1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 #include "clang/Driver/SanitizerArgs.h"
9 #include "ToolChains/CommonArgs.h"
10 #include "clang/Basic/Sanitizers.h"
11 #include "clang/Driver/Driver.h"
12 #include "clang/Driver/DriverDiagnostic.h"
13 #include "clang/Driver/Options.h"
14 #include "clang/Driver/ToolChain.h"
15 #include "llvm/ADT/StringExtras.h"
16 #include "llvm/ADT/StringSwitch.h"
17 #include "llvm/Support/Path.h"
18 #include "llvm/Support/SpecialCaseList.h"
19 #include "llvm/Support/TargetParser.h"
20 #include "llvm/Support/VirtualFileSystem.h"
21 #include <memory>
22
23 using namespace clang;
24 using namespace clang::driver;
25 using namespace llvm::opt;
26
27 static const SanitizerMask NeedsUbsanRt =
28 SanitizerKind::Undefined | SanitizerKind::Integer |
29 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
30 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
31 SanitizerKind::ObjCCast;
32 static const SanitizerMask NeedsUbsanCxxRt =
33 SanitizerKind::Vptr | SanitizerKind::CFI;
34 static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
35 static const SanitizerMask NotAllowedWithMinimalRuntime =
36 SanitizerKind::Function | SanitizerKind::Vptr;
37 static const SanitizerMask RequiresPIE =
38 SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo;
39 static const SanitizerMask NeedsUnwindTables =
40 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |
41 SanitizerKind::Memory | SanitizerKind::DataFlow;
42 static const SanitizerMask SupportsCoverage =
43 SanitizerKind::Address | SanitizerKind::HWAddress |
44 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
45 SanitizerKind::MemTag | SanitizerKind::Memory |
46 SanitizerKind::KernelMemory | SanitizerKind::Leak |
47 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
48 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
49 SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
50 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
51 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
52 SanitizerKind::Thread | SanitizerKind::ObjCCast;
53 static const SanitizerMask RecoverableByDefault =
54 SanitizerKind::Undefined | SanitizerKind::Integer |
55 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
56 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
57 static const SanitizerMask Unrecoverable =
58 SanitizerKind::Unreachable | SanitizerKind::Return;
59 static const SanitizerMask AlwaysRecoverable =
60 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress;
61 static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
62 static const SanitizerMask TrappingSupported =
63 (SanitizerKind::Undefined & ~SanitizerKind::Vptr) | SanitizerKind::Integer |
64 SanitizerKind::Nullability | SanitizerKind::LocalBounds |
65 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
66 SanitizerKind::ObjCCast;
67 static const SanitizerMask TrappingDefault = SanitizerKind::CFI;
68 static const SanitizerMask CFIClasses =
69 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall |
70 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast |
71 SanitizerKind::CFIUnrelatedCast;
72 static const SanitizerMask CompatibleWithMinimalRuntime =
73 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack |
74 SanitizerKind::MemTag;
75
76 enum CoverageFeature {
77 CoverageFunc = 1 << 0,
78 CoverageBB = 1 << 1,
79 CoverageEdge = 1 << 2,
80 CoverageIndirCall = 1 << 3,
81 CoverageTraceBB = 1 << 4, // Deprecated.
82 CoverageTraceCmp = 1 << 5,
83 CoverageTraceDiv = 1 << 6,
84 CoverageTraceGep = 1 << 7,
85 Coverage8bitCounters = 1 << 8, // Deprecated.
86 CoverageTracePC = 1 << 9,
87 CoverageTracePCGuard = 1 << 10,
88 CoverageNoPrune = 1 << 11,
89 CoverageInline8bitCounters = 1 << 12,
90 CoveragePCTable = 1 << 13,
91 CoverageStackDepth = 1 << 14,
92 CoverageInlineBoolFlag = 1 << 15,
93 };
94
95 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
96 /// invalid components. Returns a SanitizerMask.
97 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
98 bool DiagnoseErrors);
99
100 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
101 /// components. Returns OR of members of \c CoverageFeature enumeration.
102 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A);
103
104 /// Produce an argument string from ArgList \p Args, which shows how it
105 /// provides some sanitizer kind from \p Mask. For example, the argument list
106 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
107 /// would produce "-fsanitize=vptr".
108 static std::string lastArgumentForMask(const Driver &D,
109 const llvm::opt::ArgList &Args,
110 SanitizerMask Mask);
111
112 /// Produce an argument string from argument \p A, which shows how it provides
113 /// a value in \p Mask. For instance, the argument
114 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
115 /// "-fsanitize=alignment".
116 static std::string describeSanitizeArg(const llvm::opt::Arg *A,
117 SanitizerMask Mask);
118
119 /// Produce a string containing comma-separated names of sanitizers in \p
120 /// Sanitizers set.
121 static std::string toString(const clang::SanitizerSet &Sanitizers);
122
validateSpecialCaseListFormat(const Driver & D,std::vector<std::string> & SCLFiles,unsigned MalformedSCLErrorDiagID)123 static void validateSpecialCaseListFormat(const Driver &D,
124 std::vector<std::string> &SCLFiles,
125 unsigned MalformedSCLErrorDiagID) {
126 if (SCLFiles.empty())
127 return;
128
129 std::string BLError;
130 std::unique_ptr<llvm::SpecialCaseList> SCL(
131 llvm::SpecialCaseList::create(SCLFiles, D.getVFS(), BLError));
132 if (!SCL.get())
133 D.Diag(MalformedSCLErrorDiagID) << BLError;
134 }
135
addDefaultIgnorelists(const Driver & D,SanitizerMask Kinds,std::vector<std::string> & IgnorelistFiles)136 static void addDefaultIgnorelists(const Driver &D, SanitizerMask Kinds,
137 std::vector<std::string> &IgnorelistFiles) {
138 struct Ignorelist {
139 const char *File;
140 SanitizerMask Mask;
141 } Ignorelists[] = {{"asan_ignorelist.txt", SanitizerKind::Address},
142 {"hwasan_ignorelist.txt", SanitizerKind::HWAddress},
143 {"memtag_ignorelist.txt", SanitizerKind::MemTag},
144 {"msan_ignorelist.txt", SanitizerKind::Memory},
145 {"tsan_ignorelist.txt", SanitizerKind::Thread},
146 {"dfsan_abilist.txt", SanitizerKind::DataFlow},
147 {"cfi_ignorelist.txt", SanitizerKind::CFI},
148 {"ubsan_ignorelist.txt",
149 SanitizerKind::Undefined | SanitizerKind::Integer |
150 SanitizerKind::Nullability |
151 SanitizerKind::FloatDivideByZero}};
152
153 for (auto BL : Ignorelists) {
154 if (!(Kinds & BL.Mask))
155 continue;
156
157 clang::SmallString<64> Path(D.ResourceDir);
158 llvm::sys::path::append(Path, "share", BL.File);
159 if (D.getVFS().exists(Path))
160 IgnorelistFiles.push_back(std::string(Path.str()));
161 else if (BL.Mask == SanitizerKind::CFI)
162 // If cfi_ignorelist.txt cannot be found in the resource dir, driver
163 // should fail.
