1//===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8#include "clang/Driver/SanitizerArgs.h"
9#include "clang/Basic/Sanitizers.h"
10#include "clang/Driver/Driver.h"
11#include "clang/Driver/Options.h"
12#include "clang/Driver/ToolChain.h"
13#include "llvm/ADT/SmallVector.h"
14#include "llvm/ADT/StringRef.h"
15#include "llvm/ADT/StringSwitch.h"
16#include "llvm/Support/Path.h"
17#include "llvm/Support/SpecialCaseList.h"
18#include "llvm/Support/VirtualFileSystem.h"
19#include "llvm/TargetParser/AArch64TargetParser.h"
20#include "llvm/TargetParser/RISCVTargetParser.h"
21#include "llvm/TargetParser/TargetParser.h"
22#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
23#include <memory>
24
25using namespace clang;
26using namespace clang::driver;
27using namespace llvm::opt;
28
29static const SanitizerMask NeedsUbsanRt =
30 SanitizerKind::Undefined | SanitizerKind::Integer |
31 SanitizerKind::LocalBounds | SanitizerKind::ImplicitConversion |
32 SanitizerKind::Nullability | SanitizerKind::CFI |
33 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast |
34 SanitizerKind::Vptr;
35static const SanitizerMask NeedsUbsanCxxRt =
36 SanitizerKind::Vptr | SanitizerKind::CFI;
37static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
38static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr;
39static const SanitizerMask NotAllowedWithExecuteOnly =
40 SanitizerKind::Function | SanitizerKind::KCFI;
41static const SanitizerMask NeedsUnwindTables =
42 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Type |
43 SanitizerKind::Thread | SanitizerKind::Memory | SanitizerKind::DataFlow |
44 SanitizerKind::NumericalStability;
45static const SanitizerMask SupportsCoverage =
46 SanitizerKind::Address | SanitizerKind::HWAddress |
47 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
48 SanitizerKind::Type | SanitizerKind::MemtagStack |
49 SanitizerKind::MemtagHeap | SanitizerKind::MemtagGlobals |
50 SanitizerKind::Memory | SanitizerKind::KernelMemory | SanitizerKind::Leak |
51 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
52 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
53 SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
54 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
55 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
56 SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI |
57 SanitizerKind::NumericalStability | SanitizerKind::Vptr |
58 SanitizerKind::CFI;
59static const SanitizerMask RecoverableByDefault =
60 SanitizerKind::Undefined | SanitizerKind::Integer |
61 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
62 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast |
63 SanitizerKind::Vptr;
64static const SanitizerMask Unrecoverable =
65 SanitizerKind::Unreachable | SanitizerKind::Return;
66static const SanitizerMask AlwaysRecoverable = SanitizerKind::KernelAddress |
67 SanitizerKind::KernelHWAddress |
68 SanitizerKind::KCFI;
69static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
70static const SanitizerMask TrappingSupported =
71 SanitizerKind::Undefined | SanitizerKind::Integer |
72 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
73 SanitizerKind::LocalBounds | SanitizerKind::CFI |
74 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
75static const SanitizerMask MergeDefault =
76 SanitizerKind::Undefined | SanitizerKind::Vptr;
77static const SanitizerMask TrappingDefault =
78 SanitizerKind::CFI | SanitizerKind::LocalBounds;
79static const SanitizerMask AnnotateDebugInfoDefault;
80static const SanitizerMask CFIClasses =
81 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall |
82 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast |
83 SanitizerKind::CFIUnrelatedCast;
84static const SanitizerMask CompatibleWithMinimalRuntime =
85 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack |
86 SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap |
87 SanitizerKind::MemtagGlobals | SanitizerKind::KCFI;
88
89enum CoverageFeature {
90 CoverageFunc = 1 << 0,
91 CoverageBB = 1 << 1,
92 CoverageEdge = 1 << 2,
93 CoverageIndirCall = 1 << 3,
94 CoverageTraceBB = 1 << 4, // Deprecated.
95 CoverageTraceCmp = 1 << 5,
96 CoverageTraceDiv = 1 << 6,
97 CoverageTraceGep = 1 << 7,
98 Coverage8bitCounters = 1 << 8, // Deprecated.
99 CoverageTracePC = 1 << 9,
100 CoverageTracePCGuard = 1 << 10,
101 CoverageNoPrune = 1 << 11,
102 CoverageInline8bitCounters = 1 << 12,
103 CoveragePCTable = 1 << 13,
104 CoverageStackDepth = 1 << 14,
105 CoverageInlineBoolFlag = 1 << 15,
106 CoverageTraceLoads = 1 << 16,
107 CoverageTraceStores = 1 << 17,
108 CoverageControlFlow = 1 << 18,
109};
110
111enum BinaryMetadataFeature {
112 BinaryMetadataCovered = 1 << 0,
113 BinaryMetadataAtomics = 1 << 1,
114 BinaryMetadataUAR = 1 << 2,
115};
116
117/// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
118/// invalid components. Returns a SanitizerMask.
119static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
120 bool DiagnoseErrors);
121
122/// Parse a -fsanitize=<sanitizer1>=<value1>... or -fno-sanitize= argument's
123/// values, diagnosing any invalid components.
124/// Cutoffs are stored in the passed parameter.
125static void parseArgCutoffs(const Driver &D, const llvm::opt::Arg *A,
126 bool DiagnoseErrors, SanitizerMaskCutoffs &Cutoffs);
127
128/// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
129/// components. Returns OR of members of \c CoverageFeature enumeration.
130static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
131 bool DiagnoseErrors);
132
133/// Parse -fsanitize-undefined-ignore-overflow-pattern= flag values, diagnosing
134/// any invalid values. Returns a mask of excluded overflow patterns.
135static int parseOverflowPatternExclusionValues(const Driver &D,
136 const llvm::opt::Arg *A,
137 bool DiagnoseErrors);
138
139/// Parse -f(no-)?sanitize-metadata= flag values, diagnosing any invalid
140/// components. Returns OR of members of \c BinaryMetadataFeature enumeration.
141static int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
142 bool DiagnoseErrors);
143
144/// Produce an argument string from ArgList \p Args, which shows how it
145/// provides some sanitizer kind from \p Mask. For example, the argument list
146/// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
147/// would produce "-fsanitize=vptr".
148static std::string lastArgumentForMask(const Driver &D,
149 const llvm::opt::ArgList &Args,
150 SanitizerMask Mask);
151
152/// Produce an argument string from argument \p A, which shows how it provides
153/// a value in \p Mask. For instance, the argument
154/// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
155/// "-fsanitize=alignment".
156static std::string describeSanitizeArg(const llvm::opt::Arg *A,
157 SanitizerMask Mask);
158
159/// Produce a string containing comma-separated names of sanitizers in \p
160/// Sanitizers set.
161static std::string toString(const clang::SanitizerSet &Sanitizers);
162
163/// Produce a string containing comma-separated names of sanitizers and
164/// sanitizer groups in \p Sanitizers set.
165static std::string toStringWithGroups(const clang::SanitizerSet &Sanitizers);
166
167/// Return true if an execute-only target disallows data access to code
168/// sections.
169static bool isExecuteOnlyTarget(const llvm::Triple &Triple,
170 const llvm::opt::ArgList &Args) {
171 if (Triple.isPS5())
172 return true;
173 return Args.hasFlagNoClaim(options::Pos: OPT_mexecute_only,
174 options::Neg: OPT_mno_execute_only, Default: false);
175}
176
177static void validateSpecialCaseListFormat(const Driver &D,
178 std::vector<std::string> &SCLFiles,
179 unsigned MalformedSCLErrorDiagID,
180 bool DiagnoseErrors) {
181 if (SCLFiles.empty())
182 return;
183
184 std::string BLError;
185 std::unique_ptr<llvm::SpecialCaseList> SCL(
186 llvm::SpecialCaseList::create(Paths: SCLFiles, FS&: D.getVFS(), Error&: BLError));
187 if (!SCL && DiagnoseErrors)
188 D.Diag(DiagID: MalformedSCLErrorDiagID) << BLError;
189}
190
191static void addDefaultIgnorelists(const Driver &D, SanitizerMask Kinds,
192 std::vector<std::string> &IgnorelistFiles,
193 bool DiagnoseErrors) {
194 struct Ignorelist {
195 const char *File;
196 SanitizerMask Mask;
197 } Ignorelists[] = {{.File: "asan_ignorelist.txt", .Mask: SanitizerKind::Address},
198 {.File: "hwasan_ignorelist.txt", .Mask: SanitizerKind::HWAddress},
199 {.File: "memtag_ignorelist.txt", .Mask: SanitizerKind::MemTag},
200 {.File: "msan_ignorelist.txt", .Mask: SanitizerKind::Memory},
201 {.File: "nsan_ignorelist.txt", .Mask: SanitizerKind::NumericalStability},
202 {.File: "tsan_ignorelist.txt", .Mask: SanitizerKind::Thread},
203 {.File: "tysan_blacklist.txt", .Mask: SanitizerKind::Type},
204 {.File: "dfsan_abilist.txt", .Mask: SanitizerKind::DataFlow},
205 {.File: "cfi_ignorelist.txt", .Mask: SanitizerKind::CFI},
206 {.File: "ubsan_ignorelist.txt",
207 .Mask: SanitizerKind::Undefined | SanitizerKind::Vptr |
208 SanitizerKind::Integer | SanitizerKind::Nullability |
209 SanitizerKind::FloatDivideByZero}};
210
211 for (auto BL : Ignorelists) {
212 if (!(Kinds & BL.Mask))
213 continue;
214
215 clang::SmallString<64> Path(D.ResourceDir);
216 llvm::sys::path::append(path&: Path, a: "share", b: BL.File);
217 if (D.getVFS().exists(Path))
218 IgnorelistFiles.push_back(x: std::string(Path));
219 else if (BL.Mask == SanitizerKind::CFI && DiagnoseErrors)
220 // If cfi_ignorelist.txt cannot be found in the resource dir, driver
221 // should fail.
