1//===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8#include "clang/Driver/SanitizerArgs.h"
9#include "ToolChains/CommonArgs.h"
10#include "clang/Basic/Sanitizers.h"
11#include "clang/Driver/Driver.h"
12#include "clang/Driver/DriverDiagnostic.h"
13#include "clang/Driver/Options.h"
14#include "clang/Driver/ToolChain.h"
15#include "llvm/ADT/StringExtras.h"
16#include "llvm/ADT/StringRef.h"
17#include "llvm/ADT/StringSwitch.h"
18#include "llvm/Support/Path.h"
19#include "llvm/Support/SpecialCaseList.h"
20#include "llvm/Support/VirtualFileSystem.h"
21#include "llvm/TargetParser/AArch64TargetParser.h"
22#include "llvm/TargetParser/RISCVTargetParser.h"
23#include "llvm/TargetParser/TargetParser.h"
24#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
25#include <memory>
26
27using namespace clang;
28using namespace clang::driver;
29using namespace llvm::opt;
30
31static const SanitizerMask NeedsUbsanRt =
32 SanitizerKind::Undefined | SanitizerKind::Integer |
33 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
34 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
35 SanitizerKind::ObjCCast;
36static const SanitizerMask NeedsUbsanCxxRt =
37 SanitizerKind::Vptr | SanitizerKind::CFI;
38static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
39static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr;
40static const SanitizerMask NotAllowedWithExecuteOnly =
41 SanitizerKind::Function | SanitizerKind::KCFI;
42static const SanitizerMask NeedsUnwindTables =
43 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |
44 SanitizerKind::Memory | SanitizerKind::DataFlow;
45static const SanitizerMask SupportsCoverage =
46 SanitizerKind::Address | SanitizerKind::HWAddress |
47 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
48 SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap |
49 SanitizerKind::MemtagGlobals | SanitizerKind::Memory |
50 SanitizerKind::KernelMemory | SanitizerKind::Leak |
51 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
52 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
53 SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
54 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
55 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
56 SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI;
57static const SanitizerMask RecoverableByDefault =
58 SanitizerKind::Undefined | SanitizerKind::Integer |
59 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
60 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
61static const SanitizerMask Unrecoverable =
62 SanitizerKind::Unreachable | SanitizerKind::Return;
63static const SanitizerMask AlwaysRecoverable = SanitizerKind::KernelAddress |
64 SanitizerKind::KernelHWAddress |
65 SanitizerKind::KCFI;
66static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
67static const SanitizerMask TrappingSupported =
68 (SanitizerKind::Undefined & ~SanitizerKind::Vptr) | SanitizerKind::Integer |
69 SanitizerKind::Nullability | SanitizerKind::LocalBounds |
70 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
71 SanitizerKind::ObjCCast;
72static const SanitizerMask TrappingDefault = SanitizerKind::CFI;
73static const SanitizerMask CFIClasses =
74 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall |
75 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast |
76 SanitizerKind::CFIUnrelatedCast;
77static const SanitizerMask CompatibleWithMinimalRuntime =
78 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack |
79 SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap |
80 SanitizerKind::MemtagGlobals | SanitizerKind::KCFI;
81
82enum CoverageFeature {
83 CoverageFunc = 1 << 0,
84 CoverageBB = 1 << 1,
85 CoverageEdge = 1 << 2,
86 CoverageIndirCall = 1 << 3,
87 CoverageTraceBB = 1 << 4, // Deprecated.
88 CoverageTraceCmp = 1 << 5,
89 CoverageTraceDiv = 1 << 6,
90 CoverageTraceGep = 1 << 7,
91 Coverage8bitCounters = 1 << 8, // Deprecated.
92 CoverageTracePC = 1 << 9,
93 CoverageTracePCGuard = 1 << 10,
94 CoverageNoPrune = 1 << 11,
95 CoverageInline8bitCounters = 1 << 12,
96 CoveragePCTable = 1 << 13,
97 CoverageStackDepth = 1 << 14,
98 CoverageInlineBoolFlag = 1 << 15,
99 CoverageTraceLoads = 1 << 16,
100 CoverageTraceStores = 1 << 17,
101 CoverageControlFlow = 1 << 18,
102};
103
104enum BinaryMetadataFeature {
105 BinaryMetadataCovered = 1 << 0,
106 BinaryMetadataAtomics = 1 << 1,
107 BinaryMetadataUAR = 1 << 2,
108};
109
110/// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
111/// invalid components. Returns a SanitizerMask.
112static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
113 bool DiagnoseErrors);
114
115/// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
116/// components. Returns OR of members of \c CoverageFeature enumeration.
117static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
118 bool DiagnoseErrors);
119
120/// Parse -f(no-)?sanitize-metadata= flag values, diagnosing any invalid
121/// components. Returns OR of members of \c BinaryMetadataFeature enumeration.
122static int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
123 bool DiagnoseErrors);
124
125/// Produce an argument string from ArgList \p Args, which shows how it
126/// provides some sanitizer kind from \p Mask. For example, the argument list
127/// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
128/// would produce "-fsanitize=vptr".
129static std::string lastArgumentForMask(const Driver &D,
130 const llvm::opt::ArgList &Args,
131 SanitizerMask Mask);
132
133/// Produce an argument string from argument \p A, which shows how it provides
134/// a value in \p Mask. For instance, the argument
135/// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
136/// "-fsanitize=alignment".
137static std::string describeSanitizeArg(const llvm::opt::Arg *A,
138 SanitizerMask Mask);
139
140/// Produce a string containing comma-separated names of sanitizers in \p
141/// Sanitizers set.
142static std::string toString(const clang::SanitizerSet &Sanitizers);
143
144/// Return true if an execute-only target disallows data access to code
145/// sections.
146static bool isExecuteOnlyTarget(const llvm::Triple &Triple,
147 const llvm::opt::ArgList &Args) {
148 if (Triple.isPS5())
149 return true;
150 return Args.hasFlagNoClaim(options::Pos: OPT_mexecute_only,
151 options::Neg: OPT_mno_execute_only, Default: false);
152}
153
154static void validateSpecialCaseListFormat(const Driver &D,
155 std::vector<std::string> &SCLFiles,
156 unsigned MalformedSCLErrorDiagID,
157 bool DiagnoseErrors) {
158 if (SCLFiles.empty())
159 return;
160
161 std::string BLError;
162 std::unique_ptr<llvm::SpecialCaseList> SCL(
163 llvm::SpecialCaseList::create(Paths: SCLFiles, FS&: D.getVFS(), Error&: BLError));
164 if (!SCL.get() && DiagnoseErrors)
165 D.Diag(DiagID: MalformedSCLErrorDiagID) << BLError;
166}
167
168static void addDefaultIgnorelists(const Driver &D, SanitizerMask Kinds,
169 std::vector<std::string> &IgnorelistFiles,
170 bool DiagnoseErrors) {
171 struct Ignorelist {
172 const char *File;
173 SanitizerMask Mask;
174 } Ignorelists[] = {{.File: "asan_ignorelist.txt", .Mask: SanitizerKind::Address},
175 {.File: "hwasan_ignorelist.txt", .Mask: SanitizerKind::HWAddress},
176 {.File: "memtag_ignorelist.txt", .Mask: SanitizerKind::MemTag},
177 {.File: "msan_ignorelist.txt", .Mask: SanitizerKind::Memory},
178 {.File: "tsan_ignorelist.txt", .Mask: SanitizerKind::Thread},
179 {.File: "dfsan_abilist.txt", .Mask: SanitizerKind::DataFlow},
180 {.File: "cfi_ignorelist.txt", .Mask: SanitizerKind::CFI},
181 {.File: "ubsan_ignorelist.txt",
182 .Mask: SanitizerKind::Undefined | SanitizerKind::Integer |
183 SanitizerKind::Nullability |
184 SanitizerKind::FloatDivideByZero}};
185
186 for (auto BL : Ignorelists) {
187 if (!(Kinds & BL.Mask))
188 continue;
189
190 clang::SmallString<64> Path(D.ResourceDir);
191 llvm::sys::path::append(path&: Path, a: "share", b: BL.File);
192 if (D.getVFS().exists(Path))
193 IgnorelistFiles.push_back(x: std::string(Path));
194 else if (BL.Mask == SanitizerKind::CFI && DiagnoseErrors)
195 // If cfi_ignorelist.txt cannot be found in the resource dir, driver
196 // should fail.
