[PATCH for-9.2? 0/2] meson: Rationalize sanitizer configuration

[PATCH for-9.2? 0/2] meson: Rationalize sanitizer configuration

[Richard Henderson]

In the CI that we actually run (x86) we don't want to use ASan,
only UBSan, we jump through --extra-cflags hoops to make that
happen, and we fail to disable function sanitizer during normal
configuration.

In the CI that we don't run, we enable ASan and fail to disable
function sanitizer.  So its a bit lucky that don't run it.

Split the --enable-santizers config option, and move stuff back
to meson.build from .gitlab-ci.d.


r~


Richard Henderson (2):
  meson: Split --enable-sanitizers to --enable-{asan,ubsan}
  meson: Move -fsanitize=undefined into normal configuraton

 tests/qtest/fdc-test.c                        |  2 +-
 .gitlab-ci.d/buildtest.yml                    | 10 +++----
 .../custom-runners/ubuntu-22.04-aarch64.yml   |  2 +-
 .../custom-runners/ubuntu-22.04-s390x.yml     |  2 +-
 docs/devel/fuzzing.rst                        |  4 +--
 meson.build                                   | 26 ++++++++++++++-----
 meson_options.txt                             |  6 +++--
 scripts/meson-buildoptions.sh                 |  9 ++++---
 tests/docker/test-debug                       |  4 +--
 9 files changed, 41 insertions(+), 24 deletions(-)

-- 
2.43.0

[PATCH 1/2] meson: Split --enable-sanitizers to --enable-{asan, ubsan}

[Richard Henderson]

We do not always want both address and undefined behavior
sanitizers running at the same time.

For the gitlab custom-runners, drop to only --enable-ubsan.
These jobs are not run by default, but as will be obvious in the
next patch, we don't run ASan on x86 either, and it seems wrong
to hold aarch64 and s390x to a different standard.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tests/qtest/fdc-test.c                            |  2 +-
 .../custom-runners/ubuntu-22.04-aarch64.yml       |  2 +-
 .../custom-runners/ubuntu-22.04-s390x.yml         |  2 +-
 docs/devel/fuzzing.rst                            |  4 ++--
 meson.build                                       | 15 +++++++++++----
 meson_options.txt                                 |  6 ++++--
 scripts/meson-buildoptions.sh                     |  9 ++++++---
 tests/docker/test-debug                           |  4 ++--
 8 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c
index 5e8fbda9df..8645b080f7 100644
--- a/tests/qtest/fdc-test.c
+++ b/tests/qtest/fdc-test.c
@@ -552,7 +552,7 @@ static bool qtest_check_clang_sanitizer(void)
 #ifdef QEMU_SANITIZE_ADDRESS
     return true;
 #else
-    g_test_skip("QEMU not configured using --enable-sanitizers");
+    g_test_skip("QEMU not configured using --enable-asan");
     return false;
 #endif
 }
diff --git a/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml b/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml
index 263a3c2140..ca2f140471 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml
@@ -103,7 +103,7 @@ ubuntu-22.04-aarch64-clang:
  script:
  - mkdir build
  - cd build
- - ../configure --disable-libssh --cc=clang --cxx=clang++ --enable-sanitizers
+ - ../configure --disable-libssh --cc=clang --cxx=clang++ --enable-ubsan
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc --ignore=40`
  - make --output-sync -j`nproc --ignore=40` check
diff --git a/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
index 69ddd3e7d5..ca374acb8c 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
@@ -80,7 +80,7 @@ ubuntu-22.04-s390x-clang:
  script:
  - mkdir build
  - cd build
- - ../configure --cc=clang --cxx=clang++ --enable-sanitizers
+ - ../configure --cc=clang --cxx=clang++ --enable-ubsan
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
  - make --output-sync -j`nproc` check
diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst
index 3bfcb33fc4..dfe1973cf8 100644
--- a/docs/devel/fuzzing.rst
+++ b/docs/devel/fuzzing.rst
@@ -24,8 +24,8 @@ Configure with (substitute the clang binaries with the version you installed).
 Here, enable-sanitizers, is optional but it allows us to reliably detect bugs
 such as out-of-bounds accesses, use-after-frees, double-frees etc.::
 
