2023-03-10 20:02:29 +00:00
|
|
|
---
|
|
|
|
inspections:
|
|
|
|
# xml files shipped are GDB register set descriptions which can only be
|
|
|
|
# verified with gdb/features/gdb-target.dtd, provided in GDB sources.
|
|
|
|
xml: off
|
|
|
|
|
|
|
|
annocheck:
|
|
|
|
# Currently lto is disabled globally for valgrind, it should be able
|
|
|
|
# to be enabled through upstream configure --enable-lto in the future.
|
|
|
|
# Note that all (default hardened) flags need to be repeated here, if
|
|
|
|
# you override some config flags it will completely overwrite the
|
|
|
|
# defaults (--ignore-unknown --verbose).
|
|
|
|
jobs:
|
|
|
|
- hardened: --ignore-unknown --verbose --skip-lto
|
|
|
|
# Ignore files built specially without hardening flags
|
|
|
|
ignore:
|
|
|
|
# Valgrind tools themselves (memcheck, cachegrind, massif, etc) are
|
|
|
|
# statically linked and need to be built without PIE to be loaded at
|
|
|
|
# a fixed address in the program's address space.
|
|
|
|
# Also need to be built without stack protection so the generated
|
|
|
|
# code (valgrind VEX jit) interacts correctly with their own static code.
|
|
|
|
- /usr/libexec/valgrind/*-*-linux
|
|
|
|
# Wrappers for various string and mem functions such as memcpy, strlen, etc
|
|
|
|
# that valgrind uses to keep track of memory usage. Hardening settings such
|
|
|
|
# as optimizations need to be disabled so they don't interfere or break
|
|
|
|
# the checks that valgrind does internally.
|
|
|
|
- /usr/libexec/valgrind/vgpreload*so
|
2023-04-24 14:29:47 +00:00
|
|
|
|
|
|
|
debuginfo:
|
|
|
|
ignore:
|
|
|
|
# We add the debuginfo to vgpreload libraries because we want to show the
|
|
|
|
# user exactly where the issue is, which we cannot without always having
|
|
|
|
# the symtab around. The vgpreload libraries are really tiny, so it doesn't
|
|
|
|
# have a big impact on the package size.
|
|
|
|
- /usr/libexec/valgrind/vgpreload*.so
|