197 D.Diag(clang::diag::DiagID: err_drv_missing_sanitizer_ignorelist) << Path;
198 }
199 validateSpecialCaseListFormat(
200 D, IgnorelistFiles, clang::diag::err_drv_malformed_sanitizer_ignorelist,
201 DiagnoseErrors);
202}
203
204/// Parse -f(no-)?sanitize-(coverage-)?(allow|ignore)list argument's values,
205/// diagnosing any invalid file paths and validating special case list format.
206static void parseSpecialCaseListArg(const Driver &D,
207 const llvm::opt::ArgList &Args,
208 std::vector<std::string> &SCLFiles,
209 llvm::opt::OptSpecifier SCLOptionID,
210 llvm::opt::OptSpecifier NoSCLOptionID,
211 unsigned MalformedSCLErrorDiagID,
212 bool DiagnoseErrors) {
213 for (const auto *Arg : Args) {
214 // Match -fsanitize-(coverage-)?(allow|ignore)list.
215 if (Arg->getOption().matches(ID: SCLOptionID)) {
216 Arg->claim();
217 std::string SCLPath = Arg->getValue();
218 if (D.getVFS().exists(Path: SCLPath)) {
219 SCLFiles.push_back(x: SCLPath);
220 } else if (DiagnoseErrors) {
221 D.Diag(clang::diag::DiagID: err_drv_no_such_file) << SCLPath;
222 }
223 // Match -fno-sanitize-ignorelist.
224 } else if (Arg->getOption().matches(ID: NoSCLOptionID)) {
225 Arg->claim();
226 SCLFiles.clear();
227 }
228 }
229 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID,
230 DiagnoseErrors);
231}
232
233/// Sets group bits for every group that has at least one representative already
234/// enabled in \p Kinds.
235static SanitizerMask setGroupBits(SanitizerMask Kinds) {
236#define SANITIZER(NAME, ID)
237#define SANITIZER_GROUP(NAME, ID, ALIAS) \
238 if (Kinds & SanitizerKind::ID) \
239 Kinds |= SanitizerKind::ID##Group;
240#include "clang/Basic/Sanitizers.def"
241 return Kinds;
242}
243
244static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
245 const llvm::opt::ArgList &Args,
246 bool DiagnoseErrors) {
247 SanitizerMask TrapRemove; // During the loop below, the accumulated set of
248 // sanitizers disabled by the current sanitizer
249 // argument or any argument after it.
250 SanitizerMask TrappingKinds;
251 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported);
252
253 for (const llvm::opt::Arg *Arg : llvm::reverse(C: Args)) {
254 if (Arg->getOption().matches(options::ID: OPT_fsanitize_trap_EQ)) {
255 Arg->claim();
256 SanitizerMask Add = parseArgValues(D, A: Arg, DiagnoseErrors: true);
257 Add &= ~TrapRemove;
258 SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups;
259 if (InvalidValues && DiagnoseErrors) {
260 SanitizerSet S;
261 S.Mask = InvalidValues;
262 D.Diag(diag::DiagID: err_drv_unsupported_option_argument)
263 << Arg->getSpelling() << toString(Sanitizers: S);
264 }
265 TrappingKinds |= expandSanitizerGroups(Kinds: Add) & ~TrapRemove;
266 } else if (Arg->getOption().matches(options::ID: OPT_fno_sanitize_trap_EQ)) {
267 Arg->claim();
268 TrapRemove |=
269 expandSanitizerGroups(Kinds: parseArgValues(D, A: Arg, DiagnoseErrors));
270 }
271 }
272
273 // Apply default trapping behavior.
274 TrappingKinds |= TrappingDefault & ~TrapRemove;
275
276 return TrappingKinds;
277}
278
279bool SanitizerArgs::needsFuzzerInterceptors() const {
280 return needsFuzzer() && !needsAsanRt() && !needsTsanRt() && !needsMsanRt();
281}
282
283bool SanitizerArgs::needsUbsanRt() const {
284 // All of these include ubsan.
285 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
286 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() ||
287 (needsScudoRt() && !requiresMinimalRuntime()))
288 return false;
289
290 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
291 CoverageFeatures;
292}
293
294bool SanitizerArgs::needsCfiRt() const {
295 return !(Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
296 CfiCrossDso && !ImplicitCfiRuntime;
297}
298
299bool SanitizerArgs::needsCfiDiagRt() const {
300 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
301 CfiCrossDso && !ImplicitCfiRuntime;
302}
303
304bool SanitizerArgs::requiresPIE() const { return NeedPIE; }
305
306bool SanitizerArgs::needsUnwindTables() const {
307 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables);
308}
309
310bool SanitizerArgs::needsLTO() const {
311 return static_cast<bool>(Sanitizers.Mask & NeedsLTO);
312}
313
314SanitizerArgs::SanitizerArgs(const ToolChain &TC,
315 const llvm::opt::ArgList &Args,
316 bool DiagnoseErrors) {
317 SanitizerMask AllRemove; // During the loop below, the accumulated set of
318 // sanitizers disabled by the current sanitizer
319 // argument or any argument after it.
320 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by
321 // -fsanitize= flags (directly or via group
322 // expansion), some of which may be disabled
323 // later. Used to carefully prune
324 // unused-argument diagnostics.
325 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now.
326 // Used to deduplicate diagnostics.
327 SanitizerMask Kinds;
328 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
329
330 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
331 options::OPT_fno_sanitize_cfi_cross_dso, false);
332
333 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
334
335 const Driver &D = TC.getDriver();
336 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args, DiagnoseErrors);
337 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
338
339 MinimalRuntime =
340 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
341 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
342
343 // The object size sanitizer should not be enabled at -O0.
344 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
345 bool RemoveObjectSizeAtO0 =
346 !OptLevel || OptLevel->getOption().matches(options::ID: OPT_O0);
347
348 for (const llvm::opt::Arg *Arg : llvm::reverse(C: Args)) {
349 if (Arg->getOption().matches(options::ID: OPT_fsanitize_EQ)) {
350 Arg->claim();
351 SanitizerMask Add = parseArgValues(D, A: Arg, DiagnoseErrors);
352
353 if (RemoveObjectSizeAtO0) {
354 AllRemove |= SanitizerKind::ObjectSize;
355
356 // The user explicitly enabled the object size sanitizer. Warn
357 // that this does nothing at -O0.
358 if ((Add & SanitizerKind::ObjectSize) && DiagnoseErrors)
359 D.Diag(diag::DiagID: warn_drv_object_size_disabled_O0)
360 << Arg->getAsString(Args);
361 }
362
363 AllAddedKinds |= expandSanitizerGroups(Kinds: Add);
364
365 // Avoid diagnosing any sanitizer which is disabled later.
366 Add &= ~AllRemove;
367 // At this point we have not expanded groups, so any unsupported
368 // sanitizers in Add are those which have been explicitly enabled.
369 // Diagnose them.
370 if (SanitizerMask KindsToDiagnose =
371 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
372 if (DiagnoseErrors) {
373 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
374 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
375 << Desc << "-fsanitize-trap=undefined";
376 }
377 DiagnosedKinds |= KindsToDiagnose;
378 }
379 Add &= ~InvalidTrappingKinds;
380
381 if (MinimalRuntime) {
382 if (SanitizerMask KindsToDiagnose =
383 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
384 if (DiagnoseErrors) {
385 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
386 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
387 << Desc << "-fsanitize-minimal-runtime";
388 }
389 DiagnosedKinds |= KindsToDiagnose;
390 }
391 Add &= ~NotAllowedWithMinimalRuntime;
392 }
393
394 if (llvm::opt::Arg *A = Args.getLastArg(options::OPT_mcmodel_EQ)) {
395 StringRef CM = A->getValue();
396 if (CM != "small" &&
397 (Add & SanitizerKind::Function & ~DiagnosedKinds)) {
398 if (DiagnoseErrors)
399 D.Diag(diag::DiagID: err_drv_argument_only_allowed_with)
400 << "-fsanitize=function"
401 << "-mcmodel=small";
402 Add &= ~SanitizerKind::Function;
403 DiagnosedKinds |= SanitizerKind::Function;
404 }
405 }
406 // -fsanitize=function and -fsanitize=kcfi instrument indirect function
407 // calls to load a type hash before the function label. Therefore, an
408 // execute-only target doesn't support the function and kcfi sanitizers.
