Jesus Checa Hidalgo f37731
---
Jesus Checa Hidalgo f37731
inspections:
Jesus Checa Hidalgo f37731
  # xml files shipped are GDB register set descriptions which can only be
Jesus Checa Hidalgo f37731
  # verified with gdb/features/gdb-target.dtd, provided in GDB sources.
Jesus Checa Hidalgo f37731
  xml: off
Jesus Checa Hidalgo f37731
Jesus Checa Hidalgo f37731
annocheck:
Mark Wielaard b9b4fa
  # Currently lto is disabled globally for valgrind, it should be able
Mark Wielaard b9b4fa
  # to be enabled through upstream configure --enable-lto in the future.
Mark Wielaard b9b4fa
  # Note that all (default fedora) flags need to be repeated here, if
Mark Wielaard b9b4fa
  # you override some config flags it will completely overwrite the
Mark Wielaard b9b4fa
  # defaults (--ignore-unknown --verbose).
Mark Wielaard b9b4fa
  - hardened: --ignore-unknown --verbose --skip-lto
Jesus Checa Hidalgo f37731
  # Ignore files built specially without hardening flags
Jesus Checa Hidalgo f37731
  ignore:
Jesus Checa Hidalgo f37731
    # Valgrind tools themselves (memcheck, cachegrind, massif, etc) are
Jesus Checa Hidalgo f37731
    # statically linked and need to be built without PIE to be loaded at
Jesus Checa Hidalgo f37731
    # a fixed address in the program's address space.
Jesus Checa Hidalgo f37731
    # Also need to be built without stack protection so the generated
Jesus Checa Hidalgo f37731
    # code (valgrind VEX jit) interacts correctly with their own static code.
Jesus Checa Hidalgo f37731
    - /usr/libexec/valgrind/*-*-linux
Jesus Checa Hidalgo f37731
    # Wrappers for various string and mem functions such as memcpy, strlen, etc
Jesus Checa Hidalgo f37731
    # that valgrind uses to keep track of memory usage. Hardening settings such
Jesus Checa Hidalgo f37731
    # as optimizations need to be disabled so they don't interfere or break
Jesus Checa Hidalgo f37731
    # the checks that valgrind does internally.
Jesus Checa Hidalgo f37731
    - /usr/libexec/valgrind/vgpreload*so
Jesus Checa Hidalgo f37731
    # libmpiwrap is special since it is a LD_PRELOAD wrapper used by valgrind
Jesus Checa Hidalgo f37731
    # memcheck for MPI using programs, the wrapper is against a specific MPI
Jesus Checa Hidalgo f37731
    # implementation though, in our case openmpi. We don't want to have a hard
Jesus Checa Hidalgo f37731
    # dependency on openmpi however, so a user can use the wrapper without
Jesus Checa Hidalgo f37731
    # explicitly pulling in openmpi unless the program explicitly uses it.
Jesus Checa Hidalgo f37731
    - /usr/lib*/openmpi/valgrind/libmpiwrap-*-linux.so
Mark Wielaard b9b4fa
    # These static archives (to create custom valgrind tools) are only
Mark Wielaard b9b4fa
    # distributed in valgrind-tools-devel and don't have hardening flags
Mark Wielaard b9b4fa
    # for the same reason as the standard tools (see above).
Mark Wielaard b9b4fa
    - /usr/lib*/valgrind/*-*linux.a
Jesus Checa Hidalgo f37731
Jesus Checa Hidalgo f37731
runpath:
Jesus Checa Hidalgo f37731
  allowed_paths:
Jesus Checa Hidalgo f37731
    # As described above, libmpiwrap is a wrapper against openmpi
Jesus Checa Hidalgo f37731
    # so we set DT_RUNPATH to openmpi libs path
Jesus Checa Hidalgo f37731
    - /usr/lib/openmpi/lib
Jesus Checa Hidalgo f37731
    - /usr/lib64/openmpi/lib