leaks, ... The undefined behavior sanitizer detects situations not prescribed by the language specification: bound violations, data overflows, ... The llvm.org states that Sanitizers have found thousands of bugs everywhere. Sanitizers running during CI can prevent bugs from taking up residence. A helper tool to keep bugs out. --- - I mean CI (in general) not only Travis; - The functionality is not tied to CI; it is useful for local testing; - A way to think about this (including the ongoing GSOC): - Phase 1: test with Sanitizers to achieve basic code sanity; - Phase 2: use fuzzing for stronger security & reliability; - MISSING: should I add the flag to which Makefile.am? Or, what do you guys think about this? configure.ac | 2 ++ m4/virt-compile-sanitizer.m4 | 51 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 m4/virt-compile-sanitizer.m4 diff --git a/configure.ac b/configure.ac index 246f4e0..4334614 100644 --- a/configure.ac +++ b/configure.ac @@ -237,6 +237,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_COMPILE_PIE LIBVIRT_LINKER_RELRO LIBVIRT_LINKER_NO_INDIRECT +LIBVIRT_COMPILE_SANITIZER LIBVIRT_ARG_APPARMOR LIBVIRT_ARG_ATTR @@ -1011,6 +1012,7 @@ AC_MSG_NOTICE([]) AC_MSG_NOTICE([Miscellaneous]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_DEBUG +LIBVIRT_RESULT_SANITIZER AC_MSG_NOTICE([ Use -Werror: $enable_werror]) AC_MSG_NOTICE([ Warning Flags: $WARN_CFLAGS]) LIBVIRT_RESULT_DTRACE diff --git a/m4/virt-compile-sanitizer.m4 b/m4/virt-compile-sanitizer.m4 new file mode 100644 index 0000000..a7cac31 --- /dev/null +++ b/m4/virt-compile-sanitizer.m4 @@ -0,0 +1,51 @@ +dnl +dnl Check for support for Sanitizers +dnl Check for -fsanitize=address and -fsanitize=undefined support +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl <http://www.gnu.org/licenses/>. +dnl + +AC_DEFUN([LIBVIRT_COMPILE_SANITIZER],[ + LIBVIRT_ARG_ENABLE([ASAN], [Build with address sanitizer support], [no]) + LIBVIRT_ARG_ENABLE([UBSAN], [Build with undefined behavior sanitizer support], [no]) + + SAN_CFLAGS= + SAN_LDFLAGS= + + AS_IF([test "x$enable_asan" = "xyes"], [ + gl_COMPILER_OPTION_IF([-fsanitize=address -fno-omit-frame-pointer], [ + SAN_CFLAGS="-fsanitize=address -fno-omit-frame-pointer" + SAN_LDFLAGS="-fsanitize=address" + ]) + + AC_SUBST([SAN_CFLAGS]) + AC_SUBST([SAN_LDFLAGS]) + ]) + + AS_IF([test "x$enable_ubsan" = "xyes"], [ + gl_COMPILER_OPTION_IF([-fsanitize=undefined -fno-omit-frame-pointer], [ + SAN_CFLAGS="$SAN_CFLAGS -fsanitize=undefined -fno-omit-frame-pointer" + SAN_LDFLAGS="$SAN_LDFLAGS -fsanitize=undefined" + ]) + + AC_SUBST([SAN_CFLAGS]) + AC_SUBST([SAN_LDFLAGS]) + ]) +]) + +AC_DEFUN([LIBVIRT_RESULT_SANITIZER], [ + AC_MSG_NOTICE([ ASan: $enable_asan]) + AC_MSG_NOTICE([ UBSan: $enable_ubsan]) +]) -- 2.11.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
