compile AOSP with CodeQL

to-the-batmobile commented 3 years ago

Hi I'm trying to run CodeQL on AOSP with this command: codeql database create new-database --language=java --command='make services' but i'm getting this error while building: [build] /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: out/soong/.intermediates/external/libcxx/libc++_static/darwin_x86_64_static/libc++_static.a(cxa_unexpected.o) has no symbols [build] /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: out/soong/.intermediates/external/libcxx/libc++_static/darwin_x86_64_static/libc++_static.a(typeinfo.o) has no symbols [build] 17:09:55 Disallowed PATH tool "otool" used: []string{"otool", "-l", "/Volumes/v0/AOSP/new-database/working/copy-root/000001F7/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld.semmle.00013D12"} [build] 17:09:55 See https://android.googlesource.com/platform/build/+/master/Changes.md#PATH_Tools for more information. [build] 17:09:55 Process tree: [build] 17:09:55 → working/copy-root/000001F7/Volumes/v0/AOSP/out/soong_ui /Volumes/v0/AOSP/out/soong_ui -j1 --make-mode [build] 17:09:55 → prebuilts/build-tools/darwin-x86/bin/ninja -d keepdepfile --frontend_file out/.ninja_fifo services -j 1 -f out/combined-aosp_sargo.ninja -w dupbuild=err -w missingdepfile=err [build] 17:09:55 → prebuilts/clang/host/darwin-x86/clang-r353983c/bin/clang++.real @out/soong/.intermediates/external/libcxx/libc++/darwin_x86_64_shared/libc++.dylib.rsp -force_load out/soong/.intermediates/external/libcxx/libc++_static/darwin_x86_64_static/libc++_static.a -o out/soong/.intermediates/external/libcxx/libc++/darwin_x86_64_shared/libc++.dylib -dynamiclib -single_module -install_name @rpath/libc++.dylib -target x86_64-apple-darwin -B/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk -mmacosx-version-min=10.8 -m64 -ldl -lpthread -lm -nodefaultlibs -Wl,-undefined,dynamic_lookup -Wl,-rpath,@loader_path/../lib64 -Wl,-rpath,@loader_path/lib64 -nodefaultlibs -lc -lSystem -Wl,-unexported_symbols_list,external/libcxx/lib/libc++unexp.exp -Wl,-force_symbols_not_weak_list,external/libcxx/lib/notweak.exp -Wl,-force_symbols_weak_list,external/libcxx/lib/weak.exp [build] 17:09:55 → /usr/bin/python /Users/user/codeql-home/codeql/tools/osx64/relocator.py /Users/user/codeql-home/codeql/tools/osx64/unsign /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld /Volumes/v0/AOSP/new-database/working/copy-root/000001F7/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld.semmle.00013D12 /Volumes/v0/AOSP/new-database/working/copy-root/000001F7/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld [build] 17:09:55 → otool -l /Volumes/v0/AOSP/new-database/working/copy-root/000001F7/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld.semmle.00013D12 [build] [ 27% 878/3224] //external/libcxx:libc++ link libc++.dylib [darwin] [build] FAILED: out/soong/.intermediates/external/libcxx/libc++/darwin_x86_64_shared/libc++.dylib [build] prebuilts/clang/host/darwin-x86/clang-r353983c/bin/clang++ @out/soong/.intermediates/external/libcxx/libc++/darwin_x86_64_shared/libc++.dylib.rsp -force_load out/soong/.intermediates/external/libcxx/libc++_static/darwin_x86_64_static/libc++_static.a -o out/soong/.intermediates/external/libcxx/libc++/darwin_x86_64_shared/libc++.dylib -dynamiclib -single_module -install_name @rpath/libc++.dylib -target x86_64-apple-darwin -B/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk -mmacosx-version-min=10.8 -m64 -ldl -lpthread -lm -nodefaultlibs -Wl,-undefined,dynamic_lookup -Wl,-rpath,@loader_path/../lib64 -Wl,-rpath,@loader_path/lib64 -nodefaultlibs -lc -lSystem -Wl,-unexported_symbols_list,external/libcxx/lib/libc++unexp.exp -Wl,-force_symbols_not_weak_list,external/libcxx/lib/notweak.exp -Wl,-force_symbols_weak_list,external/libcxx/lib/weak.exp [build] dyld: Library not loaded: @rpath/libtapi.dylib [build] Referenced from: /Volumes/v0/AOSP/new-database/working/copy-root/000001F7/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld [build] Reason: image not found [build] clang-9: error: unable to execute command: Abort trap: 6 [build] clang-9: error: linker command failed due to signal (use -v to see invocation) [build] ninja: build stopped: subcommand failed. [build] 17:09:55 ninja failed with: exit status 1 [build-err] make: *** [run_soong_ui] Error 1 [ERROR] Spawned process exited abnormally (code 2; tried to run: [/Users/user/codeql-home/codeql/tools/osx64/preload_tracer, make, services]) A fatal error occurred: Exit status 2 from command: [make, services]