222 D.Diag(clang::diag::DiagID: err_drv_missing_sanitizer_ignorelist) << Path;
223 }
224 validateSpecialCaseListFormat(
225 D, IgnorelistFiles, clang::diag::err_drv_malformed_sanitizer_ignorelist,
226 DiagnoseErrors);
227}
228
229/// Parse -f(no-)?sanitize-(coverage-)?(allow|ignore)list argument's values,
230/// diagnosing any invalid file paths and validating special case list format.
231static void parseSpecialCaseListArg(const Driver &D,
232 const llvm::opt::ArgList &Args,
233 std::vector<std::string> &SCLFiles,
234 llvm::opt::OptSpecifier SCLOptionID,
235 llvm::opt::OptSpecifier NoSCLOptionID,
236 unsigned MalformedSCLErrorDiagID,
237 bool DiagnoseErrors) {
238 for (const auto *Arg : Args) {
239 // Match -fsanitize-(coverage-)?(allow|ignore)list.
240 if (Arg->getOption().matches(ID: SCLOptionID)) {
241 Arg->claim();
242 std::string SCLPath = Arg->getValue();
243 if (D.getVFS().exists(Path: SCLPath)) {
244 SCLFiles.push_back(x: SCLPath);
245 } else if (DiagnoseErrors) {
246 D.Diag(clang::diag::DiagID: err_drv_no_such_file) << SCLPath;
247 }
248 // Match -fno-sanitize-ignorelist.
249 } else if (Arg->getOption().matches(ID: NoSCLOptionID)) {
250 Arg->claim();
251 SCLFiles.clear();
252 }
253 }
254 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID,
255 DiagnoseErrors);
256}
257
258/// Sets group bits for every group that has at least one representative already
259/// enabled in \p Kinds.
260static SanitizerMask setGroupBits(SanitizerMask Kinds) {
261#define SANITIZER(NAME, ID)
262#define SANITIZER_GROUP(NAME, ID, ALIAS) \
263 if (Kinds & SanitizerKind::ID) \
264 Kinds |= SanitizerKind::ID##Group;
265#include "clang/Basic/Sanitizers.def"
266 return Kinds;
267}
268
269// Computes the sanitizer mask as:
270// Default + Arguments (in or out) + AlwaysIn - AlwaysOut
271// with arguments parsed from left to right.
272static SanitizerMask
273parseSanitizeArgs(const Driver &D, const llvm::opt::ArgList &Args,
274 bool DiagnoseErrors, SanitizerMask Default,
275 SanitizerMask AlwaysIn, SanitizerMask AlwaysOut, int OptInID,
276 int OptOutID) {
277 assert(!(AlwaysIn & AlwaysOut) &&
278 "parseSanitizeArgs called with contradictory in/out requirements");
279
280 SanitizerMask Output = Default;
281 // Keep track of which violations we have already reported, to avoid
282 // duplicate error messages.
283 SanitizerMask DiagnosedAlwaysInViolations;
284 SanitizerMask DiagnosedAlwaysOutViolations;
285 for (const auto *Arg : Args) {
286 if (Arg->getOption().matches(ID: OptInID)) {
287 SanitizerMask Add = parseArgValues(D, A: Arg, DiagnoseErrors);
288 // Report error if user explicitly tries to opt-in to an always-out
289 // sanitizer.
290 if (SanitizerMask KindsToDiagnose =
291 Add & AlwaysOut & ~DiagnosedAlwaysOutViolations) {
292 if (DiagnoseErrors) {
293 SanitizerSet SetToDiagnose;
294 SetToDiagnose.Mask |= KindsToDiagnose;
295 D.Diag(diag::DiagID: err_drv_unsupported_option_argument)
296 << Arg->getSpelling() << toStringWithGroups(Sanitizers: SetToDiagnose);
297 DiagnosedAlwaysOutViolations |= KindsToDiagnose;
298 }
299 }
300 Output |= expandSanitizerGroups(Kinds: Add);
301 Arg->claim();
302 } else if (Arg->getOption().matches(ID: OptOutID)) {
303 SanitizerMask Remove = parseArgValues(D, A: Arg, DiagnoseErrors);
304 // Report error if user explicitly tries to opt-out of an always-in
305 // sanitizer.
306 if (SanitizerMask KindsToDiagnose =
307 Remove & AlwaysIn & ~DiagnosedAlwaysInViolations) {
308 if (DiagnoseErrors) {
309 SanitizerSet SetToDiagnose;
310 SetToDiagnose.Mask |= KindsToDiagnose;
311 D.Diag(diag::DiagID: err_drv_unsupported_option_argument)
312 << Arg->getSpelling() << toStringWithGroups(Sanitizers: SetToDiagnose);
313 DiagnosedAlwaysInViolations |= KindsToDiagnose;
314 }
315 }
316 Output &= ~expandSanitizerGroups(Kinds: Remove);
317 Arg->claim();
318 }
319 }
320
321 Output |= AlwaysIn;
322 Output &= ~AlwaysOut;
323
324 return Output;
325}
326
327static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
328 const llvm::opt::ArgList &Args,
329 bool DiagnoseErrors) {
330 SanitizerMask AlwaysTrap; // Empty
331 SanitizerMask NeverTrap = ~(setGroupBits(TrappingSupported));
332
333 return parseSanitizeArgs(D, Args, DiagnoseErrors, TrappingDefault, AlwaysTrap,
334 NeverTrap, options::OPT_fsanitize_trap_EQ,
335 options::OPT_fno_sanitize_trap_EQ);
336}
337
338static SanitizerMaskCutoffs
339parseSanitizeSkipHotCutoffArgs(const Driver &D, const llvm::opt::ArgList &Args,
340 bool DiagnoseErrors) {
341 SanitizerMaskCutoffs Cutoffs;
342 for (const auto *Arg : Args)
343 if (Arg->getOption().matches(options::ID: OPT_fsanitize_skip_hot_cutoff_EQ)) {
344 Arg->claim();
345 parseArgCutoffs(D, A: Arg, DiagnoseErrors, Cutoffs);
346 }
347
348 return Cutoffs;
349}
350
351bool SanitizerArgs::needsFuzzerInterceptors() const {
352 return needsFuzzer() && !needsAsanRt() && !needsTsanRt() && !needsMsanRt();
353}
354
355bool SanitizerArgs::needsUbsanRt() const {
356 // All of these include ubsan.
357 if (needsAsanRt() || needsMsanRt() || needsNsanRt() || needsHwasanRt() ||
358 needsTsanRt() || needsDfsanRt() || needsLsanRt() ||
359 needsCfiCrossDsoDiagRt() || (needsScudoRt() && !requiresMinimalRuntime()))
360 return false;
361
362 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
363 CoverageFeatures;
364}
365
366bool SanitizerArgs::needsUbsanCXXRt() const {
367 // Link UBSAN C++ runtime very selectively, as it's needed in only very
368 // specific cases, but forces the program to depend on C++ ABI. UBSAN C++
369 // runtime is not included with other sanitizers.
370 return static_cast<bool>(Sanitizers.Mask & NeedsUbsanCxxRt &
371 ~TrapSanitizers.Mask);
372}
373
374bool SanitizerArgs::needsCfiCrossDsoRt() const {
375 // Diag runtime includes cross dso runtime.
376 return !needsCfiCrossDsoDiagRt() && CfiCrossDso && !ImplicitCfiRuntime;
377}
378
379bool SanitizerArgs::needsCfiCrossDsoDiagRt() const {
380 // UBSsan handles CFI diagnostics without cross-DSO suppport.
381 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
382 CfiCrossDso && !ImplicitCfiRuntime;
383}
384
385bool SanitizerArgs::requiresPIE() const { return NeedPIE; }
386
387bool SanitizerArgs::needsUnwindTables() const {
388 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables);
389}
390
391bool SanitizerArgs::needsLTO() const {
392 return static_cast<bool>(Sanitizers.Mask & NeedsLTO);
393}
394
395SanitizerArgs::SanitizerArgs(const ToolChain &TC,
396 const llvm::opt::ArgList &Args,
397 bool DiagnoseErrors) {
398 SanitizerMask AllRemove; // During the loop below, the accumulated set of
399 // sanitizers disabled by the current sanitizer
400 // argument or any argument after it.
401 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by
402 // -fsanitize= flags (directly or via group
403 // expansion), some of which may be disabled
404 // later. Used to carefully prune
405 // unused-argument diagnostics.
406 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now.
407 // Used to deduplicate diagnostics.
408 SanitizerMask Kinds;
409 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
410
411 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
412 options::OPT_fno_sanitize_cfi_cross_dso, false);
413
414 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
415
416 const Driver &D = TC.getDriver();
417 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args, DiagnoseErrors);
418 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
419
420 MinimalRuntime =
421 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
422 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
423
424 // The object size sanitizer should not be enabled at -O0.
425 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
426 bool RemoveObjectSizeAtO0 =
427 !OptLevel || OptLevel->getOption().matches(options::ID: OPT_O0);
428
429 for (const llvm::opt::Arg *Arg : llvm::reverse(C: Args)) {
430 if (Arg->getOption().matches(options::ID: OPT_fsanitize_EQ)) {
431 Arg->claim();
432 SanitizerMask Add = parseArgValues(D, A: Arg, DiagnoseErrors);
433
434 if (RemoveObjectSizeAtO0) {
435 AllRemove |= SanitizerKind::ObjectSize;
436
437 // The user explicitly enabled the object size sanitizer. Warn
438 // that this does nothing at -O0.
439 if ((Add & SanitizerKind::ObjectSize) && DiagnoseErrors)
440 D.Diag(diag::DiagID: warn_drv_object_size_disabled_O0)
441 << Arg->getAsString(Args);
442 }
443
444 AllAddedKinds |= expandSanitizerGroups(Kinds: Add);
445
446 // Avoid diagnosing any sanitizer which is disabled later.
