1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
9 #include "clang/Driver/SanitizerArgs.h"
10 #include "ToolChains/CommonArgs.h"
11 #include "clang/Basic/Sanitizers.h"
12 #include "clang/Driver/Driver.h"
13 #include "clang/Driver/DriverDiagnostic.h"
14 #include "clang/Driver/Options.h"
15 #include "clang/Driver/ToolChain.h"
16 #include "llvm/ADT/StringExtras.h"
17 #include "llvm/ADT/StringSwitch.h"
18 #include "llvm/Support/FileSystem.h"
19 #include "llvm/Support/Path.h"
20 #include "llvm/Support/SpecialCaseList.h"
21 #include "llvm/Support/TargetParser.h"
24 using namespace clang;
25 using namespace clang::SanitizerKind;
26 using namespace clang::driver;
27 using namespace llvm::opt;
29 enum : SanitizerMask {
30 NeedsUbsanRt = Undefined | Integer | Nullability | CFI,
31 NeedsUbsanCxxRt = Vptr | CFI,
32 NotAllowedWithTrap = Vptr,
33 NotAllowedWithMinimalRuntime = Vptr,
34 RequiresPIE = DataFlow | HWAddress | Scudo,
35 NeedsUnwindTables = Address | HWAddress | Thread | Memory | DataFlow,
36 SupportsCoverage = Address | HWAddress | KernelAddress | KernelHWAddress |
37 Memory | Leak | Undefined | Integer | Nullability |
38 DataFlow | Fuzzer | FuzzerNoLink,
39 RecoverableByDefault = Undefined | Integer | Nullability,
40 Unrecoverable = Unreachable | Return,
41 AlwaysRecoverable = KernelAddress | KernelHWAddress,
42 LegacyFsanitizeRecoverMask = Undefined | Integer,
44 TrappingSupported = (Undefined & ~Vptr) | UnsignedIntegerOverflow |
45 Nullability | LocalBounds | CFI,
46 TrappingDefault = CFI,
48 CFIVCall | CFINVCall | CFIMFCall | CFIDerivedCast | CFIUnrelatedCast,
49 CompatibleWithMinimalRuntime = TrappingSupported | Scudo,
52 enum CoverageFeature {
53 CoverageFunc = 1 << 0,
55 CoverageEdge = 1 << 2,
56 CoverageIndirCall = 1 << 3,
57 CoverageTraceBB = 1 << 4, // Deprecated.
58 CoverageTraceCmp = 1 << 5,
59 CoverageTraceDiv = 1 << 6,
60 CoverageTraceGep = 1 << 7,
61 Coverage8bitCounters = 1 << 8, // Deprecated.
62 CoverageTracePC = 1 << 9,
63 CoverageTracePCGuard = 1 << 10,
64 CoverageNoPrune = 1 << 11,
65 CoverageInline8bitCounters = 1 << 12,
66 CoveragePCTable = 1 << 13,
67 CoverageStackDepth = 1 << 14,
70 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
71 /// invalid components. Returns a SanitizerMask.
72 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
75 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
76 /// components. Returns OR of members of \c CoverageFeature enumeration.
77 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A);
79 /// Produce an argument string from ArgList \p Args, which shows how it
80 /// provides some sanitizer kind from \p Mask. For example, the argument list
81 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
82 /// would produce "-fsanitize=vptr".
83 static std::string lastArgumentForMask(const Driver &D,
84 const llvm::opt::ArgList &Args,
87 /// Produce an argument string from argument \p A, which shows how it provides
88 /// a value in \p Mask. For instance, the argument
89 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
90 /// "-fsanitize=alignment".
