@@ -55,8 +55,8 @@ The dependency between modules can be classified into **deps** (left in the figu
...
@@ -55,8 +55,8 @@ The dependency between modules can be classified into **deps** (left in the figu
external_deps =[
external_deps =[
"part1:module1",
"part1:module1",
...
...
]# Inter-component dependency. The dependent module must be declared in inner_kits by the dependent component.
]# Inter-component dependency. The dependent module must be declared in inner_kits by the dependent component.
part_name ="part2"# (Mandatory) Name of the component to which the module belongs.
part_name ="part2"# (Mandatory) Name of the component to which the module belongs.
}
}
```
```
...
@@ -64,18 +64,21 @@ The dependency between modules can be classified into **deps** (left in the figu
...
@@ -64,18 +64,21 @@ The dependency between modules can be classified into **deps** (left in the figu
## Using Sanitizer
## Using Sanitizer
When adding a module, you can enable the Sanitizer, such as the integer overflow check and control-flow integrity (CFI), provided by the compiler as required. You can also enable the debug or release mode and configure a blocklist. Each configuration item is optional. It is**false** by default. You can also leave it empty.
When adding a module, you can enable the Sanitizer, such as the integer overflow check and control-flow integrity (CFI), provided by the compiler as required. You can also enable the debug or release mode and configure a blocklist. Each configuration item is optional and**false** by default. You can also leave it empty.
Sanitizer configuration example:
Sanitizer configuration example:
``` shell
``` shell
ohos_shared_library("example"){
ohos_shared_library("example"){
sanitize ={
sanitize ={
cfi =true
cfi =true# Enable the CFI check.
cfi_cross_dso =true# CFI: shared library support.
cfi_cross_dso =true# Enable the cross-DSO CFI check.
integer_overflow =true
integer_overflow =true# Enable the integer overflow check.
debug =true# Optional. The debug mode is disabled by default.
boundary_sanitize =true# Enable the bounds check.
blocklist ="./blocklist.txt"# Optional. Enter the path of the blocklist.
ubsan =true# Enable some UBSAN options.
all_ubsan =true# Enable all UBSAN options.
debug =true# Enable the debug mode, which is disabled by default.
blocklist ="./blocklist.txt"# Path of the blocklist.
Currently, the following two types of Sanitizers are supported:
Currently, Sanitizers provides the following functions:
- Integer overflow check: provides check of unsigned integer overflow (unsigned_integer_overflow), check of signed integer overflow (signed_integer_overflow), or both (integer_overflow).
-**integer_overflow**: provides check of unsigned integer overflow (unsigned_integer_overflow), check of signed integer overflow (signed_integer_overflow), or both (integer_overflow).
- CFI: prevents malware attacks from redirecting the control flow of a program.
- CFI: provides CFI and cross-DSO CFI checks.
-**boundary_sanitize**: provides the bounds check.
-**ubsan**: checks some Undefined Behavior Sanitizer (UBSAN) options, including **bool**, **integer-divide-by-zero**, **return**, **returns-nonnull-attribute**, **shift-exponent**, **unreachable**, and **vla-bound**.
-**all_ubsan**: checks all UBSAN options.
**Release and Debug Modes**
**Release and Debug Modes**
...
@@ -96,6 +102,7 @@ Currently, the following two types of Sanitizers are supported:
...
@@ -96,6 +102,7 @@ Currently, the following two types of Sanitizers are supported:
- Release mode: If release mode is enabled, the application will be directly interrupted when an error occurs. This can protect the system against errors or maliciously attacks.
- Release mode: If release mode is enabled, the application will be directly interrupted when an error occurs. This can protect the system against errors or maliciously attacks.
**Blocklist**
**Blocklist**
The blocklist specifies the functions or source programs that are not affected by Sanitizer in the module. It prevents benign behavior from being identified as errors or prevents hotspot functions from generating unreasonable and unacceptable overheads. Exercise caution when using this function.
The blocklist specifies the functions or source programs that are not affected by Sanitizer in the module. It prevents benign behavior from being identified as errors or prevents hotspot functions from generating unreasonable and unacceptable overheads. Exercise caution when using this function.