447 Add &= ~AllRemove;
448 // At this point we have not expanded groups, so any unsupported
449 // sanitizers in Add are those which have been explicitly enabled.
450 // Diagnose them.
451 if (SanitizerMask KindsToDiagnose =
452 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
453 if (DiagnoseErrors) {
454 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
455 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
456 << Desc << "-fsanitize-trap=undefined";
457 }
458 DiagnosedKinds |= KindsToDiagnose;
459 }
460 Add &= ~InvalidTrappingKinds;
461
462 if (MinimalRuntime) {
463 if (SanitizerMask KindsToDiagnose =
464 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
465 if (DiagnoseErrors) {
466 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
467 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
468 << Desc << "-fsanitize-minimal-runtime";
469 }
470 DiagnosedKinds |= KindsToDiagnose;
471 }
472 Add &= ~NotAllowedWithMinimalRuntime;
473 }
474
475 if (llvm::opt::Arg *A = Args.getLastArg(options::OPT_mcmodel_EQ)) {
476 StringRef CM = A->getValue();
477 if (CM != "small" &&
478 (Add & SanitizerKind::Function & ~DiagnosedKinds)) {
479 if (DiagnoseErrors)
480 D.Diag(diag::DiagID: err_drv_argument_only_allowed_with)
481 << "-fsanitize=function"
482 << "-mcmodel=small";
483 Add &= ~SanitizerKind::Function;
484 DiagnosedKinds |= SanitizerKind::Function;
485 }
486 }
487 // -fsanitize=function and -fsanitize=kcfi instrument indirect function
488 // calls to load a type hash before the function label. Therefore, an
489 // execute-only target doesn't support the function and kcfi sanitizers.
490 const llvm::Triple &Triple = TC.getTriple();
491 if (isExecuteOnlyTarget(Triple, Args)) {
492 if (SanitizerMask KindsToDiagnose =
493 Add & NotAllowedWithExecuteOnly & ~DiagnosedKinds) {
494 if (DiagnoseErrors) {
495 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
496 llvm::opt::Arg *A = Args.getLastArgNoClaim(
497 options::OPT_mexecute_only, options::OPT_mno_execute_only);
498 if (A && A->getOption().matches(options::ID: OPT_mexecute_only))
499 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
500 << Desc << A->getAsString(Args);
501 else
502 D.Diag(diag::DiagID: err_drv_unsupported_opt_for_target)
503 << Desc << Triple.str();
504 }
505 DiagnosedKinds |= KindsToDiagnose;
506 }
507 Add &= ~NotAllowedWithExecuteOnly;
508 }
509
510 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
511 // There are currently two problems:
512 // - Virtual function call checks need to pass a pointer to the function
513 // address to llvm.type.test and a pointer to the address point to the
514 // diagnostic function. Currently we pass the same pointer to both
515 // places.
516 // - Non-virtual function call checks may need to check multiple type
517 // identifiers.
518 // Fixing both of those may require changes to the cross-DSO CFI
519 // interface.
520 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) {
521 if (DiagnoseErrors)
522 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
523 << "-fsanitize=cfi-mfcall"
524 << "-fsanitize-cfi-cross-dso";
525 Add &= ~SanitizerKind::CFIMFCall;
526 DiagnosedKinds |= SanitizerKind::CFIMFCall;
527 }
528
529 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
530 if (DiagnoseErrors) {
531 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
532 D.Diag(diag::DiagID: err_drv_unsupported_opt_for_target)
533 << Desc << TC.getTriple().str();
534 }
535 DiagnosedKinds |= KindsToDiagnose;
536 }
537 Add &= Supported;
538
539 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
540 // so we don't error out if -fno-rtti and -fsanitize=undefined were
541 // passed.
542 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
543 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
544 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
545 "RTTI disabled without -fno-rtti option?");
546 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
547 // the vptr sanitizer requires RTTI, so this is a user error.
548 if (DiagnoseErrors)
549 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
550 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
551 } else {
552 // The vptr sanitizer requires RTTI, but RTTI is disabled (by
553 // default). Warn that the vptr sanitizer is being disabled.
554 if (DiagnoseErrors)
555 D.Diag(diag::DiagID: warn_drv_disabling_vptr_no_rtti_default);
556 }
557
558 // Take out the Vptr sanitizer from the enabled sanitizers
559 AllRemove |= SanitizerKind::Vptr;
560 }
561
562 Add = expandSanitizerGroups(Kinds: Add);
563 // Group expansion may have enabled a sanitizer which is disabled later.
564 Add &= ~AllRemove;
565 // Silently discard any unsupported sanitizers implicitly enabled through
566 // group expansion.
567 Add &= ~InvalidTrappingKinds;
568 if (MinimalRuntime) {
569 Add &= ~NotAllowedWithMinimalRuntime;
570 }
571 // NotAllowedWithExecuteOnly is silently discarded on an execute-only
572 // target if implicitly enabled through group expansion.
573 if (isExecuteOnlyTarget(Triple, Args))
574 Add &= ~NotAllowedWithExecuteOnly;
575 if (CfiCrossDso)
576 Add &= ~SanitizerKind::CFIMFCall;
577 // -fsanitize=undefined does not expand to signed-integer-overflow in
578 // -fwrapv (implied by -fno-strict-overflow) mode.
579 if (Add & SanitizerKind::UndefinedGroup) {
580 bool S = Args.hasFlagNoClaim(options::Pos: OPT_fno_strict_overflow,
581 options::Neg: OPT_fstrict_overflow, Default: false);
582 if (Args.hasFlagNoClaim(options::Pos: OPT_fwrapv, options::Neg: OPT_fno_wrapv, Default: S))
583 Add &= ~SanitizerKind::SignedIntegerOverflow;
584 if (Args.hasFlagNoClaim(options::Pos: OPT_fwrapv_pointer,
585 options::Neg: OPT_fno_wrapv_pointer, Default: S))
586 Add &= ~SanitizerKind::PointerOverflow;
587 }
588 Add &= Supported;
589
590 if (Add & SanitizerKind::Fuzzer)
591 Add |= SanitizerKind::FuzzerNoLink;
592
593 // Enable coverage if the fuzzing flag is set.
594 if (Add & SanitizerKind::FuzzerNoLink) {
595 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
596 CoverageTraceCmp | CoveragePCTable;
597 // Due to TLS differences, stack depth tracking is only enabled on Linux
598 if (TC.getTriple().isOSLinux())
599 CoverageFeatures |= CoverageStackDepth;
600 }
601
602 Kinds |= Add;
603 } else if (Arg->getOption().matches(options::ID: OPT_fno_sanitize_EQ)) {
604 Arg->claim();
605 SanitizerMask Remove = parseArgValues(D, A: Arg, DiagnoseErrors);
606 AllRemove |= expandSanitizerGroups(Kinds: Remove);
607 }
608 }
609
610 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
611 std::make_pair(x: SanitizerKind::Address,
612 y: SanitizerKind::Thread | SanitizerKind::Memory),
613 std::make_pair(x: SanitizerKind::Type,
614 y: SanitizerKind::Address | SanitizerKind::KernelAddress |
615 SanitizerKind::Memory | SanitizerKind::Leak |
616 SanitizerKind::Thread | SanitizerKind::KernelAddress),
617 std::make_pair(x: SanitizerKind::Thread, y: SanitizerKind::Memory),
618 std::make_pair(x: SanitizerKind::Leak,
619 y: SanitizerKind::Thread | SanitizerKind::Memory),
620 std::make_pair(x: SanitizerKind::KernelAddress,
621 y: SanitizerKind::Address | SanitizerKind::Leak |
622 SanitizerKind::Thread | SanitizerKind::Memory),
623 std::make_pair(x: SanitizerKind::HWAddress,
624 y: SanitizerKind::Address | SanitizerKind::Thread |
625 SanitizerKind::Memory | SanitizerKind::KernelAddress),
626 std::make_pair(x: SanitizerKind::Scudo,
627 y: SanitizerKind::Address | SanitizerKind::HWAddress |
628 SanitizerKind::Leak | SanitizerKind::Thread |
629 SanitizerKind::Memory | SanitizerKind::KernelAddress),
630 std::make_pair(x: SanitizerKind::SafeStack,
631 y: (TC.getTriple().isOSFuchsia() ? SanitizerMask()
632 : SanitizerKind::Leak) |
633 SanitizerKind::Address | SanitizerKind::HWAddress |
634 SanitizerKind::Thread | SanitizerKind::Memory |
635 SanitizerKind::KernelAddress),
636 std::make_pair(x: SanitizerKind::KernelHWAddress,
637 y: SanitizerKind::Address | SanitizerKind::HWAddress |
638 SanitizerKind::Leak | SanitizerKind::Thread |
639 SanitizerKind::Memory | SanitizerKind::KernelAddress |
640 SanitizerKind::SafeStack),
641 std::make_pair(x: SanitizerKind::KernelMemory,
642 y: SanitizerKind::Address | SanitizerKind::HWAddress |
643 SanitizerKind::Leak | SanitizerKind::Thread |
644 SanitizerKind::Memory | SanitizerKind::KernelAddress |
645 SanitizerKind::Scudo | SanitizerKind::SafeStack),
646 std::make_pair(x: SanitizerKind::MemTag, y: SanitizerKind::Address |
647 SanitizerKind::KernelAddress |
648 SanitizerKind::HWAddress |
649 SanitizerKind::KernelHWAddress),
650 std::make_pair(x: SanitizerKind::KCFI, y: SanitizerKind::Function),
651 std::make_pair(x: SanitizerKind::Realtime,
652 y: SanitizerKind::Address | SanitizerKind::Thread |
653 SanitizerKind::Undefined | SanitizerKind::Memory)};
654
655 // Enable toolchain specific default sanitizers if not explicitly disabled.
656 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
657
658 // Disable default sanitizers that are incompatible with explicitly requested
659 // ones.
660 for (auto G : IncompatibleGroups) {
661 SanitizerMask Group = G.first;
662 if ((Default & Group) && (Kinds & G.second))
663 Default &= ~Group;
664 }
665
666 Kinds |= Default;
667
668 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
669 // is disabled.