91 static std::string describeSanitizeArg(const llvm::opt::Arg *A,
94 /// Produce a string containing comma-separated names of sanitizers in \p
96 static std::string toString(const clang::SanitizerSet &Sanitizers);
98 static void addDefaultBlacklists(const Driver &D, SanitizerMask Kinds,
99 std::vector<std::string> &BlacklistFiles) {
103 } Blacklists[] = {{"asan_blacklist.txt", Address},
104 {"hwasan_blacklist.txt", HWAddress},
105 {"msan_blacklist.txt", Memory},
106 {"tsan_blacklist.txt", Thread},
107 {"dfsan_abilist.txt", DataFlow},
108 {"cfi_blacklist.txt", CFI},
109 {"ubsan_blacklist.txt", Undefined | Integer | Nullability}};
111 for (auto BL : Blacklists) {
112 if (!(Kinds & BL.Mask))
115 clang::SmallString<64> Path(D.ResourceDir);
116 llvm::sys::path::append(Path, "share", BL.File);
117 if (llvm::sys::fs::exists(Path))
118 BlacklistFiles.push_back(Path.str());
119 else if (BL.Mask == CFI)
120 // If cfi_blacklist.txt cannot be found in the resource dir, driver
122 D.Diag(clang::diag::err_drv_no_such_file) << Path;
126 /// Sets group bits for every group that has at least one representative already
127 /// enabled in \p Kinds.
128 static SanitizerMask setGroupBits(SanitizerMask Kinds) {
129 #define SANITIZER(NAME, ID)
130 #define SANITIZER_GROUP(NAME, ID, ALIAS) \
131 if (Kinds & SanitizerKind::ID) \
132 Kinds |= SanitizerKind::ID##Group;
133 #include "clang/Basic/Sanitizers.def"
137 static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
138 const llvm::opt::ArgList &Args) {
139 SanitizerMask TrapRemove = 0; // During the loop below, the accumulated set of
140 // sanitizers disabled by the current sanitizer
141 // argument or any argument after it.
142 SanitizerMask TrappingKinds = 0;
143 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported);
145 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
147 const auto *Arg = *I;
148 if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) {
150 SanitizerMask Add = parseArgValues(D, Arg, true);
152 if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
154 S.Mask = InvalidValues;
155 D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap"
158 TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove;
159 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) {
161 TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true));
162 } else if (Arg->getOption().matches(
163 options::OPT_fsanitize_undefined_trap_on_error)) {
166 expandSanitizerGroups(UndefinedGroup & ~TrapRemove) & ~TrapRemove;
167 } else if (Arg->getOption().matches(
168 options::OPT_fno_sanitize_undefined_trap_on_error)) {
170 TrapRemove |= expandSanitizerGroups(UndefinedGroup);
174 // Apply default trapping behavior.
175 TrappingKinds |= TrappingDefault & ~TrapRemove;
177 return TrappingKinds;
180 bool SanitizerArgs::needsUbsanRt() const {
181 // All of these include ubsan.
182 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
183 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() ||
184 (needsScudoRt() && !requiresMinimalRuntime()))
187 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
191 bool SanitizerArgs::needsCfiRt() const {
192 return !(Sanitizers.Mask & CFI & ~TrapSanitizers.Mask) && CfiCrossDso &&
196 bool SanitizerArgs::needsCfiDiagRt() const {
197 return (Sanitizers.Mask & CFI & ~TrapSanitizers.Mask) && CfiCrossDso &&
201 bool SanitizerArgs::requiresPIE() const {
202 return NeedPIE || (Sanitizers.Mask & RequiresPIE);
205 bool SanitizerArgs::needsUnwindTables() const {
206 return Sanitizers.Mask & NeedsUnwindTables;
209 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
210 const llvm::opt::ArgList &Args) {
211 SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of
212 // sanitizers disabled by the current sanitizer
213 // argument or any argument after it.
214 SanitizerMask AllAddedKinds = 0; // Mask of all sanitizers ever enabled by
215 // -fsanitize= flags (directly or via group
216 // expansion), some of which may be disabled
217 // later. Used to carefully prune
218 // unused-argument diagnostics.
219 SanitizerMask DiagnosedKinds = 0; // All Kinds we have diagnosed up to now.
220 // Used to deduplicate diagnostics.
221 SanitizerMask Kinds = 0;
222 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
224 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
225 options::OPT_fno_sanitize_cfi_cross_dso, false);
227 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
229 const Driver &D = TC.getDriver();
230 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
231 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
234 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
235 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
237 // The object size sanitizer should not be enabled at -O0.
238 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
239 bool RemoveObjectSizeAtO0 =
240 !OptLevel || OptLevel->getOption().matches(options::OPT_O0);
242 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
244 const auto *Arg = *I;
245 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
247 SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true);
249 if (RemoveObjectSizeAtO0) {
250 AllRemove |= SanitizerKind::ObjectSize;
252 // The user explicitly enabled the object size sanitizer. Warn that
253 // that this does nothing at -O0.
