1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
9 #include "clang/Driver/SanitizerArgs.h"
10 #include "ToolChains/CommonArgs.h"
11 #include "clang/Basic/Sanitizers.h"
12 #include "clang/Driver/Driver.h"
13 #include "clang/Driver/DriverDiagnostic.h"
14 #include "clang/Driver/Options.h"
15 #include "clang/Driver/ToolChain.h"
16 #include "llvm/ADT/StringExtras.h"
17 #include "llvm/ADT/StringSwitch.h"
18 #include "llvm/Support/FileSystem.h"
19 #include "llvm/Support/Path.h"
20 #include "llvm/Support/SpecialCaseList.h"
23 using namespace clang;
24 using namespace clang::SanitizerKind;
25 using namespace clang::driver;
26 using namespace llvm::opt;
28 enum : SanitizerMask {
29 NeedsUbsanRt = Undefined | Integer | Nullability | CFI,
30 NeedsUbsanCxxRt = Vptr | CFI,
31 NotAllowedWithTrap = Vptr,
32 NotAllowedWithMinimalRuntime = Vptr,
33 RequiresPIE = DataFlow | Scudo,
34 NeedsUnwindTables = Address | HWAddress | Thread | Memory | DataFlow,
35 SupportsCoverage = Address | HWAddress | KernelAddress | Memory | Leak |
36 Undefined | Integer | Nullability | DataFlow | Fuzzer |
38 RecoverableByDefault = Undefined | Integer | Nullability,
39 Unrecoverable = Unreachable | Return,
40 LegacyFsanitizeRecoverMask = Undefined | Integer,
42 TrappingSupported = (Undefined & ~Vptr) | UnsignedIntegerOverflow |
43 Nullability | LocalBounds | CFI,
44 TrappingDefault = CFI,
45 CFIClasses = CFIVCall | CFINVCall | CFIDerivedCast | CFIUnrelatedCast,
46 CompatibleWithMinimalRuntime = TrappingSupported,
49 enum CoverageFeature {
50 CoverageFunc = 1 << 0,
52 CoverageEdge = 1 << 2,
53 CoverageIndirCall = 1 << 3,
54 CoverageTraceBB = 1 << 4, // Deprecated.
55 CoverageTraceCmp = 1 << 5,
56 CoverageTraceDiv = 1 << 6,
57 CoverageTraceGep = 1 << 7,
58 Coverage8bitCounters = 1 << 8, // Deprecated.
59 CoverageTracePC = 1 << 9,
60 CoverageTracePCGuard = 1 << 10,
61 CoverageNoPrune = 1 << 11,
62 CoverageInline8bitCounters = 1 << 12,
63 CoveragePCTable = 1 << 13,
64 CoverageStackDepth = 1 << 14,
67 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
68 /// invalid components. Returns a SanitizerMask.
69 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
72 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
73 /// components. Returns OR of members of \c CoverageFeature enumeration.
74 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A);
76 /// Produce an argument string from ArgList \p Args, which shows how it
77 /// provides some sanitizer kind from \p Mask. For example, the argument list
78 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
79 /// would produce "-fsanitize=vptr".
80 static std::string lastArgumentForMask(const Driver &D,
81 const llvm::opt::ArgList &Args,
84 /// Produce an argument string from argument \p A, which shows how it provides
85 /// a value in \p Mask. For instance, the argument
86 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
87 /// "-fsanitize=alignment".