-    CC=clang-8 CXX=clang++-8 /path/to/configure --enable-fuzzing \
-                                                --enable-sanitizers
+    CC=clang-8 CXX=clang++-8 /path/to/configure \
+        --enable-fuzzing --enable-asan --enable-ubsan
 
 Fuzz targets are built similarly to system targets::
 
diff --git a/meson.build b/meson.build
index 81ecd4bae7..19b18b4a8a 100644
--- a/meson.build
+++ b/meson.build
@@ -474,24 +474,31 @@ if get_option('safe_stack') and coroutine_backend != 'ucontext'
   error('SafeStack is only supported with the ucontext coroutine backend')
 endif
 
-if get_option('sanitizers')
+if get_option('asan')
   if cc.has_argument('-fsanitize=address')
     qemu_cflags = ['-fsanitize=address'] + qemu_cflags
     qemu_ldflags = ['-fsanitize=address'] + qemu_ldflags
+  else
+    error('Your compiler does not support -fsanitize=address')
   endif
+endif
 
-  # Detect static linking issue with ubsan - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84285
+if get_option('ubsan')
+  # Detect static linking issue with ubsan:
+  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84285
   if cc.links('int main(int argc, char **argv) { return argc + 1; }',
               args: [qemu_ldflags, '-fsanitize=undefined'])
     qemu_cflags = ['-fsanitize=undefined'] + qemu_cflags
     qemu_ldflags = ['-fsanitize=undefined'] + qemu_ldflags
+  else
+    error('Your compiler does not support -fsanitize=undefined')
   endif
 endif
 
 # Thread sanitizer is, for now, much noisier than the other sanitizers;
 # keep it separate until that is not the case.
 if get_option('tsan')
-  if get_option('sanitizers')
+  if get_option('asan') or get_option('ubsan')
     error('TSAN is not supported with other sanitizers')
   endif
   if not cc.has_function('__tsan_create_fiber',
@@ -2511,7 +2518,7 @@ if rdma.found()
 endif
 