670 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
671 Kinds &= ~SanitizerKind::Vptr;
672 }
673
674 // Check that LTO is enabled if we need it.
675 if ((Kinds & NeedsLTO) && !D.isUsingLTO() && DiagnoseErrors) {
676 D.Diag(diag::DiagID: err_drv_argument_only_allowed_with)
677 << lastArgumentForMask(D, Args, Mask: Kinds & NeedsLTO) << "-flto";
678 }
679
680 if ((Kinds & SanitizerKind::ShadowCallStack) && TC.getTriple().isAArch64() &&
681 !llvm::AArch64::isX18ReservedByDefault(TT: TC.getTriple()) &&
682 !Args.hasArg(options::OPT_ffixed_x18) && DiagnoseErrors) {
683 D.Diag(diag::DiagID: err_drv_argument_only_allowed_with)
684 << lastArgumentForMask(D, Args, Mask: Kinds & SanitizerKind::ShadowCallStack)
685 << "-ffixed-x18";
686 }
687
688 // Report error if there are non-trapping sanitizers that require
689 // c++abi-specific parts of UBSan runtime, and they are not provided by the
690 // toolchain. We don't have a good way to check the latter, so we just
691 // check if the toolchan supports vptr.
692 if (~Supported & SanitizerKind::Vptr) {
693 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
694 // The runtime library supports the Microsoft C++ ABI, but only well enough
695 // for CFI. FIXME: Remove this once we support vptr on Windows.
696 if (TC.getTriple().isOSWindows())
697 KindsToDiagnose &= ~SanitizerKind::CFI;
698 if (KindsToDiagnose) {
699 SanitizerSet S;
700 S.Mask = KindsToDiagnose;
701 if (DiagnoseErrors)
702 D.Diag(diag::DiagID: err_drv_unsupported_opt_for_target)
703 << ("-fno-sanitize-trap=" + toString(Sanitizers: S)) << TC.getTriple().str();
704 Kinds &= ~KindsToDiagnose;
705 }
706 }
707
708 // Warn about incompatible groups of sanitizers.
709 for (auto G : IncompatibleGroups) {
710 SanitizerMask Group = G.first;
711 if (Kinds & Group) {
712 if (SanitizerMask Incompatible = Kinds & G.second) {
713 if (DiagnoseErrors)
714 D.Diag(clang::diag::DiagID: err_drv_argument_not_allowed_with)
715 << lastArgumentForMask(D, Args, Mask: Group)
716 << lastArgumentForMask(D, Args, Mask: Incompatible);
717 Kinds &= ~Incompatible;
718 }
719 }
720 }
721 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
722 // -fsanitize=address. Perhaps it should print an error, or perhaps
723 // -f(-no)sanitize=leak should change whether leak detection is enabled by
724 // default in ASan?
725
726 // Parse -f(no-)?sanitize-recover flags.
727 SanitizerMask RecoverableKinds = parseSanitizeArgs(
728 D, Args, DiagnoseErrors, RecoverableByDefault, AlwaysRecoverable,
729 Unrecoverable, options::OPT_fsanitize_recover_EQ,
730 options::OPT_fno_sanitize_recover_EQ);
731 RecoverableKinds &= Kinds;
732
733 TrappingKinds &= Kinds;
734 RecoverableKinds &= ~TrappingKinds;
735
736 // Parse -f(no-)?sanitize-nonmerged-handlers flags
737 SanitizerMask MergeKinds =
738 parseSanitizeArgs(D, Args, DiagnoseErrors, MergeDefault, {}, {},
739 options::OPT_fsanitize_merge_handlers_EQ,
740 options::OPT_fno_sanitize_merge_handlers_EQ);
741 MergeKinds &= Kinds;
742
743 // Parse -fno-sanitize-top-hot flags
744 SkipHotCutoffs = parseSanitizeSkipHotCutoffArgs(D, Args, DiagnoseErrors);
745
746 // Parse -f(no-)?sanitize-annotate-debug-info flags
747 SanitizerMask AnnotateDebugInfoKinds =
748 parseSanitizeArgs(D, Args, DiagnoseErrors, AnnotateDebugInfoDefault, {},
749 {}, options::OPT_fsanitize_annotate_debug_info_EQ,
750 options::OPT_fno_sanitize_annotate_debug_info_EQ);
751 AnnotateDebugInfoKinds &= Kinds;
752
753 // Setup ignorelist files.
754 // Add default ignorelist from resource directory for activated sanitizers,
755 // and validate special case lists format.
756 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_ignorelist))
757 addDefaultIgnorelists(D, Kinds, IgnorelistFiles&: SystemIgnorelistFiles, DiagnoseErrors);
758
759 // Parse -f(no-)?sanitize-ignorelist options.
760 // This also validates special case lists format.
761 parseSpecialCaseListArg(
762 D, Args, UserIgnorelistFiles, options::OPT_fsanitize_ignorelist_EQ,
763 options::OPT_fno_sanitize_ignorelist,
764 clang::diag::err_drv_malformed_sanitizer_ignorelist, DiagnoseErrors);
765
766 // Verify that -fsanitize-coverage-stack-depth-callback-min is >= 0.
767 if (Arg *A = Args.getLastArg(
768 options::OPT_fsanitize_coverage_stack_depth_callback_min_EQ)) {
769 StringRef S = A->getValue();
770 if (S.getAsInteger(Radix: 0, Result&: CoverageStackDepthCallbackMin) ||
771 CoverageStackDepthCallbackMin < 0) {
772 if (DiagnoseErrors)
773 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
774 }
775 }
776
777 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
778 if (AllAddedKinds & SanitizerKind::Memory) {
779 if (Arg *A =
780 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
781 options::OPT_fno_sanitize_memory_track_origins)) {
782 if (!A->getOption().matches(
783 options::OPT_fno_sanitize_memory_track_origins)) {
784 StringRef S = A->getValue();
785 if (S.getAsInteger(Radix: 0, Result&: MsanTrackOrigins) || MsanTrackOrigins < 0 ||
786 MsanTrackOrigins > 2) {
787 if (DiagnoseErrors)
788 D.Diag(clang::diag::err_drv_invalid_value)
789 << A->getAsString(Args) << S;
790 }
791 }
792 }
793 MsanUseAfterDtor = Args.hasFlag(
794 options::OPT_fsanitize_memory_use_after_dtor,
795 options::OPT_fno_sanitize_memory_use_after_dtor, MsanUseAfterDtor);
796 MsanParamRetval = Args.hasFlag(
797 options::OPT_fsanitize_memory_param_retval,
798 options::OPT_fno_sanitize_memory_param_retval, MsanParamRetval);
799 } else if (AllAddedKinds & SanitizerKind::KernelMemory) {
800 MsanUseAfterDtor = false;
801 MsanParamRetval = Args.hasFlag(
802 options::OPT_fsanitize_memory_param_retval,
803 options::OPT_fno_sanitize_memory_param_retval, MsanParamRetval);
804 } else {
805 MsanUseAfterDtor = false;
806 MsanParamRetval = false;
807 }
808
809 if (AllAddedKinds & SanitizerKind::MemTag) {
810 StringRef S =
811 Args.getLastArgValue(options::OPT_fsanitize_memtag_mode_EQ, "sync");
812 if (S == "async" || S == "sync") {
813 MemtagMode = S.str();
814 } else {
815 D.Diag(clang::diag::err_drv_invalid_value_with_suggestion)
816 << "-fsanitize-memtag-mode=" << S << "{async, sync}";
817 MemtagMode = "sync";
818 }
819 }
820
821 if (AllAddedKinds & SanitizerKind::Thread) {
822 TsanMemoryAccess = Args.hasFlag(
823 options::OPT_fsanitize_thread_memory_access,
824 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess);
825 TsanFuncEntryExit = Args.hasFlag(
826 options::OPT_fsanitize_thread_func_entry_exit,
827 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit);
828 TsanAtomics =
829 Args.hasFlag(options::OPT_fsanitize_thread_atomics,
830 options::OPT_fno_sanitize_thread_atomics, TsanAtomics);
831 }
832
833 if (AllAddedKinds & SanitizerKind::CFI) {
834 // Without PIE, external function address may resolve to a PLT record, which
835 // can not be verified by the target module.
836 NeedPIE |= CfiCrossDso;
837 CfiICallGeneralizePointers =
838 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
839
840 CfiICallNormalizeIntegers =
841 Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
842
843 if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors)
844 D.Diag(diag::err_drv_argument_not_allowed_with)
845 << "-fsanitize-cfi-cross-dso"
846 << "-fsanitize-cfi-icall-generalize-pointers";
847
848 CfiCanonicalJumpTables =
849 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
850 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
851 }
852
853 if (AllAddedKinds & SanitizerKind::KCFI) {
854 CfiICallNormalizeIntegers =
855 Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
856
857 KcfiArity = Args.hasArg(options::OPT_fsanitize_kcfi_arity);
858
859 if (AllAddedKinds & SanitizerKind::CFI && DiagnoseErrors)
860 D.Diag(diag::err_drv_argument_not_allowed_with)
861 << "-fsanitize=kcfi"
862 << lastArgumentForMask(D, Args, SanitizerKind::CFI);
863 }
864
865 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
866 options::OPT_fno_sanitize_stats, false);
867
868 if (MinimalRuntime) {
869 SanitizerMask IncompatibleMask =
870 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
871 if (IncompatibleMask && DiagnoseErrors)
872 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
873 << "-fsanitize-minimal-runtime"
874 << lastArgumentForMask(D, Args, IncompatibleMask);
875 }
876
877 for (const auto *Arg : Args.filtered(
878 options::OPT_fsanitize_undefined_ignore_overflow_pattern_EQ)) {
879 Arg->claim();
880 OverflowPatternExclusions |=
881 parseOverflowPatternExclusionValues(D, Arg, DiagnoseErrors);
882 }
883
884 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
885 // enabled sanitizers.