254 if (Add & SanitizerKind::ObjectSize)
255 D.Diag(diag::warn_drv_object_size_disabled_O0)
256 << Arg->getAsString(Args);
259 AllAddedKinds |= expandSanitizerGroups(Add);
261 // Avoid diagnosing any sanitizer which is disabled later.
263 // At this point we have not expanded groups, so any unsupported
264 // sanitizers in Add are those which have been explicitly enabled.
266 if (SanitizerMask KindsToDiagnose =
267 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
268 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
269 D.Diag(diag::err_drv_argument_not_allowed_with)
270 << Desc << "-fsanitize-trap=undefined";
271 DiagnosedKinds |= KindsToDiagnose;
273 Add &= ~InvalidTrappingKinds;
275 if (MinimalRuntime) {
276 if (SanitizerMask KindsToDiagnose =
277 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
278 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
279 D.Diag(diag::err_drv_argument_not_allowed_with)
280 << Desc << "-fsanitize-minimal-runtime";
281 DiagnosedKinds |= KindsToDiagnose;
283 Add &= ~NotAllowedWithMinimalRuntime;
286 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
287 // There are currently two problems:
288 // - Virtual function call checks need to pass a pointer to the function
289 // address to llvm.type.test and a pointer to the address point to the
290 // diagnostic function. Currently we pass the same pointer to both
292 // - Non-virtual function call checks may need to check multiple type
294 // Fixing both of those may require changes to the cross-DSO CFI
296 if (CfiCrossDso && (Add & CFIMFCall & ~DiagnosedKinds)) {
297 D.Diag(diag::err_drv_argument_not_allowed_with)
298 << "-fsanitize=cfi-mfcall"
299 << "-fsanitize-cfi-cross-dso";
301 DiagnosedKinds |= CFIMFCall;
304 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
305 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
306 D.Diag(diag::err_drv_unsupported_opt_for_target)
307 << Desc << TC.getTriple().str();
308 DiagnosedKinds |= KindsToDiagnose;
312 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
313 // so we don't error out if -fno-rtti and -fsanitize=undefined were
315 if ((Add & Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
316 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
317 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
318 "RTTI disabled without -fno-rtti option?");
319 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
320 // the vptr sanitizer requires RTTI, so this is a user error.
321 D.Diag(diag::err_drv_argument_not_allowed_with)
322 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
324 // The vptr sanitizer requires RTTI, but RTTI is disabled (by
325 // default). Warn that the vptr sanitizer is being disabled.
326 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default);
329 // Take out the Vptr sanitizer from the enabled sanitizers
333 Add = expandSanitizerGroups(Add);
334 // Group expansion may have enabled a sanitizer which is disabled later.
336 // Silently discard any unsupported sanitizers implicitly enabled through
338 Add &= ~InvalidTrappingKinds;
339 if (MinimalRuntime) {
340 Add &= ~NotAllowedWithMinimalRuntime;
349 // Enable coverage if the fuzzing flag is set.
350 if (Add & FuzzerNoLink) {
351 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
352 CoverageTraceCmp | CoveragePCTable;
353 // Due to TLS differences, stack depth tracking is only enabled on Linux
354 if (TC.getTriple().isOSLinux())
355 CoverageFeatures |= CoverageStackDepth;
359 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
361 SanitizerMask Remove = parseArgValues(D, Arg, true);
362 AllRemove |= expandSanitizerGroups(Remove);
366 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
367 std::make_pair(Address, Thread | Memory),
368 std::make_pair(Thread, Memory),
369 std::make_pair(Leak, Thread | Memory),
370 std::make_pair(KernelAddress, Address | Leak | Thread | Memory),
371 std::make_pair(HWAddress, Address | Thread | Memory | KernelAddress),
372 std::make_pair(Efficiency, Address | HWAddress | Leak | Thread | Memory |
374 std::make_pair(Scudo, Address | HWAddress | Leak | Thread | Memory |
375 KernelAddress | Efficiency),
376 std::make_pair(SafeStack, Address | HWAddress | Leak | Thread | Memory |
377 KernelAddress | Efficiency),
378 std::make_pair(ShadowCallStack, Address | HWAddress | Leak | Thread |
379 Memory | KernelAddress | Efficiency |
381 std::make_pair(KernelHWAddress, Address | HWAddress | Leak | Thread |
382 Memory | KernelAddress | Efficiency |
383 SafeStack | ShadowCallStack)};
385 // Enable toolchain specific default sanitizers if not explicitly disabled.
