|
Jesus Checa Hidalgo |
f37731 |
---
|
|
Jesus Checa Hidalgo |
f37731 |
inspections:
|
|
Jesus Checa Hidalgo |
f37731 |
# xml files shipped are GDB register set descriptions which can only be
|
|
Jesus Checa Hidalgo |
f37731 |
# verified with gdb/features/gdb-target.dtd, provided in GDB sources.
|
|
Jesus Checa Hidalgo |
f37731 |
xml: off
|
|
Jesus Checa Hidalgo |
f37731 |
|
|
Jesus Checa Hidalgo |
f37731 |
annocheck:
|
|
Mark Wielaard |
b9b4fa |
# Currently lto is disabled globally for valgrind, it should be able
|
|
Mark Wielaard |
b9b4fa |
# to be enabled through upstream configure --enable-lto in the future.
|
|
Mark Wielaard |
b9b4fa |
# Note that all (default fedora) flags need to be repeated here, if
|
|
Mark Wielaard |
b9b4fa |
# you override some config flags it will completely overwrite the
|
|
Mark Wielaard |
b9b4fa |
# defaults (--ignore-unknown --verbose).
|
|
Mark Wielaard |
b9b4fa |
- hardened: --ignore-unknown --verbose --skip-lto
|
|
Jesus Checa Hidalgo |
f37731 |
# Ignore files built specially without hardening flags
|
|
Jesus Checa Hidalgo |
f37731 |
ignore:
|
|
Jesus Checa Hidalgo |
f37731 |
# Valgrind tools themselves (memcheck, cachegrind, massif, etc) are
|
|
Jesus Checa Hidalgo |
f37731 |
# statically linked and need to be built without PIE to be loaded at
|
|
Jesus Checa Hidalgo |
f37731 |
# a fixed address in the program's address space.
|
|
Jesus Checa Hidalgo |
f37731 |
# Also need to be built without stack protection so the generated
|
|
Jesus Checa Hidalgo |
f37731 |
# code (valgrind VEX jit) interacts correctly with their own static code.
|
|
Jesus Checa Hidalgo |
f37731 |
- /usr/libexec/valgrind/*-*-linux
|
|
Jesus Checa Hidalgo |
f37731 |
# Wrappers for various string and mem functions such as memcpy, strlen, etc
|
|
Jesus Checa Hidalgo |
f37731 |
# that valgrind uses to keep track of memory usage. Hardening settings such
|
|
Jesus Checa Hidalgo |
f37731 |
# as optimizations need to be disabled so they don't interfere or break
|
|
Jesus Checa Hidalgo |
f37731 |
# the checks that valgrind does internally.
|
|
Jesus Checa Hidalgo |
f37731 |
- /usr/libexec/valgrind/vgpreload*so
|
|
Jesus Checa Hidalgo |
f37731 |
# libmpiwrap is special since it is a LD_PRELOAD wrapper used by valgrind
|
|
Jesus Checa Hidalgo |
f37731 |
# memcheck for MPI using programs, the wrapper is against a specific MPI
|
|
Jesus Checa Hidalgo |
f37731 |
# implementation though, in our case openmpi. We don't want to have a hard
|
|
Jesus Checa Hidalgo |
f37731 |
# dependency on openmpi however, so a user can use the wrapper without
|
|
Jesus Checa Hidalgo |
f37731 |
# explicitly pulling in openmpi unless the program explicitly uses it.
|
|
Jesus Checa Hidalgo |
f37731 |
- /usr/lib*/openmpi/valgrind/libmpiwrap-*-linux.so
|
|
Mark Wielaard |
b9b4fa |
# These static archives (to create custom valgrind tools) are only
|
|
Mark Wielaard |
b9b4fa |
# distributed in valgrind-tools-devel and don't have hardening flags
|
|
Mark Wielaard |
b9b4fa |
# for the same reason as the standard tools (see above).
|
|
Mark Wielaard |
b9b4fa |
- /usr/lib*/valgrind/*-*linux.a
|
|
Jesus Checa Hidalgo |
f37731 |
|
|
Jesus Checa Hidalgo |
f37731 |
runpath:
|
|
Jesus Checa Hidalgo |
f37731 |
allowed_paths:
|
|
Jesus Checa Hidalgo |
f37731 |
# As described above, libmpiwrap is a wrapper against openmpi
|
|
Jesus Checa Hidalgo |
f37731 |
# so we set DT_RUNPATH to openmpi libs path
|
|
Jesus Checa Hidalgo |
f37731 |
- /usr/lib/openmpi/lib
|
|
Jesus Checa Hidalgo |
f37731 |
- /usr/lib64/openmpi/lib
|