886 for (const auto *Arg : Args) {
887 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
888 int LegacySanitizeCoverage;
889 if (Arg->getNumValues() == 1 &&
890 !StringRef(Arg->getValue(N: 0))
891 .getAsInteger(Radix: 0, Result&: LegacySanitizeCoverage)) {
892 CoverageFeatures = 0;
893 Arg->claim();
894 if (LegacySanitizeCoverage != 0 && DiagnoseErrors) {
895 D.Diag(diag::warn_drv_deprecated_arg)
896 << Arg->getAsString(Args) << /*hasReplacement=*/true
897 << "-fsanitize-coverage=trace-pc-guard";
898 }
899 continue;
900 }
901 CoverageFeatures |= parseCoverageFeatures(D, A: Arg, DiagnoseErrors);
902
903 // Disable coverage and not claim the flags if there is at least one
904 // non-supporting sanitizer.
905 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
906 Arg->claim();
907 } else {
908 CoverageFeatures = 0;
909 }
910 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
911 Arg->claim();
912 CoverageFeatures &= ~parseCoverageFeatures(D, A: Arg, DiagnoseErrors);
913 }
914 }
915 // Choose at most one coverage type: function, bb, or edge.
916 if (DiagnoseErrors) {
917 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
918 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
919 << "-fsanitize-coverage=func"
920 << "-fsanitize-coverage=bb";
921 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
922 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
923 << "-fsanitize-coverage=func"
924 << "-fsanitize-coverage=edge";
925 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
926 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
927 << "-fsanitize-coverage=bb"
928 << "-fsanitize-coverage=edge";
929 // Basic block tracing and 8-bit counters require some type of coverage
930 // enabled.
931 if (CoverageFeatures & CoverageTraceBB)
932 D.Diag(clang::diag::warn_drv_deprecated_arg)
933 << "-fsanitize-coverage=trace-bb" << /*hasReplacement=*/true
934 << "-fsanitize-coverage=trace-pc-guard";
935 if (CoverageFeatures & Coverage8bitCounters)
936 D.Diag(clang::diag::warn_drv_deprecated_arg)
937 << "-fsanitize-coverage=8bit-counters" << /*hasReplacement=*/true
938 << "-fsanitize-coverage=trace-pc-guard";
939 }
940
941 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
942 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
943 CoverageInline8bitCounters | CoverageTraceLoads |
944 CoverageTraceStores | CoverageInlineBoolFlag |
945 CoverageControlFlow;
946 if ((CoverageFeatures & InsertionPointTypes) &&
947 !(CoverageFeatures & InstrumentationTypes) && DiagnoseErrors) {
948 D.Diag(clang::diag::warn_drv_deprecated_arg)
949 << "-fsanitize-coverage=[func|bb|edge]" << /*hasReplacement=*/true
950 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc],["
951 "control-flow]";
952 }
953
954 // trace-pc w/o func/bb/edge implies edge.
955 if (!(CoverageFeatures & InsertionPointTypes)) {
956 if (CoverageFeatures &
957 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters |
958 CoverageInlineBoolFlag | CoverageControlFlow))
959 CoverageFeatures |= CoverageEdge;
960
961 if (CoverageFeatures & CoverageStackDepth)
962 CoverageFeatures |= CoverageFunc;
963 }
964
965 // Parse -fsanitize-coverage-(allow|ignore)list options if coverage enabled.
966 // This also validates special case lists format.
967 // Here, OptSpecifier() acts as a never-matching command-line argument.
968 // So, there is no way to clear coverage lists but you can append to them.
969 if (CoverageFeatures) {
970 parseSpecialCaseListArg(
971 D, Args, CoverageAllowlistFiles,
972 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(),
973 clang::diag::err_drv_malformed_sanitizer_coverage_allowlist,
974 DiagnoseErrors);
975 parseSpecialCaseListArg(
976 D, Args, CoverageIgnorelistFiles,
977 options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(),
978 clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist,
979 DiagnoseErrors);
980 }
981
982 // Parse -f(no-)?sanitize-metadata.
983 for (const auto *Arg :
984 Args.filtered(options::OPT_fexperimental_sanitize_metadata_EQ,
985 options::OPT_fno_experimental_sanitize_metadata_EQ)) {
986 if (Arg->getOption().matches(
987 options::OPT_fexperimental_sanitize_metadata_EQ)) {
988 Arg->claim();
989 BinaryMetadataFeatures |=
990 parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
991 } else {
992 Arg->claim();
993 BinaryMetadataFeatures &=
994 ~parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
995 }
996 }
997
998 // Parse -fsanitize-metadata-ignorelist option if enabled.
999 if (BinaryMetadataFeatures) {
1000 parseSpecialCaseListArg(
1001 D, Args, BinaryMetadataIgnorelistFiles,
1002 options::OPT_fexperimental_sanitize_metadata_ignorelist_EQ,
1003 OptSpecifier(), // Cannot clear ignore list, only append.
1004 clang::diag::err_drv_malformed_sanitizer_metadata_ignorelist,
1005 DiagnoseErrors);
1006 }
1007
1008 SharedRuntime = Args.hasFlag(
1009 options::OPT_shared_libsan, options::OPT_static_libsan,
1010 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
1011 TC.getTriple().isOSDarwin() || TC.getTriple().isOSWindows());
1012 if (!SharedRuntime && TC.getTriple().isOSWindows()) {
1013 Arg *A =
1014 Args.getLastArg(options::OPT_shared_libsan, options::OPT_static_libsan);
1015 D.Diag(clang::diag::err_drv_unsupported_opt_for_target)
1016 << A->getSpelling() << TC.getTriple().str();
1017 }
1018
1019 ImplicitCfiRuntime = TC.getTriple().isAndroid();
1020
1021 if (AllAddedKinds & SanitizerKind::Address) {
1022 NeedPIE |= TC.getTriple().isOSFuchsia();
1023 if (Arg *A =
1024 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
1025 StringRef S = A->getValue();
1026 // Legal values are 0 and 1, 2, but in future we may add more levels.
1027 if ((S.getAsInteger(Radix: 0, Result&: AsanFieldPadding) || AsanFieldPadding < 0 ||
1028 AsanFieldPadding > 2) &&
1029 DiagnoseErrors) {
1030 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
1031 }
1032 }
1033
1034 if (Arg *WindowsDebugRTArg =
1035 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
1036 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
1037 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
1038 switch (WindowsDebugRTArg->getOption().getID()) {
1039 case options::OPT__SLASH_MTd:
1040 case options::OPT__SLASH_MDd:
1041 case options::OPT__SLASH_LDd:
1042 if (DiagnoseErrors) {
1043 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
1044 << WindowsDebugRTArg->getAsString(Args)
1045 << lastArgumentForMask(D, Args, SanitizerKind::Address);
1046 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
1047 }
1048 }
1049 }
1050
1051 StableABI = Args.hasFlag(options::OPT_fsanitize_stable_abi,
1052 options::OPT_fno_sanitize_stable_abi, false);
1053
1054 AsanPoisonCustomArrayCookie = Args.hasFlag(
1055 options::OPT_fsanitize_address_poison_custom_array_cookie,
1056 options::OPT_fno_sanitize_address_poison_custom_array_cookie,
1057 AsanPoisonCustomArrayCookie);
1058
1059 AsanOutlineInstrumentation =
1060 Args.hasFlag(options::OPT_fsanitize_address_outline_instrumentation,
1061 options::OPT_fno_sanitize_address_outline_instrumentation,
1062 AsanOutlineInstrumentation);
1063
1064 AsanGlobalsDeadStripping = Args.hasFlag(
1065 options::OPT_fsanitize_address_globals_dead_stripping,
1066 options::OPT_fno_sanitize_address_globals_dead_stripping, true);
1067
1068 // Enable ODR indicators which allow better handling of mixed instrumented
1069 // and uninstrumented globals. Disable them for Windows where weak odr
1070 // indicators (.weak.__odr_asan_gen*) may cause multiple definition linker
1071 // errors in the absence of -lldmingw.
1072 AsanUseOdrIndicator =
1073 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator,
1074 options::OPT_fno_sanitize_address_use_odr_indicator,
1075 !TC.getTriple().isOSWindows());
1076
1077 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
1078 AsanInvalidPointerCmp = true;
1079 }
1080
1081 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
1082 AsanInvalidPointerSub = true;
1083 }
1084
1085 if (TC.getTriple().isOSDarwin() &&
1086 (Args.hasArg(options::OPT_mkernel) ||
1087 Args.hasArg(options::OPT_fapple_kext))) {
1088 AsanDtorKind = llvm::AsanDtorKind::None;
1089 }
1090
1091 if (const auto *Arg =
1092 Args.getLastArg(options::OPT_sanitize_address_destructor_EQ)) {
1093 auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue());
1094 if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid && DiagnoseErrors) {
1095 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
1096 << Arg->getSpelling() << Arg->getValue();
1097 }
1098 AsanDtorKind = parsedAsanDtorKind;
1099 }
1100
1101 if (const auto *Arg = Args.getLastArg(
1102 options::OPT_sanitize_address_use_after_return_EQ)) {
1103 auto parsedAsanUseAfterReturn =
1104 AsanDetectStackUseAfterReturnModeFromString(Arg->getValue());
1105 if (parsedAsanUseAfterReturn ==
1106 llvm::AsanDetectStackUseAfterReturnMode::Invalid &&
1107 DiagnoseErrors) {
1108 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
1109 << Arg->getSpelling() << Arg->getValue();
1110 }
1111 AsanUseAfterReturn = parsedAsanUseAfterReturn;
1112 }
1113
1114 } else {
1115 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
1116 SanitizerMask DetectInvalidPointerPairs =
1117 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
1118 if ((AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) &&
1119 DiagnoseErrors) {
1120 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1121 << lastArgumentForMask(D, Args,
1122 SanitizerKind::PointerCompare |
1123 SanitizerKind::PointerSubtract)
1124 << "-fsanitize=address";
1125 }
1126 }
1127
1128 if (AllAddedKinds & (SanitizerKind::Address | SanitizerKind::KernelAddress)) {
1129 AsanUseAfterScope = Args.hasFlag(
1130 options::OPT_fsanitize_address_use_after_scope,
1131 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
1132 } else {
1133 AsanUseAfterScope = false;
1134 }
1135
1136 if (AllAddedKinds & SanitizerKind::HWAddress) {
1137 if (Arg *HwasanAbiArg =
1138 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) {
1139 HwasanAbi = HwasanAbiArg->getValue();
1140 if (HwasanAbi != "platform" && HwasanAbi != "interceptor" &&
1141 DiagnoseErrors)
1142 D.Diag(clang::diag::err_drv_invalid_value)
1143 << HwasanAbiArg->getAsString(Args) << HwasanAbi;
1144 } else {
1145 HwasanAbi = "interceptor";
1146 }
1147 if (TC.getTriple().getArch() == llvm::Triple::x86_64)
1148 HwasanUseAliases = Args.hasFlag(
1149 options::OPT_fsanitize_hwaddress_experimental_aliasing,
1150 options::OPT_fno_sanitize_hwaddress_experimental_aliasing,
1151 HwasanUseAliases);
1152 }
1153
1154 if (AllAddedKinds & SanitizerKind::SafeStack) {
1155 // SafeStack runtime is built into the system on Android and Fuchsia.