88 static std::string describeSanitizeArg(const llvm::opt::Arg *A,
91 /// Produce a string containing comma-separated names of sanitizers in \p
93 static std::string toString(const clang::SanitizerSet &Sanitizers);
95 static bool getDefaultBlacklist(const Driver &D, SanitizerMask Kinds,
96 std::string &BLPath) {
97 const char *BlacklistFile = nullptr;
99 BlacklistFile = "asan_blacklist.txt";
100 else if (Kinds & HWAddress)
101 BlacklistFile = "hwasan_blacklist.txt";
102 else if (Kinds & Memory)
103 BlacklistFile = "msan_blacklist.txt";
104 else if (Kinds & Thread)
105 BlacklistFile = "tsan_blacklist.txt";
106 else if (Kinds & DataFlow)
107 BlacklistFile = "dfsan_abilist.txt";
108 else if (Kinds & CFI)
109 BlacklistFile = "cfi_blacklist.txt";
110 else if (Kinds & (Undefined | Integer | Nullability))
111 BlacklistFile = "ubsan_blacklist.txt";
114 clang::SmallString<64> Path(D.ResourceDir);
115 llvm::sys::path::append(Path, BlacklistFile);
122 /// Sets group bits for every group that has at least one representative already
123 /// enabled in \p Kinds.
124 static SanitizerMask setGroupBits(SanitizerMask Kinds) {
125 #define SANITIZER(NAME, ID)
126 #define SANITIZER_GROUP(NAME, ID, ALIAS) \
127 if (Kinds & SanitizerKind::ID) \
128 Kinds |= SanitizerKind::ID##Group;
129 #include "clang/Basic/Sanitizers.def"
133 static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
134 const llvm::opt::ArgList &Args) {
135 SanitizerMask TrapRemove = 0; // During the loop below, the accumulated set of
136 // sanitizers disabled by the current sanitizer
137 // argument or any argument after it.
138 SanitizerMask TrappingKinds = 0;
139 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported);
141 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
143 const auto *Arg = *I;
144 if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) {
146 SanitizerMask Add = parseArgValues(D, Arg, true);
148 if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
150 S.Mask = InvalidValues;
151 D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap"
154 TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove;
155 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) {
157 TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true));
158 } else if (Arg->getOption().matches(
159 options::OPT_fsanitize_undefined_trap_on_error)) {
162 expandSanitizerGroups(UndefinedGroup & ~TrapRemove) & ~TrapRemove;
163 } else if (Arg->getOption().matches(
164 options::OPT_fno_sanitize_undefined_trap_on_error)) {
166 TrapRemove |= expandSanitizerGroups(UndefinedGroup);
170 // Apply default trapping behavior.
171 TrappingKinds |= TrappingDefault & ~TrapRemove;
173 return TrappingKinds;
176 bool SanitizerArgs::needsUbsanRt() const {
177 // All of these include ubsan.
178 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
179 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() || needsScudoRt())
182 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
186 bool SanitizerArgs::needsCfiRt() const {
187 return !(Sanitizers.Mask & CFI & ~TrapSanitizers.Mask) && CfiCrossDso &&
191 bool SanitizerArgs::needsCfiDiagRt() const {
192 return (Sanitizers.Mask & CFI & ~TrapSanitizers.Mask) && CfiCrossDso &&
196 bool SanitizerArgs::requiresPIE() const {
197 return NeedPIE || (Sanitizers.Mask & RequiresPIE);
200 bool SanitizerArgs::needsUnwindTables() const {
201 return Sanitizers.Mask & NeedsUnwindTables;
204 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
205 const llvm::opt::ArgList &Args) {
206 SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of
207 // sanitizers disabled by the current sanitizer
208 // argument or any argument after it.
209 SanitizerMask AllAddedKinds = 0; // Mask of all sanitizers ever enabled by
210 // -fsanitize= flags (directly or via group
211 // expansion), some of which may be disabled
212 // later. Used to carefully prune
213 // unused-argument diagnostics.
214 SanitizerMask DiagnosedKinds = 0; // All Kinds we have diagnosed up to now.
215 // Used to deduplicate diagnostics.
216 SanitizerMask Kinds = 0;
217 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
218 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
220 const Driver &D = TC.getDriver();
221 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
222 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
225 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
226 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
228 // The object size sanitizer should not be enabled at -O0.