164 D.Diag(clang::diag::err_drv_no_such_file) << Path;
165 }
166 validateSpecialCaseListFormat(
167 D, IgnorelistFiles, clang::diag::err_drv_malformed_sanitizer_ignorelist);
168 }
169
170 /// Parse -f(no-)?sanitize-(coverage-)?(white|ignore)list argument's values,
171 /// diagnosing any invalid file paths and validating special case list format.
parseSpecialCaseListArg(const Driver & D,const llvm::opt::ArgList & Args,std::vector<std::string> & SCLFiles,llvm::opt::OptSpecifier SCLOptionID,llvm::opt::OptSpecifier NoSCLOptionID,unsigned MalformedSCLErrorDiagID)172 static void parseSpecialCaseListArg(const Driver &D,
173 const llvm::opt::ArgList &Args,
174 std::vector<std::string> &SCLFiles,
175 llvm::opt::OptSpecifier SCLOptionID,
176 llvm::opt::OptSpecifier NoSCLOptionID,
177 unsigned MalformedSCLErrorDiagID) {
178 for (const auto *Arg : Args) {
179 // Match -fsanitize-(coverage-)?(white|ignore)list.
180 if (Arg->getOption().matches(SCLOptionID)) {
181 Arg->claim();
182 std::string SCLPath = Arg->getValue();
183 if (D.getVFS().exists(SCLPath)) {
184 SCLFiles.push_back(SCLPath);
185 } else {
186 D.Diag(clang::diag::err_drv_no_such_file) << SCLPath;
187 }
188 // Match -fno-sanitize-ignorelist.
189 } else if (Arg->getOption().matches(NoSCLOptionID)) {
190 Arg->claim();
191 SCLFiles.clear();
192 }
193 }
194 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID);
195 }
196
197 /// Sets group bits for every group that has at least one representative already
198 /// enabled in \p Kinds.
setGroupBits(SanitizerMask Kinds)199 static SanitizerMask setGroupBits(SanitizerMask Kinds) {
200 #define SANITIZER(NAME, ID)
201 #define SANITIZER_GROUP(NAME, ID, ALIAS) \
202 if (Kinds & SanitizerKind::ID) \
203 Kinds |= SanitizerKind::ID##Group;
204 #include "clang/Basic/Sanitizers.def"
205 return Kinds;
206 }
207
parseSanitizeTrapArgs(const Driver & D,const llvm::opt::ArgList & Args)208 static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
209 const llvm::opt::ArgList &Args) {
210 SanitizerMask TrapRemove; // During the loop below, the accumulated set of
211 // sanitizers disabled by the current sanitizer
212 // argument or any argument after it.
213 SanitizerMask TrappingKinds;
214 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported);
215
216 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
217 I != E; ++I) {
218 const auto *Arg = *I;
219 if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) {
220 Arg->claim();
221 SanitizerMask Add = parseArgValues(D, Arg, true);
222 Add &= ~TrapRemove;
223 if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
224 SanitizerSet S;
225 S.Mask = InvalidValues;
226 D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap"
227 << toString(S);
228 }
229 TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove;
230 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) {
231 Arg->claim();
232 TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true));
233 }
234 }
235
236 // Apply default trapping behavior.
237 TrappingKinds |= TrappingDefault & ~TrapRemove;
238
239 return TrappingKinds;
240 }
241
needsFuzzerInterceptors() const242 bool SanitizerArgs::needsFuzzerInterceptors() const {
243 return needsFuzzer() && !needsAsanRt() && !needsTsanRt() && !needsMsanRt();
244 }
245
needsUbsanRt() const246 bool SanitizerArgs::needsUbsanRt() const {
247 // All of these include ubsan.
248 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
249 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() ||
250 (needsScudoRt() && !requiresMinimalRuntime()))
251 return false;
252
253 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
254 CoverageFeatures;
255 }
256
needsCfiRt() const257 bool SanitizerArgs::needsCfiRt() const {
258 return !(Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
259 CfiCrossDso && !ImplicitCfiRuntime;
260 }
261
needsCfiDiagRt() const262 bool SanitizerArgs::needsCfiDiagRt() const {
263 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
264 CfiCrossDso && !ImplicitCfiRuntime;
265 }
266
requiresPIE() const267 bool SanitizerArgs::requiresPIE() const {
268 return NeedPIE || (Sanitizers.Mask & RequiresPIE);
269 }
270
needsUnwindTables() const271 bool SanitizerArgs::needsUnwindTables() const {
272 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables);
273 }
274
needsLTO() const275 bool SanitizerArgs::needsLTO() const {
276 return static_cast<bool>(Sanitizers.Mask & NeedsLTO);
277 }
278
SanitizerArgs(const ToolChain & TC,const llvm::opt::ArgList & Args)279 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
280 const llvm::opt::ArgList &Args) {
281 SanitizerMask AllRemove; // During the loop below, the accumulated set of
282 // sanitizers disabled by the current sanitizer
283 // argument or any argument after it.
284 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by
285 // -fsanitize= flags (directly or via group
286 // expansion), some of which may be disabled
287 // later. Used to carefully prune
288 // unused-argument diagnostics.
289 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now.
290 // Used to deduplicate diagnostics.
