Launch CFI for virtual calls on Linux x86-64.

This is the second incremental step towards the full CFI launch. In the first step, we enabled LinkTimeOptimization (LTO) for the official Chrome builds. In this step we add Control Flow Integrity checks for all virtual calls. The remaining part is to add bad-cast checks to ensure the forward-edge Control Flow Integrity works as planned. That remaining part will require more work on reducing the overhead for size and speed by these CFI checks, so we don't enable them right away. The expected Perf impact by this CL: - Chrome binary size is increased by 5%, - Some of the benchmarks are slowed down by up to 3.5%. Note that before making it slower, we made it faster by implementing virtual const propagation and a number of heuristics for automatic devirtualization in LLVM which sped up some layout benchmarks by up to 7% (see https://crbug.com/580389 and https://crbug.com/617283) If there's a higher (negative) impact, we'll be willing to roll this feature back, but please allow the Perf bots to work for a day or two to collect more detailed statistics on the regressions, as it will help us to identify ways to speed it up (most likely, by inventing new ways for automatic devirtualization). BUG=464797 Review-Url: https://codereview.chromium.org/2140373002 Cr-Original-Commit-Position: refs/heads/master@{#405894} Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src Cr-Mirrored-Commit: 01f474c48200a1e556a4cf668e2b5dbda0f38a6f
2016-07-15 16:19:05 -07:00 · 2016-07-15 16:19:05 -07:00 · 9fac0b7e49
--- a/common.gypi
+++ b/common.gypi
@ -848,7 +848,7 @@
 	# This requires LLVM Gold plugin to be downloaded.
        # See src/tools/clang/scripts/update.py
 	['OS=="linux" and target_arch=="x64" and buildtype=="Official" and branding=="Chrome" and chromeos==0', {
-           'use_lto%': 1,
+           'cfi_vptr%': 1,
        }],

        # Enable hotwording on Chrome-branded ChromeOS builds.
--- a/config/sanitizers/sanitizers.gni
+++ b/config/sanitizers/sanitizers.gni
@ -2,6 +2,8 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

+import("//build/config/chrome_build.gni")
+
 declare_args() {
  # Compile for Address Sanitizer to find memory bugs.
  is_asan = false
@ -46,8 +48,9 @@ declare_args() {
  # Compile with Control Flow Integrity to protect virtual calls and casts.
  # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
  #
-  # TODO(pcc): Remove this flag if/when CFI is enabled in official builds.
-  is_cfi = false
+  # TODO(pcc): Remove this flag if/when CFI is enabled in all official builds.
+  is_cfi = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
+           is_chrome_branded && is_official_build

  # Enable checks for bad casts: derived cast and unrelated cast.
  # TODO(krasin): remove this, when we're ready to add these checks by default.