409 const llvm::Triple &Triple = TC.getTriple();
410 if (isExecuteOnlyTarget(Triple, Args)) {
411 if (SanitizerMask KindsToDiagnose =
412 Add & NotAllowedWithExecuteOnly & ~DiagnosedKinds) {
413 if (DiagnoseErrors) {
414 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
415 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
416 << Desc << Triple.str();
417 }
418 DiagnosedKinds |= KindsToDiagnose;
419 }
420 Add &= ~NotAllowedWithExecuteOnly;
421 }
422
423 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
424 // There are currently two problems:
425 // - Virtual function call checks need to pass a pointer to the function
426 // address to llvm.type.test and a pointer to the address point to the
427 // diagnostic function. Currently we pass the same pointer to both
428 // places.
429 // - Non-virtual function call checks may need to check multiple type
430 // identifiers.
431 // Fixing both of those may require changes to the cross-DSO CFI
432 // interface.
433 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) {
434 if (DiagnoseErrors)
435 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
436 << "-fsanitize=cfi-mfcall"
437 << "-fsanitize-cfi-cross-dso";
438 Add &= ~SanitizerKind::CFIMFCall;
439 DiagnosedKinds |= SanitizerKind::CFIMFCall;
440 }
441
442 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
443 if (DiagnoseErrors) {
444 std::string Desc = describeSanitizeArg(A: Arg, Mask: KindsToDiagnose);
445 D.Diag(diag::DiagID: err_drv_unsupported_opt_for_target)
446 << Desc << TC.getTriple().str();
447 }
448 DiagnosedKinds |= KindsToDiagnose;
449 }
450 Add &= Supported;
451
452 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
453 // so we don't error out if -fno-rtti and -fsanitize=undefined were
454 // passed.
455 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
456 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
457 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
458 "RTTI disabled without -fno-rtti option?");
459 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
460 // the vptr sanitizer requires RTTI, so this is a user error.
461 if (DiagnoseErrors)
462 D.Diag(diag::DiagID: err_drv_argument_not_allowed_with)
463 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
464 } else {
465 // The vptr sanitizer requires RTTI, but RTTI is disabled (by
466 // default). Warn that the vptr sanitizer is being disabled.
467 if (DiagnoseErrors)
468 D.Diag(diag::DiagID: warn_drv_disabling_vptr_no_rtti_default);
469 }
470
471 // Take out the Vptr sanitizer from the enabled sanitizers
472 AllRemove |= SanitizerKind::Vptr;
473 }
474
475 Add = expandSanitizerGroups(Kinds: Add);
476 // Group expansion may have enabled a sanitizer which is disabled later.
477 Add &= ~AllRemove;
478 // Silently discard any unsupported sanitizers implicitly enabled through
479 // group expansion.
480 Add &= ~InvalidTrappingKinds;
481 if (MinimalRuntime) {
482 Add &= ~NotAllowedWithMinimalRuntime;
483 }
484 // NotAllowedWithExecuteOnly is silently discarded on an execute-only
485 // target if implicitly enabled through group expansion.
486 if (isExecuteOnlyTarget(Triple, Args))
487 Add &= ~NotAllowedWithExecuteOnly;
488 if (CfiCrossDso)
489 Add &= ~SanitizerKind::CFIMFCall;
490 // -fsanitize=undefined does not expand to signed-integer-overflow in
491 // -fwrapv (implied by -fno-strict-overflow) mode.
492 if (Add & SanitizerKind::UndefinedGroup) {
493 bool S = Args.hasFlagNoClaim(options::Pos: OPT_fno_strict_overflow,
494 options::Neg: OPT_fstrict_overflow, Default: false);
495 if (Args.hasFlagNoClaim(options::Pos: OPT_fwrapv, options::Neg: OPT_fno_wrapv, Default: S))
496 Add &= ~SanitizerKind::SignedIntegerOverflow;
497 }
498 Add &= Supported;
499
500 if (Add & SanitizerKind::Fuzzer)
501 Add |= SanitizerKind::FuzzerNoLink;
502
503 // Enable coverage if the fuzzing flag is set.
504 if (Add & SanitizerKind::FuzzerNoLink) {
505 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
506 CoverageTraceCmp | CoveragePCTable;
507 // Due to TLS differences, stack depth tracking is only enabled on Linux
508 if (TC.getTriple().isOSLinux())
509 CoverageFeatures |= CoverageStackDepth;
510 }
511
512 Kinds |= Add;
513 } else if (Arg->getOption().matches(options::ID: OPT_fno_sanitize_EQ)) {
514 Arg->claim();
515 SanitizerMask Remove = parseArgValues(D, A: Arg, DiagnoseErrors);
516 AllRemove |= expandSanitizerGroups(Kinds: Remove);
517 }
518 }
519
520 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
521 std::make_pair(x: SanitizerKind::Address,
522 y: SanitizerKind::Thread | SanitizerKind::Memory),
523 std::make_pair(x: SanitizerKind::Thread, y: SanitizerKind::Memory),
524 std::make_pair(x: SanitizerKind::Leak,
525 y: SanitizerKind::Thread | SanitizerKind::Memory),
526 std::make_pair(x: SanitizerKind::KernelAddress,
527 y: SanitizerKind::Address | SanitizerKind::Leak |
528 SanitizerKind::Thread | SanitizerKind::Memory),
529 std::make_pair(x: SanitizerKind::HWAddress,
530 y: SanitizerKind::Address | SanitizerKind::Thread |
531 SanitizerKind::Memory | SanitizerKind::KernelAddress),
532 std::make_pair(x: SanitizerKind::Scudo,
533 y: SanitizerKind::Address | SanitizerKind::HWAddress |
534 SanitizerKind::Leak | SanitizerKind::Thread |
535 SanitizerKind::Memory | SanitizerKind::KernelAddress),
536 std::make_pair(x: SanitizerKind::SafeStack,
537 y: (TC.getTriple().isOSFuchsia() ? SanitizerMask()
538 : SanitizerKind::Leak) |
539 SanitizerKind::Address | SanitizerKind::HWAddress |
540 SanitizerKind::Thread | SanitizerKind::Memory |
541 SanitizerKind::KernelAddress),
542 std::make_pair(x: SanitizerKind::KernelHWAddress,
543 y: SanitizerKind::Address | SanitizerKind::HWAddress |
544 SanitizerKind::Leak | SanitizerKind::Thread |
545 SanitizerKind::Memory | SanitizerKind::KernelAddress |
546 SanitizerKind::SafeStack),
547 std::make_pair(x: SanitizerKind::KernelMemory,
548 y: SanitizerKind::Address | SanitizerKind::HWAddress |
549 SanitizerKind::Leak | SanitizerKind::Thread |
550 SanitizerKind::Memory | SanitizerKind::KernelAddress |
551 SanitizerKind::Scudo | SanitizerKind::SafeStack),
552 std::make_pair(x: SanitizerKind::MemTag,
553 y: SanitizerKind::Address | SanitizerKind::KernelAddress |
554 SanitizerKind::HWAddress |
555 SanitizerKind::KernelHWAddress),
556 std::make_pair(x: SanitizerKind::KCFI, y: SanitizerKind::Function)};
557 // Enable toolchain specific default sanitizers if not explicitly disabled.
558 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
559
560 // Disable default sanitizers that are incompatible with explicitly requested
561 // ones.
562 for (auto G : IncompatibleGroups) {
563 SanitizerMask Group = G.first;
564 if ((Default & Group) && (Kinds & G.second))
565 Default &= ~Group;
566 }
567
568 Kinds |= Default;
569
570 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
571 // is disabled.
572 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
573 Kinds &= ~SanitizerKind::Vptr;
574 }
575
576 // Check that LTO is enabled if we need it.
577 if ((Kinds & NeedsLTO) && !D.isUsingLTO() && DiagnoseErrors) {
578 D.Diag(diag::DiagID: err_drv_argument_only_allowed_with)
579 << lastArgumentForMask(D, Args, Mask: Kinds & NeedsLTO) << "-flto";
580 }
581
582 if ((Kinds & SanitizerKind::ShadowCallStack) && TC.getTriple().isAArch64() &&
583 !llvm::AArch64::isX18ReservedByDefault(TT: TC.getTriple()) &&
584 !Args.hasArg(options::OPT_ffixed_x18) && DiagnoseErrors) {
585 D.Diag(diag::DiagID: err_drv_argument_only_allowed_with)
586 << lastArgumentForMask(D, Args, Mask: Kinds & SanitizerKind::ShadowCallStack)
587 << "-ffixed-x18";
588 }
589
590 // Report error if there are non-trapping sanitizers that require
591 // c++abi-specific parts of UBSan runtime, and they are not provided by the
592 // toolchain. We don't have a good way to check the latter, so we just
593 // check if the toolchan supports vptr.
