bytecodealliance · lum1n0us · Jan 14, 2026 · Jan 16, 2026 · Jan 16, 2026 · Jan 16, 2026
@@ -304,7 +304,7 @@ def main():
         "default": {
             "repo": "https://github.com/llvm/llvm-project.git",
             "repo_ssh": "git@github.com:llvm/llvm-project.git",
-            "branch": "release/18.x",
+            "branch": "llvmorg-18.1.8",
         },
     }
 

@@ -196,7 +196,10 @@ if (NOT WAMR_BUILD_SANITIZER STREQUAL "")
     message(FATAL_ERROR "Unsupported sanitizers: ${INVALID_SANITIZERS}")
   endif()
   # common flags for all sanitizers
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 -fno-omit-frame-pointer -fno-sanitize-recover=all")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 -fno-omit-frame-pointer -fno-sanitize-recover=all -fno-sanitize=alignment")
+  if(CMAKE_C_COMPILER_ID MATCHES ".*Clang")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize=unsigned-integer-overflow")
+  endif()
   if(SANITIZER_FLAGS)
     string(REPLACE ";" "," SANITIZER_FLAGS_STR "${SANITIZER_FLAGS}")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=${SANITIZER_FLAGS_STR}")

@@ -61,7 +61,6 @@ endfunction()
 # Below are the unsupported combinations checks
 # Please keep this list in sync with tests/unit/unsupported-features/CMakeLists.txt
 # and tests/wamr-test-suites/test_wamr.sh
-cmake_print_variables(WAMR_BUILD_INTERP WAMR_BUILD_FAST_INTERP WAMR_BUILD_JIT WAMR_BUILD_EXCE_HANDLING)
 
 if(WAMR_BUILD_EXCE_HANDLING EQUAL 1)
   check_aot_mode_error("Unsupported build configuration: EXCE_HANDLING + AOT")

@@ -172,21 +172,19 @@ set(IWASM_DIR ${REPO_ROOT_DIR}/core/iwasm)
 # Global setting
 add_compile_options(-Wno-unused-command-line-argument)
 
-# Enable fuzzer
-add_definitions(-DWASM_ENABLE_FUZZ_TEST=1)
-# '-fsanitize=vptr' not allowed with '-fno-rtti
-# But, LLVM by default, disables the use of `rtti` in the compiler
-add_compile_options(-fsanitize=fuzzer -fno-sanitize=vptr)
-add_link_options(-fsanitize=fuzzer -fno-sanitize=vptr)
-
 # Enable sanitizers if not in oss-fuzz environment
 set(CFLAGS_ENV $ENV{CFLAGS})
-string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" FUZZ_POS)
+  string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" FUZZ_POS)
 if (FUZZ_POS GREATER -1)
   set(IN_OSS_FUZZ 1)
 else()
   set(IN_OSS_FUZZ 0)
 endif()
 
+# Enable fuzzer
+add_definitions(-DWASM_ENABLE_FUZZ_TEST=1)
+
+include(${CMAKE_CURRENT_LIST_DIR}/sanitizer_flags.cmake)
+
 add_subdirectory(aot-compiler)
 add_subdirectory(wasm-mutator)
@@ -67,17 +67,5 @@ target_link_directories(aotclib PUBLIC ${LLVM_LIBRARY_DIR})
 
 target_link_libraries(aotclib PUBLIC ${REQUIRED_LLVM_LIBS})
 