229 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
230 bool RemoveObjectSizeAtO0 =
231 !OptLevel || OptLevel->getOption().matches(options::OPT_O0);
233 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
235 const auto *Arg = *I;
236 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
238 SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true);
240 if (RemoveObjectSizeAtO0) {
241 AllRemove |= SanitizerKind::ObjectSize;
243 // The user explicitly enabled the object size sanitizer. Warn that
244 // that this does nothing at -O0.
245 if (Add & SanitizerKind::ObjectSize)
246 D.Diag(diag::warn_drv_object_size_disabled_O0)
247 << Arg->getAsString(Args);
250 AllAddedKinds |= expandSanitizerGroups(Add);
252 // Avoid diagnosing any sanitizer which is disabled later.
254 // At this point we have not expanded groups, so any unsupported
255 // sanitizers in Add are those which have been explicitly enabled.
257 if (SanitizerMask KindsToDiagnose =
258 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
259 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
260 D.Diag(diag::err_drv_argument_not_allowed_with)
261 << Desc << "-fsanitize-trap=undefined";
262 DiagnosedKinds |= KindsToDiagnose;
264 Add &= ~InvalidTrappingKinds;
266 if (MinimalRuntime) {
267 if (SanitizerMask KindsToDiagnose =
268 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
269 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
270 D.Diag(diag::err_drv_argument_not_allowed_with)
271 << Desc << "-fsanitize-minimal-runtime";
272 DiagnosedKinds |= KindsToDiagnose;
274 Add &= ~NotAllowedWithMinimalRuntime;
277 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
278 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
279 D.Diag(diag::err_drv_unsupported_opt_for_target)
280 << Desc << TC.getTriple().str();
281 DiagnosedKinds |= KindsToDiagnose;
285 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
286 // so we don't error out if -fno-rtti and -fsanitize=undefined were
289 (RTTIMode == ToolChain::RM_DisabledImplicitly ||
290 RTTIMode == ToolChain::RM_DisabledExplicitly)) {
291 if (RTTIMode == ToolChain::RM_DisabledImplicitly)
292 // Warn about not having rtti enabled if the vptr sanitizer is
293 // explicitly enabled
294 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default);
296 const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg();
298 "RTTI disabled explicitly but we have no argument!");
299 D.Diag(diag::err_drv_argument_not_allowed_with)
300 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
303 // Take out the Vptr sanitizer from the enabled sanitizers
307 Add = expandSanitizerGroups(Add);
308 // Group expansion may have enabled a sanitizer which is disabled later.
310 // Silently discard any unsupported sanitizers implicitly enabled through
312 Add &= ~InvalidTrappingKinds;
313 if (MinimalRuntime) {
314 Add &= ~NotAllowedWithMinimalRuntime;
321 // Enable coverage if the fuzzing flag is set.
322 if (Add & FuzzerNoLink) {
323 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
324 CoverageTraceCmp | CoveragePCTable;
325 // Due to TLS differences, stack depth tracking is only enabled on Linux
326 if (TC.getTriple().isOSLinux())
327 CoverageFeatures |= CoverageStackDepth;
331 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
333 SanitizerMask Remove = parseArgValues(D, Arg, true);
334 AllRemove |= expandSanitizerGroups(Remove);
338 // Enable toolchain specific default sanitizers if not explicitly disabled.
339 Kinds |= TC.getDefaultSanitizers() & ~AllRemove;
341 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
343 if ((Kinds & Vptr) &&
344 (RTTIMode == ToolChain::RM_DisabledImplicitly ||
345 RTTIMode == ToolChain::RM_DisabledExplicitly)) {
349 // Check that LTO is enabled if we need it.
350 if ((Kinds & NeedsLTO) && !D.isUsingLTO()) {
351 D.Diag(diag::err_drv_argument_only_allowed_with)
352 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
355 // Report error if there are non-trapping sanitizers that require
356 // c++abi-specific parts of UBSan runtime, and they are not provided by the
357 // toolchain. We don't have a good way to check the latter, so we just
358 // check if the toolchan supports vptr.