386 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
388 // Disable default sanitizers that are incompatible with explicitly requested
390 for (auto G : IncompatibleGroups) {
391 SanitizerMask Group = G.first;
392 if ((Default & Group) && (Kinds & G.second))
398 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
400 if ((Kinds & Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
404 // Check that LTO is enabled if we need it.
405 if ((Kinds & NeedsLTO) && !D.isUsingLTO()) {
406 D.Diag(diag::err_drv_argument_only_allowed_with)
407 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
410 if ((Kinds & ShadowCallStack) &&
411 TC.getTriple().getArch() == llvm::Triple::aarch64 &&
412 !llvm::AArch64::isX18ReservedByDefault(TC.getTriple()) &&
413 !Args.hasArg(options::OPT_ffixed_x18)) {
414 D.Diag(diag::err_drv_argument_only_allowed_with)
415 << lastArgumentForMask(D, Args, Kinds & ShadowCallStack)
419 // Report error if there are non-trapping sanitizers that require
420 // c++abi-specific parts of UBSan runtime, and they are not provided by the
421 // toolchain. We don't have a good way to check the latter, so we just
422 // check if the toolchan supports vptr.
423 if (~Supported & Vptr) {
424 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
425 // The runtime library supports the Microsoft C++ ABI, but only well enough
426 // for CFI. FIXME: Remove this once we support vptr on Windows.
427 if (TC.getTriple().isOSWindows())
428 KindsToDiagnose &= ~CFI;
429 if (KindsToDiagnose) {
431 S.Mask = KindsToDiagnose;
432 D.Diag(diag::err_drv_unsupported_opt_for_target)
433 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str();
434 Kinds &= ~KindsToDiagnose;
438 // Warn about incompatible groups of sanitizers.
439 for (auto G : IncompatibleGroups) {
440 SanitizerMask Group = G.first;
442 if (SanitizerMask Incompatible = Kinds & G.second) {
443 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
444 << lastArgumentForMask(D, Args, Group)
445 << lastArgumentForMask(D, Args, Incompatible);
446 Kinds &= ~Incompatible;
450 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
451 // -fsanitize=address. Perhaps it should print an error, or perhaps
452 // -f(-no)sanitize=leak should change whether leak detection is enabled by
455 // Parse -f(no-)?sanitize-recover flags.
456 SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable;
457 SanitizerMask DiagnosedUnrecoverableKinds = 0;
458 SanitizerMask DiagnosedAlwaysRecoverableKinds = 0;
459 for (const auto *Arg : Args) {
460 const char *DeprecatedReplacement = nullptr;
461 if (Arg->getOption().matches(options::OPT_fsanitize_recover)) {
462 DeprecatedReplacement =
463 "-fsanitize-recover=undefined,integer' or '-fsanitize-recover=all";
464 RecoverableKinds |= expandSanitizerGroups(LegacyFsanitizeRecoverMask);
466 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover)) {
467 DeprecatedReplacement = "-fno-sanitize-recover=undefined,integer' or "
468 "'-fno-sanitize-recover=all";
469 RecoverableKinds &= ~expandSanitizerGroups(LegacyFsanitizeRecoverMask);
471 } else if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
472 SanitizerMask Add = parseArgValues(D, Arg, true);
473 // Report error if user explicitly tries to recover from unrecoverable
475 if (SanitizerMask KindsToDiagnose =
476 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
477 SanitizerSet SetToDiagnose;
478 SetToDiagnose.Mask |= KindsToDiagnose;
479 D.Diag(diag::err_drv_unsupported_option_argument)
480 << Arg->getOption().getName() << toString(SetToDiagnose);
481 DiagnosedUnrecoverableKinds |= KindsToDiagnose;
483 RecoverableKinds |= expandSanitizerGroups(Add);
485 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
486 SanitizerMask Remove = parseArgValues(D, Arg, true);
487 // Report error if user explicitly tries to disable recovery from
488 // always recoverable sanitizer.
