From a33c43b060c335889e5bd8c583aa5c527c73c255 Mon Sep 17 00:00:00 2001 From: Niklas Dusenlund Date: Wed, 10 Sep 2025 11:24:55 +0200 Subject: [PATCH] build: fix sanitizers The recommended way to enable sanitizers nowadays is to add `-fsanitize=*` as a compiler and linking flags. Also fix some warnings and remove some targets from "all" to speed up builds. Bumping macosx version to 11 since that seems to be necessary for asan to work. Add CI check to verify that address santizier is turned on for unit tests --- .github/workflows/ci-common.yml | 3 +++ CMakeLists.txt | 9 ++++++++- Makefile | 7 +------ external/CMakeLists.txt | 2 +- test/simulator/CMakeLists.txt | 2 +- test/unit-test/CMakeLists.txt | 14 ++++++++------ 6 files changed, 22 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci-common.yml b/.github/workflows/ci-common.yml index 3395e327c9..61f200423b 100644 --- a/.github/workflows/ci-common.yml +++ b/.github/workflows/ci-common.yml @@ -97,6 +97,9 @@ jobs: - name: Build unit-tests run: make -j$(($(nproc) + 1)) unit-test + - name: Check that address sanitizer is enabled + run: nm build-build/bin/test_cleanup | grep __asan_version_mismatch_check_v8 + - name: run unit-tests run: make run-unit-tests diff --git a/CMakeLists.txt b/CMakeLists.txt index 5205ef8e2a..2fe13fb661 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -46,7 +46,7 @@ endif() # This is ignored on platforms other than darwin. By default rust compiles for # 10.7 which doesn't link for us. -set(CMAKE_OSX_DEPLOYMENT_TARGET "10.15" CACHE STRING "Minimum OS X deployment version") +set(CMAKE_OSX_DEPLOYMENT_TARGET "11" CACHE STRING "Minimum OS X deployment version") project(bitbox02 C) @@ -65,6 +65,7 @@ option(COVERAGE "Compile with test coverage flags." OFF) option(SANITIZE_ADDRESS "Compile with asan." OFF) option(SANITIZE_UNDEFINED "Compile with ubsan." OFF) option(CMAKE_VERBOSE_MAKEFILE "Verbose build." OFF) + # Generate compile_command.json (for tidy and other tools) set(CMAKE_EXPORT_COMPILE_COMMANDS ON) @@ -343,6 +344,12 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600") string(LENGTH "${CMAKE_SOURCE_DIR}/" SOURCE_PATH_SIZE) add_definitions("-DSOURCE_PATH_SIZE=${SOURCE_PATH_SIZE}") +if(SANITIZE_ADDRESS) + string(APPEND CMAKE_C_FLAGS " -fsanitize=address") +endif() +if(SANITIZE_UNDEFINED) + string(APPEND CMAKE_C_FLAGS " -fsanitize=undefined") +endif() # protoc is used to generate API messages find_program(PROTOC protoc) diff --git a/Makefile b/Makefile index 9c62c08529..4e5dad74c9 100644 --- a/Makefile +++ b/Makefile @@ -17,12 +17,7 @@ UNAME_S := $(shell uname -s) .DEFAULT_GOAL := firmware -# asan/ubsan is not supported on darwin, default to off -ifeq ($(UNAME_S),Darwin) - SANITIZE ?= OFF -else - SANITIZE ?= ON -endif +SANITIZE ?= ON bootstrap: git submodule update --init --recursive diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt index cbf5c168ca..6caaa3d4ad 100644 --- a/external/CMakeLists.txt +++ b/external/CMakeLists.txt @@ -238,7 +238,7 @@ aux_source_directory(optiga-trust-m/src/comms/ifx_i2c SRC_COMMS_IFX_I2C_FILES) aux_source_directory(optiga-trust-m/src/crypt SRC_CRYPT_FILES) aux_source_directory(optiga-trust-m/src/util SRC_UTIL_FILES) set(PAL_FILES optiga-trust-m/extras/pal/pal_crypt_mbedtls.c) -add_library(optiga +add_library(optiga EXCLUDE_FROM_ALL ${SRC_CMD_FILES} ${SRC_COMMON_FILES} ${SRC_COMMS_IFX_I2C_FILES} diff --git a/test/simulator/CMakeLists.txt b/test/simulator/CMakeLists.txt index 49dbbd8344..62f0e12b34 100644 --- a/test/simulator/CMakeLists.txt +++ b/test/simulator/CMakeLists.txt @@ -16,7 +16,7 @@ add_executable(simulator EXCLUDE_FROM_ALL simulator.c) # asan must be first library in linking order target_link_libraries(simulator PRIVATE - $<$:asan> + $<$:-fsanitize=address> $<$:-fsanitize=undefined> $<$>:-Wl,--start-group> c-unit-tests_rust_c diff --git a/test/unit-test/CMakeLists.txt b/test/unit-test/CMakeLists.txt index 6af60de227..efda070a3c 100644 --- a/test/unit-test/CMakeLists.txt +++ b/test/unit-test/CMakeLists.txt @@ -31,7 +31,7 @@ endif() set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-parameter -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-bad-function-cast") -add_library(mocks STATIC +add_library(mocks STATIC EXCLUDE_FROM_ALL framework/src/mock_gestures.c framework/src/mock_screen_stack.c framework/src/mock_memory.c @@ -89,7 +89,7 @@ else() add_executable(${EXE} test_${TEST_NAME}.c) # asan must be first library in linking order target_link_libraries(${EXE} PRIVATE - $<$:asan> + $<$:-fsanitize=address> $<$:-fsanitize=undefined> -Wl,--start-group c-unit-tests_rust_c @@ -114,11 +114,13 @@ add_library(u2f-util u2f/u2f_util_t.c ) target_include_directories(u2f-util - PUBLIC - ${CMAKE_CURRENT_SOURCE_DIR} SYSTEM PUBLIC ${HIDAPI_INCLUDE_DIRS} ) +target_include_directories(u2f-util + PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR} +) # NOTE: we only depend on include directories and definitions from c-unit-tests_rust_c target_link_libraries(u2f-util PUBLIC ${HIDAPI_LDFLAGS} c-unit-tests_rust_c) @@ -136,7 +138,7 @@ foreach(TEST_NAME ${U2F_TESTS}) # This tests link to our code add_executable(${EXE} test_${TEST_NAME}.c framework/src/mock_hidapi.c) target_link_libraries(${EXE} PRIVATE - $<$:asan> + $<$:-fsanitize=address> $<$:-fsanitize=undefined> $<$>:-Wl,--start-group> c-unit-tests_rust_c @@ -152,7 +154,7 @@ foreach(TEST_NAME ${U2F_TESTS}) add_executable(${EXE} test_${TEST_NAME}.c) # asan must be first library in linking order target_link_libraries(${EXE} PRIVATE - $<$:asan> + $<$:-fsanitize=address> $<$:-fsanitize=undefined> u2f-util )