 have_asan_fiber = false
-if get_option('sanitizers') and \
+if get_option('asan') and \
    not cc.has_function('__sanitizer_start_switch_fiber',
                          args: '-fsanitize=address',
                          prefix: '#include <sanitizer/asan_interface.h>')
diff --git a/meson_options.txt b/meson_options.txt
index 0269fa0f16..98615c3c4e 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -91,8 +91,10 @@ option('tcg_interpreter', type: 'boolean', value: false,
        description: 'TCG with bytecode interpreter (slow)')
 option('safe_stack', type: 'boolean', value: false,
        description: 'SafeStack Stack Smash Protection (requires clang/llvm and coroutine backend ucontext)')
-option('sanitizers', type: 'boolean', value: false,
-       description: 'enable default sanitizers')
+option('asan', type: 'boolean', value: false,
+       description: 'enable address sanitizer')
+option('ubsan', type: 'boolean', value: false,
+       description: 'enable undefined behaviour sanitizer')
 option('tsan', type: 'boolean', value: false,
        description: 'enable thread sanitizer')
 option('stack_protector', type: 'feature', value: 'auto',
diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
index c97079a38c..a6ee2d9c01 100644
--- a/scripts/meson-buildoptions.sh
+++ b/scripts/meson-buildoptions.sh
@@ -21,6 +21,7 @@ meson_options_help() {
   printf "%s\n" '  --disable-relocatable    toggle relocatable install'
   printf "%s\n" '  --docdir=VALUE           Base directory for documentation installation'
   printf "%s\n" '                           (can be empty) [share/doc]'
+  printf "%s\n" '  --enable-asan            enable address sanitizer'
   printf "%s\n" '  --enable-block-drv-whitelist-in-tools'
   printf "%s\n" '                           use block whitelist also in tools instead of only'
   printf "%s\n" '                           QEMU'
@@ -46,13 +47,13 @@ meson_options_help() {
   printf "%s\n" '                           getrandom()'
   printf "%s\n" '  --enable-safe-stack      SafeStack Stack Smash Protection (requires'
   printf "%s\n" '                           clang/llvm and coroutine backend ucontext)'
-  printf "%s\n" '  --enable-sanitizers      enable default sanitizers'
   printf "%s\n" '  --enable-strip           Strip targets on install'
   printf "%s\n" '  --enable-tcg-interpreter TCG with bytecode interpreter (slow)'
   printf "%s\n" '  --enable-trace-backends=CHOICES'
   printf "%s\n" '                           Set available tracing backends [log] (choices:'
   printf "%s\n" '                           dtrace/ftrace/log/nop/simple/syslog/ust)'
   printf "%s\n" '  --enable-tsan            enable thread sanitizer'
+  printf "%s\n" '  --enable-ubsan           enable undefined behaviour sanitizer'
   printf "%s\n" '  --firmwarepath=VALUES    search PATH for firmware files [share/qemu-'
   printf "%s\n" '                           firmware]'
   printf "%s\n" '  --iasl=VALUE             Path to ACPI disassembler'
@@ -230,6 +231,8 @@ _meson_option_parse() {
     --disable-af-xdp) printf "%s" -Daf_xdp=disabled ;;
     --enable-alsa) printf "%s" -Dalsa=enabled ;;
     --disable-alsa) printf "%s" -Dalsa=disabled ;;
+    --enable-asan) printf "%s" -Dasan=true ;;
+    --disable-asan) printf "%s" -Dasan=false ;;
     --enable-attr) printf "%s" -Dattr=enabled ;;
     --disable-attr) printf "%s" -Dattr=disabled ;;
     --audio-drv-list=*) quote_sh "-Daudio_drv_list=$2" ;;
@@ -456,8 +459,6 @@ _meson_option_parse() {
     --disable-rutabaga-gfx) printf "%s" -Drutabaga_gfx=disabled ;;
     --enable-safe-stack) printf "%s" -Dsafe_stack=true ;;
     --disable-safe-stack) printf "%s" -Dsafe_stack=false ;;
-    --enable-sanitizers) printf "%s" -Dsanitizers=true ;;
-    --disable-sanitizers) printf "%s" -Dsanitizers=false ;;
     --enable-sdl) printf "%s" -Dsdl=enabled ;;
     --disable-sdl) printf "%s" -Dsdl=disabled ;;
     --enable-sdl-image) printf "%s" -Dsdl_image=enabled ;;
@@ -505,6 +506,8 @@ _meson_option_parse() {
     --disable-u2f) printf "%s" -Du2f=disabled ;;
     --enable-uadk) printf "%s" -Duadk=enabled ;;
     --disable-uadk) printf "%s" -Duadk=disabled ;;
+    --enable-ubsan) printf "%s" -Dubsan=true ;;
+    --disable-ubsan) printf "%s" -Dubsan=false ;;
     --enable-usb-redir) printf "%s" -Dusb_redir=enabled ;;
     --disable-usb-redir) printf "%s" -Dusb_redir=disabled ;;
     --enable-vde) printf "%s" -Dvde=enabled ;;
diff --git a/tests/docker/test-debug b/tests/docker/test-debug
index f52f16328c..678ceccc27 100755
--- a/tests/docker/test-debug
+++ b/tests/docker/test-debug
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 #
-# Compile and check with clang & --enable-debug --enable-sanitizers.
+# Compile and check with clang & debug & sanitizers
 #
 # Copyright (c) 2016-2018 Red Hat Inc.
 #
@@ -19,7 +19,7 @@ requires_binary clang
 cd "$BUILD_DIR"
 
 OPTS="--cxx=clang++ --cc=clang --host-cc=clang"
-OPTS="--enable-debug --enable-sanitizers $OPTS"
+OPTS="--enable-debug --enable-asan --enable-ubsan $OPTS"
 
 export ASAN_OPTIONS=detect_leaks=0
 build_qemu $OPTS
-- 
2.43.0

[PATCH 2/2] meson: Move -fsanitize=undefined into normal configuraton

[Richard Henderson]

With 8e466dd09246 and 23ef50ae2d0c, we disable function pointer
sanitization in CI because the qemu code base does not support it.
We must disable this for normal usage of --enable-ubsan as well,
so move it there.

