1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
9 #include "clang/Driver/SanitizerArgs.h"
10 #include "clang/Driver/Driver.h"
11 #include "clang/Driver/DriverDiagnostic.h"
12 #include "clang/Driver/Options.h"
13 #include "clang/Driver/ToolChain.h"
14 #include "llvm/ADT/StringExtras.h"
15 #include "llvm/ADT/StringSwitch.h"
16 #include "llvm/Support/FileSystem.h"
17 #include "llvm/Support/Path.h"
18 #include "llvm/Support/SpecialCaseList.h"
21 using namespace clang::driver;
22 using namespace llvm::opt;
25 /// Assign ordinals to possible values of -fsanitize= flag.
26 /// We use the ordinal values as bit positions within \c SanitizeKind.
27 enum SanitizeOrdinal {
28 #define SANITIZER(NAME, ID) SO_##ID,
29 #define SANITIZER_GROUP(NAME, ID, ALIAS) SO_##ID##Group,
30 #include "clang/Basic/Sanitizers.def"
34 /// Represents a set of sanitizer kinds. It is also used to define:
35 /// 1) set of sanitizers each sanitizer group expands into.
36 /// 2) set of sanitizers sharing a specific property (e.g.
37 /// all sanitizers with zero-base shadow).
39 #define SANITIZER(NAME, ID) ID = 1 << SO_##ID,
40 #define SANITIZER_GROUP(NAME, ID, ALIAS) \
41 ID = ALIAS, ID##Group = 1 << SO_##ID##Group,
42 #include "clang/Basic/Sanitizers.def"
43 NeedsUbsanRt = Undefined | Integer,
44 NotAllowedWithTrap = Vptr,
45 RequiresPIE = Memory | DataFlow,
46 NeedsUnwindTables = Address | Thread | Memory | DataFlow,
47 SupportsCoverage = Address | Memory | Leak | Undefined | Integer,
48 RecoverableByDefault = Undefined | Integer,
49 Unrecoverable = Address | Unreachable | Return,
50 LegacyFsanitizeRecoverMask = Undefined | Integer
54 /// Returns true if set of \p Sanitizers contain at least one sanitizer from
56 static bool hasOneOf(const clang::SanitizerSet &Sanitizers, unsigned Kinds) {
57 #define SANITIZER(NAME, ID) \
58 if (Sanitizers.has(clang::SanitizerKind::ID) && (Kinds & ID)) \
60 #include "clang/Basic/Sanitizers.def"
64 /// Adds all sanitizers from \p Kinds to \p Sanitizers.
65 static void addAllOf(clang::SanitizerSet &Sanitizers, unsigned Kinds) {
66 #define SANITIZER(NAME, ID) \
68 Sanitizers.set(clang::SanitizerKind::ID, true);
69 #include "clang/Basic/Sanitizers.def"
72 static unsigned toSanitizeKind(clang::SanitizerKind K) {
73 #define SANITIZER(NAME, ID) \
74 if (K == clang::SanitizerKind::ID) \
76 #include "clang/Basic/Sanitizers.def"
77 llvm_unreachable("Invalid SanitizerKind!");
80 /// Parse a single value from a -fsanitize= or -fno-sanitize= value list.
81 /// Returns a member of the \c SanitizeKind enumeration, or \c 0
82 /// if \p Value is not known.
83 static unsigned parseValue(const char *Value);
85 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
86 /// invalid components. Returns OR of members of \c SanitizeKind enumeration.
87 static unsigned parseArgValues(const Driver &D, const llvm::opt::Arg *A,
90 /// Produce an argument string from ArgList \p Args, which shows how it
91 /// provides some sanitizer kind from \p Mask. For example, the argument list
92 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
93 /// would produce "-fsanitize=vptr".
94 static std::string lastArgumentForMask(const Driver &D,
95 const llvm::opt::ArgList &Args,
98 static std::string lastArgumentForKind(const Driver &D,
99 const llvm::opt::ArgList &Args,
100 clang::SanitizerKind K) {
101 return lastArgumentForMask(D, Args, toSanitizeKind(K));
104 /// Produce an argument string from argument \p A, which shows how it provides
105 /// a value in \p Mask. For instance, the argument
106 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
107 /// "-fsanitize=alignment".
108 static std::string describeSanitizeArg(const llvm::opt::Arg *A, unsigned Mask);
110 /// Produce a string containing comma-separated names of sanitizers in \p
112 static std::string toString(const clang::SanitizerSet &Sanitizers);
114 /// For each sanitizer group bit set in \p Kinds, set the bits for sanitizers
115 /// this group enables.
