1//===--- Sanitizers.def - Runtime sanitizer options -------------*- C++ -*-===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8// 9// This file defines the options for specifying which runtime sanitizers to 10// enable. Users of this file must define the SANITIZER macro to make use of 11// this information. Users of this file can also define the SANITIZER_GROUP 12// macro to get information on options which refer to sets of sanitizers. 13// 14//===----------------------------------------------------------------------===// 15 16#ifndef SANITIZER 17#error "Define SANITIZER prior to including this file!" 18#endif 19 20// SANITIZER(NAME, ID) 21 22// The first value is the name of the sanitizer as a string. The sanitizer can 23// be enabled by specifying -fsanitize=NAME. 24 25// The second value is an identifier which can be used to refer to the 26// sanitizer. 27 28 29// SANITIZER_GROUP(NAME, ID, ALIAS) 30 31// The first two values have the same semantics as the corresponding SANITIZER 32// values. The third value is an expression ORing together the IDs of individual 33// sanitizers in this group. 34 35#ifndef SANITIZER_GROUP 36#define SANITIZER_GROUP(NAME, ID, ALIAS) 37#endif 38 39 40// AddressSanitizer 41SANITIZER("address", Address) 42 43// Requires AddressSanitizer 44SANITIZER("pointer-compare", PointerCompare) 45 46// Requires AddressSanitizer 47SANITIZER("pointer-subtract", PointerSubtract) 48 49// Kernel AddressSanitizer (KASan) 50SANITIZER("kernel-address", KernelAddress) 51 52// Hardware-assisted AddressSanitizer 53SANITIZER("hwaddress", HWAddress) 54 55// Kernel Hardware-assisted AddressSanitizer (KHWASan) 56SANITIZER("kernel-hwaddress", KernelHWAddress) 57 58// A variant of AddressSanitizer using AArch64 MTE extension. 59SANITIZER("memtag-stack", MemtagStack) 60SANITIZER("memtag-heap", MemtagHeap) 61SANITIZER("memtag-globals", MemtagGlobals) 62SANITIZER_GROUP("memtag", MemTag, MemtagStack | MemtagHeap | MemtagGlobals) 63 64// MemorySanitizer 65SANITIZER("memory", Memory) 66 67// Kernel MemorySanitizer (KMSAN) 68SANITIZER("kernel-memory", KernelMemory) 69 70// libFuzzer 71SANITIZER("fuzzer", Fuzzer) 72 73// libFuzzer-required instrumentation, no linking. 74SANITIZER("fuzzer-no-link", FuzzerNoLink) 75 76// TypeSanitizer 77SANITIZER("type", Type) 78 79// ThreadSanitizer 80SANITIZER("thread", Thread) 81 82// Numerical stability sanitizer. 83SANITIZER("numerical", NumericalStability) 84 85// RealtimeSanitizer 86SANITIZER("realtime", Realtime) 87 88// LeakSanitizer 89SANITIZER("leak", Leak) 90 91// UndefinedBehaviorSanitizer 92SANITIZER("alignment", Alignment) 93SANITIZER("array-bounds", ArrayBounds) 94SANITIZER("bool", Bool) 95SANITIZER("builtin", Builtin) 96SANITIZER("enum", Enum) 97SANITIZER("float-cast-overflow", FloatCastOverflow) 98SANITIZER("float-divide-by-zero", FloatDivideByZero) 99SANITIZER("function", Function) 100SANITIZER("integer-divide-by-zero", IntegerDivideByZero) 101SANITIZER("nonnull-attribute", NonnullAttribute) 102SANITIZER("null", Null) 103SANITIZER("nullability-arg", NullabilityArg) 104SANITIZER("nullability-assign", NullabilityAssign) 105SANITIZER("nullability-return", NullabilityReturn) 106SANITIZER_GROUP("nullability", Nullability, 107 NullabilityArg | NullabilityAssign | NullabilityReturn) 108SANITIZER("object-size", ObjectSize) 109SANITIZER("pointer-overflow", PointerOverflow) 110SANITIZER("return", Return) 111SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute) 