1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 #include "clang/Driver/SanitizerArgs.h"
9 #include "ToolChains/CommonArgs.h"
10 #include "clang/Basic/Sanitizers.h"
11 #include "clang/Driver/Driver.h"
12 #include "clang/Driver/DriverDiagnostic.h"
13 #include "clang/Driver/Options.h"
14 #include "clang/Driver/ToolChain.h"
15 #include "llvm/ADT/StringExtras.h"
16 #include "llvm/ADT/StringSwitch.h"
17 #include "llvm/Support/Path.h"
18 #include "llvm/Support/SpecialCaseList.h"
19 #include "llvm/Support/TargetParser.h"
20 #include "llvm/Support/VirtualFileSystem.h"
21 #include <memory>
22
23 using namespace clang;
24 using namespace clang::driver;
25 using namespace llvm::opt;
26
27 static const SanitizerMask NeedsUbsanRt =
28 SanitizerKind::Undefined | SanitizerKind::Integer |
29 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
30 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
31 SanitizerKind::ObjCCast;
32 static const SanitizerMask NeedsUbsanCxxRt =
33 SanitizerKind::Vptr | SanitizerKind::CFI;
34 static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
35 static const SanitizerMask NotAllowedWithMinimalRuntime =
36 SanitizerKind::Function | SanitizerKind::Vptr;
37 static const SanitizerMask RequiresPIE =
38 SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo;
39 static const SanitizerMask NeedsUnwindTables =
40 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |
41 SanitizerKind::Memory | SanitizerKind::DataFlow;
42 static const SanitizerMask SupportsCoverage =
43 SanitizerKind::Address | SanitizerKind::HWAddress |
44 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
45 SanitizerKind::MemTag | SanitizerKind::Memory |
46 SanitizerKind::KernelMemory | SanitizerKind::Leak |
47 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
48 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
49 SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
50 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
51 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
52 SanitizerKind::Thread | SanitizerKind::ObjCCast;
53 static const SanitizerMask RecoverableByDefault =
54 SanitizerKind::Undefined | SanitizerKind::Integer |
55 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
56 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
57 static const SanitizerMask Unrecoverable =
58 SanitizerKind::Unreachable | SanitizerKind::Return;
59 static const SanitizerMask AlwaysRecoverable =
60 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress;
61 static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
62 static const SanitizerMask TrappingSupported =
63 (SanitizerKind::Undefined & ~SanitizerKind::Vptr) |
64 SanitizerKind::UnsignedIntegerOverflow | SanitizerKind::ImplicitConversion |
65 SanitizerKind::Nullability | SanitizerKind::LocalBounds |
66 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
67 SanitizerKind::ObjCCast;
68 static const SanitizerMask TrappingDefault = SanitizerKind::CFI;
69 static const SanitizerMask CFIClasses =
70 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall |
71 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast |
72 SanitizerKind::CFIUnrelatedCast;
73 static const SanitizerMask CompatibleWithMinimalRuntime =
74 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack |
75 SanitizerKind::MemTag;
76
77 enum CoverageFeature {
78 CoverageFunc = 1 << 0,
79 CoverageBB = 1 << 1,
80 CoverageEdge = 1 << 2,
81 CoverageIndirCall = 1 << 3,
82 CoverageTraceBB = 1 << 4, // Deprecated.
83 CoverageTraceCmp = 1 << 5,
84 CoverageTraceDiv = 1 << 6,
85 CoverageTraceGep = 1 << 7,
86 Coverage8bitCounters = 1 << 8, // Deprecated.
87 CoverageTracePC = 1 << 9,
88 CoverageTracePCGuard = 1 << 10,
89 CoverageNoPrune = 1 << 11,
90 CoverageInline8bitCounters = 1 << 12,
91 CoveragePCTable = 1 << 13,
92 CoverageStackDepth = 1 << 14,
93 CoverageInlineBoolFlag = 1 << 15,
94 };
95
96 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
97 /// invalid components. Returns a SanitizerMask.
98 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
99 bool DiagnoseErrors);
100
101 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
102 /// components. Returns OR of members of \c CoverageFeature enumeration.
103 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A);
104
105 /// Produce an argument string from ArgList \p Args, which shows how it
106 /// provides some sanitizer kind from \p Mask. For example, the argument list
107 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
108 /// would produce "-fsanitize=vptr".