359 if (~Supported & Vptr) {
360 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
361 // The runtime library supports the Microsoft C++ ABI, but only well enough
362 // for CFI. FIXME: Remove this once we support vptr on Windows.
363 if (TC.getTriple().isOSWindows())
364 KindsToDiagnose &= ~CFI;
365 if (KindsToDiagnose) {
367 S.Mask = KindsToDiagnose;
368 D.Diag(diag::err_drv_unsupported_opt_for_target)
369 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str();
370 Kinds &= ~KindsToDiagnose;
374 // Warn about incompatible groups of sanitizers.
375 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
376 std::make_pair(Address, Thread | Memory),
377 std::make_pair(Thread, Memory),
378 std::make_pair(Leak, Thread | Memory),
379 std::make_pair(KernelAddress, Address | Leak | Thread | Memory),
380 std::make_pair(HWAddress, Address | Thread | Memory | KernelAddress),
381 std::make_pair(Efficiency, Address | HWAddress | Leak | Thread | Memory |
383 std::make_pair(Scudo, Address | HWAddress | Leak | Thread | Memory |
384 KernelAddress | Efficiency)};
385 for (auto G : IncompatibleGroups) {
386 SanitizerMask Group = G.first;
388 if (SanitizerMask Incompatible = Kinds & G.second) {
389 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
390 << lastArgumentForMask(D, Args, Group)
391 << lastArgumentForMask(D, Args, Incompatible);
392 Kinds &= ~Incompatible;
396 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
397 // -fsanitize=address. Perhaps it should print an error, or perhaps
398 // -f(-no)sanitize=leak should change whether leak detection is enabled by
401 // Parse -f(no-)?sanitize-recover flags.
402 SanitizerMask RecoverableKinds = RecoverableByDefault;
403 SanitizerMask DiagnosedUnrecoverableKinds = 0;
404 for (const auto *Arg : Args) {
405 const char *DeprecatedReplacement = nullptr;
406 if (Arg->getOption().matches(options::OPT_fsanitize_recover)) {
407 DeprecatedReplacement =
408 "-fsanitize-recover=undefined,integer' or '-fsanitize-recover=all";
409 RecoverableKinds |= expandSanitizerGroups(LegacyFsanitizeRecoverMask);
411 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover)) {
412 DeprecatedReplacement = "-fno-sanitize-recover=undefined,integer' or "
413 "'-fno-sanitize-recover=all";
414 RecoverableKinds &= ~expandSanitizerGroups(LegacyFsanitizeRecoverMask);
416 } else if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
417 SanitizerMask Add = parseArgValues(D, Arg, true);
418 // Report error if user explicitly tries to recover from unrecoverable
420 if (SanitizerMask KindsToDiagnose =
421 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
422 SanitizerSet SetToDiagnose;
423 SetToDiagnose.Mask |= KindsToDiagnose;
424 D.Diag(diag::err_drv_unsupported_option_argument)
425 << Arg->getOption().getName() << toString(SetToDiagnose);
426 DiagnosedUnrecoverableKinds |= KindsToDiagnose;
428 RecoverableKinds |= expandSanitizerGroups(Add);
430 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
431 RecoverableKinds &= ~expandSanitizerGroups(parseArgValues(D, Arg, true));
434 if (DeprecatedReplacement) {
435 D.Diag(diag::warn_drv_deprecated_arg) << Arg->getAsString(Args)
436 << DeprecatedReplacement;
439 RecoverableKinds &= Kinds;
440 RecoverableKinds &= ~Unrecoverable;
442 TrappingKinds &= Kinds;
443 RecoverableKinds &= ~TrappingKinds;
445 // Setup blacklist files.
446 // Add default blacklist from resource directory.
449 if (getDefaultBlacklist(D, Kinds, BLPath) && llvm::sys::fs::exists(BLPath))
450 BlacklistFiles.push_back(BLPath);
452 // Parse -f(no-)sanitize-blacklist options.