112SANITIZER("shift-base", ShiftBase) 113SANITIZER("shift-exponent", ShiftExponent) 114SANITIZER_GROUP("shift", Shift, ShiftBase | ShiftExponent) 115SANITIZER("signed-integer-overflow", SignedIntegerOverflow) 116SANITIZER("unreachable", Unreachable) 117SANITIZER("vla-bound", VLABound) 118SANITIZER("vptr", Vptr) 119 120// IntegerSanitizer 121SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow) 122SANITIZER("unsigned-shift-base", UnsignedShiftBase) 123 124// DataFlowSanitizer 125SANITIZER("dataflow", DataFlow) 126 127// Control Flow Integrity 128SANITIZER("cfi-cast-strict", CFICastStrict) 129SANITIZER("cfi-derived-cast", CFIDerivedCast) 130SANITIZER("cfi-icall", CFIICall) 131SANITIZER("cfi-mfcall", CFIMFCall) 132SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast) 133SANITIZER("cfi-nvcall", CFINVCall) 134SANITIZER("cfi-vcall", CFIVCall) 135SANITIZER_GROUP("cfi", CFI, 136 CFIDerivedCast | CFIICall | CFIMFCall | CFIUnrelatedCast | 137 CFINVCall | CFIVCall) 138 139// Kernel Control Flow Integrity 140SANITIZER("kcfi", KCFI) 141 142// Safe Stack 143SANITIZER("safe-stack", SafeStack) 144 145// Shadow Call Stack 146SANITIZER("shadow-call-stack", ShadowCallStack) 147 148// -fsanitize=undefined includes all the sanitizers which have low overhead, no 149// ABI or address space layout implications, and only catch undefined behavior. 150SANITIZER_GROUP("undefined", Undefined, 151 Alignment | Bool | Builtin | ArrayBounds | Enum | 152 FloatCastOverflow | 153 IntegerDivideByZero | NonnullAttribute | Null | ObjectSize | 154 PointerOverflow | Return | ReturnsNonnullAttribute | Shift | 155 SignedIntegerOverflow | Unreachable | VLABound | Function | 156 Vptr) 157 158// -fsanitize=undefined-trap is an alias for -fsanitize=undefined. 159SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined) 160 161// ImplicitConversionSanitizer 162SANITIZER("implicit-unsigned-integer-truncation", 163 ImplicitUnsignedIntegerTruncation) 164SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation) 165SANITIZER_GROUP("implicit-integer-truncation", ImplicitIntegerTruncation, 166 ImplicitUnsignedIntegerTruncation | 167 ImplicitSignedIntegerTruncation) 168 169SANITIZER("implicit-integer-sign-change", ImplicitIntegerSignChange) 170 171SANITIZER_GROUP("implicit-integer-arithmetic-value-change", 172 ImplicitIntegerArithmeticValueChange, 173 ImplicitIntegerSignChange | ImplicitSignedIntegerTruncation) 174 175SANITIZER_GROUP("implicit-integer-conversion", ImplicitIntegerConversion, 176 ImplicitIntegerArithmeticValueChange | 177 ImplicitUnsignedIntegerTruncation) 178 179// Implicit bitfield sanitizers 180SANITIZER("implicit-bitfield-conversion", ImplicitBitfieldConversion) 181 182SANITIZER_GROUP("implicit-conversion", ImplicitConversion, 183 ImplicitIntegerConversion | 184 ImplicitBitfieldConversion) 185 186SANITIZER_GROUP("integer", Integer, 187 ImplicitIntegerConversion | IntegerDivideByZero | Shift | 188 SignedIntegerOverflow | UnsignedIntegerOverflow | 189 UnsignedShiftBase) 190 191SANITIZER("objc-cast", ObjCCast) 192 193SANITIZER("local-bounds", LocalBounds) 194SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds) 195 196// Scudo hardened allocator 197SANITIZER("scudo", Scudo) 198 199// Magic group, containing all sanitizers. For example, "-fno-sanitize=all" 200// can be used to disable all the sanitizers. 201SANITIZER_GROUP("all", All, ~SanitizerMask()) 202 203#undef SANITIZER 204#undef SANITIZER_GROUP 205