116 static unsigned expandGroups(unsigned Kinds);
118 static unsigned getToolchainUnsupportedKinds(const ToolChain &TC) {
119 bool IsFreeBSD = TC.getTriple().getOS() == llvm::Triple::FreeBSD;
120 bool IsLinux = TC.getTriple().getOS() == llvm::Triple::Linux;
121 bool IsX86 = TC.getTriple().getArch() == llvm::Triple::x86;
122 bool IsX86_64 = TC.getTriple().getArch() == llvm::Triple::x86_64;
124 unsigned Unsupported = 0;
125 if (!(IsLinux && IsX86_64)) {
126 Unsupported |= Memory | DataFlow;
128 if (!((IsLinux || IsFreeBSD) && IsX86_64)) {
129 Unsupported |= Thread;
131 if (!(IsLinux && (IsX86 || IsX86_64))) {
132 Unsupported |= Function;
137 bool SanitizerArgs::needsUbsanRt() const {
138 return !UbsanTrapOnError && hasOneOf(Sanitizers, NeedsUbsanRt);
141 bool SanitizerArgs::requiresPIE() const {
142 return AsanZeroBaseShadow || hasOneOf(Sanitizers, RequiresPIE);
145 bool SanitizerArgs::needsUnwindTables() const {
146 return hasOneOf(Sanitizers, NeedsUnwindTables);
149 void SanitizerArgs::clear() {
151 RecoverableSanitizers.clear();
153 SanitizeCoverage = 0;
154 MsanTrackOrigins = 0;
155 AsanFieldPadding = 0;
156 AsanZeroBaseShadow = false;
157 UbsanTrapOnError = false;
158 AsanSharedRuntime = false;
159 LinkCXXRuntimes = false;
162 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
163 const llvm::opt::ArgList &Args) {
165 unsigned AllRemove = 0; // During the loop below, the accumulated set of
166 // sanitizers disabled by the current sanitizer
167 // argument or any argument after it.
168 unsigned DiagnosedKinds = 0; // All Kinds we have diagnosed up to now.
169 // Used to deduplicate diagnostics.
171 unsigned NotSupported = getToolchainUnsupportedKinds(TC);
172 const Driver &D = TC.getDriver();
173 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
175 const auto *Arg = *I;
176 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
178 unsigned Add = parseArgValues(D, Arg, true);
180 // Avoid diagnosing any sanitizer which is disabled later.
182 // At this point we have not expanded groups, so any unsupported
183 // sanitizers in Add are those which have been explicitly enabled.
185 if (unsigned KindsToDiagnose = Add & NotSupported & ~DiagnosedKinds) {
186 // Only diagnose the new kinds.
187 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
188 D.Diag(diag::err_drv_unsupported_opt_for_target)
189 << Desc << TC.getTriple().str();
190 DiagnosedKinds |= KindsToDiagnose;
192 Add &= ~NotSupported;
194 Add = expandGroups(Add);
195 // Group expansion may have enabled a sanitizer which is disabled later.
197 // Silently discard any unsupported sanitizers implicitly enabled through
199 Add &= ~NotSupported;
202 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
204 unsigned Remove = parseArgValues(D, Arg, true);
205 AllRemove |= expandGroups(Remove);
208 addAllOf(Sanitizers, Kinds);
210 // Parse -f(no-)?sanitize-recover flags.
211 unsigned RecoverableKinds = RecoverableByDefault;
212 unsigned DiagnosedUnrecoverableKinds = 0;
213 for (const auto *Arg : Args) {
214 if (Arg->getOption().matches(options::OPT_fsanitize_recover)) {
215 // FIXME: Add deprecation notice, and then remove this flag.
216 RecoverableKinds |= expandGroups(LegacyFsanitizeRecoverMask);
218 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover)) {
219 // FIXME: Add deprecation notice, and then remove this flag.
220 RecoverableKinds &= ~expandGroups(LegacyFsanitizeRecoverMask);
222 } else if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
223 unsigned Add = parseArgValues(D, Arg, true);
224 // Report error if user explicitly tries to recover from unrecoverable
226 if (unsigned KindsToDiagnose =
227 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
228 SanitizerSet SetToDiagnose;
229 addAllOf(SetToDiagnose, KindsToDiagnose);
230 D.Diag(diag::err_drv_unsupported_option_argument)
231 << Arg->getOption().getName() << toString(SetToDiagnose);
232 DiagnosedUnrecoverableKinds |= KindsToDiagnose;
234 RecoverableKinds |= expandGroups(Add);
236 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
237 RecoverableKinds &= ~expandGroups(parseArgValues(D, Arg, true));
241 RecoverableKinds &= Kinds;
242 RecoverableKinds &= ~Unrecoverable;
243 addAllOf(RecoverableSanitizers, RecoverableKinds);
246 Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
247 options::OPT_fno_sanitize_undefined_trap_on_error, false);
249 // Warn about undefined sanitizer options that require runtime support.