453 for (const auto *Arg : Args) {
454 if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) {
456 std::string BLPath = Arg->getValue();
457 if (llvm::sys::fs::exists(BLPath)) {
458 BlacklistFiles.push_back(BLPath);
459 ExtraDeps.push_back(BLPath);
461 D.Diag(clang::diag::err_drv_no_such_file) << BLPath;
463 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) {
465 BlacklistFiles.clear();
469 // Validate blacklists format.
472 std::unique_ptr<llvm::SpecialCaseList> SCL(
473 llvm::SpecialCaseList::create(BlacklistFiles, BLError));
475 D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError;
478 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
479 if (AllAddedKinds & Memory) {
481 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
482 options::OPT_fsanitize_memory_track_origins,
483 options::OPT_fno_sanitize_memory_track_origins)) {
484 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) {
485 MsanTrackOrigins = 2;
486 } else if (A->getOption().matches(
487 options::OPT_fno_sanitize_memory_track_origins)) {
488 MsanTrackOrigins = 0;
490 StringRef S = A->getValue();
491 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
492 MsanTrackOrigins > 2) {
493 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
498 Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor,
499 options::OPT_fno_sanitize_memory_use_after_dtor,
501 NeedPIE |= !(TC.getTriple().isOSLinux() &&
502 TC.getTriple().getArch() == llvm::Triple::x86_64);
504 MsanUseAfterDtor = false;
507 if (AllAddedKinds & Thread) {
508 TsanMemoryAccess = Args.hasFlag(options::OPT_fsanitize_thread_memory_access,
509 options::OPT_fno_sanitize_thread_memory_access,
511 TsanFuncEntryExit = Args.hasFlag(options::OPT_fsanitize_thread_func_entry_exit,
512 options::OPT_fno_sanitize_thread_func_entry_exit,
514 TsanAtomics = Args.hasFlag(options::OPT_fsanitize_thread_atomics,
515 options::OPT_fno_sanitize_thread_atomics,
519 if (AllAddedKinds & CFI) {
520 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
521 options::OPT_fno_sanitize_cfi_cross_dso, false);
522 // Without PIE, external function address may resolve to a PLT record, which
523 // can not be verified by the target module.
524 NeedPIE |= CfiCrossDso;
525 CfiICallGeneralizePointers =
526 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
528 if (CfiCrossDso && CfiICallGeneralizePointers)
529 D.Diag(diag::err_drv_argument_not_allowed_with)
530 << "-fsanitize-cfi-cross-dso"
531 << "-fsanitize-cfi-icall-generalize-pointers";
534 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
535 options::OPT_fno_sanitize_stats, false);
537 if (MinimalRuntime) {
538 SanitizerMask IncompatibleMask =
539 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
540 if (IncompatibleMask)
541 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
542 << "-fsanitize-minimal-runtime"
543 << lastArgumentForMask(D, Args, IncompatibleMask);
545 SanitizerMask NonTrappingCfi = Kinds & CFI & ~TrappingKinds;
547 D.Diag(clang::diag::err_drv_argument_only_allowed_with)
548 << "fsanitize-minimal-runtime"
549 << "fsanitize-trap=cfi";
552 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
553 // enabled sanitizers.
554 for (const auto *Arg : Args) {
555 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
556 int LegacySanitizeCoverage;
557 if (Arg->getNumValues() == 1 &&
558 !StringRef(Arg->getValue(0))
559 .getAsInteger(0, LegacySanitizeCoverage)) {
560 CoverageFeatures = 0;
562 if (LegacySanitizeCoverage != 0) {
563 D.Diag(diag::warn_drv_deprecated_arg)
564 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard";
568 CoverageFeatures |= parseCoverageFeatures(D, Arg);
570 // Disable coverage and not claim the flags if there is at least one
571 // non-supporting sanitizer.