594 if (~Supported & SanitizerKind::Vptr) {
595 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
596 // The runtime library supports the Microsoft C++ ABI, but only well enough
597 // for CFI. FIXME: Remove this once we support vptr on Windows.
598 if (TC.getTriple().isOSWindows())
599 KindsToDiagnose &= ~SanitizerKind::CFI;
600 if (KindsToDiagnose) {
601 SanitizerSet S;
602 S.Mask = KindsToDiagnose;
603 if (DiagnoseErrors)
604 D.Diag(diag::DiagID: err_drv_unsupported_opt_for_target)
605 << ("-fno-sanitize-trap=" + toString(Sanitizers: S)) << TC.getTriple().str();
606 Kinds &= ~KindsToDiagnose;
607 }
608 }
609
610 // Warn about incompatible groups of sanitizers.
611 for (auto G : IncompatibleGroups) {
612 SanitizerMask Group = G.first;
613 if (Kinds & Group) {
614 if (SanitizerMask Incompatible = Kinds & G.second) {
615 if (DiagnoseErrors)
616 D.Diag(clang::diag::DiagID: err_drv_argument_not_allowed_with)
617 << lastArgumentForMask(D, Args, Mask: Group)
618 << lastArgumentForMask(D, Args, Mask: Incompatible);
619 Kinds &= ~Incompatible;
620 }
621 }
622 }
623 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
624 // -fsanitize=address. Perhaps it should print an error, or perhaps
625 // -f(-no)sanitize=leak should change whether leak detection is enabled by
626 // default in ASan?
627
628 // Parse -f(no-)?sanitize-recover flags.
629 SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable;
630 SanitizerMask DiagnosedUnrecoverableKinds;
631 SanitizerMask DiagnosedAlwaysRecoverableKinds;
632 for (const auto *Arg : Args) {
633 if (Arg->getOption().matches(options::ID: OPT_fsanitize_recover_EQ)) {
634 SanitizerMask Add = parseArgValues(D, A: Arg, DiagnoseErrors);
635 // Report error if user explicitly tries to recover from unrecoverable
636 // sanitizer.
637 if (SanitizerMask KindsToDiagnose =
638 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
639 SanitizerSet SetToDiagnose;
640 SetToDiagnose.Mask |= KindsToDiagnose;
641 if (DiagnoseErrors)
642 D.Diag(diag::DiagID: err_drv_unsupported_option_argument)
643 << Arg->getSpelling() << toString(Sanitizers: SetToDiagnose);
644 DiagnosedUnrecoverableKinds |= KindsToDiagnose;
645 }
646 RecoverableKinds |= expandSanitizerGroups(Kinds: Add);
647 Arg->claim();
648 } else if (Arg->getOption().matches(options::ID: OPT_fno_sanitize_recover_EQ)) {
649 SanitizerMask Remove = parseArgValues(D, A: Arg, DiagnoseErrors);
650 // Report error if user explicitly tries to disable recovery from
651 // always recoverable sanitizer.
652 if (SanitizerMask KindsToDiagnose =
653 Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) {
654 SanitizerSet SetToDiagnose;
655 SetToDiagnose.Mask |= KindsToDiagnose;
656 if (DiagnoseErrors)
657 D.Diag(diag::DiagID: err_drv_unsupported_option_argument)
658 << Arg->getSpelling() << toString(Sanitizers: SetToDiagnose);
659 DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose;
660 }
661 RecoverableKinds &= ~expandSanitizerGroups(Kinds: Remove);
662 Arg->claim();
663 }
664 }
665 RecoverableKinds &= Kinds;
666 RecoverableKinds &= ~Unrecoverable;
667
668 TrappingKinds &= Kinds;
669 RecoverableKinds &= ~TrappingKinds;
670
671 // Setup ignorelist files.
672 // Add default ignorelist from resource directory for activated sanitizers,
673 // and validate special case lists format.
674 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_ignorelist))
675 addDefaultIgnorelists(D, Kinds, IgnorelistFiles&: SystemIgnorelistFiles, DiagnoseErrors);
676
677 // Parse -f(no-)?sanitize-ignorelist options.
678 // This also validates special case lists format.
679 parseSpecialCaseListArg(
680 D, Args, UserIgnorelistFiles, options::OPT_fsanitize_ignorelist_EQ,
681 options::OPT_fno_sanitize_ignorelist,
682 clang::diag::err_drv_malformed_sanitizer_ignorelist, DiagnoseErrors);
683
684 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
685 if (AllAddedKinds & SanitizerKind::Memory) {
686 if (Arg *A =
687 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
688 options::OPT_fno_sanitize_memory_track_origins)) {
689 if (!A->getOption().matches(
690 options::ID: OPT_fno_sanitize_memory_track_origins)) {
691 StringRef S = A->getValue();
692 if (S.getAsInteger(Radix: 0, Result&: MsanTrackOrigins) || MsanTrackOrigins < 0 ||
693 MsanTrackOrigins > 2) {
694 if (DiagnoseErrors)
695 D.Diag(clang::diag::DiagID: err_drv_invalid_value)
696 << A->getAsString(Args) << S;
697 }
698 }
699 }
700 MsanUseAfterDtor = Args.hasFlag(
701 options::OPT_fsanitize_memory_use_after_dtor,
702 options::OPT_fno_sanitize_memory_use_after_dtor, MsanUseAfterDtor);
703 MsanParamRetval = Args.hasFlag(
704 options::OPT_fsanitize_memory_param_retval,
705 options::OPT_fno_sanitize_memory_param_retval, MsanParamRetval);
706 } else if (AllAddedKinds & SanitizerKind::KernelMemory) {
707 MsanUseAfterDtor = false;
708 MsanParamRetval = Args.hasFlag(
709 options::OPT_fsanitize_memory_param_retval,
710 options::OPT_fno_sanitize_memory_param_retval, MsanParamRetval);
711 } else {
712 MsanUseAfterDtor = false;
713 MsanParamRetval = false;
714 }
715
716 if (AllAddedKinds & SanitizerKind::MemTag) {
717 StringRef S =
718 Args.getLastArgValue(options::OPT_fsanitize_memtag_mode_EQ, "sync");
719 if (S == "async" || S == "sync") {
720 MemtagMode = S.str();
721 } else {
722 D.Diag(clang::diag::err_drv_invalid_value_with_suggestion)
723 << "-fsanitize-memtag-mode=" << S << "{async, sync}";
724 MemtagMode = "sync";
725 }
726 }
727
728 if (AllAddedKinds & SanitizerKind::Thread) {
729 TsanMemoryAccess = Args.hasFlag(
730 options::OPT_fsanitize_thread_memory_access,
731 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess);
732 TsanFuncEntryExit = Args.hasFlag(
733 options::OPT_fsanitize_thread_func_entry_exit,
734 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit);
735 TsanAtomics =
736 Args.hasFlag(options::OPT_fsanitize_thread_atomics,
737 options::OPT_fno_sanitize_thread_atomics, TsanAtomics);
738 }
739
740 if (AllAddedKinds & SanitizerKind::CFI) {
741 // Without PIE, external function address may resolve to a PLT record, which
742 // can not be verified by the target module.
743 NeedPIE |= CfiCrossDso;
744 CfiICallGeneralizePointers =
745 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
746
747 CfiICallNormalizeIntegers =
748 Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
749
750 if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors)
751 D.Diag(diag::err_drv_argument_not_allowed_with)
752 << "-fsanitize-cfi-cross-dso"
753 << "-fsanitize-cfi-icall-generalize-pointers";
754
755 CfiCanonicalJumpTables =
756 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
757 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
758 }
759
760 if (AllAddedKinds & SanitizerKind::KCFI) {
761 CfiICallNormalizeIntegers =
762 Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
763
764 if (AllAddedKinds & SanitizerKind::CFI && DiagnoseErrors)
765 D.Diag(diag::err_drv_argument_not_allowed_with)
766 << "-fsanitize=kcfi"
767 << lastArgumentForMask(D, Args, SanitizerKind::CFI);
768 }
769
770 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
771 options::OPT_fno_sanitize_stats, false);
772
773 if (MinimalRuntime) {
774 SanitizerMask IncompatibleMask =
775 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
776 if (IncompatibleMask && DiagnoseErrors)
777 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
778 << "-fsanitize-minimal-runtime"
779 << lastArgumentForMask(D, Args, IncompatibleMask);
780
781 SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds;
782 if (NonTrappingCfi && DiagnoseErrors)
783 D.Diag(clang::diag::err_drv_argument_only_allowed_with)
784 << "fsanitize-minimal-runtime"
785 << "fsanitize-trap=cfi";
786 }
787
788 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
789 // enabled sanitizers.