250 if (UbsanTrapOnError && hasOneOf(Sanitizers, NotAllowedWithTrap)) {
251 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
252 << lastArgumentForMask(D, Args, NotAllowedWithTrap)
253 << "-fsanitize-undefined-trap-on-error";
256 // Check for incompatible sanitizers.
257 bool NeedsAsan = Sanitizers.has(SanitizerKind::Address);
258 bool NeedsTsan = Sanitizers.has(SanitizerKind::Thread);
259 bool NeedsMsan = Sanitizers.has(SanitizerKind::Memory);
260 bool NeedsLsan = Sanitizers.has(SanitizerKind::Leak);
261 if (NeedsAsan && NeedsTsan)
262 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
263 << lastArgumentForKind(D, Args, SanitizerKind::Address)
264 << lastArgumentForKind(D, Args, SanitizerKind::Thread);
265 if (NeedsAsan && NeedsMsan)
266 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
267 << lastArgumentForKind(D, Args, SanitizerKind::Address)
268 << lastArgumentForKind(D, Args, SanitizerKind::Memory);
269 if (NeedsTsan && NeedsMsan)
270 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
271 << lastArgumentForKind(D, Args, SanitizerKind::Thread)
272 << lastArgumentForKind(D, Args, SanitizerKind::Memory);
273 if (NeedsLsan && NeedsTsan)
274 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
275 << lastArgumentForKind(D, Args, SanitizerKind::Leak)
276 << lastArgumentForKind(D, Args, SanitizerKind::Thread);
277 if (NeedsLsan && NeedsMsan)
278 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
279 << lastArgumentForKind(D, Args, SanitizerKind::Leak)
280 << lastArgumentForKind(D, Args, SanitizerKind::Memory);
281 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
282 // -fsanitize=address. Perhaps it should print an error, or perhaps
283 // -f(-no)sanitize=leak should change whether leak detection is enabled by
286 // Parse -f(no-)sanitize-blacklist options.
287 if (Arg *BLArg = Args.getLastArg(options::OPT_fsanitize_blacklist,
288 options::OPT_fno_sanitize_blacklist)) {
289 if (BLArg->getOption().matches(options::OPT_fsanitize_blacklist)) {
290 std::string BLPath = BLArg->getValue();
291 if (llvm::sys::fs::exists(BLPath)) {
292 // Validate the blacklist format.
294 std::unique_ptr<llvm::SpecialCaseList> SCL(
295 llvm::SpecialCaseList::create(BLPath, BLError));
297 D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError;
299 BlacklistFile = BLPath;
301 D.Diag(clang::diag::err_drv_no_such_file) << BLPath;
305 // If no -fsanitize-blacklist option is specified, try to look up for
306 // blacklist in the resource directory.
308 if (getDefaultBlacklist(D, BLPath) && llvm::sys::fs::exists(BLPath))
309 BlacklistFile = BLPath;
312 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
315 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
316 options::OPT_fsanitize_memory_track_origins,
317 options::OPT_fno_sanitize_memory_track_origins)) {
318 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) {
319 MsanTrackOrigins = 1;
320 } else if (A->getOption().matches(
321 options::OPT_fno_sanitize_memory_track_origins)) {
322 MsanTrackOrigins = 0;
324 StringRef S = A->getValue();
325 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
326 MsanTrackOrigins > 2) {
327 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
333 // Parse -fsanitize-coverage=N. Currently one of asan/msan/lsan is required.
334 if (hasOneOf(Sanitizers, SupportsCoverage)) {
335 if (Arg *A = Args.getLastArg(options::OPT_fsanitize_coverage)) {
336 StringRef S = A->getValue();
337 // Legal values are 0..4.
338 if (S.getAsInteger(0, SanitizeCoverage) || SanitizeCoverage < 0 ||
339 SanitizeCoverage > 4)
340 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
346 Args.hasArg(options::OPT_shared_libasan) ||
347 (TC.getTriple().getEnvironment() == llvm::Triple::Android);
349 (TC.getTriple().getEnvironment() == llvm::Triple::Android);
351 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
352 StringRef S = A->getValue();
353 // Legal values are 0 and 1, 2, but in future we may add more levels.
354 if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
355 AsanFieldPadding > 2) {
356 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
360 if (Arg *WindowsDebugRTArg =
361 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
362 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
363 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
364 switch (WindowsDebugRTArg->getOption().getID()) {
365 case options::OPT__SLASH_MTd:
366 case options::OPT__SLASH_MDd:
367 case options::OPT__SLASH_LDd:
368 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
369 << WindowsDebugRTArg->getAsString(Args)
370 << lastArgumentForKind(D, Args, SanitizerKind::Address);
371 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
376 // Parse -link-cxx-sanitizer flag.
