diff --git a/Makefile.inc1 b/Makefile.inc1 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -766,7 +766,7 @@ -DNO_CPU_CFLAGS \ -DNO_PIC \ -DNO_SHARED \ - MK_ASAN=no \ + MK_ASAN=${MK_BOOTSTRAP_TOOLS_ASAN} \ MK_CTF=no \ MK_CLANG_EXTRAS=no \ MK_CLANG_FORMAT=no \ @@ -776,7 +776,7 @@ MK_RETPOLINE=no \ MK_SSP=no \ MK_TESTS=no \ - MK_UBSAN=no \ + MK_UBSAN=${MK_BOOTSTRAP_TOOLS_UBSAN} \ MK_WERROR=no \ MK_INCLUDES=yes \ MK_MAN_UTILS=yes diff --git a/share/mk/bsd.sanitizer.mk b/share/mk/bsd.sanitizer.mk --- a/share/mk/bsd.sanitizer.mk +++ b/share/mk/bsd.sanitizer.mk @@ -31,7 +31,13 @@ # SHARED_CFLAGS instead of CFLAGS. We do this since static executables are not # compatible with the sanitizers (interceptors do not work). .if ${_use_sanitizers} != "no" +# When building the base system we have to override the resource dir to point +# at the sanitizer libraries in the build root, but this is not required (and +# in fact actively harmful since the clang version number may not match) for the +# BOOTSTRAPPING phase where -fsanitize=... will add the appropriate flags. +.if !defined(BOOTSTRAPPING) .include "../../lib/libclang_rt/compiler-rt-vars.mk" +.endif .if target(____) SHARED_CFLAGS+= ${SANITIZER_CFLAGS} SOLINKOPTS+= ${SANITIZER_LDFLAGS} diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -198,6 +198,8 @@ __DEFAULT_NO_OPTIONS = \ BEARSSL \ BHYVE_SNAPSHOT \ + BOOTSTRAP_TOOLS_ASAN \ + BOOTSTRAP_TOOLS_UBSAN \ CLANG_EXTRAS \ CLANG_FORMAT \ CLEAN \ diff --git a/tools/build/options/WITH_BOOTSTRAP_TOOLS_ASAN b/tools/build/options/WITH_BOOTSTRAP_TOOLS_ASAN new file mode 100644 --- /dev/null +++ b/tools/build/options/WITH_BOOTSTRAP_TOOLS_ASAN @@ -0,0 +1,2 @@ +Build the bootstrap tools with Address Sanitizer (ASan) to detect +memory corruption bugs such as buffer overflows or use-after-free. diff --git a/tools/build/options/WITH_BOOTSTRAP_TOOLS_UBSAN b/tools/build/options/WITH_BOOTSTRAP_TOOLS_UBSAN new file mode 100644 --- /dev/null +++ b/tools/build/options/WITH_BOOTSTRAP_TOOLS_UBSAN @@ -0,0 +1,2 @@ +Build the bootstrap tools with Undefined Behavior Sanitizer (UBSan) to detect +various kinds of undefined behavior at runtime.