291 SanitizerMask Kinds;
292 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
293
294 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
295 options::OPT_fno_sanitize_cfi_cross_dso, false);
296
297 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
298
299 const Driver &D = TC.getDriver();
300 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
301 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
302
303 MinimalRuntime =
304 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
305 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
306
307 // The object size sanitizer should not be enabled at -O0.
308 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
309 bool RemoveObjectSizeAtO0 =
310 !OptLevel || OptLevel->getOption().matches(options::OPT_O0);
311
312 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
313 I != E; ++I) {
314 const auto *Arg = *I;
315 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
316 Arg->claim();
317 SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true);
318
319 if (RemoveObjectSizeAtO0) {
320 AllRemove |= SanitizerKind::ObjectSize;
321
322 // The user explicitly enabled the object size sanitizer. Warn
323 // that this does nothing at -O0.
324 if (Add & SanitizerKind::ObjectSize)
325 D.Diag(diag::warn_drv_object_size_disabled_O0)
326 << Arg->getAsString(Args);
327 }
328
329 AllAddedKinds |= expandSanitizerGroups(Add);
330
331 // Avoid diagnosing any sanitizer which is disabled later.
332 Add &= ~AllRemove;
333 // At this point we have not expanded groups, so any unsupported
334 // sanitizers in Add are those which have been explicitly enabled.
335 // Diagnose them.
336 if (SanitizerMask KindsToDiagnose =
337 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
338 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
339 D.Diag(diag::err_drv_argument_not_allowed_with)
340 << Desc << "-fsanitize-trap=undefined";
341 DiagnosedKinds |= KindsToDiagnose;
342 }
343 Add &= ~InvalidTrappingKinds;
344
345 if (MinimalRuntime) {
346 if (SanitizerMask KindsToDiagnose =
347 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
348 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
349 D.Diag(diag::err_drv_argument_not_allowed_with)
350 << Desc << "-fsanitize-minimal-runtime";
351 DiagnosedKinds |= KindsToDiagnose;
352 }
353 Add &= ~NotAllowedWithMinimalRuntime;
354 }
355
356 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
357 // There are currently two problems:
358 // - Virtual function call checks need to pass a pointer to the function
359 // address to llvm.type.test and a pointer to the address point to the
360 // diagnostic function. Currently we pass the same pointer to both
361 // places.
362 // - Non-virtual function call checks may need to check multiple type
363 // identifiers.
364 // Fixing both of those may require changes to the cross-DSO CFI
365 // interface.
366 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) {
367 D.Diag(diag::err_drv_argument_not_allowed_with)
368 << "-fsanitize=cfi-mfcall"
369 << "-fsanitize-cfi-cross-dso";
370 Add &= ~SanitizerKind::CFIMFCall;
371 DiagnosedKinds |= SanitizerKind::CFIMFCall;
372 }
373
374 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
375 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
376 D.Diag(diag::err_drv_unsupported_opt_for_target)
377 << Desc << TC.getTriple().str();
378 DiagnosedKinds |= KindsToDiagnose;
379 }
380 Add &= Supported;
381
382 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
383 // so we don't error out if -fno-rtti and -fsanitize=undefined were
384 // passed.
385 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
386 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
387 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
388 "RTTI disabled without -fno-rtti option?");
389 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
390 // the vptr sanitizer requires RTTI, so this is a user error.
391 D.Diag(diag::err_drv_argument_not_allowed_with)
392 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
393 } else {
394 // The vptr sanitizer requires RTTI, but RTTI is disabled (by
395 // default). Warn that the vptr sanitizer is being disabled.
396 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default);
397 }
398
399 // Take out the Vptr sanitizer from the enabled sanitizers
400 AllRemove |= SanitizerKind::Vptr;
401 }
402
403 Add = expandSanitizerGroups(Add);
404 // Group expansion may have enabled a sanitizer which is disabled later.
405 Add &= ~AllRemove;
406 // Silently discard any unsupported sanitizers implicitly enabled through
407 // group expansion.
408 Add &= ~InvalidTrappingKinds;
409 if (MinimalRuntime) {
410 Add &= ~NotAllowedWithMinimalRuntime;
411 }
412 if (CfiCrossDso)
413 Add &= ~SanitizerKind::CFIMFCall;
414 Add &= Supported;
415
416 if (Add & SanitizerKind::Fuzzer)
417 Add |= SanitizerKind::FuzzerNoLink;
418
419 // Enable coverage if the fuzzing flag is set.
420 if (Add & SanitizerKind::FuzzerNoLink) {
421 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
422 CoverageTraceCmp | CoveragePCTable;
423 // Due to TLS differences, stack depth tracking is only enabled on Linux
424 if (TC.getTriple().isOSLinux())
425 CoverageFeatures |= CoverageStackDepth;
426 }
427
428 Kinds |= Add;
429 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
430 Arg->claim();
431 SanitizerMask Remove = parseArgValues(D, Arg, true);
432 AllRemove |= expandSanitizerGroups(Remove);
433 }
434 }
435
436 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
437 std::make_pair(SanitizerKind::Address,
438 SanitizerKind::Thread | SanitizerKind::Memory),
439 std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory),
440 std::make_pair(SanitizerKind::Leak,
441 SanitizerKind::Thread | SanitizerKind::Memory),
442 std::make_pair(SanitizerKind::KernelAddress,
443 SanitizerKind::Address | SanitizerKind::Leak |
444 SanitizerKind::Thread | SanitizerKind::Memory),
445 std::make_pair(SanitizerKind::HWAddress,
446 SanitizerKind::Address | SanitizerKind::Thread |
447 SanitizerKind::Memory | SanitizerKind::KernelAddress),
448 std::make_pair(SanitizerKind::Scudo,
449 SanitizerKind::Address | SanitizerKind::HWAddress |
450 SanitizerKind::Leak | SanitizerKind::Thread |
451 SanitizerKind::Memory | SanitizerKind::KernelAddress),
452 std::make_pair(SanitizerKind::SafeStack,
453 (TC.getTriple().isOSFuchsia() ? SanitizerMask()
454 : SanitizerKind::Leak) |
455 SanitizerKind::Address | SanitizerKind::HWAddress |
456 SanitizerKind::Thread | SanitizerKind::Memory |
457 SanitizerKind::KernelAddress),
458 std::make_pair(SanitizerKind::KernelHWAddress,
459 SanitizerKind::Address | SanitizerKind::HWAddress |
460 SanitizerKind::Leak | SanitizerKind::Thread |
461 SanitizerKind::Memory | SanitizerKind::KernelAddress |
462 SanitizerKind::SafeStack),
463 std::make_pair(SanitizerKind::KernelMemory,
464 SanitizerKind::Address | SanitizerKind::HWAddress |
465 SanitizerKind::Leak | SanitizerKind::Thread |
466 SanitizerKind::Memory | SanitizerKind::KernelAddress |
467 SanitizerKind::Scudo | SanitizerKind::SafeStack),
468 std::make_pair(SanitizerKind::MemTag,
469 SanitizerKind::Address | SanitizerKind::KernelAddress |
470 SanitizerKind::HWAddress |
471 SanitizerKind::KernelHWAddress)};
472 // Enable toolchain specific default sanitizers if not explicitly disabled.