790 for (const auto *Arg : Args) {
791 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
792 int LegacySanitizeCoverage;
793 if (Arg->getNumValues() == 1 &&
794 !StringRef(Arg->getValue(N: 0))
795 .getAsInteger(Radix: 0, Result&: LegacySanitizeCoverage)) {
796 CoverageFeatures = 0;
797 Arg->claim();
798 if (LegacySanitizeCoverage != 0 && DiagnoseErrors) {
799 D.Diag(diag::warn_drv_deprecated_arg)
800 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard";
801 }
802 continue;
803 }
804 CoverageFeatures |= parseCoverageFeatures(D, A: Arg, DiagnoseErrors);
805
806 // Disable coverage and not claim the flags if there is at least one
807 // non-supporting sanitizer.
808 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
809 Arg->claim();
810 } else {
811 CoverageFeatures = 0;
812 }
813 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
814 Arg->claim();
815 CoverageFeatures &= ~parseCoverageFeatures(D, A: Arg, DiagnoseErrors);
816 }
817 }
818 // Choose at most one coverage type: function, bb, or edge.
819 if (DiagnoseErrors) {
820 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
821 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
822 << "-fsanitize-coverage=func"
823 << "-fsanitize-coverage=bb";
824 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
825 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
826 << "-fsanitize-coverage=func"
827 << "-fsanitize-coverage=edge";
828 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
829 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
830 << "-fsanitize-coverage=bb"
831 << "-fsanitize-coverage=edge";
832 // Basic block tracing and 8-bit counters require some type of coverage
833 // enabled.
834 if (CoverageFeatures & CoverageTraceBB)
835 D.Diag(clang::diag::warn_drv_deprecated_arg)
836 << "-fsanitize-coverage=trace-bb"
837 << "-fsanitize-coverage=trace-pc-guard";
838 if (CoverageFeatures & Coverage8bitCounters)
839 D.Diag(clang::diag::warn_drv_deprecated_arg)
840 << "-fsanitize-coverage=8bit-counters"
841 << "-fsanitize-coverage=trace-pc-guard";
842 }
843
844 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
845 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
846 CoverageInline8bitCounters | CoverageTraceLoads |
847 CoverageTraceStores | CoverageInlineBoolFlag |
848 CoverageControlFlow;
849 if ((CoverageFeatures & InsertionPointTypes) &&
850 !(CoverageFeatures & InstrumentationTypes) && DiagnoseErrors) {
851 D.Diag(clang::diag::warn_drv_deprecated_arg)
852 << "-fsanitize-coverage=[func|bb|edge]"
853 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc],["
854 "control-flow]";
855 }
856
857 // trace-pc w/o func/bb/edge implies edge.
858 if (!(CoverageFeatures & InsertionPointTypes)) {
859 if (CoverageFeatures &
860 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters |
861 CoverageInlineBoolFlag | CoverageControlFlow))
862 CoverageFeatures |= CoverageEdge;
863
864 if (CoverageFeatures & CoverageStackDepth)
865 CoverageFeatures |= CoverageFunc;
866 }
867
868 // Parse -fsanitize-coverage-(allow|ignore)list options if coverage enabled.
869 // This also validates special case lists format.
870 // Here, OptSpecifier() acts as a never-matching command-line argument.
871 // So, there is no way to clear coverage lists but you can append to them.
872 if (CoverageFeatures) {
873 parseSpecialCaseListArg(
874 D, Args, CoverageAllowlistFiles,
875 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(),
876 clang::diag::err_drv_malformed_sanitizer_coverage_allowlist,
877 DiagnoseErrors);
878 parseSpecialCaseListArg(
879 D, Args, CoverageIgnorelistFiles,
880 options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(),
881 clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist,
882 DiagnoseErrors);
883 }
884
885 // Parse -f(no-)?sanitize-metadata.
886 for (const auto *Arg :
887 Args.filtered(options::OPT_fexperimental_sanitize_metadata_EQ,
888 options::OPT_fno_experimental_sanitize_metadata_EQ)) {
889 if (Arg->getOption().matches(
890 options::OPT_fexperimental_sanitize_metadata_EQ)) {
891 Arg->claim();
892 BinaryMetadataFeatures |=
893 parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
894 } else {
895 Arg->claim();
896 BinaryMetadataFeatures &=
897 ~parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
898 }
899 }
900
901 // Parse -fsanitize-metadata-ignorelist option if enabled.
902 if (BinaryMetadataFeatures) {
903 parseSpecialCaseListArg(
904 D, Args, BinaryMetadataIgnorelistFiles,
905 options::OPT_fexperimental_sanitize_metadata_ignorelist_EQ,
906 OptSpecifier(), // Cannot clear ignore list, only append.
907 clang::diag::err_drv_malformed_sanitizer_metadata_ignorelist,
908 DiagnoseErrors);
909 }
910
911 SharedRuntime =
912 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
913 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
914 TC.getTriple().isOSDarwin());
915
916 ImplicitCfiRuntime = TC.getTriple().isAndroid();
917
918 if (AllAddedKinds & SanitizerKind::Address) {
919 NeedPIE |= TC.getTriple().isOSFuchsia();
920 if (Arg *A =
921 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
922 StringRef S = A->getValue();
923 // Legal values are 0 and 1, 2, but in future we may add more levels.
924 if ((S.getAsInteger(Radix: 0, Result&: AsanFieldPadding) || AsanFieldPadding < 0 ||
925 AsanFieldPadding > 2) &&
926 DiagnoseErrors) {
927 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
928 }
929 }
930
931 if (Arg *WindowsDebugRTArg =
932 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
933 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
934 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
935 switch (WindowsDebugRTArg->getOption().getID()) {
936 case options::OPT__SLASH_MTd:
937 case options::OPT__SLASH_MDd:
938 case options::OPT__SLASH_LDd:
939 if (DiagnoseErrors) {
940 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
941 << WindowsDebugRTArg->getAsString(Args)
942 << lastArgumentForMask(D, Args, SanitizerKind::Address);
943 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
944 }
945 }
946 }
947
948 StableABI = Args.hasFlag(options::OPT_fsanitize_stable_abi,
949 options::OPT_fno_sanitize_stable_abi, false);
950
951 AsanUseAfterScope = Args.hasFlag(
952 options::OPT_fsanitize_address_use_after_scope,
953 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
954
955 AsanPoisonCustomArrayCookie = Args.hasFlag(
956 options::OPT_fsanitize_address_poison_custom_array_cookie,
957 options::OPT_fno_sanitize_address_poison_custom_array_cookie,
958 AsanPoisonCustomArrayCookie);
959
960 AsanOutlineInstrumentation =
961 Args.hasFlag(options::OPT_fsanitize_address_outline_instrumentation,
962 options::OPT_fno_sanitize_address_outline_instrumentation,
963 AsanOutlineInstrumentation);
964
965 AsanGlobalsDeadStripping = Args.hasFlag(
966 options::OPT_fsanitize_address_globals_dead_stripping,
967 options::OPT_fno_sanitize_address_globals_dead_stripping, true);
968
969 // Enable ODR indicators which allow better handling of mixed instrumented
970 // and uninstrumented globals. Disable them for Windows where weak odr
971 // indicators (.weak.__odr_asan_gen*) may cause multiple definition linker
972 // errors in the absence of -lldmingw.
