From 2d64237f44b07b96421afa9eb92c3db5cb02586d Mon Sep 17 00:00:00 2001 From: Keith Packard Date: Mon, 7 Apr 2025 15:23:02 -0700 Subject: [PATCH] cmake: Enable undefined behavior sanitizer on all targets GCC and Clang support the undefined behavior sanitizer in any configuration, the only restriction is that if you want to get nice messages printed, then you need the ubsan library routines which are only present for posix architecture or when using picolibc. This patch adds three new compiler properties: * sanitizer_undefined. Enables the undefined behavior sanitizer. * sanitizer_undefined_library. Calls ubsan library routines on fault. * sanitizer_undefined_trap. Invokes __builtin_trap() on fault. Overhead for using the trapping sanitizer is fairly low and should be considered for use in CI once all of the undefined behavior faults in Zephyr are fixed. Signed-off-by: Keith Packard --- CMakeLists.txt | 12 +++++++++ arch/Kconfig | 1 + arch/arm64/core/Kconfig | 1 + cmake/compiler/gcc/compiler_flags.cmake | 4 +++ cmake/linker/ld/linker_flags.cmake | 4 +++ subsys/debug/Kconfig | 33 +++++++++++++++++++++---- 6 files changed, 50 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 196a87294ea..9ea00420e78 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -344,6 +344,18 @@ if (CONFIG_PICOLIBC AND NOT CONFIG_PICOLIBC_IO_FLOAT) zephyr_compile_options($<$:$>) endif() +if(CONFIG_UBSAN) + zephyr_compile_options($<$:$>) + zephyr_link_libraries($) + if(CONFIG_UBSAN_LIBRARY) + zephyr_compile_options($<$:$>) + zephyr_link_libraries($) + elseif(CONFIG_UBSAN_TRAP) + zephyr_compile_options($<$:$>) + zephyr_link_libraries($) + endif() +endif() + # @Intent: Set compiler specific flag for tentative definitions, no-common zephyr_compile_options($) diff --git a/arch/Kconfig b/arch/Kconfig index 916351ae605..94880c284fb 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -327,6 +327,7 @@ config PRIVILEGED_STACK_SIZE config KOBJECT_TEXT_AREA int "Size of kobject text area" + default 1024 if UBSAN default 512 if COVERAGE_GCOV default 512 if NO_OPTIMIZATIONS default 512 if STACK_CANARIES && RISCV diff --git a/arch/arm64/core/Kconfig b/arch/arm64/core/Kconfig index 35a480a24fd..21327f62c1b 100644 --- a/arch/arm64/core/Kconfig +++ b/arch/arm64/core/Kconfig @@ -126,6 +126,7 @@ config PRIVILEGED_STACK_SIZE default 4096 config KOBJECT_TEXT_AREA + default 1024 if UBSAN default 512 if TEST config WAIT_AT_RESET_VECTOR diff --git a/cmake/compiler/gcc/compiler_flags.cmake b/cmake/compiler/gcc/compiler_flags.cmake index 48afd244ac7..53b42823717 100644 --- a/cmake/compiler/gcc/compiler_flags.cmake +++ b/cmake/compiler/gcc/compiler_flags.cmake @@ -197,6 +197,10 @@ if(NOT CONFIG_NO_OPTIMIZATIONS) set_compiler_property(PROPERTY security_fortify_run_time _FORTIFY_SOURCE=2) endif() +check_set_compiler_property(PROPERTY sanitizer_undefined -fsanitize=undefined) +check_set_compiler_property(PROPERTY sanitizer_undefined_trap -fsanitize-undefined-trap-on-error) +check_set_compiler_property(PROPERTY sanitizer_undefined_library) + # gcc flag for a hosted (no-freestanding) application check_set_compiler_property(APPEND PROPERTY hosted -fno-freestanding) diff --git a/cmake/linker/ld/linker_flags.cmake b/cmake/linker/ld/linker_flags.cmake index 0e0e8b6b0a1..885a1844cc5 100644 --- a/cmake/linker/ld/linker_flags.cmake +++ b/cmake/linker/ld/linker_flags.cmake @@ -24,6 +24,10 @@ check_set_linker_property(TARGET linker PROPERTY orphan_error check_set_linker_property(TARGET linker PROPERTY memusage "${LINKERFLAGPREFIX},--print-memory-usage") +check_set_linker_property(TARGET linker PROPERTY sanitizer_undefined -fsanitize=undefined) +check_set_linker_property(TARGET linker PROPERTY sanitizer_undefined_trap -fsanitize-undefined-trap-on-error) +check_set_linker_property(TARGET linker PROPERTY sanitizer_undefined_library) + # -no-pie is not supported until binutils 2.37. # If -no-pie is passed to old binutils <= 2.36, it is parsed # as separate arguments -n and -o, which results in output file diff --git a/subsys/debug/Kconfig b/subsys/debug/Kconfig index 6ee215c16f5..4fc64deccf5 100644 --- a/subsys/debug/Kconfig +++ b/subsys/debug/Kconfig @@ -67,12 +67,35 @@ config ASAN_NOP_DLCLOSE config UBSAN bool "Build with undefined behavior sanitizer" - depends on ARCH_POSIX help - Builds Zephyr with Undefined Behavior Sanitizer enabled. - This is currently only supported by boards based on the posix - architecture, and requires a recent-ish compiler with the - ``-fsanitize=undefined`` command line option. + Builds Zephyr with Undefined Behavior Sanitizer enabled. This + requires a recent-ish compiler with the ``-fsanitize=undefined`` + command line option. + +choice UBSAN_MODE + prompt "Undefined behavior sanitizer mode" + depends on UBSAN + default UBSAN_LIBRARY + +config UBSAN_LIBRARY + bool "Call ubsan routines" + depends on ARCH_POSIX || PICOLIBC + help + Call ubsan library routines when undefined behavior is detected + at runtime. This provides information about the faulting + condition along with the source filename, line number, types and + values involved. This is currently only supported by boards + based on the posix architecture or when building with picolibc. + +config UBSAN_TRAP + bool "Call __builtin_trap" + help + When undefined behavior is detected, invoke __builtin_trap to + cause an exception to be raised. This can be used on any target, + but the lack of information makes figuring out the triggering + code difficult. + +endchoice config MSAN bool "Build with memory sanitizer"