473 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
474
475 // Disable default sanitizers that are incompatible with explicitly requested
476 // ones.
477 for (auto G : IncompatibleGroups) {
478 SanitizerMask Group = G.first;
479 if ((Default & Group) && (Kinds & G.second))
480 Default &= ~Group;
481 }
482
483 Kinds |= Default;
484
485 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
486 // is disabled.
487 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
488 Kinds &= ~SanitizerKind::Vptr;
489 }
490
491 // Check that LTO is enabled if we need it.
492 if ((Kinds & NeedsLTO) && !D.isUsingLTO()) {
493 D.Diag(diag::err_drv_argument_only_allowed_with)
494 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
495 }
496
497 if ((Kinds & SanitizerKind::ShadowCallStack) &&
498 ((TC.getTriple().isAArch64() &&
499 !llvm::AArch64::isX18ReservedByDefault(TC.getTriple())) ||
500 TC.getTriple().isRISCV()) &&
501 !Args.hasArg(options::OPT_ffixed_x18)) {
502 D.Diag(diag::err_drv_argument_only_allowed_with)
503 << lastArgumentForMask(D, Args, Kinds & SanitizerKind::ShadowCallStack)
504 << "-ffixed-x18";
505 }
506
507 // Report error if there are non-trapping sanitizers that require
508 // c++abi-specific parts of UBSan runtime, and they are not provided by the
509 // toolchain. We don't have a good way to check the latter, so we just
510 // check if the toolchan supports vptr.
511 if (~Supported & SanitizerKind::Vptr) {
512 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
513 // The runtime library supports the Microsoft C++ ABI, but only well enough
514 // for CFI. FIXME: Remove this once we support vptr on Windows.
515 if (TC.getTriple().isOSWindows())
516 KindsToDiagnose &= ~SanitizerKind::CFI;
517 if (KindsToDiagnose) {
518 SanitizerSet S;
519 S.Mask = KindsToDiagnose;
520 D.Diag(diag::err_drv_unsupported_opt_for_target)
521 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str();
522 Kinds &= ~KindsToDiagnose;
523 }
524 }
525
526 // Warn about incompatible groups of sanitizers.
527 for (auto G : IncompatibleGroups) {
528 SanitizerMask Group = G.first;
529 if (Kinds & Group) {
530 if (SanitizerMask Incompatible = Kinds & G.second) {
531 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
532 << lastArgumentForMask(D, Args, Group)
533 << lastArgumentForMask(D, Args, Incompatible);
534 Kinds &= ~Incompatible;
535 }
536 }
537 }
538 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
539 // -fsanitize=address. Perhaps it should print an error, or perhaps
540 // -f(-no)sanitize=leak should change whether leak detection is enabled by
541 // default in ASan?
542
543 // Parse -f(no-)?sanitize-recover flags.
544 SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable;
545 SanitizerMask DiagnosedUnrecoverableKinds;
546 SanitizerMask DiagnosedAlwaysRecoverableKinds;
547 for (const auto *Arg : Args) {
548 if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
549 SanitizerMask Add = parseArgValues(D, Arg, true);
550 // Report error if user explicitly tries to recover from unrecoverable
551 // sanitizer.
552 if (SanitizerMask KindsToDiagnose =
553 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
554 SanitizerSet SetToDiagnose;
555 SetToDiagnose.Mask |= KindsToDiagnose;
556 D.Diag(diag::err_drv_unsupported_option_argument)
557 << Arg->getOption().getName() << toString(SetToDiagnose);
558 DiagnosedUnrecoverableKinds |= KindsToDiagnose;
559 }
560 RecoverableKinds |= expandSanitizerGroups(Add);
561 Arg->claim();
562 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
563 SanitizerMask Remove = parseArgValues(D, Arg, true);
564 // Report error if user explicitly tries to disable recovery from
565 // always recoverable sanitizer.
566 if (SanitizerMask KindsToDiagnose =
567 Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) {
568 SanitizerSet SetToDiagnose;
569 SetToDiagnose.Mask |= KindsToDiagnose;
570 D.Diag(diag::err_drv_unsupported_option_argument)
571 << Arg->getOption().getName() << toString(SetToDiagnose);
572 DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose;
573 }
574 RecoverableKinds &= ~expandSanitizerGroups(Remove);
575 Arg->claim();
576 }
577 }
578 RecoverableKinds &= Kinds;
579 RecoverableKinds &= ~Unrecoverable;
580
581 TrappingKinds &= Kinds;
582 RecoverableKinds &= ~TrappingKinds;
583
584 // Setup ignorelist files.
585 // Add default ignorelist from resource directory for activated sanitizers,
586 // and validate special case lists format.
587 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_ignorelist))
588 addDefaultIgnorelists(D, Kinds, SystemIgnorelistFiles);
589
590 // Parse -f(no-)?sanitize-ignorelist options.
591 // This also validates special case lists format.