-if(NOT IN_OSS_FUZZ)
-  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for aotclib")
-  target_compile_options(aotclib PUBLIC
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  target_link_options(aotclib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
-endif()
-
 add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc)
 target_link_libraries(aot_compiler_fuzz PRIVATE stdc++ aotclib)
@@ -0,0 +1,30 @@
+if(NOT IN_OSS_FUZZ)
+  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for vmlib")
+
+  add_compile_options(-fprofile-instr-generate -fcoverage-mapping)
+
+  #
+  # Sync up with the content of infra/base-images/base-builder/Dockerfile in oss-fuzz
+  #
+
+  # SANITIZER_FLAGS_address
+  add_compile_options(-fsanitize=address -fsanitize-address-use-after-scope)
+
+  # SANITIZER_FLAGS_undefined
+  add_compile_options(
+    -fsanitize=array-bounds,bool,builtin,enum,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr
+    -fno-sanitize-recover=array-bounds,bool,builtin,enum,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr
+  )
+
+  add_link_options(-fsanitize=address,undefined -fprofile-instr-generate)
+endif()
+
+# Always disable unsigned-integer-overflow 
+if(CMAKE_C_COMPILER_ID MATCHES ".*Clang")
+  add_compile_options(-fno-sanitize=unsigned-integer-overflow)
+endif()
+
+# '-fsanitize=vptr' not allowed with '-fno-rtti
+# But, LLVM by default, disables the use of `rtti` in the compiler
+add_compile_options(-fsanitize=fuzzer -fno-sanitize=vptr)
+add_link_options(-fsanitize=fuzzer -fno-sanitize=vptr)
@@ -6,43 +6,46 @@ if(CUSTOM_MUTATOR EQUAL 1)
 endif()
 
 # Set default build options with the ability to override from the command line
-if(NOT WAMR_BUILD_INTERP)
+if(NOT DEFINED WAMR_BUILD_INTERP)
   set(WAMR_BUILD_INTERP 1)
 endif()
 
-if(NOT WAMR_BUILD_AOT)
+if(NOT DEFINED WAMR_BUILD_AOT)
   set(WAMR_BUILD_AOT 1)
 endif()
 
-if(NOT WAMR_BUILD_JIT)
+if(NOT DEFINED WAMR_BUILD_JIT)
   set(WAMR_BUILD_JIT 0)
 endif()
 
-if(NOT WAMR_BUILD_LIBC_BUILTIN)
+if(NOT DEFINED WAMR_BUILD_LIBC_BUILTIN)
   set(WAMR_BUILD_LIBC_BUILTIN 0)
 endif()
 
-if(NOT WAMR_BUILD_LIBC_WASI)
+if(NOT DEFINED WAMR_BUILD_LIBC_WASI)
   set(WAMR_BUILD_LIBC_WASI 1)
 endif()
 
-if(NOT WAMR_BUILD_FAST_INTERP)
+if(NOT DEFINED WAMR_BUILD_FAST_INTERP)
   set(WAMR_BUILD_FAST_INTERP 1)
 endif()
 
-if(NOT WAMR_BUILD_MULTI_MODULE)
+if(NOT DEFINED WAMR_BUILD_MULTI_MODULE)
   set(WAMR_BUILD_MULTI_MODULE 0)
 endif()
 
-if(NOT WAMR_BUILD_LIB_PTHREAD)
+if(NOT DEFINED WAMR_BUILD_LIB_PTHREAD)
   set(WAMR_BUILD_LIB_PTHREAD 0)
 endif()
 
-if(NOT WAMR_BUILD_MINI_LOADER)
+if(NOT DEFINED WAMR_BUILD_MINI_LOADER)
   set(WAMR_BUILD_MINI_LOADER 0)
 endif()
 
-set(WAMR_BUILD_SIMD 1)
+if(NOT DEFINED WAMR_BUILD_SIMD)
+  set(WAMR_BUILD_SIMD 1)
+endif()
+
 set(WAMR_BUILD_REF_TYPES 1)
 set(WAMR_BUILD_GC 1)
 
@@ -56,15 +59,3 @@ target_link_libraries(vmlib PUBLIC ${REQUIRED_LLVM_LIBS})
 
 add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
 target_link_libraries(wasm_mutator_fuzz PRIVATE vmlib m)
-
-if(NOT IN_OSS_FUZZ)
-  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for vmlib")
-  target_compile_options(vmlib PUBLIC
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  target_link_options(vmlib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
-endif()