973 AsanUseOdrIndicator =
974 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator,
975 options::OPT_fno_sanitize_address_use_odr_indicator,
976 !TC.getTriple().isOSWindows());
977
978 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
979 AsanInvalidPointerCmp = true;
980 }
981
982 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
983 AsanInvalidPointerSub = true;
984 }
985
986 if (TC.getTriple().isOSDarwin() &&
987 (Args.hasArg(options::OPT_mkernel) ||
988 Args.hasArg(options::OPT_fapple_kext))) {
989 AsanDtorKind = llvm::AsanDtorKind::None;
990 }
991
992 if (const auto *Arg =
993 Args.getLastArg(options::OPT_sanitize_address_destructor_EQ)) {
994 auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue());
995 if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid && DiagnoseErrors) {
996 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
997 << Arg->getSpelling() << Arg->getValue();
998 }
999 AsanDtorKind = parsedAsanDtorKind;
1000 }
1001
1002 if (const auto *Arg = Args.getLastArg(
1003 options::OPT_sanitize_address_use_after_return_EQ)) {
1004 auto parsedAsanUseAfterReturn =
1005 AsanDetectStackUseAfterReturnModeFromString(Arg->getValue());
1006 if (parsedAsanUseAfterReturn ==
1007 llvm::AsanDetectStackUseAfterReturnMode::Invalid &&
1008 DiagnoseErrors) {
1009 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
1010 << Arg->getSpelling() << Arg->getValue();
1011 }
1012 AsanUseAfterReturn = parsedAsanUseAfterReturn;
1013 }
1014
1015 } else {
1016 AsanUseAfterScope = false;
1017 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
1018 SanitizerMask DetectInvalidPointerPairs =
1019 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
1020 if ((AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) &&
1021 DiagnoseErrors) {
1022 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1023 << lastArgumentForMask(D, Args,
1024 SanitizerKind::PointerCompare |
1025 SanitizerKind::PointerSubtract)
1026 << "-fsanitize=address";
1027 }
1028 }
1029
1030 if (AllAddedKinds & SanitizerKind::HWAddress) {
1031 if (Arg *HwasanAbiArg =
1032 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) {
1033 HwasanAbi = HwasanAbiArg->getValue();
1034 if (HwasanAbi != "platform" && HwasanAbi != "interceptor" &&
1035 DiagnoseErrors)
1036 D.Diag(clang::diag::err_drv_invalid_value)
1037 << HwasanAbiArg->getAsString(Args) << HwasanAbi;
1038 } else {
1039 HwasanAbi = "interceptor";
1040 }
1041 if (TC.getTriple().getArch() == llvm::Triple::x86_64)
1042 HwasanUseAliases = Args.hasFlag(
1043 options::OPT_fsanitize_hwaddress_experimental_aliasing,
1044 options::OPT_fno_sanitize_hwaddress_experimental_aliasing,
1045 HwasanUseAliases);
1046 }
1047
1048 if (AllAddedKinds & SanitizerKind::SafeStack) {
1049 // SafeStack runtime is built into the system on Android and Fuchsia.
1050 SafeStackRuntime =
1051 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia();
1052 }
1053
1054 LinkRuntimes =
1055 Args.hasFlag(options::OPT_fsanitize_link_runtime,
1056 options::OPT_fno_sanitize_link_runtime, LinkRuntimes);
1057
1058 // Parse -link-cxx-sanitizer flag.
1059 LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime,
1060 options::OPT_fno_sanitize_link_cxx_runtime,
1061 LinkCXXRuntimes) ||
1062 D.CCCIsCXX();
1063
1064 NeedsMemProfRt = Args.hasFlag(options::OPT_fmemory_profile,
1065 options::OPT_fmemory_profile_EQ,
1066 options::OPT_fno_memory_profile, false);
1067
1068 // Finally, initialize the set of available and recoverable sanitizers.
1069 Sanitizers.Mask |= Kinds;
1070 RecoverableSanitizers.Mask |= RecoverableKinds;
1071 TrapSanitizers.Mask |= TrappingKinds;
1072 assert(!(RecoverableKinds & TrappingKinds) &&
1073 "Overlap between recoverable and trapping sanitizers");
1074}
1075
1076static std::string toString(const clang::SanitizerSet &Sanitizers) {
1077 std::string Res;
1078#define SANITIZER(NAME, ID) \
1079 if (Sanitizers.has(SanitizerKind::ID)) { \
1080 if (!Res.empty()) \
1081 Res += ","; \
1082 Res += NAME; \
1083 }
1084#include "clang/Basic/Sanitizers.def"
1085 return Res;
1086}
1087
1088static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args,
1089 llvm::opt::ArgStringList &CmdArgs,
1090 const char *SCLOptFlag,
1091 const std::vector<std::string> &SCLFiles) {
1092 for (const auto &SCLPath : SCLFiles) {
1093 SmallString<64> SCLOpt(SCLOptFlag);
1094 SCLOpt += SCLPath;
1095 CmdArgs.push_back(Elt: Args.MakeArgString(Str: SCLOpt));
1096 }
1097}
1098
1099static void addIncludeLinkerOption(const ToolChain &TC,
1100 const llvm::opt::ArgList &Args,
1101 llvm::opt::ArgStringList &CmdArgs,
1102 StringRef SymbolName) {
1103 SmallString<64> LinkerOptionFlag;
1104 LinkerOptionFlag = "--linker-option=/include:";
1105 if (TC.getTriple().getArch() == llvm::Triple::x86) {
1106 // Win32 mangles C function names with a '_' prefix.
1107 LinkerOptionFlag += '_';
1108 }
1109 LinkerOptionFlag += SymbolName;
1110 CmdArgs.push_back(Elt: Args.MakeArgString(Str: LinkerOptionFlag));
1111}
1112
1113static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) {
1114 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End;
1115 ++Start) {
1116 auto It = std::find(first: Start, last: End, val: StringRef("+mte"));
1117 if (It == End)
1118 break;
1119 if (It > Start && *std::prev(x: It) == StringRef("-target-feature"))
1120 return true;
1121 Start = It;
1122 }
1123 return false;
1124}
1125
1126void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
1127 llvm::opt::ArgStringList &CmdArgs,
1128 types::ID InputType) const {
1129 // NVPTX doesn't currently support sanitizers. Bailing out here means
1130 // that e.g. -fsanitize=address applies only to host code, which is what we
1131 // want for now.
1132 if (TC.getTriple().isNVPTX())
1133 return;
1134 // AMDGPU sanitizer support is experimental and controlled by -fgpu-sanitize.
1135 bool GPUSanitize = false;
1136 if (TC.getTriple().isAMDGPU()) {
1137 if (!Args.hasFlag(options::OPT_fgpu_sanitize, options::OPT_fno_gpu_sanitize,
1138 true))
1139 return;
1140 GPUSanitize = true;
1141 }
1142
1143 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
1144 // Do it even if Sanitizers.empty() since some forms of coverage don't require
1145 // sanitizers.
1146 std::pair<int, const char *> CoverageFlags[] = {
1147 std::make_pair(x: CoverageFunc, y: "-fsanitize-coverage-type=1"),
1148 std::make_pair(x: CoverageBB, y: "-fsanitize-coverage-type=2"),
1149 std::make_pair(x: CoverageEdge, y: "-fsanitize-coverage-type=3"),
1150 std::make_pair(x: CoverageIndirCall, y: "-fsanitize-coverage-indirect-calls"),
1151 std::make_pair(x: CoverageTraceBB, y: "-fsanitize-coverage-trace-bb"),
1152 std::make_pair(x: CoverageTraceCmp, y: "-fsanitize-coverage-trace-cmp"),
1153 std::make_pair(x: CoverageTraceDiv, y: "-fsanitize-coverage-trace-div"),
1154 std::make_pair(x: CoverageTraceGep, y: "-fsanitize-coverage-trace-gep"),
1155 std::make_pair(x: Coverage8bitCounters, y: "-fsanitize-coverage-8bit-counters"),
1156 std::make_pair(x: CoverageTracePC, y: "-fsanitize-coverage-trace-pc"),
1157 std::make_pair(x: CoverageTracePCGuard,
1158 y: "-fsanitize-coverage-trace-pc-guard"),
1159 std::make_pair(x: CoverageInline8bitCounters,
1160 y: "-fsanitize-coverage-inline-8bit-counters"),
1161 std::make_pair(x: CoverageInlineBoolFlag,
1162 y: "-fsanitize-coverage-inline-bool-flag"),
1163 std::make_pair(x: CoveragePCTable, y: "-fsanitize-coverage-pc-table"),
1164 std::make_pair(x: CoverageNoPrune, y: "-fsanitize-coverage-no-prune"),
1165 std::make_pair(x: CoverageStackDepth, y: "-fsanitize-coverage-stack-depth"),
1166 std::make_pair(x: CoverageTraceLoads, y: "-fsanitize-coverage-trace-loads"),
1167 std::make_pair(x: CoverageTraceStores, y: "-fsanitize-coverage-trace-stores"),
1168 std::make_pair(x: CoverageControlFlow, y: "-fsanitize-coverage-control-flow")};
1169 for (auto F : CoverageFlags) {
1170 if (CoverageFeatures & F.first)
1171 CmdArgs.push_back(Elt: F.second);
1172 }
1173 addSpecialCaseListOpt(
1174 Args, CmdArgs, SCLOptFlag: "-fsanitize-coverage-allowlist=", SCLFiles: CoverageAllowlistFiles);
1175 addSpecialCaseListOpt(Args, CmdArgs, SCLOptFlag: "-fsanitize-coverage-ignorelist=",
1176 SCLFiles: CoverageIgnorelistFiles);
1177
1178 if (!GPUSanitize) {
1179 // Translate available BinaryMetadataFeatures to corresponding clang-cc1
1180 // flags. Does not depend on any other sanitizers. Unsupported on GPUs.