Thanks for your help in advance

matt-gretton-dann commented 3 years ago

Thank you very much for this report. To help triage can you please:

confirm which version of codeql you are using (codeql --version)
Provide information about the version of AOSP you are trying to build.

I note that macOS instructions for AOSP suggest building on a separate volume via a sparse disk-image due to case-sensitivity issues. If you are doing this can I suggest that you monitor the space available on this build volume as the CodeQL database will take a substantial amount of room. The CodeQL database does not need to live on the same volume as the build - so feel free to put it elsewhere (I usually use /tmp).

And finally, what happens if you run:

TEMPORARY_DISABLE_PATH_RESTRICTIONS=true codeql database create /tmp/new-database2 --language=java --command='make services'

(This disables some new restrictions AOSP is adding - see https://android.googlesource.com/platform/build/+/master/Changes.md#PATH_Tools).

to-the-batmobile commented 3 years ago

Hi Mat, thanks for the quick response! codeql --version: codeql --version CodeQL command-line toolchain release 2.3.1. For example, I'm trying to build android 10 r11. And I also compiled it successfully without codeql. This the result of your command, seems like the build succeeds but the finalizing process fails. `Finalizing database at /tmp/new-database2. [build-err] Scanning for files in /Volumes/v0/android-10.0.0_r11... [build-err] /tmp/new-database2: Indexing files in in /Volumes/v0/android-10.0.0_r11... [build-err] /tmp/new-database2: Running in /Volumes/v0/android-10.0.0_r11: [/Users/user/codeql-home/codeql/xml/tools/index-files.sh, /tmp/new-database2/working/files-to-index13111614080267729321.list] [build] [2020-10-20] [build] [2020-10-19 17:56:50] [ERROR] Parsing error in file /Volumes/v0/android-10.0.0_r11/development/samples/training/basic/FragmentBasics/AndroidManifest.xml [build] [2020-10-20] [build] com.ctc.wstx.exc.WstxParsingException: Illegal processing instruction target ("xml"); xml (case insensitive) is reserved by the specs.

[build] [2020-10-20] [build] at com.ctc.wstx.sr.StreamScanner.constructWfcException(StreamScanner.java:605) [build] [2020-10-20] [build] at com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:467) [build] [2020-10-20] [build] at com.ctc.wstx.sr.BasicStreamReader.readPIPrimary(BasicStreamReader.java:3917) [build] [2020-10-20] [build] at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2055) [build] [2020-10-20] [build] at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) [build] [2020-10-20] [build] at com.semmle.extractor.xml.StAXXmlPopulator.parse(StAXXmlPopulator.java:307) [build] [2020-10-20] [build] at com.semmle.extractor.xml.StAXXmlPopulator.doit(StAXXmlPopulator.java:192) [build] [2020-10-20] [build] at com.semmle.cli.XmlExtractor.extractFile(XmlExtractor.java:84) [build] [2020-10-20] [build] at com.semmle.cli.SimpleExtractor.extract(SimpleExtractor.java:156) [build] [2020-10-20] [build] at com.semmle.cli.SimpleExtractor.run(SimpleExtractor.java:52) [build] [2020-10-20] [build] at com.semmle.cli.XmlExtractor.main(XmlExtractor.java:29) [build] [2020-10-20] [build] 17:56:50.425 [main] ERROR com.semmle.extractor.xml.StAXXmlPopulator - Parsing error in file /Volumes/v0/android-10.0.0_r11/development/samples/training/basic/FragmentBasics/AndroidManifest.xml [build] [2020-10-20] [build] com.ctc.wstx.exc.WstxParsingException: Illegal processing instruction target ("xml"); xml (case insensitive) is reserved by the specs.