1156 SafeStackRuntime =
1157 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia();
1158 }
1159
1160 LinkRuntimes =
1161 Args.hasFlag(options::OPT_fsanitize_link_runtime,
1162 options::OPT_fno_sanitize_link_runtime, LinkRuntimes);
1163
1164 // Parse -link-cxx-sanitizer flag.
1165 LinkCXXRuntimes = D.CCCIsCXX();
1166 LinkCXXRuntimes =
1167 Args.hasFlag(options::OPT_fsanitize_link_cxx_runtime,
1168 options::OPT_fno_sanitize_link_cxx_runtime, LinkCXXRuntimes);
1169
1170 NeedsMemProfRt = Args.hasFlag(options::OPT_fmemory_profile,
1171 options::OPT_fmemory_profile_EQ,
1172 options::OPT_fno_memory_profile, false);
1173
1174 // Finally, initialize the set of available and recoverable sanitizers.
1175 Sanitizers.Mask |= Kinds;
1176 RecoverableSanitizers.Mask |= RecoverableKinds;
1177 TrapSanitizers.Mask |= TrappingKinds;
1178 assert(!(RecoverableKinds & TrappingKinds) &&
1179 "Overlap between recoverable and trapping sanitizers");
1180
1181 MergeHandlers.Mask |= MergeKinds;
1182
1183 AnnotateDebugInfo.Mask |= AnnotateDebugInfoKinds;
1184
1185 // Zero out SkipHotCutoffs for unused sanitizers
1186 SkipHotCutoffs.clear(K: ~Sanitizers.Mask);
1187}
1188
1189static std::string toString(const clang::SanitizerSet &Sanitizers) {
1190 std::string Res;
1191#define SANITIZER(NAME, ID) \
1192 if (Sanitizers.has(SanitizerKind::ID)) { \
1193 if (!Res.empty()) \
1194 Res += ","; \
1195 Res += NAME; \
1196 }
1197#include "clang/Basic/Sanitizers.def"
1198 return Res;
1199}
1200
1201static std::string toString(const clang::SanitizerMaskCutoffs &Cutoffs) {
1202 llvm::SmallVector<std::string, 4> Res;
1203 serializeSanitizerMaskCutoffs(Cutoffs, Values&: Res);
1204 return llvm::join(R&: Res, Separator: ",");
1205}
1206
1207static std::string toStringWithGroups(const clang::SanitizerSet &Sanitizers) {
1208 std::string Res;
1209#define SANITIZER(NAME, ID) \
1210 if (Sanitizers.has(SanitizerKind::ID)) { \
1211 if (!Res.empty()) \
1212 Res += ","; \
1213 Res += NAME; \
1214 }
1215#define SANITIZER_GROUP(NAME, ID, ALIAS) SANITIZER(NAME, ID##Group)
1216#include "clang/Basic/Sanitizers.def"
1217 return Res;
1218}
1219
1220static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args,
1221 llvm::opt::ArgStringList &CmdArgs,
1222 const char *SCLOptFlag,
1223 const std::vector<std::string> &SCLFiles) {
1224 for (const auto &SCLPath : SCLFiles) {
1225 SmallString<64> SCLOpt(SCLOptFlag);
1226 SCLOpt += SCLPath;
1227 CmdArgs.push_back(Elt: Args.MakeArgString(Str: SCLOpt));
1228 }
1229}
1230
1231static void addIncludeLinkerOption(const ToolChain &TC,
1232 const llvm::opt::ArgList &Args,
1233 llvm::opt::ArgStringList &CmdArgs,
1234 StringRef SymbolName) {
1235 SmallString<64> LinkerOptionFlag;
1236 LinkerOptionFlag = "--linker-option=/include:";
1237 if (TC.getTriple().getArch() == llvm::Triple::x86) {
1238 // Win32 mangles C function names with a '_' prefix.
1239 LinkerOptionFlag += '_';
1240 }
1241 LinkerOptionFlag += SymbolName;
1242 CmdArgs.push_back(Elt: Args.MakeArgString(Str: LinkerOptionFlag));
1243}
1244
1245static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) {
1246 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End;
1247 ++Start) {
1248 auto It = std::find(first: Start, last: End, val: StringRef("+mte"));
1249 if (It == End)
1250 break;
1251 if (It > Start && *std::prev(x: It) == StringRef("-target-feature"))
1252 return true;
1253 Start = It;
1254 }
1255 return false;
1256}
1257
1258void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
1259 llvm::opt::ArgStringList &CmdArgs,
1260 types::ID InputType) const {
1261 // NVPTX doesn't currently support sanitizers. Bailing out here means
1262 // that e.g. -fsanitize=address applies only to host code, which is what we
1263 // want for now.
1264 if (TC.getTriple().isNVPTX())
1265 return;
1266 // AMDGPU sanitizer support is experimental and controlled by -fgpu-sanitize.
1267 bool GPUSanitize = false;
1268 if (TC.getTriple().isAMDGPU()) {
1269 if (!Args.hasFlag(options::OPT_fgpu_sanitize, options::OPT_fno_gpu_sanitize,
1270 true))
1271 return;
1272 GPUSanitize = true;
1273 }
1274
1275 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
1276 // Do it even if Sanitizers.empty() since some forms of coverage don't require
1277 // sanitizers.
1278 std::pair<int, const char *> CoverageFlags[] = {
1279 std::make_pair(x: CoverageFunc, y: "-fsanitize-coverage-type=1"),
1280 std::make_pair(x: CoverageBB, y: "-fsanitize-coverage-type=2"),
1281 std::make_pair(x: CoverageEdge, y: "-fsanitize-coverage-type=3"),
1282 std::make_pair(x: CoverageIndirCall, y: "-fsanitize-coverage-indirect-calls"),
1283 std::make_pair(x: CoverageTraceBB, y: "-fsanitize-coverage-trace-bb"),
1284 std::make_pair(x: CoverageTraceCmp, y: "-fsanitize-coverage-trace-cmp"),
1285 std::make_pair(x: CoverageTraceDiv, y: "-fsanitize-coverage-trace-div"),
1286 std::make_pair(x: CoverageTraceGep, y: "-fsanitize-coverage-trace-gep"),
1287 std::make_pair(x: Coverage8bitCounters, y: "-fsanitize-coverage-8bit-counters"),
1288 std::make_pair(x: CoverageTracePC, y: "-fsanitize-coverage-trace-pc"),
1289 std::make_pair(x: CoverageTracePCGuard,
1290 y: "-fsanitize-coverage-trace-pc-guard"),
1291 std::make_pair(x: CoverageInline8bitCounters,
1292 y: "-fsanitize-coverage-inline-8bit-counters"),
1293 std::make_pair(x: CoverageInlineBoolFlag,
1294 y: "-fsanitize-coverage-inline-bool-flag"),
1295 std::make_pair(x: CoveragePCTable, y: "-fsanitize-coverage-pc-table"),
1296 std::make_pair(x: CoverageNoPrune, y: "-fsanitize-coverage-no-prune"),
1297 std::make_pair(x: CoverageStackDepth, y: "-fsanitize-coverage-stack-depth"),
1298 std::make_pair(x: CoverageTraceLoads, y: "-fsanitize-coverage-trace-loads"),
1299 std::make_pair(x: CoverageTraceStores, y: "-fsanitize-coverage-trace-stores"),
1300 std::make_pair(x: CoverageControlFlow, y: "-fsanitize-coverage-control-flow")};
1301 for (auto F : CoverageFlags) {
1302 if (CoverageFeatures & F.first)
1303 CmdArgs.push_back(Elt: F.second);
1304 }
1305 addSpecialCaseListOpt(
1306 Args, CmdArgs, SCLOptFlag: "-fsanitize-coverage-allowlist=", SCLFiles: CoverageAllowlistFiles);
1307 addSpecialCaseListOpt(Args, CmdArgs, SCLOptFlag: "-fsanitize-coverage-ignorelist=",
1308 SCLFiles: CoverageIgnorelistFiles);
1309
1310 if (CoverageStackDepthCallbackMin)
1311 CmdArgs.push_back(
1312 Elt: Args.MakeArgString(Str: "-fsanitize-coverage-stack-depth-callback-min=" +
1313 Twine(CoverageStackDepthCallbackMin)));
1314
1315 if (!GPUSanitize) {
1316 // Translate available BinaryMetadataFeatures to corresponding clang-cc1
1317 // flags. Does not depend on any other sanitizers. Unsupported on GPUs.