1181 const std::pair<int, std::string> BinaryMetadataFlags[] = {
1182 std::make_pair(x: BinaryMetadataCovered, y: "covered"),
1183 std::make_pair(x: BinaryMetadataAtomics, y: "atomics"),
1184 std::make_pair(x: BinaryMetadataUAR, y: "uar")};
1185 for (const auto &F : BinaryMetadataFlags) {
1186 if (BinaryMetadataFeatures & F.first)
1187 CmdArgs.push_back(
1188 Elt: Args.MakeArgString(Str: "-fexperimental-sanitize-metadata=" + F.second));
1189 }
1190 addSpecialCaseListOpt(Args, CmdArgs,
1191 SCLOptFlag: "-fexperimental-sanitize-metadata-ignorelist=",
1192 SCLFiles: BinaryMetadataIgnorelistFiles);
1193 }
1194
1195 if (TC.getTriple().isOSWindows() && needsUbsanRt() &&
1196 Args.hasFlag(options::OPT_frtlib_defaultlib,
1197 options::OPT_fno_rtlib_defaultlib, true)) {
1198 // Instruct the code generator to embed linker directives in the object file
1199 // that cause the required runtime libraries to be linked.
1200 CmdArgs.push_back(
1201 Elt: Args.MakeArgString(Str: "--dependent-lib=" +
1202 TC.getCompilerRTBasename(Args, Component: "ubsan_standalone")));
1203 if (types::isCXX(Id: InputType))
1204 CmdArgs.push_back(Elt: Args.MakeArgString(
1205 Str: "--dependent-lib=" +
1206 TC.getCompilerRTBasename(Args, Component: "ubsan_standalone_cxx")));
1207 }
1208 if (TC.getTriple().isOSWindows() && needsStatsRt() &&
1209 Args.hasFlag(options::OPT_frtlib_defaultlib,
1210 options::OPT_fno_rtlib_defaultlib, true)) {
1211 CmdArgs.push_back(Elt: Args.MakeArgString(
1212 Str: "--dependent-lib=" + TC.getCompilerRTBasename(Args, Component: "stats_client")));
1213
1214 // The main executable must export the stats runtime.
1215 // FIXME: Only exporting from the main executable (e.g. based on whether the
1216 // translation unit defines main()) would save a little space, but having
1217 // multiple copies of the runtime shouldn't hurt.
1218 CmdArgs.push_back(Elt: Args.MakeArgString(
1219 Str: "--dependent-lib=" + TC.getCompilerRTBasename(Args, Component: "stats")));
1220 addIncludeLinkerOption(TC, Args, CmdArgs, SymbolName: "__sanitizer_stats_register");
1221 }
1222
1223 if (Sanitizers.empty())
1224 return;
1225 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize=" + toString(Sanitizers)));
1226
1227 if (!RecoverableSanitizers.empty())
1228 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-recover=" +
1229 toString(Sanitizers: RecoverableSanitizers)));
1230
1231 if (!TrapSanitizers.empty())
1232 CmdArgs.push_back(
1233 Elt: Args.MakeArgString(Str: "-fsanitize-trap=" + toString(Sanitizers: TrapSanitizers)));
1234
1235 addSpecialCaseListOpt(Args, CmdArgs,
1236 SCLOptFlag: "-fsanitize-ignorelist=", SCLFiles: UserIgnorelistFiles);
1237 addSpecialCaseListOpt(Args, CmdArgs,
1238 SCLOptFlag: "-fsanitize-system-ignorelist=", SCLFiles: SystemIgnorelistFiles);
1239
1240 if (MsanTrackOrigins)
1241 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-memory-track-origins=" +
1242 Twine(MsanTrackOrigins)));
1243
1244 if (MsanUseAfterDtor)
1245 CmdArgs.push_back(Elt: "-fsanitize-memory-use-after-dtor");
1246
1247 if (!MsanParamRetval)
1248 CmdArgs.push_back(Elt: "-fno-sanitize-memory-param-retval");
1249
1250 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
1251 if (!TsanMemoryAccess) {
1252 CmdArgs.push_back(Elt: "-mllvm");
1253 CmdArgs.push_back(Elt: "-tsan-instrument-memory-accesses=0");
1254 CmdArgs.push_back(Elt: "-mllvm");
1255 CmdArgs.push_back(Elt: "-tsan-instrument-memintrinsics=0");
1256 }
1257 if (!TsanFuncEntryExit) {
1258 CmdArgs.push_back(Elt: "-mllvm");
1259 CmdArgs.push_back(Elt: "-tsan-instrument-func-entry-exit=0");
1260 }
1261 if (!TsanAtomics) {
1262 CmdArgs.push_back(Elt: "-mllvm");
1263 CmdArgs.push_back(Elt: "-tsan-instrument-atomics=0");
1264 }
1265
1266 if (HwasanUseAliases) {
1267 CmdArgs.push_back(Elt: "-mllvm");
1268 CmdArgs.push_back(Elt: "-hwasan-experimental-use-page-aliases=1");
1269 }
1270
1271 if (CfiCrossDso)
1272 CmdArgs.push_back(Elt: "-fsanitize-cfi-cross-dso");
1273
1274 if (CfiICallGeneralizePointers)
1275 CmdArgs.push_back(Elt: "-fsanitize-cfi-icall-generalize-pointers");
1276
1277 if (CfiICallNormalizeIntegers)
1278 CmdArgs.push_back(Elt: "-fsanitize-cfi-icall-experimental-normalize-integers");
1279
1280 if (CfiCanonicalJumpTables)
1281 CmdArgs.push_back(Elt: "-fsanitize-cfi-canonical-jump-tables");
1282
1283 if (Stats)
1284 CmdArgs.push_back(Elt: "-fsanitize-stats");
1285
1286 if (MinimalRuntime)
1287 CmdArgs.push_back(Elt: "-fsanitize-minimal-runtime");
1288
1289 if (AsanFieldPadding)
1290 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-address-field-padding=" +
1291 Twine(AsanFieldPadding)));
1292
1293 if (AsanUseAfterScope)
1294 CmdArgs.push_back(Elt: "-fsanitize-address-use-after-scope");
1295
1296 if (AsanPoisonCustomArrayCookie)
1297 CmdArgs.push_back(Elt: "-fsanitize-address-poison-custom-array-cookie");
1298
1299 if (AsanGlobalsDeadStripping)
1300 CmdArgs.push_back(Elt: "-fsanitize-address-globals-dead-stripping");
1301
1302 if (!AsanUseOdrIndicator)
1303 CmdArgs.push_back(Elt: "-fno-sanitize-address-use-odr-indicator");
1304
1305 if (AsanInvalidPointerCmp) {
1306 CmdArgs.push_back(Elt: "-mllvm");
1307 CmdArgs.push_back(Elt: "-asan-detect-invalid-pointer-cmp");
1308 }
1309
1310 if (AsanInvalidPointerSub) {
1311 CmdArgs.push_back(Elt: "-mllvm");
1312 CmdArgs.push_back(Elt: "-asan-detect-invalid-pointer-sub");
1313 }
1314
1315 if (AsanOutlineInstrumentation) {
1316 CmdArgs.push_back(Elt: "-mllvm");
1317 CmdArgs.push_back(Elt: "-asan-instrumentation-with-call-threshold=0");
1318 }
1319
1320 // When emitting Stable ABI instrumentation, force outlining calls and avoid
1321 // inlining shadow memory poisoning. While this is a big performance burden
1322 // for now it allows full abstraction from implementation details.
1323 if (StableABI) {
1324 CmdArgs.push_back(Elt: "-mllvm");
1325 CmdArgs.push_back(Elt: "-asan-instrumentation-with-call-threshold=0");
1326 CmdArgs.push_back(Elt: "-mllvm");
1327 CmdArgs.push_back(Elt: "-asan-max-inline-poisoning-size=0");
1328 CmdArgs.push_back(Elt: "-mllvm");
1329 CmdArgs.push_back(Elt: "-asan-guard-against-version-mismatch=0");
1330 }
1331
1332 // Only pass the option to the frontend if the user requested,
1333 // otherwise the frontend will just use the codegen default.