572 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
575 CoverageFeatures = 0;
577 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
579 CoverageFeatures &= ~parseCoverageFeatures(D, Arg);
582 // Choose at most one coverage type: function, bb, or edge.
583 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
584 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
585 << "-fsanitize-coverage=func"
586 << "-fsanitize-coverage=bb";
587 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
588 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
589 << "-fsanitize-coverage=func"
590 << "-fsanitize-coverage=edge";
591 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
592 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
593 << "-fsanitize-coverage=bb"
594 << "-fsanitize-coverage=edge";
595 // Basic block tracing and 8-bit counters require some type of coverage
597 if (CoverageFeatures & CoverageTraceBB)
598 D.Diag(clang::diag::warn_drv_deprecated_arg)
599 << "-fsanitize-coverage=trace-bb"
600 << "-fsanitize-coverage=trace-pc-guard";
601 if (CoverageFeatures & Coverage8bitCounters)
602 D.Diag(clang::diag::warn_drv_deprecated_arg)
603 << "-fsanitize-coverage=8bit-counters"
604 << "-fsanitize-coverage=trace-pc-guard";
606 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
607 int InstrumentationTypes =
608 CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters;
609 if ((CoverageFeatures & InsertionPointTypes) &&
610 !(CoverageFeatures & InstrumentationTypes)) {
611 D.Diag(clang::diag::warn_drv_deprecated_arg)
612 << "-fsanitize-coverage=[func|bb|edge]"
613 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]";
616 // trace-pc w/o func/bb/edge implies edge.
617 if (!(CoverageFeatures & InsertionPointTypes)) {
618 if (CoverageFeatures &
619 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters))
620 CoverageFeatures |= CoverageEdge;
622 if (CoverageFeatures & CoverageStackDepth)
623 CoverageFeatures |= CoverageFunc;
627 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
628 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
629 TC.getTriple().isOSDarwin());
631 ImplicitCfiRuntime = TC.getTriple().isAndroid();
633 if (AllAddedKinds & Address) {
634 NeedPIE |= TC.getTriple().isOSFuchsia();
636 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
637 StringRef S = A->getValue();
638 // Legal values are 0 and 1, 2, but in future we may add more levels.
639 if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
640 AsanFieldPadding > 2) {
641 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
645 if (Arg *WindowsDebugRTArg =
646 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
647 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
648 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
649 switch (WindowsDebugRTArg->getOption().getID()) {
650 case options::OPT__SLASH_MTd:
651 case options::OPT__SLASH_MDd:
652 case options::OPT__SLASH_LDd:
653 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
654 << WindowsDebugRTArg->getAsString(Args)
655 << lastArgumentForMask(D, Args, Address);
656 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
660 AsanUseAfterScope = Args.hasFlag(
661 options::OPT_fsanitize_address_use_after_scope,
662 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
664 // As a workaround for a bug in gold 2.26 and earlier, dead stripping of
665 // globals in ASan is disabled by default on ELF targets.
666 // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002
667 AsanGlobalsDeadStripping =
668 !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() ||
669 Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping);
671 AsanUseAfterScope = false;
674 if (AllAddedKinds & SafeStack) {
675 // SafeStack runtime is built into the system on Fuchsia.
676 SafeStackRuntime = !TC.getTriple().isOSFuchsia();
679 // Parse -link-cxx-sanitizer flag.
681 Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
683 // Finally, initialize the set of available and recoverable sanitizers.
684 Sanitizers.Mask |= Kinds;
685 RecoverableSanitizers.Mask |= RecoverableKinds;
686 TrapSanitizers.Mask |= TrappingKinds;
687 assert(!(RecoverableKinds & TrappingKinds) &&
688 "Overlap between recoverable and trapping sanitizers");
691 static std::string toString(const clang::SanitizerSet &Sanitizers) {
693 #define SANITIZER(NAME, ID) \
694 if (Sanitizers.has(ID)) { \
699 #include "clang/Basic/Sanitizers.def"
703 static void addIncludeLinkerOption(const ToolChain &TC,
704 const llvm::opt::ArgList &Args,
705 llvm::opt::ArgStringList &CmdArgs,
706 StringRef SymbolName) {
707 SmallString<64> LinkerOptionFlag;
708 LinkerOptionFlag = "--linker-option=/include:";
709 if (TC.getTriple().getArch() == llvm::Triple::x86) {
710 // Win32 mangles C function names with a '_' prefix.