[build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [2020-10-20] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] [build] [2020-10-20] [build] at com.ctc.wstx.sr.StreamScanner.constructWfcException(StreamScanner.java:605) at com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:467) at com.ctc.wstx.sr.BasicStreamReader.readPIPrimary(BasicStreamReader.java:3917) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2055) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) at com.semmle.extractor.xml.StAXXmlPopulator.parse(StAXXmlPopulator.java:307) at com.semmle.extractor.xml.StAXXmlPopulator.doit(StAXXmlPopulator.java:192) at com.semmle.cli.XmlExtractor.extractFile(XmlExtractor.java:84) at com.semmle.cli.SimpleExtractor.extract(SimpleExtractor.java:156) at com.semmle.cli.SimpleExtractor.run(SimpleExtractor.java:52) at com.semmle.cli.XmlExtractor.main(XmlExtractor.java:29) [build] [2020-10-19 17:56:53] [ERROR] Parsing error in file /Volumes/v0/android-10.0.0_r11/tools/apkzlib/src/test/resources/testData/packaging/AndroidManifest.xml com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 start byte 0x9c (at char #5, byte #-1) at com.ctc.wstx.sr.StreamScanner.throwFromIOE(StreamScanner.java:683) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1086) at com.semmle.extractor.xml.StAXXmlPopulator.parse(StAXXmlPopulator.java:307) at com.semmle.extractor.xml.StAXXmlPopulator.doit(StAXXmlPopulator.java:81) at com.semmle.cli.XmlExtractor.extractFile(XmlExtractor.java:84) at com.semmle.cli.SimpleExtractor.extract(SimpleExtractor.java:156) at com.semmle.cli.SimpleExtractor.run(SimpleExtractor.java:52) at com.semmle.cli.XmlExtractor.main(XmlExtractor.java:29) Caused by: java.io.CharConversionException: Invalid UTF-8 start byte 0x9c (at char #5, byte #-1) at com.ctc.wstx.io.UTF8Reader.reportInvalidInitial(UTF8Reader.java:302) at com.ctc.wstx.io.UTF8Reader.read(UTF8Reader.java:188) at com.ctc.wstx.io.ReaderSource.readInto(ReaderSource.java:84) at com.ctc.wstx.io.BranchingReaderSource.readInto(BranchingReaderSource.java:57) at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:967) at com.ctc.wstx.sr.StreamScanner.getNext(StreamScanner.java:738) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:1995) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) ... 6 common frames omitted [build] 17:56:53.165 [main] ERROR com.semmle.extractor.xml.StAXXmlPopulator - Parsing error in file /Volumes/v0/android-10.0.0_r11/tools/apkzlib/src/test/resources/testData/packaging/AndroidManifest.xml [build] com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 start byte 0x9c (at char #5, byte #-1) at com.ctc.wstx.sr.StreamScanner.throwFromIOE(StreamScanner.java:683) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1086) at com.semmle.extractor.xml.StAXXmlPopulator.parse(StAXXmlPopulator.java:307) at com.semmle.extractor.xml.StAXXmlPopulator.doit(StAXXmlPopulator.java:81) at com.semmle.cli.XmlExtractor.extractFile(XmlExtractor.java:84) at com.semmle.cli.SimpleExtractor.extract(SimpleExtractor.java:156) at com.semmle.cli.SimpleExtractor.run(SimpleExtractor.java:52) at com.semmle.cli.XmlExtractor.main(XmlExtractor.java:29) [build] Caused by: java.io.CharConversionException: Invalid UTF-8 start byte 0x9c (at char #5, byte #-1) at com.ctc.wstx.io.UTF8Reader.reportInvalidInitial(UTF8Reader.java:302) at com.ctc.wstx.io.UTF8Reader.read(UTF8Reader.java:188) at com.ctc.wstx.io.ReaderSource.readInto(ReaderSource.java:84) at com.ctc.wstx.io.BranchingReaderSource.readInto(BranchingReaderSource.java:57) at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:967) at com.ctc.wstx.sr.StreamScanner.getNext(StreamScanner.java:738) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:1995) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) ... 6 common frames omitted`

matt-gretton-dann commented 3 years ago

Thank you for the update. I have managed to reproduce the original issue with AOSP master (Disallowed PATH tool) myself and have a fix in progress.

