diff options
author | Justin Chadwell <justin.chadwell@arm.com> | 2019-08-20 11:01:52 +0100 |
---|---|---|
committer | Justin Chadwell <justin.chadwell@arm.com> | 2019-09-11 14:15:54 +0100 |
commit | 1f4619796af5baf4b41b5723bbf708355f8597fa (patch) | |
tree | 0c1293905f4c922c53a1b2f8ea999f9da65f9841 /docs | |
parent | 5dbdf8e4eac1d5999f07976f9f430894b0784907 (diff) |
Add UBSAN support and handlers
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/getting_started/user-guide.rst | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/getting_started/user-guide.rst b/docs/getting_started/user-guide.rst index b447f149..1cfd4c73 100644 --- a/docs/getting_started/user-guide.rst +++ b/docs/getting_started/user-guide.rst @@ -684,6 +684,21 @@ Common build options file that contains the ROT private key in PEM format. If ``SAVE_KEYS=1``, this file name will be used to save the key. +- ``SANITIZE_UB``: This option enables the Undefined Behaviour sanitizer. It + can take 3 values: 'off' (default), 'on' and 'trap'. When using 'trap', + gcc and clang will insert calls to ``__builtin_trap`` on detected + undefined behaviour, which defaults to a ``brk`` instruction. When using + 'on', undefined behaviour is translated to a call to special handlers which + prints the exact location of the problem and its cause and then panics. + + .. note:: + Because of the space penalty of the Undefined Behaviour sanitizer, + this option will increase the size of the binary. Depending on the + memory constraints of the target platform, it may not be possible to + enable the sanitizer for all images (BL1 and BL2 are especially + likely to be memory constrained). We recommend that the + sanitizer is enabled only in debug builds. + - ``SAVE_KEYS``: This option is used when ``GENERATE_COT=1``. It tells the certificate generation tool to save the keys used to establish the Chain of Trust. Allowed options are '0' or '1'. Default is '0' (do not save). |