489 if (SanitizerMask KindsToDiagnose =
490 Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) {
491 SanitizerSet SetToDiagnose;
492 SetToDiagnose.Mask |= KindsToDiagnose;
493 D.Diag(diag::err_drv_unsupported_option_argument)
494 << Arg->getOption().getName() << toString(SetToDiagnose);
495 DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose;
497 RecoverableKinds &= ~expandSanitizerGroups(Remove);
500 if (DeprecatedReplacement) {
501 D.Diag(diag::warn_drv_deprecated_arg) << Arg->getAsString(Args)
502 << DeprecatedReplacement;
505 RecoverableKinds &= Kinds;
506 RecoverableKinds &= ~Unrecoverable;
508 TrappingKinds &= Kinds;
509 RecoverableKinds &= ~TrappingKinds;
511 // Setup blacklist files.
512 // Add default blacklist from resource directory.
513 addDefaultBlacklists(D, Kinds, BlacklistFiles);
514 // Parse -f(no-)sanitize-blacklist options.
515 for (const auto *Arg : Args) {
516 if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) {
518 std::string BLPath = Arg->getValue();
519 if (llvm::sys::fs::exists(BLPath)) {
520 BlacklistFiles.push_back(BLPath);
521 ExtraDeps.push_back(BLPath);
523 D.Diag(clang::diag::err_drv_no_such_file) << BLPath;
525 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) {
527 BlacklistFiles.clear();
531 // Validate blacklists format.
534 std::unique_ptr<llvm::SpecialCaseList> SCL(
535 llvm::SpecialCaseList::create(BlacklistFiles, BLError));
537 D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError;
540 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
541 if (AllAddedKinds & Memory) {
543 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
544 options::OPT_fsanitize_memory_track_origins,
545 options::OPT_fno_sanitize_memory_track_origins)) {
546 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) {
547 MsanTrackOrigins = 2;
548 } else if (A->getOption().matches(
549 options::OPT_fno_sanitize_memory_track_origins)) {
550 MsanTrackOrigins = 0;
552 StringRef S = A->getValue();
553 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
554 MsanTrackOrigins > 2) {
555 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
560 Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor,
561 options::OPT_fno_sanitize_memory_use_after_dtor,
563 NeedPIE |= !(TC.getTriple().isOSLinux() &&
564 TC.getTriple().getArch() == llvm::Triple::x86_64);
566 MsanUseAfterDtor = false;
569 if (AllAddedKinds & Thread) {
570 TsanMemoryAccess = Args.hasFlag(options::OPT_fsanitize_thread_memory_access,
571 options::OPT_fno_sanitize_thread_memory_access,
573 TsanFuncEntryExit = Args.hasFlag(options::OPT_fsanitize_thread_func_entry_exit,
574 options::OPT_fno_sanitize_thread_func_entry_exit,
576 TsanAtomics = Args.hasFlag(options::OPT_fsanitize_thread_atomics,
577 options::OPT_fno_sanitize_thread_atomics,
581 if (AllAddedKinds & CFI) {
582 // Without PIE, external function address may resolve to a PLT record, which
583 // can not be verified by the target module.
584 NeedPIE |= CfiCrossDso;
585 CfiICallGeneralizePointers =
586 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
588 if (CfiCrossDso && CfiICallGeneralizePointers)
589 D.Diag(diag::err_drv_argument_not_allowed_with)
590 << "-fsanitize-cfi-cross-dso"
591 << "-fsanitize-cfi-icall-generalize-pointers";
594 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
595 options::OPT_fno_sanitize_stats, false);
597 if (MinimalRuntime) {
598 SanitizerMask IncompatibleMask =
599 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
600 if (IncompatibleMask)
601 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
602 << "-fsanitize-minimal-runtime"
603 << lastArgumentForMask(D, Args, IncompatibleMask);
605 SanitizerMask NonTrappingCfi = Kinds & CFI & ~TrappingKinds;
607 D.Diag(clang::diag::err_drv_argument_only_allowed_with)
608 << "fsanitize-minimal-runtime"
609 << "fsanitize-trap=cfi";
612 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
613 // enabled sanitizers.