I have not managed to reproduce the second issue yet.

to-the-batmobile commented 3 years ago

Hi Matt, can I do something to help you reproduce the second issue?

matt-gretton-dann commented 3 years ago

@to-the-batmobile: I'm interested in the following behaviours:

What command does codeql database create think it is running? (Near the top of the output from codeql there will be a line:
```
Running command [.*] in .*.
```
I'd like to know what that says.
What is the disk usage like?
What happens if you add -j1 to the options you pass to the make command?

matt-gretton-dann commented 3 years ago

For reference here are the commands I have been using to try and reproduce (cribbed from https://source.android.com/setup):

# Install dependencies - Linux Only
sudo apt-get install git-core gnupg flex bison build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z1-dev libgl1-mesa-dev libxml2-utils xsltproc unzip fontconfig

# Set disk and install dependencies (macOS only)
hdiutil create -type SPARSE -fs 'Case-sensitive Journaled HFS+' -size 250g ~/android.dmg.sparseimage
brew install git gnupg2

# Install repo
LOCAL_BIN=$HOME/bin
mkdir -p ${LOCAL_BIN}
PATH=${LOCAL_BIN}:$PATH
curl https://storage.googleapis.com/git-repo-downloads/repo > ${LOCAL_BIN}/repo
chmod a+x ${LOCAL_BIN}/repo

# macOS setup for each session
hdiutil attach ~/android.dmg.sparseimage -mountpoint /Volumes/android;
ulimit -S -n 1024
cd /Volumes/android

# Download source
# Make sure you have >250 GB free....
mkdir aosp
cd aosp

repo init -u https://android.googlesource.com/platform/manifest

# The -j here really is limited by your network bandwidth...
repo sync -c -j4
# Make a cup of tea

# Do a build under CodeQL
source build/envsetup.sh
# For my checkout of AOSP `make` has been made an alias - the `-c` option here is an expansion of that alias.
codeql database create -l java -c "`pwd`/build/soong/soong_ui.bash --make-mode -j1 services" /tmp/aosp-db-java

to-the-batmobile commented 3 years ago

@matt-gretton-dann Hi, I tried your last command but I still get the same error, maybe it's a parsing issue that only exists in OSX?

to-the-batmobile commented 3 years ago

The disk usage is enough, I also compiled it successfully without codeql

hmakholm commented 3 years ago

(Note: Matt is out of office but may be able to get back to this next week).

to-the-batmobile commented 3 years ago

@hmakholm Thanks! is there a possibility that one of you guys may be able to take a quick look into this? I bet it's encoding/parsing-related issues... I'm trying to dig into the code and realize by myself but I think you might be able to also assist regarding this issue.

matt-gretton-dann commented 3 years ago

@to-the-batmobile : With apologies for the delay but I have finally managed to reproduce the behaviour you have seen.

The errors are can be safely ignored. The created database should still be usable and contain valid data.

The errors relate to parsing some *.xml files which aren't actually valid textual-XML files, and so the parser gets confused. This only affects those files, and not the rest of the database creation process.

I will discuss internally whether we can make the error messages in this case clearer.

scarletyyang commented 3 years ago

Hello @matt-gretton-dann!

I am following your instruction on comment 22 on how to create AOSP JAVA CodeQL database. But I am running this "No source code was seen during the build" error:

2021-05-12 18:13:33] Plumbing command codeql database trace-command completed.

[2021-05-12 18:13:33] [PROGRESS] database create> Finalizing database at /tmp/aosp-db2-java.

[2021-05-12 18:13:33] Running plumbing command: codeql database finalize --mode=normal -- /tmp/aosp-db2-java

[2021-05-12 18:13:33] [ERROR] database finalize> No source code was seen during the build.

                          This can occur if the specified build commands failed to compile or process any code.