1334 if (AsanDtorKind != llvm::AsanDtorKind::Invalid) {
1335 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "-fsanitize-address-destructor=" +
1336 AsanDtorKindToString(kind: AsanDtorKind)));
1337 }
1338
1339 if (AsanUseAfterReturn != llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
1340 CmdArgs.push_back(Elt: Args.MakeArgString(
1341 Str: "-fsanitize-address-use-after-return=" +
1342 AsanDetectStackUseAfterReturnModeToString(mode: AsanUseAfterReturn)));
1343 }
1344
1345 if (!HwasanAbi.empty()) {
1346 CmdArgs.push_back(Elt: "-default-function-attr");
1347 CmdArgs.push_back(Elt: Args.MakeArgString(Str: "hwasan-abi=" + HwasanAbi));
1348 }
1349
1350 if (Sanitizers.has(K: SanitizerKind::HWAddress) && !HwasanUseAliases) {
1351 CmdArgs.push_back(Elt: "-target-feature");
1352 CmdArgs.push_back(Elt: "+tagged-globals");
1353 }
1354
1355 // MSan: Workaround for PR16386.
1356 // ASan: This is mainly to help LSan with cases such as
1357 // https://github.com/google/sanitizers/issues/373
1358 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
1359 // affect compilation.
1360 if (Sanitizers.has(K: SanitizerKind::Memory) ||
1361 Sanitizers.has(K: SanitizerKind::Address))
1362 CmdArgs.push_back(Elt: "-fno-assume-sane-operator-new");
1363
1364 // libFuzzer wants to intercept calls to certain library functions, so the
1365 // following -fno-builtin-* flags force the compiler to emit interposable
1366 // libcalls to these functions. Other sanitizers effectively do the same thing
1367 // by marking all library call sites with NoBuiltin attribute in their LLVM
1368 // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin)
1369 if (Sanitizers.has(K: SanitizerKind::FuzzerNoLink)) {
1370 CmdArgs.push_back(Elt: "-fno-builtin-bcmp");
1371 CmdArgs.push_back(Elt: "-fno-builtin-memcmp");
1372 CmdArgs.push_back(Elt: "-fno-builtin-strncmp");
1373 CmdArgs.push_back(Elt: "-fno-builtin-strcmp");
1374 CmdArgs.push_back(Elt: "-fno-builtin-strncasecmp");
1375 CmdArgs.push_back(Elt: "-fno-builtin-strcasecmp");
1376 CmdArgs.push_back(Elt: "-fno-builtin-strstr");
1377 CmdArgs.push_back(Elt: "-fno-builtin-strcasestr");
1378 CmdArgs.push_back(Elt: "-fno-builtin-memmem");
1379 }
1380
1381 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
1382 // enabled.
1383 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
1384 !Args.hasArg(options::OPT_fvisibility_EQ)) {
1385 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1386 << lastArgumentForMask(TC.getDriver(), Args,
1387 Sanitizers.Mask & CFIClasses)
1388 << "-fvisibility=";
1389 }
1390
1391 if (Sanitizers.has(SanitizerKind::MemtagStack) &&
1392 !hasTargetFeatureMTE(CmdArgs))
1393 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature);
1394}
1395
1396SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
1397 bool DiagnoseErrors) {
1398 assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
1399 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
1400 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
1401 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
1402 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
1403 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
1404 "Invalid argument in parseArgValues!");
1405 SanitizerMask Kinds;
1406 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1407 const char *Value = A->getValue(N: i);
1408 SanitizerMask Kind;
1409 // Special case: don't accept -fsanitize=all.
1410 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
1411 0 == strcmp("all", Value))
1412 Kind = SanitizerMask();
1413 else
1414 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
1415
1416 if (Kind)
1417 Kinds |= Kind;
1418 else if (DiagnoseErrors)
1419 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1420 << A->getSpelling() << Value;
1421 }
1422 return Kinds;
1423}
1424
1425int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
1426 bool DiagnoseErrors) {
1427 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
1428 A->getOption().matches(options::OPT_fno_sanitize_coverage));
1429 int Features = 0;
1430 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1431 const char *Value = A->getValue(N: i);
1432 int F = llvm::StringSwitch<int>(Value)
1433 .Case(S: "func", Value: CoverageFunc)
1434 .Case(S: "bb", Value: CoverageBB)
1435 .Case(S: "edge", Value: CoverageEdge)
1436 .Case(S: "indirect-calls", Value: CoverageIndirCall)
1437 .Case(S: "trace-bb", Value: CoverageTraceBB)
1438 .Case(S: "trace-cmp", Value: CoverageTraceCmp)
1439 .Case(S: "trace-div", Value: CoverageTraceDiv)
1440 .Case(S: "trace-gep", Value: CoverageTraceGep)
1441 .Case(S: "8bit-counters", Value: Coverage8bitCounters)
1442 .Case(S: "trace-pc", Value: CoverageTracePC)
1443 .Case(S: "trace-pc-guard", Value: CoverageTracePCGuard)
1444 .Case(S: "no-prune", Value: CoverageNoPrune)
1445 .Case(S: "inline-8bit-counters", Value: CoverageInline8bitCounters)
1446 .Case(S: "inline-bool-flag", Value: CoverageInlineBoolFlag)
1447 .Case(S: "pc-table", Value: CoveragePCTable)
1448 .Case(S: "stack-depth", Value: CoverageStackDepth)
1449 .Case(S: "trace-loads", Value: CoverageTraceLoads)
1450 .Case(S: "trace-stores", Value: CoverageTraceStores)
1451 .Case(S: "control-flow", Value: CoverageControlFlow)
1452 .Default(Value: 0);
1453 if (F == 0 && DiagnoseErrors)
1454 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1455 << A->getSpelling() << Value;
1456 Features |= F;
1457 }
1458 return Features;
1459}
1460
1461int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
1462 bool DiagnoseErrors) {
1463 assert(
1464 A->getOption().matches(options::OPT_fexperimental_sanitize_metadata_EQ) ||
1465 A->getOption().matches(
1466 options::OPT_fno_experimental_sanitize_metadata_EQ));
1467 int Features = 0;
1468 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1469 const char *Value = A->getValue(N: i);
1470 int F = llvm::StringSwitch<int>(Value)
1471 .Case(S: "covered", Value: BinaryMetadataCovered)
1472 .Case(S: "atomics", Value: BinaryMetadataAtomics)
1473 .Case(S: "uar", Value: BinaryMetadataUAR)
1474 .Case(S: "all", Value: ~0)
1475 .Default(Value: 0);
1476 if (F == 0 && DiagnoseErrors)
1477 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1478 << A->getSpelling() << Value;
1479 Features |= F;
1480 }
1481 return Features;
1482}
1483
1484std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
1485 SanitizerMask Mask) {
1486 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
1487 E = Args.rend();
1488 I != E; ++I) {
1489 const auto *Arg = *I;
1490 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
1491 SanitizerMask AddKinds =
1492 expandSanitizerGroups(Kinds: parseArgValues(D, A: Arg, DiagnoseErrors: false));
1493 if (AddKinds & Mask)
1494 return describeSanitizeArg(A: Arg, Mask);
1495 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
1496 SanitizerMask RemoveKinds =
1497 expandSanitizerGroups(Kinds: parseArgValues(D, A: Arg, DiagnoseErrors: false));
1498 Mask &= ~RemoveKinds;
1499 }
1500 }
1501 llvm_unreachable("arg list didn't provide expected value");
1502}
1503
1504std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1505 assert(A->getOption().matches(options::OPT_fsanitize_EQ) &&
1506 "Invalid argument in describeSanitizerArg!");
1507
1508 std::string Sanitizers;
1509 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1510 if (expandSanitizerGroups(
1511 Kinds: parseSanitizerValue(Value: A->getValue(N: i), /*AllowGroups=*/true)) &
1512 Mask) {
1513 if (!Sanitizers.empty())
1514 Sanitizers += ",";
1515 Sanitizers += A->getValue(N: i);
1516 }
1517 }
1518
1519 assert(!Sanitizers.empty() && "arg didn't provide expected value");
1520 return "-fsanitize=" + Sanitizers;
1521}
1522

source code of clang/lib/Driver/SanitizerArgs.cpp