378 Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
381 static std::string toString(const clang::SanitizerSet &Sanitizers) {
383 #define SANITIZER(NAME, ID) \
384 if (Sanitizers.has(clang::SanitizerKind::ID)) { \
389 #include "clang/Basic/Sanitizers.def"
393 void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args,
394 llvm::opt::ArgStringList &CmdArgs) const {
395 if (Sanitizers.empty())
397 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
399 if (!RecoverableSanitizers.empty())
400 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
401 toString(RecoverableSanitizers)));
403 if (UbsanTrapOnError)
404 CmdArgs.push_back("-fsanitize-undefined-trap-on-error");
406 if (!BlacklistFile.empty()) {
407 SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
408 BlacklistOpt += BlacklistFile;
409 CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
412 if (MsanTrackOrigins)
413 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
414 llvm::utostr(MsanTrackOrigins)));
415 if (AsanFieldPadding)
416 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
417 llvm::utostr(AsanFieldPadding)));
418 if (SanitizeCoverage)
419 CmdArgs.push_back(Args.MakeArgString("-fsanitize-coverage=" +
420 llvm::utostr(SanitizeCoverage)));
421 // Workaround for PR16386.
422 if (Sanitizers.has(SanitizerKind::Memory))
423 CmdArgs.push_back(Args.MakeArgString("-fno-assume-sane-operator-new"));
426 bool SanitizerArgs::getDefaultBlacklist(const Driver &D, std::string &BLPath) {
427 const char *BlacklistFile = nullptr;
428 if (Sanitizers.has(SanitizerKind::Address))
429 BlacklistFile = "asan_blacklist.txt";
430 else if (Sanitizers.has(SanitizerKind::Memory))
431 BlacklistFile = "msan_blacklist.txt";
432 else if (Sanitizers.has(SanitizerKind::Thread))
433 BlacklistFile = "tsan_blacklist.txt";
434 else if (Sanitizers.has(SanitizerKind::DataFlow))
435 BlacklistFile = "dfsan_abilist.txt";
438 SmallString<64> Path(D.ResourceDir);
439 llvm::sys::path::append(Path, BlacklistFile);
446 unsigned parseValue(const char *Value) {
447 unsigned ParsedKind = llvm::StringSwitch<SanitizeKind>(Value)
448 #define SANITIZER(NAME, ID) .Case(NAME, ID)
449 #define SANITIZER_GROUP(NAME, ID, ALIAS) .Case(NAME, ID##Group)
450 #include "clang/Basic/Sanitizers.def"
451 .Default(SanitizeKind());
455 unsigned expandGroups(unsigned Kinds) {
456 #define SANITIZER(NAME, ID)
457 #define SANITIZER_GROUP(NAME, ID, ALIAS) if (Kinds & ID##Group) Kinds |= ID;
458 #include "clang/Basic/Sanitizers.def"
462 unsigned parseArgValues(const Driver &D, const llvm::opt::Arg *A,
463 bool DiagnoseErrors) {
464 assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
465 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
466 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
467 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) &&
468 "Invalid argument in parseArgValues!");
470 for (unsigned I = 0, N = A->getNumValues(); I != N; ++I) {
471 const char *Value = A->getValue(I);
473 // Special case: don't accept -fsanitize=all.
474 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
475 0 == strcmp("all", Value))
478 Kind = parseValue(Value);
482 else if (DiagnoseErrors)
483 D.Diag(clang::diag::err_drv_unsupported_option_argument)
484 << A->getOption().getName() << Value;
489 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
491 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
494 const auto *Arg = *I;
495 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
496 unsigned AddKinds = expandGroups(parseArgValues(D, Arg, false));
498 return describeSanitizeArg(Arg, Mask);
499 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
500 unsigned RemoveKinds = expandGroups(parseArgValues(D, Arg, false));
501 Mask &= ~RemoveKinds;
504 llvm_unreachable("arg list didn't provide expected value");
507 std::string describeSanitizeArg(const llvm::opt::Arg *A, unsigned Mask) {
508 assert(A->getOption().matches(options::OPT_fsanitize_EQ)
509 && "Invalid argument in describeSanitizerArg!");
511 std::string Sanitizers;
512 for (unsigned I = 0, N = A->getNumValues(); I != N; ++I) {
513 if (expandGroups(parseValue(A->getValue(I))) & Mask) {
514 if (!Sanitizers.empty())
516 Sanitizers += A->getValue(I);
520 assert(!Sanitizers.empty() && "arg didn't provide expected value");
521 return "-fsanitize=" + Sanitizers;