                           - Confirm that there is some source code for the specified language in the project.

                           - For codebases written in Go, JavaScript, TypeScript, and Python, do not specify 

                             an explicit --command.

                           - For other languages, the --command must specify a "clean" build which compiles 

                             all the source code files without reusing existing build artefacts.

[2021-05-12 18:13:33] Plumbing command codeql database finalize completed with status 32.

[2021-05-12 18:13:33] Exiting with code 3

Wondering whether you have seen the similar error? Do you have any idea how to fix it?

Thank you a lot for your help!

adityasharad commented 3 years ago

Thanks @scarletyyang for reaching out here and privately: we'll try this out with the latest version of CodeQL and report back next week with guidance.

50tipsperpack commented 1 year ago

For reference here are the commands I have been using to try and reproduce (cribbed from https://source.android.com/setup):

# Install dependencies - Linux Only
sudo apt-get install git-core gnupg flex bison build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z1-dev libgl1-mesa-dev libxml2-utils xsltproc unzip fontconfig

# Set disk and install dependencies (macOS only)
hdiutil create -type SPARSE -fs 'Case-sensitive Journaled HFS+' -size 250g ~/android.dmg.sparseimage
brew install git gnupg2

# Install repo
LOCAL_BIN=$HOME/bin
mkdir -p ${LOCAL_BIN}
PATH=${LOCAL_BIN}:$PATH
curl https://storage.googleapis.com/git-repo-downloads/repo > ${LOCAL_BIN}/repo
chmod a+x ${LOCAL_BIN}/repo

# macOS setup for each session
hdiutil attach ~/android.dmg.sparseimage -mountpoint /Volumes/android;
ulimit -S -n 1024
cd /Volumes/android

# Download source
# Make sure you have >250 GB free....
mkdir aosp
cd aosp

repo init -u https://android.googlesource.com/platform/manifest

# The -j here really is limited by your network bandwidth...
repo sync -c -j4
# Make a cup of tea

# Do a build under CodeQL
source build/envsetup.sh
# For my checkout of AOSP `make` has been made an alias - the `-c` option here is an expansion of that alias.
codeql database create -l java -c "`pwd`/build/soong/soong_ui.bash --make-mode -j1 services" /tmp/aosp-db-java

why did you use the --make-mode?

when expanding the mm command what I get is: soong_ui.bash --build_mode

Have u found a way to disable soong build sandbox environment?

thanks

50tipsperpack commented 1 year ago

Thanks @scarletyyang for reaching out here and privately: we'll try this out with the latest version of CodeQL and report back next week with guidance.

HI, please any updates on this? creating a codeql db for AOSP still fails.

thanks

atorralba commented 1 year ago

The following build script has worked for us to extract AOSP 10 and 11 with CodeQL. Take it with a grain of salt!

# set CODEQL_DIST and CODEQL_DB accordingly

ANDROID_ROOT="$(pwd)"
CODEQL_BINARY="$CODEQL_DIST/codeql"
ALT_JAVAC_PATH=$(mktemp -p /tmp codeql-javac.XXXXXXX)
chmod +x "$ALT_JAVAC_PATH"
cat > "$ALT_JAVAC_PATH" <<EOF
#!/bin/bash

# strip arguments with spaces
args=()
for i in "\$@"; do
  if [[ "\$i" =~ " " ]];
  then
    echo -n
  else
    args+=("\$i")
  fi
done
echo
export _JAVA_OPTIONS="-Xmx80000M"
"$CODEQL_BINARY" database trace-command \
  "$CODEQL_DB" \
  "$ANDROID_ROOT/prebuilts/jdk/jdk11/linux-x86/bin/javac" -- \
  "\${args[@]}"
EOF
source build/envsetup.sh 
export ALTERNATE_JAVAC="$ALT_JAVAC_PATH"
mm clean
DISABLE_ARTIFACT_PATH_REQUIREMENTS=true m -j8 droid # set number of threads in -j accordingly

Make sure you set CODEQL_DIST to the location of your CodeQL install, and CODEQL_DB to the path of a new database created with something like codeql database init --language=java --begin-tracing --source-root=(aosp location) aosp_db.

github / codeql-cli-binaries

compile AOSP with CodeQL #47