592 parseSpecialCaseListArg(D, Args, UserIgnorelistFiles,
593 options::OPT_fsanitize_ignorelist_EQ,
594 options::OPT_fno_sanitize_ignorelist,
595 clang::diag::err_drv_malformed_sanitizer_ignorelist);
596
597 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
598 if (AllAddedKinds & SanitizerKind::Memory) {
599 if (Arg *A =
600 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
601 options::OPT_fsanitize_memory_track_origins,
602 options::OPT_fno_sanitize_memory_track_origins)) {
603 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) {
604 MsanTrackOrigins = 2;
605 } else if (A->getOption().matches(
606 options::OPT_fno_sanitize_memory_track_origins)) {
607 MsanTrackOrigins = 0;
608 } else {
609 StringRef S = A->getValue();
610 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
611 MsanTrackOrigins > 2) {
612 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
613 }
614 }
615 }
616 MsanUseAfterDtor =
617 Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor,
618 options::OPT_fno_sanitize_memory_use_after_dtor,
619 MsanUseAfterDtor);
620 NeedPIE |= !(TC.getTriple().isOSLinux() &&
621 TC.getTriple().getArch() == llvm::Triple::x86_64);
622 } else {
623 MsanUseAfterDtor = false;
624 }
625
626 if (AllAddedKinds & SanitizerKind::Thread) {
627 TsanMemoryAccess = Args.hasFlag(
628 options::OPT_fsanitize_thread_memory_access,
629 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess);
630 TsanFuncEntryExit = Args.hasFlag(
631 options::OPT_fsanitize_thread_func_entry_exit,
632 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit);
633 TsanAtomics =
634 Args.hasFlag(options::OPT_fsanitize_thread_atomics,
635 options::OPT_fno_sanitize_thread_atomics, TsanAtomics);
636 }
637
638 if (AllAddedKinds & SanitizerKind::CFI) {
639 // Without PIE, external function address may resolve to a PLT record, which
640 // can not be verified by the target module.
641 NeedPIE |= CfiCrossDso;
642 CfiICallGeneralizePointers =
643 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
644
645 if (CfiCrossDso && CfiICallGeneralizePointers)
646 D.Diag(diag::err_drv_argument_not_allowed_with)
647 << "-fsanitize-cfi-cross-dso"
648 << "-fsanitize-cfi-icall-generalize-pointers";
649
650 CfiCanonicalJumpTables =
651 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
652 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
653 }
654
655 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
656 options::OPT_fno_sanitize_stats, false);
657
658 if (MinimalRuntime) {
659 SanitizerMask IncompatibleMask =
660 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
661 if (IncompatibleMask)
662 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
663 << "-fsanitize-minimal-runtime"
664 << lastArgumentForMask(D, Args, IncompatibleMask);
665
666 SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds;
667 if (NonTrappingCfi)
668 D.Diag(clang::diag::err_drv_argument_only_allowed_with)
669 << "fsanitize-minimal-runtime"
670 << "fsanitize-trap=cfi";
671 }
672
673 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
674 // enabled sanitizers.
675 for (const auto *Arg : Args) {
676 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
677 int LegacySanitizeCoverage;
678 if (Arg->getNumValues() == 1 &&
679 !StringRef(Arg->getValue(0))
680 .getAsInteger(0, LegacySanitizeCoverage)) {
681 CoverageFeatures = 0;
682 Arg->claim();
683 if (LegacySanitizeCoverage != 0) {
684 D.Diag(diag::warn_drv_deprecated_arg)
685 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard";
686 }
687 continue;
688 }
689 CoverageFeatures |= parseCoverageFeatures(D, Arg);
690
691 // Disable coverage and not claim the flags if there is at least one
692 // non-supporting sanitizer.
693 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
694 Arg->claim();
695 } else {
696 CoverageFeatures = 0;
697 }
698 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
699 Arg->claim();
700 CoverageFeatures &= ~parseCoverageFeatures(D, Arg);
701 }
702 }
703 // Choose at most one coverage type: function, bb, or edge.
704 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
705 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
706 << "-fsanitize-coverage=func"
707 << "-fsanitize-coverage=bb";
708 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
709 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
710 << "-fsanitize-coverage=func"
711 << "-fsanitize-coverage=edge";
712 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
713 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
714 << "-fsanitize-coverage=bb"
715 << "-fsanitize-coverage=edge";
716 // Basic block tracing and 8-bit counters require some type of coverage
717 // enabled.
718 if (CoverageFeatures & CoverageTraceBB)
719 D.Diag(clang::diag::warn_drv_deprecated_arg)
720 << "-fsanitize-coverage=trace-bb"
721 << "-fsanitize-coverage=trace-pc-guard";
722 if (CoverageFeatures & Coverage8bitCounters)
723 D.Diag(clang::diag::warn_drv_deprecated_arg)
724 << "-fsanitize-coverage=8bit-counters"
725 << "-fsanitize-coverage=trace-pc-guard";
726
727 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
728 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
729 CoverageInline8bitCounters |
730 CoverageInlineBoolFlag;
731 if ((CoverageFeatures & InsertionPointTypes) &&
732 !(CoverageFeatures & InstrumentationTypes)) {
733 D.Diag(clang::diag::warn_drv_deprecated_arg)
734 << "-fsanitize-coverage=[func|bb|edge]"
735 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]";
736 }
737
738 // trace-pc w/o func/bb/edge implies edge.
739 if (!(CoverageFeatures & InsertionPointTypes)) {
740 if (CoverageFeatures &
741 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters |
742 CoverageInlineBoolFlag))
743 CoverageFeatures |= CoverageEdge;
744
745 if (CoverageFeatures & CoverageStackDepth)
746 CoverageFeatures |= CoverageFunc;
747 }
748
749 // Parse -fsanitize-coverage-(ignore|white)list options if coverage enabled.
750 // This also validates special case lists format.
751 // Here, OptSpecifier() acts as a never-matching command-line argument.
752 // So, there is no way to clear coverage lists but you can append to them.
753 if (CoverageFeatures) {
754 parseSpecialCaseListArg(
755 D, Args, CoverageAllowlistFiles,
756 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(),
757 clang::diag::err_drv_malformed_sanitizer_coverage_whitelist);
758 parseSpecialCaseListArg(
759 D, Args, CoverageIgnorelistFiles,
760 options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(),
761 clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist);
762 }
763
764 SharedRuntime =
765 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
766 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
767 TC.getTriple().isOSDarwin());
768
769 ImplicitCfiRuntime = TC.getTriple().isAndroid();
770
771 if (AllAddedKinds & SanitizerKind::Address) {
772 NeedPIE |= TC.getTriple().isOSFuchsia();
773 if (Arg *A =
774 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
775 StringRef S = A->getValue();
776 // Legal values are 0 and 1, 2, but in future we may add more levels.