614 for (const auto *Arg : Args) {
615 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
616 int LegacySanitizeCoverage;
617 if (Arg->getNumValues() == 1 &&
618 !StringRef(Arg->getValue(0))
619 .getAsInteger(0, LegacySanitizeCoverage)) {
620 CoverageFeatures = 0;
622 if (LegacySanitizeCoverage != 0) {
623 D.Diag(diag::warn_drv_deprecated_arg)
624 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard";
628 CoverageFeatures |= parseCoverageFeatures(D, Arg);
630 // Disable coverage and not claim the flags if there is at least one
631 // non-supporting sanitizer.
632 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
635 CoverageFeatures = 0;
637 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
639 CoverageFeatures &= ~parseCoverageFeatures(D, Arg);
642 // Choose at most one coverage type: function, bb, or edge.
643 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
644 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
645 << "-fsanitize-coverage=func"
646 << "-fsanitize-coverage=bb";
647 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
648 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
649 << "-fsanitize-coverage=func"
650 << "-fsanitize-coverage=edge";
651 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
652 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
653 << "-fsanitize-coverage=bb"
654 << "-fsanitize-coverage=edge";
655 // Basic block tracing and 8-bit counters require some type of coverage
657 if (CoverageFeatures & CoverageTraceBB)
658 D.Diag(clang::diag::warn_drv_deprecated_arg)
659 << "-fsanitize-coverage=trace-bb"
660 << "-fsanitize-coverage=trace-pc-guard";
661 if (CoverageFeatures & Coverage8bitCounters)
662 D.Diag(clang::diag::warn_drv_deprecated_arg)
663 << "-fsanitize-coverage=8bit-counters"
664 << "-fsanitize-coverage=trace-pc-guard";
666 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
667 int InstrumentationTypes =
668 CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters;
669 if ((CoverageFeatures & InsertionPointTypes) &&
670 !(CoverageFeatures & InstrumentationTypes)) {
671 D.Diag(clang::diag::warn_drv_deprecated_arg)
672 << "-fsanitize-coverage=[func|bb|edge]"
673 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]";
676 // trace-pc w/o func/bb/edge implies edge.
677 if (!(CoverageFeatures & InsertionPointTypes)) {
678 if (CoverageFeatures &
679 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters))
680 CoverageFeatures |= CoverageEdge;
682 if (CoverageFeatures & CoverageStackDepth)
683 CoverageFeatures |= CoverageFunc;
687 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
688 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
689 TC.getTriple().isOSDarwin());
691 ImplicitCfiRuntime = TC.getTriple().isAndroid();
693 if (AllAddedKinds & Address) {
694 NeedPIE |= TC.getTriple().isOSFuchsia();
696 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
697 StringRef S = A->getValue();
698 // Legal values are 0 and 1, 2, but in future we may add more levels.
699 if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
700 AsanFieldPadding > 2) {
701 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
705 if (Arg *WindowsDebugRTArg =
706 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
707 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
708 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
709 switch (WindowsDebugRTArg->getOption().getID()) {
710 case options::OPT__SLASH_MTd:
711 case options::OPT__SLASH_MDd:
712 case options::OPT__SLASH_LDd:
713 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
714 << WindowsDebugRTArg->getAsString(Args)
715 << lastArgumentForMask(D, Args, Address);
716 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
720 AsanUseAfterScope = Args.hasFlag(
721 options::OPT_fsanitize_address_use_after_scope,
722 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
724 // As a workaround for a bug in gold 2.26 and earlier, dead stripping of
725 // globals in ASan is disabled by default on ELF targets.
726 // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002
727 AsanGlobalsDeadStripping =
728 !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() ||
729 Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping);
731 AsanUseAfterScope = false;
734 if (AllAddedKinds & SafeStack) {
735 // SafeStack runtime is built into the system on Fuchsia.
736 SafeStackRuntime = !TC.getTriple().isOSFuchsia();
739 // Parse -link-cxx-sanitizer flag.
741 Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
743 // Finally, initialize the set of available and recoverable sanitizers.
