This directory contains the profiles needed to build a board's packages with various sanitizer flags e.g. address sanitizer.
To build a package with sanitizers, the common steps are:
cros-sanitizers
eclass in the package ebuild.sanitizers-setup-env
in the ebuild typically in src_configure
step.Depending on the sanitizer profile, the package will be built with appropriate sanitizer flags. The profiles are listed in the following section.
Used for building packages with Address sanitizer.
Use it for building packages with Clang sanitizer coverage.
Use it for building packages with Memory sanitizer.
Use it for building packages with Thread sanitizer.
Use it for building packages with Undefined behavior sanitizer.
Fuzzer profiles provide further support for building packages with Libfuzzer needed for fuzzing. For fuzzing, it is necessary to use a sanitizer subprofile in fuzzer directory e.g. fuzzer/asan or fuzzer/msan must be used so that packages are built with appropriate sanitizer flags in addition to libfuzzer flags.
Note: When building packages for fuzzing, binaries are not stripped and all packages are built with sanitizer flags. This is in contrast to other profiles where packages generally need to opt-in to be built by sanitizer flags.
To build packages with address sanitizer (asan) for a board, create a profile in the overlays and point its parent to the appropriate architecture here. For example, to add an asan profile for eve:
$ mkdir -p overlays/overlay-eve/profiles/asan $ printf "../base\nchromiumos:features/sanitizers/asan/amd64\n" > \ overlays/overlay-eve/profiles/asan/parent
A private profile may be needed as well.
$ mkdir -p private-overlays/overlay-eve-private/profiles/asan $ printf "../base\neve:asan\n" > \ private-overlays/overlay-eve-private/profiles/asan/parent
To build the eve board with asan profile, do:
$ setup_board --board=eve --profile=asan $ build_packages --board=eve