1318 const std::pair<int, std::string> BinaryMetadataFlags[] = {
1319 std::make_pair(x: BinaryMetadataCovered, y: "covered"),
1320 std::make_pair(x: BinaryMetadataAtomics, y: "atomics"),
1321 std::make_pair(x: BinaryMetadataUAR, y: "uar")};
1322 for (const auto &F : BinaryMetadataFlags) {
1323 if (BinaryMetadataFeatures & F.first)
1324 CmdArgs.push_back(
1325 Elt: Args.MakeArgString(Str: "-fexperimental-sanitize-metadata=" + F.second));
1326 }
1327 addSpecialCaseListOpt(Args, CmdArgs,
1328 SCLOptFlag: "-fexperimental-sanitize-metadata-ignorelist=",
1329 SCLFiles: BinaryMetadataIgnorelistFiles);
1330 }
1331
1332 if (TC.getTriple().isOSWindows() && needsUbsanRt() &&
1333 Args.hasFlag(options::OPT_frtlib_defaultlib,
1334 options::OPT_fno_rtlib_defaultlib, true)) {
1335 // Instruct the code generator to embed linker directives in the object file
1336 // that cause the required runtime libraries to be linked.
1337 CmdArgs.push_back(
1338 Elt: Args.MakeArgString(Str: "--dependent-lib=" +
1339 TC.getCompilerRTBasename(Args, Component: "ubsan_standalone")));
1340 if (types::isCXX(Id: InputType))
1341 CmdArgs.push_back(Elt: Args.MakeArgString(
1342 Str: "--dependent-lib=" +
1343 TC.getCompilerRTBasename(Args, Component: "ubsan_standalone_cxx")));
1344 }
1345 if (TC.getTriple().isOSWindows() && needsStatsRt() &&
1346 Args.hasFlag(options::OPT_frtlib_defaultlib,
1347 options::OPT_fno_rtlib_defaultlib, true)) {
1348 CmdArgs.push_back(Elt: Args.MakeArgString(
1349 Str: "--dependent-lib=" + TC.getCompilerRTBasename(Args, Component: "stats_client")));
1350
1351 // The main executable must export the stats runtime.
1352 // FIXME: Only exporting from the main executable (e.g. based on whether the
1353 // translation unit defines main()) would save a little space, but having
1354 // multiple copies of the runtime shouldn't hurt.
1355 CmdArgs.push_back(Elt: Args.MakeArgString(
1356 Str: "--dependent-lib=" + TC.getCompilerRTBasename(Args, Component: "stats")));
1357 addIncludeLinkerOption(TC, Args, CmdArgs, SymbolName: "__sanitizer_stats_register");
1358 }
1359
1360 if (Sanitizers.empty())
1361 return;
1362 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize=" + toString(Sanitizers)));
1363
1364 if (!RecoverableSanitizers.empty())
1365 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-recover=" +
1366 toString(Sanitizers: RecoverableSanitizers)));
1367
1368 if (!TrapSanitizers.empty())
1369 CmdArgs.push_back(
1370 Elt: Args.MakeArgString(Str: "-fsanitize-trap=" + toString(Sanitizers: TrapSanitizers)));
1371
1372 if (!MergeHandlers.empty())
1373 CmdArgs.push_back(
1374 Elt: Args.MakeArgString(Str: "-fsanitize-merge=" + toString(Sanitizers: MergeHandlers)));
1375
1376 std::string SkipHotCutoffsStr = toString(Cutoffs: SkipHotCutoffs);
1377 if (!SkipHotCutoffsStr.empty())
1378 CmdArgs.push_back(
1379 Elt: Args.MakeArgString(Str: "-fsanitize-skip-hot-cutoff=" + SkipHotCutoffsStr));
1380
1381 if (!AnnotateDebugInfo.empty())
1382 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-annotate-debug-info=" +
1383 toString(Sanitizers: AnnotateDebugInfo)));
1384
1385 addSpecialCaseListOpt(Args, CmdArgs,
1386 SCLOptFlag: "-fsanitize-ignorelist=", SCLFiles: UserIgnorelistFiles);
1387 addSpecialCaseListOpt(Args, CmdArgs,
1388 SCLOptFlag: "-fsanitize-system-ignorelist=", SCLFiles: SystemIgnorelistFiles);
1389
1390 if (OverflowPatternExclusions)
1391 Args.AddAllArgs(
1392 CmdArgs, options::OPT_fsanitize_undefined_ignore_overflow_pattern_EQ);
1393
1394 if (MsanTrackOrigins)
1395 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-memory-track-origins=" +
1396 Twine(MsanTrackOrigins)));
1397
1398 if (MsanUseAfterDtor)
1399 CmdArgs.push_back(Elt: "-fsanitize-memory-use-after-dtor");
1400
1401 if (!MsanParamRetval)
1402 CmdArgs.push_back(Elt: "-fno-sanitize-memory-param-retval");
1403
1404 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
1405 if (!TsanMemoryAccess) {
1406 CmdArgs.push_back(Elt: "-mllvm");
1407 CmdArgs.push_back(Elt: "-tsan-instrument-memory-accesses=0");
1408 CmdArgs.push_back(Elt: "-mllvm");
1409 CmdArgs.push_back(Elt: "-tsan-instrument-memintrinsics=0");
1410 }
1411 if (!TsanFuncEntryExit) {
1412 CmdArgs.push_back(Elt: "-mllvm");
1413 CmdArgs.push_back(Elt: "-tsan-instrument-func-entry-exit=0");
1414 }
1415 if (!TsanAtomics) {
1416 CmdArgs.push_back(Elt: "-mllvm");
1417 CmdArgs.push_back(Elt: "-tsan-instrument-atomics=0");
1418 }
1419
1420 if (HwasanUseAliases) {
1421 CmdArgs.push_back(Elt: "-mllvm");
1422 CmdArgs.push_back(Elt: "-hwasan-experimental-use-page-aliases=1");
1423 }
1424
1425 if (CfiCrossDso)
1426 CmdArgs.push_back(Elt: "-fsanitize-cfi-cross-dso");
1427
1428 if (CfiICallGeneralizePointers)
1429 CmdArgs.push_back(Elt: "-fsanitize-cfi-icall-generalize-pointers");
1430
1431 if (CfiICallNormalizeIntegers)
1432 CmdArgs.push_back(Elt: "-fsanitize-cfi-icall-experimental-normalize-integers");
1433
1434 if (KcfiArity) {
1435 if (!TC.getTriple().isOSLinux() || !TC.getTriple().isArch64Bit()) {
1436 TC.getDriver().Diag(clang::diag::err_drv_kcfi_arity_unsupported_target)
1437 << TC.getTriple().str();
1438 }
1439 CmdArgs.push_back(Elt: "-fsanitize-kcfi-arity");
1440 }
1441
1442 if (CfiCanonicalJumpTables)
1443 CmdArgs.push_back(Elt: "-fsanitize-cfi-canonical-jump-tables");
1444
1445 if (Stats)
1446 CmdArgs.push_back(Elt: "-fsanitize-stats");
1447
1448 if (MinimalRuntime)
1449 CmdArgs.push_back(Elt: "-fsanitize-minimal-runtime");
1450
1451 if (AsanFieldPadding)
1452 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-address-field-padding=" +
1453 Twine(AsanFieldPadding)));
1454
1455 if (AsanUseAfterScope)
1456 CmdArgs.push_back(Elt: "-fsanitize-address-use-after-scope");
1457
1458 if (AsanPoisonCustomArrayCookie)
1459 CmdArgs.push_back(Elt: "-fsanitize-address-poison-custom-array-cookie");
1460
1461 if (AsanGlobalsDeadStripping)
1462 CmdArgs.push_back(Elt: "-fsanitize-address-globals-dead-stripping");
1463
1464 if (!AsanUseOdrIndicator)
1465 CmdArgs.push_back(Elt: "-fno-sanitize-address-use-odr-indicator");
1466
1467 if (AsanInvalidPointerCmp) {
1468 CmdArgs.push_back(Elt: "-mllvm");
1469 CmdArgs.push_back(Elt: "-asan-detect-invalid-pointer-cmp");
1470 }
1471
1472 if (AsanInvalidPointerSub) {
1473 CmdArgs.push_back(Elt: "-mllvm");
1474 CmdArgs.push_back(Elt: "-asan-detect-invalid-pointer-sub");
1475 }
1476
1477 if (AsanOutlineInstrumentation) {
1478 CmdArgs.push_back(Elt: "-mllvm");
1479 CmdArgs.push_back(Elt: "-asan-instrumentation-with-call-threshold=0");
1480 }
1481
1482 // When emitting Stable ABI instrumentation, force outlining calls and avoid
1483 // inlining shadow memory poisoning. While this is a big performance burden
1484 // for now it allows full abstraction from implementation details.
1485 if (StableABI) {
1486 CmdArgs.push_back(Elt: "-mllvm");
1487 CmdArgs.push_back(Elt: "-asan-instrumentation-with-call-threshold=0");
1488 CmdArgs.push_back(Elt: "-mllvm");
1489 CmdArgs.push_back(Elt: "-asan-max-inline-poisoning-size=0");
1490 CmdArgs.push_back(Elt: "-mllvm");
1491 CmdArgs.push_back(Elt: "-asan-guard-against-version-mismatch=0");
1492 }
1493
1494 // Only pass the option to the frontend if the user requested,
1495 // otherwise the frontend will just use the codegen default.
1496 if (AsanDtorKind != llvm::AsanDtorKind::Invalid) {
1497 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-address-destructor=" +
1498 AsanDtorKindToString(kind: AsanDtorKind)));
1499 }
1500
1501 if (AsanUseAfterReturn != llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
1502 CmdArgs.push_back(Elt: Args.MakeArgString(
1503 Str: "-fsanitize-address-use-after-return=" +
1504 AsanDetectStackUseAfterReturnModeToString(mode: AsanUseAfterReturn)));
1505 }
1506
1507 if (!HwasanAbi.empty()) {
1508 CmdArgs.push_back(Elt: "-default-function-attr");
1509 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "hwasan-abi=" + HwasanAbi));
1510 }
1511
1512 if (Sanitizers.has(K: SanitizerKind::HWAddress) && !HwasanUseAliases) {
1513 CmdArgs.push_back(Elt: "-target-feature");
1514 CmdArgs.push_back(Elt: "+tagged-globals");
1515 }
1516
1517 // MSan: Workaround for PR16386.