744 Sanitizers.Mask |= Kinds;
745 RecoverableSanitizers.Mask |= RecoverableKinds;
746 TrapSanitizers.Mask |= TrappingKinds;
747 assert(!(RecoverableKinds & TrappingKinds) &&
748 "Overlap between recoverable and trapping sanitizers");
751 static std::string toString(const clang::SanitizerSet &Sanitizers) {
753 #define SANITIZER(NAME, ID) \
754 if (Sanitizers.has(ID)) { \
759 #include "clang/Basic/Sanitizers.def"
763 static void addIncludeLinkerOption(const ToolChain &TC,
764 const llvm::opt::ArgList &Args,
765 llvm::opt::ArgStringList &CmdArgs,
766 StringRef SymbolName) {
767 SmallString<64> LinkerOptionFlag;
768 LinkerOptionFlag = "--linker-option=/include:";
769 if (TC.getTriple().getArch() == llvm::Triple::x86) {
770 // Win32 mangles C function names with a '_' prefix.
771 LinkerOptionFlag += '_';
773 LinkerOptionFlag += SymbolName;
774 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
777 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
778 llvm::opt::ArgStringList &CmdArgs,
779 types::ID InputType) const {
780 // NVPTX doesn't currently support sanitizers. Bailing out here means that
781 // e.g. -fsanitize=address applies only to host code, which is what we want
783 if (TC.getTriple().isNVPTX())
786 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
787 // Do it even if Sanitizers.empty() since some forms of coverage don't require
789 std::pair<int, const char *> CoverageFlags[] = {
790 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
791 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
792 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
793 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
794 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"),
795 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
796 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"),
797 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"),
798 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"),
799 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"),
800 std::make_pair(CoverageTracePCGuard, "-fsanitize-coverage-trace-pc-guard"),
801 std::make_pair(CoverageInline8bitCounters, "-fsanitize-coverage-inline-8bit-counters"),
802 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
803 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
804 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")};
805 for (auto F : CoverageFlags) {
806 if (CoverageFeatures & F.first)
807 CmdArgs.push_back(F.second);
810 if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
811 // Instruct the code generator to embed linker directives in the object file
812 // that cause the required runtime libraries to be linked.
813 CmdArgs.push_back(Args.MakeArgString(
814 "--dependent-lib=" + TC.getCompilerRT(Args, "ubsan_standalone")));
815 if (types::isCXX(InputType))
816 CmdArgs.push_back(Args.MakeArgString(
817 "--dependent-lib=" + TC.getCompilerRT(Args, "ubsan_standalone_cxx")));
819 if (TC.getTriple().isOSWindows() && needsStatsRt()) {
820 CmdArgs.push_back(Args.MakeArgString("--dependent-lib=" +
821 TC.getCompilerRT(Args, "stats_client")));
823 // The main executable must export the stats runtime.
824 // FIXME: Only exporting from the main executable (e.g. based on whether the
825 // translation unit defines main()) would save a little space, but having
826 // multiple copies of the runtime shouldn't hurt.
827 CmdArgs.push_back(Args.MakeArgString("--dependent-lib=" +
828 TC.getCompilerRT(Args, "stats")));
829 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register");
832 if (Sanitizers.empty())
834 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
836 if (!RecoverableSanitizers.empty())
837 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
838 toString(RecoverableSanitizers)));
840 if (!TrapSanitizers.empty())
842 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
844 for (const auto &BLPath : BlacklistFiles) {
845 SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
846 BlacklistOpt += BLPath;
847 CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
849 for (const auto &Dep : ExtraDeps) {
850 SmallString<64> ExtraDepOpt("-fdepfile-entry=");
852 CmdArgs.push_back(Args.MakeArgString(ExtraDepOpt));
855 if (MsanTrackOrigins)
856 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
857 Twine(MsanTrackOrigins)));
859 if (MsanUseAfterDtor)
860 CmdArgs.push_back("-fsanitize-memory-use-after-dtor");
862 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
863 if (!TsanMemoryAccess) {
864 CmdArgs.push_back("-mllvm");
865 CmdArgs.push_back("-tsan-instrument-memory-accesses=0");
866 CmdArgs.push_back("-mllvm");
867 CmdArgs.push_back("-tsan-instrument-memintrinsics=0");
869 if (!TsanFuncEntryExit) {
870 CmdArgs.push_back("-mllvm");
871 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0");
874 CmdArgs.push_back("-mllvm");
875 CmdArgs.push_back("-tsan-instrument-atomics=0");
879 CmdArgs.push_back("-fsanitize-cfi-cross-dso");
881 if (CfiICallGeneralizePointers)
882 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
885 CmdArgs.push_back("-fsanitize-stats");
888 CmdArgs.push_back("-fsanitize-minimal-runtime");
890 if (AsanFieldPadding)
891 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
892 Twine(AsanFieldPadding)));
894 if (AsanUseAfterScope)
895 CmdArgs.push_back("-fsanitize-address-use-after-scope");
897 if (AsanGlobalsDeadStripping)
898 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping");
900 // MSan: Workaround for PR16386.