777 if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
778 AsanFieldPadding > 2) {
779 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
780 }
781 }
782
783 if (Arg *WindowsDebugRTArg =
784 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
785 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
786 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
787 switch (WindowsDebugRTArg->getOption().getID()) {
788 case options::OPT__SLASH_MTd:
789 case options::OPT__SLASH_MDd:
790 case options::OPT__SLASH_LDd:
791 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
792 << WindowsDebugRTArg->getAsString(Args)
793 << lastArgumentForMask(D, Args, SanitizerKind::Address);
794 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
795 }
796 }
797
798 AsanUseAfterScope = Args.hasFlag(
799 options::OPT_fsanitize_address_use_after_scope,
800 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
801
802 AsanPoisonCustomArrayCookie = Args.hasFlag(
803 options::OPT_fsanitize_address_poison_custom_array_cookie,
804 options::OPT_fno_sanitize_address_poison_custom_array_cookie,
805 AsanPoisonCustomArrayCookie);
806
807 // As a workaround for a bug in gold 2.26 and earlier, dead stripping of
808 // globals in ASan is disabled by default on ELF targets.
809 // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002
810 AsanGlobalsDeadStripping =
811 !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() ||
812 TC.getTriple().isPS4() ||
813 Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping);
814
815 AsanUseOdrIndicator =
816 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator,
817 options::OPT_fno_sanitize_address_use_odr_indicator,
818 AsanUseOdrIndicator);
819
820 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
821 AsanInvalidPointerCmp = true;
822 }
823
824 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
825 AsanInvalidPointerSub = true;
826 }
827
828 if (TC.getTriple().isOSDarwin() &&
829 (Args.hasArg(options::OPT_mkernel) ||
830 Args.hasArg(options::OPT_fapple_kext))) {
831 AsanDtorKind = llvm::AsanDtorKind::None;
832 }
833
834 if (const auto *Arg =
835 Args.getLastArg(options::OPT_sanitize_address_destructor_EQ)) {
836 auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue());
837 if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid) {
838 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
839 << Arg->getOption().getName() << Arg->getValue();
840 }
841 AsanDtorKind = parsedAsanDtorKind;
842 }
843
844 } else {
845 AsanUseAfterScope = false;
846 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
847 SanitizerMask DetectInvalidPointerPairs =
848 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
849 if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) {
850 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
851 << lastArgumentForMask(D, Args,
852 SanitizerKind::PointerCompare |
853 SanitizerKind::PointerSubtract)
854 << "-fsanitize=address";
855 }
856 }
857
858 if (AllAddedKinds & SanitizerKind::HWAddress) {
859 if (Arg *HwasanAbiArg =
860 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) {
861 HwasanAbi = HwasanAbiArg->getValue();
862 if (HwasanAbi != "platform" && HwasanAbi != "interceptor")
863 D.Diag(clang::diag::err_drv_invalid_value)
864 << HwasanAbiArg->getAsString(Args) << HwasanAbi;
865 } else {
866 HwasanAbi = "interceptor";
867 }
868 if (TC.getTriple().getArch() == llvm::Triple::x86_64)
869 HwasanUseAliases = Args.hasFlag(
870 options::OPT_fsanitize_hwaddress_experimental_aliasing,
871 options::OPT_fno_sanitize_hwaddress_experimental_aliasing,
872 HwasanUseAliases);
873 }
874
875 if (AllAddedKinds & SanitizerKind::SafeStack) {
876 // SafeStack runtime is built into the system on Android and Fuchsia.
877 SafeStackRuntime =
878 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia();
879 }
880
881 LinkRuntimes =
882 Args.hasFlag(options::OPT_fsanitize_link_runtime,
883 options::OPT_fno_sanitize_link_runtime, LinkRuntimes);
884
885 // Parse -link-cxx-sanitizer flag.
886 LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime,
887 options::OPT_fno_sanitize_link_cxx_runtime,
888 LinkCXXRuntimes) ||
889 D.CCCIsCXX();
890
891 NeedsMemProfRt = Args.hasFlag(options::OPT_fmemory_profile,
892 options::OPT_fmemory_profile_EQ,
893 options::OPT_fno_memory_profile, false);
894
895 // Finally, initialize the set of available and recoverable sanitizers.
896 Sanitizers.Mask |= Kinds;
897 RecoverableSanitizers.Mask |= RecoverableKinds;
898 TrapSanitizers.Mask |= TrappingKinds;
899 assert(!(RecoverableKinds & TrappingKinds) &&
900 "Overlap between recoverable and trapping sanitizers");
901 }
902
toString(const clang::SanitizerSet & Sanitizers)903 static std::string toString(const clang::SanitizerSet &Sanitizers) {
904 std::string Res;
905 #define SANITIZER(NAME, ID) \
906 if (Sanitizers.has(SanitizerKind::ID)) { \
907 if (!Res.empty()) \
908 Res += ","; \
909 Res += NAME; \
910 }
911 #include "clang/Basic/Sanitizers.def"
912 return Res;
913 }
914
addSpecialCaseListOpt(const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,const char * SCLOptFlag,const std::vector<std::string> & SCLFiles)915 static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args,
916 llvm::opt::ArgStringList &CmdArgs,
917 const char *SCLOptFlag,
918 const std::vector<std::string> &SCLFiles) {
919 for (const auto &SCLPath : SCLFiles) {
920 SmallString<64> SCLOpt(SCLOptFlag);
921 SCLOpt += SCLPath;
922 CmdArgs.push_back(Args.MakeArgString(SCLOpt));
923 }
924 }
925
addIncludeLinkerOption(const ToolChain & TC,const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,StringRef SymbolName)926 static void addIncludeLinkerOption(const ToolChain &TC,
927 const llvm::opt::ArgList &Args,
928 llvm::opt::ArgStringList &CmdArgs,
929 StringRef SymbolName) {
930 SmallString<64> LinkerOptionFlag;
931 LinkerOptionFlag = "--linker-option=/include:";
932 if (TC.getTriple().getArch() == llvm::Triple::x86) {
933 // Win32 mangles C function names with a '_' prefix.