711 LinkerOptionFlag += '_';
713 LinkerOptionFlag += SymbolName;
714 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
717 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
718 llvm::opt::ArgStringList &CmdArgs,
719 types::ID InputType) const {
720 // NVPTX doesn't currently support sanitizers. Bailing out here means that
721 // e.g. -fsanitize=address applies only to host code, which is what we want
723 if (TC.getTriple().isNVPTX())
726 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
727 // Do it even if Sanitizers.empty() since some forms of coverage don't require
729 std::pair<int, const char *> CoverageFlags[] = {
730 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
731 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
732 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
733 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
734 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"),
735 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
736 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"),
737 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"),
738 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"),
739 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"),
740 std::make_pair(CoverageTracePCGuard, "-fsanitize-coverage-trace-pc-guard"),
741 std::make_pair(CoverageInline8bitCounters, "-fsanitize-coverage-inline-8bit-counters"),
742 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
743 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
744 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")};
745 for (auto F : CoverageFlags) {
746 if (CoverageFeatures & F.first)
747 CmdArgs.push_back(F.second);
750 if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
751 // Instruct the code generator to embed linker directives in the object file
752 // that cause the required runtime libraries to be linked.
753 CmdArgs.push_back(Args.MakeArgString(
754 "--dependent-lib=" + TC.getCompilerRT(Args, "ubsan_standalone")));
755 if (types::isCXX(InputType))
756 CmdArgs.push_back(Args.MakeArgString(
757 "--dependent-lib=" + TC.getCompilerRT(Args, "ubsan_standalone_cxx")));
759 if (TC.getTriple().isOSWindows() && needsStatsRt()) {
760 CmdArgs.push_back(Args.MakeArgString("--dependent-lib=" +
761 TC.getCompilerRT(Args, "stats_client")));
763 // The main executable must export the stats runtime.
764 // FIXME: Only exporting from the main executable (e.g. based on whether the
765 // translation unit defines main()) would save a little space, but having
766 // multiple copies of the runtime shouldn't hurt.
767 CmdArgs.push_back(Args.MakeArgString("--dependent-lib=" +
768 TC.getCompilerRT(Args, "stats")));
769 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register");
772 if (Sanitizers.empty())
774 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
776 if (!RecoverableSanitizers.empty())
777 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
778 toString(RecoverableSanitizers)));
780 if (!TrapSanitizers.empty())
782 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
784 for (const auto &BLPath : BlacklistFiles) {
785 SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
786 BlacklistOpt += BLPath;
787 CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
789 for (const auto &Dep : ExtraDeps) {
790 SmallString<64> ExtraDepOpt("-fdepfile-entry=");
792 CmdArgs.push_back(Args.MakeArgString(ExtraDepOpt));
795 if (MsanTrackOrigins)
796 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
797 Twine(MsanTrackOrigins)));
799 if (MsanUseAfterDtor)
800 CmdArgs.push_back("-fsanitize-memory-use-after-dtor");
802 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
803 if (!TsanMemoryAccess) {
804 CmdArgs.push_back("-mllvm");
805 CmdArgs.push_back("-tsan-instrument-memory-accesses=0");
806 CmdArgs.push_back("-mllvm");
807 CmdArgs.push_back("-tsan-instrument-memintrinsics=0");
809 if (!TsanFuncEntryExit) {
810 CmdArgs.push_back("-mllvm");
811 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0");
814 CmdArgs.push_back("-mllvm");
815 CmdArgs.push_back("-tsan-instrument-atomics=0");
819 CmdArgs.push_back("-fsanitize-cfi-cross-dso");
821 if (CfiICallGeneralizePointers)
822 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
825 CmdArgs.push_back("-fsanitize-stats");
828 CmdArgs.push_back("-fsanitize-minimal-runtime");
830 if (AsanFieldPadding)
831 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
832 Twine(AsanFieldPadding)));
834 if (AsanUseAfterScope)
835 CmdArgs.push_back("-fsanitize-address-use-after-scope");
837 if (AsanGlobalsDeadStripping)
838 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping");
840 // MSan: Workaround for PR16386.
