---
inspections:
  # xml files shipped are GDB register set descriptions which can only be
  # verified with gdb/features/gdb-target.dtd, provided in GDB sources.
  xml: off

annocheck:
  # Ignore files built specially without hardening flags
  ignore:
    # Valgrind tools themselves (memcheck, cachegrind, massif, etc) are
    # statically linked and need to be built without PIE to be loaded at
    # a fixed address in the program's address space.
    # Also need to be built without stack protection so the generated
    # code (valgrind VEX jit) interacts correctly with their own static code.
    - /usr/libexec/valgrind/*-*-linux
    # Wrappers for various string and mem functions such as memcpy, strlen, etc
    # that valgrind uses to keep track of memory usage. Hardening settings such
    # as optimizations need to be disabled so they don't interfere or break
    # the checks that valgrind does internally.
    - /usr/libexec/valgrind/vgpreload*so
    # libmpiwrap is special since it is a LD_PRELOAD wrapper used by valgrind
    # memcheck for MPI using programs, the wrapper is against a specific MPI
    # implementation though, in our case openmpi. We don't want to have a hard
    # dependency on openmpi however, so a user can use the wrapper without
    # explicitly pulling in openmpi unless the program explicitly uses it.
    - /usr/lib*/openmpi/valgrind/libmpiwrap-*-linux.so

runpath:
  allowed_paths:
    # As described above, libmpiwrap is a wrapper against openmpi
    # so we set DT_RUNPATH to openmpi libs path
    - /usr/lib/openmpi/lib
    - /usr/lib64/openmpi/lib