934 LinkerOptionFlag += '_';
935 }
936 LinkerOptionFlag += SymbolName;
937 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
938 }
939
hasTargetFeatureMTE(const llvm::opt::ArgStringList & CmdArgs)940 static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) {
941 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End; ++Start) {
942 auto It = std::find(Start, End, StringRef("+mte"));
943 if (It == End)
944 break;
945 if (It > Start && *std::prev(It) == StringRef("-target-feature"))
946 return true;
947 Start = It;
948 }
949 return false;
950 }
951
addArgs(const ToolChain & TC,const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,types::ID InputType) const952 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
953 llvm::opt::ArgStringList &CmdArgs,
954 types::ID InputType) const {
955 // NVPTX doesn't currently support sanitizers. Bailing out here means
956 // that e.g. -fsanitize=address applies only to host code, which is what we
957 // want for now.
958 //
959 // AMDGPU sanitizer support is experimental and controlled by -fgpu-sanitize.
960 if (TC.getTriple().isNVPTX() ||
961 (TC.getTriple().isAMDGPU() &&
962 !Args.hasFlag(options::OPT_fgpu_sanitize, options::OPT_fno_gpu_sanitize,
963 false)))
964 return;
965
966 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
967 // Do it even if Sanitizers.empty() since some forms of coverage don't require
968 // sanitizers.
969 std::pair<int, const char *> CoverageFlags[] = {
970 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
971 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
972 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
973 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
974 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"),
975 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
976 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"),
977 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"),
978 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"),
979 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"),
980 std::make_pair(CoverageTracePCGuard,
981 "-fsanitize-coverage-trace-pc-guard"),
982 std::make_pair(CoverageInline8bitCounters,
983 "-fsanitize-coverage-inline-8bit-counters"),
984 std::make_pair(CoverageInlineBoolFlag,
985 "-fsanitize-coverage-inline-bool-flag"),
986 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
987 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
988 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")};
989 for (auto F : CoverageFlags) {
990 if (CoverageFeatures & F.first)
991 CmdArgs.push_back(F.second);
992 }
993 addSpecialCaseListOpt(
994 Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles);
995 addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=",
996 CoverageIgnorelistFiles);
997
998 if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
999 // Instruct the code generator to embed linker directives in the object file
1000 // that cause the required runtime libraries to be linked.
1001 CmdArgs.push_back(
1002 Args.MakeArgString("--dependent-lib=" +
1003 TC.getCompilerRTBasename(Args, "ubsan_standalone")));
1004 if (types::isCXX(InputType))
1005 CmdArgs.push_back(Args.MakeArgString(
1006 "--dependent-lib=" +
1007 TC.getCompilerRTBasename(Args, "ubsan_standalone_cxx")));
1008 }
1009 if (TC.getTriple().isOSWindows() && needsStatsRt()) {
1010 CmdArgs.push_back(Args.MakeArgString(
1011 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats_client")));
1012
1013 // The main executable must export the stats runtime.
1014 // FIXME: Only exporting from the main executable (e.g. based on whether the
1015 // translation unit defines main()) would save a little space, but having
1016 // multiple copies of the runtime shouldn't hurt.
1017 CmdArgs.push_back(Args.MakeArgString(
1018 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats")));
1019 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register");
1020 }
1021
1022 if (Sanitizers.empty())
1023 return;
1024 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
1025
1026 if (!RecoverableSanitizers.empty())
1027 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
1028 toString(RecoverableSanitizers)));
1029
1030 if (!TrapSanitizers.empty())
1031 CmdArgs.push_back(
1032 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
1033
1034 addSpecialCaseListOpt(Args, CmdArgs,
1035 "-fsanitize-ignorelist=", UserIgnorelistFiles);
1036 addSpecialCaseListOpt(Args, CmdArgs,
1037 "-fsanitize-system-ignorelist=", SystemIgnorelistFiles);
1038
1039 if (MsanTrackOrigins)
1040 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
1041 Twine(MsanTrackOrigins)));
1042
1043 if (MsanUseAfterDtor)
1044 CmdArgs.push_back("-fsanitize-memory-use-after-dtor");
1045
1046 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
1047 if (!TsanMemoryAccess) {
1048 CmdArgs.push_back("-mllvm");
1049 CmdArgs.push_back("-tsan-instrument-memory-accesses=0");
1050 CmdArgs.push_back("-mllvm");
1051 CmdArgs.push_back("-tsan-instrument-memintrinsics=0");
1052 }
1053 if (!TsanFuncEntryExit) {
1054 CmdArgs.push_back("-mllvm");
1055 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0");
1056 }
1057 if (!TsanAtomics) {
1058 CmdArgs.push_back("-mllvm");
1059 CmdArgs.push_back("-tsan-instrument-atomics=0");
1060 }
1061
1062 if (CfiCrossDso)
1063 CmdArgs.push_back("-fsanitize-cfi-cross-dso");
1064
1065 if (CfiICallGeneralizePointers)
1066 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
1067
1068 if (CfiCanonicalJumpTables)
1069 CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables");
1070
1071 if (Stats)
1072 CmdArgs.push_back("-fsanitize-stats");
1073
1074 if (MinimalRuntime)
1075 CmdArgs.push_back("-fsanitize-minimal-runtime");
1076
1077 if (AsanFieldPadding)
1078 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
1079 Twine(AsanFieldPadding)));
1080
1081 if (AsanUseAfterScope)
1082 CmdArgs.push_back("-fsanitize-address-use-after-scope");
1083
1084 if (AsanPoisonCustomArrayCookie)
1085 CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie");
1086
1087 if (AsanGlobalsDeadStripping)
1088 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping");
1089
1090 if (AsanUseOdrIndicator)
1091 CmdArgs.push_back("-fsanitize-address-use-odr-indicator");
1092
1093 if (AsanInvalidPointerCmp) {
1094 CmdArgs.push_back("-mllvm");
1095 CmdArgs.push_back("-asan-detect-invalid-pointer-cmp");
1096 }
1097
1098 if (AsanInvalidPointerSub) {
1099 CmdArgs.push_back("-mllvm");
1100 CmdArgs.push_back("-asan-detect-invalid-pointer-sub");
1101 }
1102
1103 // Only pass the option to the frontend if the user requested,
1104 // otherwise the frontend will just use the codegen default.