841 // ASan: This is mainly to help LSan with cases such as
842 // https://github.com/google/sanitizers/issues/373
843 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
844 // affect compilation.
845 if (Sanitizers.has(Memory) || Sanitizers.has(Address))
846 CmdArgs.push_back("-fno-assume-sane-operator-new");
848 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
850 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
851 !Args.hasArg(options::OPT_fvisibility_EQ)) {
852 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
853 << lastArgumentForMask(TC.getDriver(), Args,
854 Sanitizers.Mask & CFIClasses)
859 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
860 bool DiagnoseErrors) {
861 assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
862 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
863 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
864 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
865 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
866 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
867 "Invalid argument in parseArgValues!");
868 SanitizerMask Kinds = 0;
869 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
870 const char *Value = A->getValue(i);
872 // Special case: don't accept -fsanitize=all.
873 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
874 0 == strcmp("all", Value))
876 // Similarly, don't accept -fsanitize=efficiency-all.
877 else if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
878 0 == strcmp("efficiency-all", Value))
881 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
885 else if (DiagnoseErrors)
886 D.Diag(clang::diag::err_drv_unsupported_option_argument)
887 << A->getOption().getName() << Value;
892 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) {
893 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
894 A->getOption().matches(options::OPT_fno_sanitize_coverage));
896 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
897 const char *Value = A->getValue(i);
898 int F = llvm::StringSwitch<int>(Value)
899 .Case("func", CoverageFunc)
900 .Case("bb", CoverageBB)
901 .Case("edge", CoverageEdge)
902 .Case("indirect-calls", CoverageIndirCall)
903 .Case("trace-bb", CoverageTraceBB)
904 .Case("trace-cmp", CoverageTraceCmp)
905 .Case("trace-div", CoverageTraceDiv)
906 .Case("trace-gep", CoverageTraceGep)
907 .Case("8bit-counters", Coverage8bitCounters)
908 .Case("trace-pc", CoverageTracePC)
909 .Case("trace-pc-guard", CoverageTracePCGuard)
910 .Case("no-prune", CoverageNoPrune)
911 .Case("inline-8bit-counters", CoverageInline8bitCounters)
912 .Case("pc-table", CoveragePCTable)
913 .Case("stack-depth", CoverageStackDepth)
916 D.Diag(clang::diag::err_drv_unsupported_option_argument)
917 << A->getOption().getName() << Value;
923 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
924 SanitizerMask Mask) {
925 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
928 const auto *Arg = *I;
929 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
930 SanitizerMask AddKinds =
931 expandSanitizerGroups(parseArgValues(D, Arg, false));
933 return describeSanitizeArg(Arg, Mask);
934 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
935 SanitizerMask RemoveKinds =
936 expandSanitizerGroups(parseArgValues(D, Arg, false));
937 Mask &= ~RemoveKinds;
940 llvm_unreachable("arg list didn't provide expected value");
943 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
944 assert(A->getOption().matches(options::OPT_fsanitize_EQ)
945 && "Invalid argument in describeSanitizerArg!");
947 std::string Sanitizers;
948 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
949 if (expandSanitizerGroups(
950 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) &
952 if (!Sanitizers.empty())
954 Sanitizers += A->getValue(i);
958 assert(!Sanitizers.empty() && "arg didn't provide expected value");
959 return "-fsanitize=" + Sanitizers;