1518 // ASan: This is mainly to help LSan with cases such as
1519 // https://github.com/google/sanitizers/issues/373
1520 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
1521 // affect compilation.
1522 if (Sanitizers.has(K: SanitizerKind::Memory) ||
1523 Sanitizers.has(K: SanitizerKind::Address))
1524 CmdArgs.push_back(Elt: "-fno-assume-sane-operator-new");
1525
1526 // libFuzzer wants to intercept calls to certain library functions, so the
1527 // following -fno-builtin-* flags force the compiler to emit interposable
1528 // libcalls to these functions. Other sanitizers effectively do the same thing
1529 // by marking all library call sites with NoBuiltin attribute in their LLVM
1530 // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin)
1531 if (Sanitizers.has(K: SanitizerKind::FuzzerNoLink)) {
1532 CmdArgs.push_back(Elt: "-fno-builtin-bcmp");
1533 CmdArgs.push_back(Elt: "-fno-builtin-memcmp");
1534 CmdArgs.push_back(Elt: "-fno-builtin-strncmp");
1535 CmdArgs.push_back(Elt: "-fno-builtin-strcmp");
1536 CmdArgs.push_back(Elt: "-fno-builtin-strncasecmp");
1537 CmdArgs.push_back(Elt: "-fno-builtin-strcasecmp");
1538 CmdArgs.push_back(Elt: "-fno-builtin-strstr");
1539 CmdArgs.push_back(Elt: "-fno-builtin-strcasestr");
1540 CmdArgs.push_back(Elt: "-fno-builtin-memmem");
1541 }
1542
1543 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
1544 // enabled.
1545 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
1546 !Args.hasArg(options::OPT_fvisibility_EQ)) {
1547 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1548 << lastArgumentForMask(TC.getDriver(), Args,
1549 Sanitizers.Mask & CFIClasses)
1550 << "-fvisibility=";
1551 }
1552
1553 if (Sanitizers.has(SanitizerKind::MemtagStack) &&
1554 !hasTargetFeatureMTE(CmdArgs))
1555 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature);
1556}
1557
1558SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
1559 bool DiagnoseErrors) {
1560 assert(
1561 (A->getOption().matches(options::OPT_fsanitize_EQ) ||
1562 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
1563 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
1564 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
1565 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
1566 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ) ||
1567 A->getOption().matches(options::OPT_fsanitize_merge_handlers_EQ) ||
1568 A->getOption().matches(options::OPT_fno_sanitize_merge_handlers_EQ) ||
1569 A->getOption().matches(options::OPT_fsanitize_annotate_debug_info_EQ) ||
1570 A->getOption().matches(
1571 options::OPT_fno_sanitize_annotate_debug_info_EQ)) &&
1572 "Invalid argument in parseArgValues!");
1573 SanitizerMask Kinds;
1574 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1575 const char *Value = A->getValue(N: i);
1576 SanitizerMask Kind;
1577 // Special case: don't accept -fsanitize=all.
1578 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
1579 0 == strcmp("all", Value))
1580 Kind = SanitizerMask();
1581 else
1582 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
1583
1584 if (Kind)
1585 Kinds |= Kind;
1586 else if (DiagnoseErrors)
1587 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1588 << A->getSpelling() << Value;
1589 }
1590 return Kinds;
1591}
1592
1593void parseArgCutoffs(const Driver &D, const llvm::opt::Arg *A,
1594 bool DiagnoseErrors, SanitizerMaskCutoffs &Cutoffs) {
1595 assert(A->getOption().matches(options::OPT_fsanitize_skip_hot_cutoff_EQ) &&
1596 "Invalid argument in parseArgCutoffs!");
1597 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1598 const char *Value = A->getValue(N: i);
1599
1600 // We don't check the value of Cutoffs[i]: it's legal to specify
1601 // a cutoff of 0.
1602 if (!parseSanitizerWeightedValue(Value, /*AllowGroups=*/true, Cutoffs) &&
1603 DiagnoseErrors)
1604 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1605 << A->getSpelling() << Value;
1606 }
1607}
1608
1609static int parseOverflowPatternExclusionValues(const Driver &D,
1610 const llvm::opt::Arg *A,
1611 bool DiagnoseErrors) {
1612 int Exclusions = 0;
1613 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1614 const char *Value = A->getValue(N: i);
1615 int E =
1616 llvm::StringSwitch<int>(Value)
1617 .Case(S: "none", Value: LangOptionsBase::None)
1618 .Case(S: "all", Value: LangOptionsBase::All)
1619 .Case(S: "add-unsigned-overflow-test",
1620 Value: LangOptionsBase::AddUnsignedOverflowTest)
1621 .Case(S: "add-signed-overflow-test",
1622 Value: LangOptionsBase::AddSignedOverflowTest)
1623 .Case(S: "negated-unsigned-const", Value: LangOptionsBase::NegUnsignedConst)
1624 .Case(S: "unsigned-post-decr-while", Value: LangOptionsBase::PostDecrInWhile)
1625 .Default(Value: 0);
1626 if (E == 0)
1627 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1628 << A->getSpelling() << Value;
1629 Exclusions |= E;
1630 }
1631 return Exclusions;
1632}
1633
1634int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
1635 bool DiagnoseErrors) {
1636 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
1637 A->getOption().matches(options::OPT_fno_sanitize_coverage));
1638 int Features = 0;
1639 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1640 const char *Value = A->getValue(N: i);
1641 int F = llvm::StringSwitch<int>(Value)
1642 .Case(S: "func", Value: CoverageFunc)
1643 .Case(S: "bb", Value: CoverageBB)
1644 .Case(S: "edge", Value: CoverageEdge)
1645 .Case(S: "indirect-calls", Value: CoverageIndirCall)
1646 .Case(S: "trace-bb", Value: CoverageTraceBB)
1647 .Case(S: "trace-cmp", Value: CoverageTraceCmp)
1648 .Case(S: "trace-div", Value: CoverageTraceDiv)
1649 .Case(S: "trace-gep", Value: CoverageTraceGep)
1650 .Case(S: "8bit-counters", Value: Coverage8bitCounters)
1651 .Case(S: "trace-pc", Value: CoverageTracePC)
1652 .Case(S: "trace-pc-guard", Value: CoverageTracePCGuard)
1653 .Case(S: "no-prune", Value: CoverageNoPrune)
1654 .Case(S: "inline-8bit-counters", Value: CoverageInline8bitCounters)
1655 .Case(S: "inline-bool-flag", Value: CoverageInlineBoolFlag)
1656 .Case(S: "pc-table", Value: CoveragePCTable)
1657 .Case(S: "stack-depth", Value: CoverageStackDepth)
1658 .Case(S: "trace-loads", Value: CoverageTraceLoads)
1659 .Case(S: "trace-stores", Value: CoverageTraceStores)
1660 .Case(S: "control-flow", Value: CoverageControlFlow)
1661 .Default(Value: 0);
1662 if (F == 0 && DiagnoseErrors)
1663 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1664 << A->getSpelling() << Value;
1665 Features |= F;
1666 }
1667 return Features;
1668}
1669
1670int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
1671 bool DiagnoseErrors) {
1672 assert(
1673 A->getOption().matches(options::OPT_fexperimental_sanitize_metadata_EQ) ||
1674 A->getOption().matches(
1675 options::OPT_fno_experimental_sanitize_metadata_EQ));
1676 int Features = 0;
1677 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1678 const char *Value = A->getValue(N: i);
1679 int F = llvm::StringSwitch<int>(Value)
1680 .Case(S: "covered", Value: BinaryMetadataCovered)
1681 .Case(S: "atomics", Value: BinaryMetadataAtomics)
1682 .Case(S: "uar", Value: BinaryMetadataUAR)
1683 .Case(S: "all", Value: ~0)
1684 .Default(Value: 0);
1685 if (F == 0 && DiagnoseErrors)
1686 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1687 << A->getSpelling() << Value;
1688 Features |= F;
1689 }
1690 return Features;
1691}
1692
1693std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
1694 SanitizerMask Mask) {
1695 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
1696 E = Args.rend();
1697 I != E; ++I) {
1698 const auto *Arg = *I;
1699 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
1700 SanitizerMask AddKinds =
1701 expandSanitizerGroups(Kinds: parseArgValues(D, A: Arg, DiagnoseErrors: false));
1702 if (AddKinds & Mask)
1703 return describeSanitizeArg(A: Arg, Mask);
1704 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
1705 SanitizerMask RemoveKinds =
1706 expandSanitizerGroups(Kinds: parseArgValues(D, A: Arg, DiagnoseErrors: false));
1707 Mask &= ~RemoveKinds;
1708 }
1709 }
1710 llvm_unreachable("arg list didn't provide expected value");
1711}
1712
1713std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1714 assert(A->getOption().matches(options::OPT_fsanitize_EQ) &&
1715 "Invalid argument in describeSanitizerArg!");
1716
1717 std::string Sanitizers;
1718 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1719 if (expandSanitizerGroups(
1720 Kinds: parseSanitizerValue(Value: A->getValue(N: i), /*AllowGroups=*/true)) &
1721 Mask) {
1722 if (!Sanitizers.empty())
1723 Sanitizers += ",";
1724 Sanitizers += A->getValue(N: i);
1725 }
1726 }
1727
1728 assert(!Sanitizers.empty() && "arg didn't provide expected value");
1729 return "-fsanitize=" + Sanitizers;
1730}
1731

Provided by KDAB

Privacy Policy
Improve your Profiling and Debugging skills
Find out more

source code of clang/lib/Driver/SanitizerArgs.cpp