Append options rather than prepend, since all of this requires
proper ordering of options.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 .gitlab-ci.d/buildtest.yml | 10 ++++------
 meson.build                | 11 +++++++++--
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index aa32782405..fc5d516557 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -428,9 +428,8 @@ clang-system:
     job: amd64-fedora-container
   variables:
     IMAGE: fedora
-    CONFIGURE_ARGS: --cc=clang --cxx=clang++
-      --extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined
-      --extra-cflags=-fno-sanitize=function
+    CONFIGURE_ARGS: --cc=clang --cxx=clang++ --enable-ubsan
+      --extra-cflags=-fno-sanitize-recover=undefined
     TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu s390x-softmmu
     MAKE_CHECK_ARGS: check-qtest check-tcg
 
@@ -441,10 +440,9 @@ clang-user:
   timeout: 70m
   variables:
     IMAGE: debian-all-test-cross
-    CONFIGURE_ARGS: --cc=clang --cxx=clang++ --disable-system
+    CONFIGURE_ARGS: --cc=clang --cxx=clang++ --disable-system --enable-ubsan
       --target-list-exclude=alpha-linux-user,microblazeel-linux-user,aarch64_be-linux-user,i386-linux-user,m68k-linux-user,mipsn32el-linux-user,xtensaeb-linux-user
-      --extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined
-      --extra-cflags=-fno-sanitize=function
+      --extra-cflags=-fno-sanitize-recover=undefined
     MAKE_CHECK_ARGS: check-unit check-tcg
 
 # Set LD_JOBS=1 because this requires LTO and ld consumes a large amount of memory.
diff --git a/meson.build b/meson.build
index 19b18b4a8a..5b9ac6c6c5 100644
--- a/meson.build
+++ b/meson.build
@@ -488,8 +488,15 @@ if get_option('ubsan')
   # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84285
   if cc.links('int main(int argc, char **argv) { return argc + 1; }',
               args: [qemu_ldflags, '-fsanitize=undefined'])
-    qemu_cflags = ['-fsanitize=undefined'] + qemu_cflags
-    qemu_ldflags = ['-fsanitize=undefined'] + qemu_ldflags
+    qemu_cflags += ['-fsanitize=undefined']
+    qemu_ldflags += ['-fsanitize=undefined']
+
+    # Suppress undefined behaviour from function call to mismatched type.
+    # In addition, tcg prologue does not emit function type prefix
+    # required by function call sanitizer.
+    if cc.has_argument('-fno-sanitize=function')
+      qemu_cflags += ['-fno-sanitize=function']
+    endif
   else
     error('Your compiler does not support -fsanitize=undefined')
   endif
-- 
2.43.0

Re: [PATCH for-9.2? 0/2] meson: Rationalize sanitizer configuration

[Richard Henderson]

Ping.

On 8/13/24 02:52, Richard Henderson wrote:
> In the CI that we actually run (x86) we don't want to use ASan,
> only UBSan, we jump through --extra-cflags hoops to make that
> happen, and we fail to disable function sanitizer during normal
> configuration.
> 
> In the CI that we don't run, we enable ASan and fail to disable
> function sanitizer.  So its a bit lucky that don't run it.
> 
> Split the --enable-santizers config option, and move stuff back
> to meson.build from .gitlab-ci.d.
> 
> 
> r~
> 
> 
> Richard Henderson (2):
>    meson: Split --enable-sanitizers to --enable-{asan,ubsan}
>    meson: Move -fsanitize=undefined into normal configuraton
> 
>   tests/qtest/fdc-test.c                        |  2 +-
>   .gitlab-ci.d/buildtest.yml                    | 10 +++----
>   .../custom-runners/ubuntu-22.04-aarch64.yml   |  2 +-
>   .../custom-runners/ubuntu-22.04-s390x.yml     |  2 +-
>   docs/devel/fuzzing.rst                        |  4 +--
>   meson.build                                   | 26 ++++++++++++++-----
>   meson_options.txt                             |  6 +++--
>   scripts/meson-buildoptions.sh                 |  9 ++++---
>   tests/docker/test-debug                       |  4 +--
>   9 files changed, 41 insertions(+), 24 deletions(-)
> 

Re: [PATCH for-9.2? 0/2] meson: Rationalize sanitizer configuration

[Thomas Huth]

On 13/08/2024 11.52, Richard Henderson wrote:
> In the CI that we actually run (x86) we don't want to use ASan,
> only UBSan, we jump through --extra-cflags hoops to make that
> happen, and we fail to disable function sanitizer during normal
> configuration.
> 
> In the CI that we don't run, we enable ASan and fail to disable
> function sanitizer.  So its a bit lucky that don't run it.
> 
> Split the --enable-santizers config option, and move stuff back
> to meson.build from .gitlab-ci.d.


Reviewed-by: Thomas Huth <thuth@redhat.com>
and queued.