901 // ASan: This is mainly to help LSan with cases such as
902 // https://github.com/google/sanitizers/issues/373
903 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
904 // affect compilation.
905 if (Sanitizers.has(Memory) || Sanitizers.has(Address))
906 CmdArgs.push_back("-fno-assume-sane-operator-new");
908 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
910 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
911 !Args.hasArg(options::OPT_fvisibility_EQ)) {
912 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
913 << lastArgumentForMask(TC.getDriver(), Args,
914 Sanitizers.Mask & CFIClasses)
919 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
920 bool DiagnoseErrors) {
921 assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
922 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
923 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
924 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
925 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
926 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
927 "Invalid argument in parseArgValues!");
928 SanitizerMask Kinds = 0;
929 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
930 const char *Value = A->getValue(i);
932 // Special case: don't accept -fsanitize=all.
933 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
934 0 == strcmp("all", Value))
936 // Similarly, don't accept -fsanitize=efficiency-all.
937 else if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
938 0 == strcmp("efficiency-all", Value))
941 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
945 else if (DiagnoseErrors)
946 D.Diag(clang::diag::err_drv_unsupported_option_argument)
947 << A->getOption().getName() << Value;
952 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) {
953 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
954 A->getOption().matches(options::OPT_fno_sanitize_coverage));
956 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
957 const char *Value = A->getValue(i);
958 int F = llvm::StringSwitch<int>(Value)
959 .Case("func", CoverageFunc)
960 .Case("bb", CoverageBB)
961 .Case("edge", CoverageEdge)
962 .Case("indirect-calls", CoverageIndirCall)
963 .Case("trace-bb", CoverageTraceBB)
964 .Case("trace-cmp", CoverageTraceCmp)
965 .Case("trace-div", CoverageTraceDiv)
966 .Case("trace-gep", CoverageTraceGep)
967 .Case("8bit-counters", Coverage8bitCounters)
968 .Case("trace-pc", CoverageTracePC)
969 .Case("trace-pc-guard", CoverageTracePCGuard)
970 .Case("no-prune", CoverageNoPrune)
971 .Case("inline-8bit-counters", CoverageInline8bitCounters)
972 .Case("pc-table", CoveragePCTable)
973 .Case("stack-depth", CoverageStackDepth)
976 D.Diag(clang::diag::err_drv_unsupported_option_argument)
977 << A->getOption().getName() << Value;
983 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
984 SanitizerMask Mask) {
985 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
988 const auto *Arg = *I;
989 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
990 SanitizerMask AddKinds =
991 expandSanitizerGroups(parseArgValues(D, Arg, false));
993 return describeSanitizeArg(Arg, Mask);
994 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
995 SanitizerMask RemoveKinds =
996 expandSanitizerGroups(parseArgValues(D, Arg, false));
997 Mask &= ~RemoveKinds;
1000 llvm_unreachable("arg list didn't provide expected value");
1003 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1004 assert(A->getOption().matches(options::OPT_fsanitize_EQ)
1005 && "Invalid argument in describeSanitizerArg!");
1007 std::string Sanitizers;
1008 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1009 if (expandSanitizerGroups(
1010 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) &
1012 if (!Sanitizers.empty())
1014 Sanitizers += A->getValue(i);
1018 assert(!Sanitizers.empty() && "arg didn't provide expected value");
1019 return "-fsanitize=" + Sanitizers;