1105 if (AsanDtorKind != llvm::AsanDtorKind::Invalid) {
1106 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-destructor=" +
1107 AsanDtorKindToString(AsanDtorKind)));
1108 }
1109
1110 if (!HwasanAbi.empty()) {
1111 CmdArgs.push_back("-default-function-attr");
1112 CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));
1113 }
1114
1115 if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) {
1116 CmdArgs.push_back("-target-feature");
1117 CmdArgs.push_back("+tagged-globals");
1118 }
1119
1120 // MSan: Workaround for PR16386.
1121 // ASan: This is mainly to help LSan with cases such as
1122 // https://github.com/google/sanitizers/issues/373
1123 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
1124 // affect compilation.
1125 if (Sanitizers.has(SanitizerKind::Memory) ||
1126 Sanitizers.has(SanitizerKind::Address))
1127 CmdArgs.push_back("-fno-assume-sane-operator-new");
1128
1129 // libFuzzer wants to intercept calls to certain library functions, so the
1130 // following -fno-builtin-* flags force the compiler to emit interposable
1131 // libcalls to these functions. Other sanitizers effectively do the same thing
1132 // by marking all library call sites with NoBuiltin attribute in their LLVM
1133 // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin)
1134 if (Sanitizers.has(SanitizerKind::FuzzerNoLink)) {
1135 CmdArgs.push_back("-fno-builtin-bcmp");
1136 CmdArgs.push_back("-fno-builtin-memcmp");
1137 CmdArgs.push_back("-fno-builtin-strncmp");
1138 CmdArgs.push_back("-fno-builtin-strcmp");
1139 CmdArgs.push_back("-fno-builtin-strncasecmp");
1140 CmdArgs.push_back("-fno-builtin-strcasecmp");
1141 CmdArgs.push_back("-fno-builtin-strstr");
1142 CmdArgs.push_back("-fno-builtin-strcasestr");
1143 CmdArgs.push_back("-fno-builtin-memmem");
1144 }
1145
1146 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
1147 // enabled.
1148 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
1149 !Args.hasArg(options::OPT_fvisibility_EQ)) {
1150 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1151 << lastArgumentForMask(TC.getDriver(), Args,
1152 Sanitizers.Mask & CFIClasses)
1153 << "-fvisibility=";
1154 }
1155
1156 if (Sanitizers.has(SanitizerKind::MemTag) && !hasTargetFeatureMTE(CmdArgs))
1157 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature);
1158 }
1159
parseArgValues(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors)1160 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
1161 bool DiagnoseErrors) {
1162 assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
1163 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
1164 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
1165 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
1166 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
1167 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
1168 "Invalid argument in parseArgValues!");
1169 SanitizerMask Kinds;
1170 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1171 const char *Value = A->getValue(i);
1172 SanitizerMask Kind;
1173 // Special case: don't accept -fsanitize=all.
1174 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
1175 0 == strcmp("all", Value))
1176 Kind = SanitizerMask();
1177 else
1178 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
1179
1180 if (Kind)
1181 Kinds |= Kind;
1182 else if (DiagnoseErrors)
1183 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1184 << A->getOption().getName() << Value;
1185 }
1186 return Kinds;
1187 }
1188
parseCoverageFeatures(const Driver & D,const llvm::opt::Arg * A)1189 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) {
1190 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
1191 A->getOption().matches(options::OPT_fno_sanitize_coverage));
1192 int Features = 0;
1193 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1194 const char *Value = A->getValue(i);
1195 int F = llvm::StringSwitch<int>(Value)
1196 .Case("func", CoverageFunc)
1197 .Case("bb", CoverageBB)
1198 .Case("edge", CoverageEdge)
1199 .Case("indirect-calls", CoverageIndirCall)
1200 .Case("trace-bb", CoverageTraceBB)
1201 .Case("trace-cmp", CoverageTraceCmp)
1202 .Case("trace-div", CoverageTraceDiv)
1203 .Case("trace-gep", CoverageTraceGep)
1204 .Case("8bit-counters", Coverage8bitCounters)
1205 .Case("trace-pc", CoverageTracePC)
1206 .Case("trace-pc-guard", CoverageTracePCGuard)
1207 .Case("no-prune", CoverageNoPrune)
1208 .Case("inline-8bit-counters", CoverageInline8bitCounters)
1209 .Case("inline-bool-flag", CoverageInlineBoolFlag)
1210 .Case("pc-table", CoveragePCTable)
1211 .Case("stack-depth", CoverageStackDepth)
1212 .Default(0);
1213 if (F == 0)
1214 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1215 << A->getOption().getName() << Value;
1216 Features |= F;
1217 }
1218 return Features;
1219 }
1220
lastArgumentForMask(const Driver & D,const llvm::opt::ArgList & Args,SanitizerMask Mask)1221 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
1222 SanitizerMask Mask) {
1223 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
1224 E = Args.rend();
1225 I != E; ++I) {
1226 const auto *Arg = *I;
1227 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
1228 SanitizerMask AddKinds =
1229 expandSanitizerGroups(parseArgValues(D, Arg, false));
1230 if (AddKinds & Mask)
1231 return describeSanitizeArg(Arg, Mask);
1232 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
1233 SanitizerMask RemoveKinds =
1234 expandSanitizerGroups(parseArgValues(D, Arg, false));
1235 Mask &= ~RemoveKinds;
1236 }
1237 }
1238 llvm_unreachable("arg list didn't provide expected value");
1239 }
1240
describeSanitizeArg(const llvm::opt::Arg * A,SanitizerMask Mask)1241 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1242 assert(A->getOption().matches(options::OPT_fsanitize_EQ)
1243 && "Invalid argument in describeSanitizerArg!");
1244
1245 std::string Sanitizers;
1246 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1247 if (expandSanitizerGroups(
1248 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) &
1249 Mask) {
1250 if (!Sanitizers.empty())
1251 Sanitizers += ",";
1252 Sanitizers += A->getValue(i);
1253 }
1254 }
1255
1256 assert(!Sanitizers.empty() && "arg didn't provide expected value");
1257 return "-fsanitize=" + Sanitizers;
1258 }
1259