109 static std::string lastArgumentForMask(const Driver &D,
110 const llvm::opt::ArgList &Args,
111 SanitizerMask Mask);
112
113 /// Produce an argument string from argument \p A, which shows how it provides
114 /// a value in \p Mask. For instance, the argument
115 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
116 /// "-fsanitize=alignment".
117 static std::string describeSanitizeArg(const llvm::opt::Arg *A,
118 SanitizerMask Mask);
119
120 /// Produce a string containing comma-separated names of sanitizers in \p
121 /// Sanitizers set.
122 static std::string toString(const clang::SanitizerSet &Sanitizers);
123
validateSpecialCaseListFormat(const Driver & D,std::vector<std::string> & SCLFiles,unsigned MalformedSCLErrorDiagID)124 static void validateSpecialCaseListFormat(const Driver &D,
125 std::vector<std::string> &SCLFiles,
126 unsigned MalformedSCLErrorDiagID) {
127 if (SCLFiles.empty())
128 return;
129
130 std::string BLError;
131 std::unique_ptr<llvm::SpecialCaseList> SCL(
132 llvm::SpecialCaseList::create(SCLFiles, D.getVFS(), BLError));
133 if (!SCL.get())
134 D.Diag(MalformedSCLErrorDiagID) << BLError;
135 }
136
addDefaultBlacklists(const Driver & D,SanitizerMask Kinds,std::vector<std::string> & BlacklistFiles)137 static void addDefaultBlacklists(const Driver &D, SanitizerMask Kinds,
138 std::vector<std::string> &BlacklistFiles) {
139 struct Blacklist {
140 const char *File;
141 SanitizerMask Mask;
142 } Blacklists[] = {{"asan_blacklist.txt", SanitizerKind::Address},
143 {"hwasan_blacklist.txt", SanitizerKind::HWAddress},
144 {"memtag_blacklist.txt", SanitizerKind::MemTag},
145 {"msan_blacklist.txt", SanitizerKind::Memory},
146 {"tsan_blacklist.txt", SanitizerKind::Thread},
147 {"dfsan_abilist.txt", SanitizerKind::DataFlow},
148 {"cfi_blacklist.txt", SanitizerKind::CFI},
149 {"ubsan_blacklist.txt",
150 SanitizerKind::Undefined | SanitizerKind::Integer |
151 SanitizerKind::Nullability |
152 SanitizerKind::FloatDivideByZero}};
153
154 for (auto BL : Blacklists) {
155 if (!(Kinds & BL.Mask))
156 continue;
157
158 clang::SmallString<64> Path(D.ResourceDir);
159 llvm::sys::path::append(Path, "share", BL.File);
160 if (D.getVFS().exists(Path))
161 BlacklistFiles.push_back(std::string(Path.str()));
162 else if (BL.Mask == SanitizerKind::CFI)
163 // If cfi_blacklist.txt cannot be found in the resource dir, driver
164 // should fail.
165 D.Diag(clang::diag::err_drv_no_such_file) << Path;
166 }
167 validateSpecialCaseListFormat(
168 D, BlacklistFiles, clang::diag::err_drv_malformed_sanitizer_blacklist);
169 }
170
171 /// Parse -f(no-)?sanitize-(coverage-)?(white|black)list argument's values,
172 /// diagnosing any invalid file paths and validating special case list format.
parseSpecialCaseListArg(const Driver & D,const llvm::opt::ArgList & Args,std::vector<std::string> & SCLFiles,llvm::opt::OptSpecifier SCLOptionID,llvm::opt::OptSpecifier NoSCLOptionID,unsigned MalformedSCLErrorDiagID)173 static void parseSpecialCaseListArg(const Driver &D,
174 const llvm::opt::ArgList &Args,
175 std::vector<std::string> &SCLFiles,
176 llvm::opt::OptSpecifier SCLOptionID,
177 llvm::opt::OptSpecifier NoSCLOptionID,
178 unsigned MalformedSCLErrorDiagID) {
179 for (const auto *Arg : Args) {
180 // Match -fsanitize-(coverage-)?(white|black)list.
181 if (Arg->getOption().matches(SCLOptionID)) {
182 Arg->claim();
183 std::string SCLPath = Arg->getValue();
184 if (D.getVFS().exists(SCLPath)) {
185 SCLFiles.push_back(SCLPath);
186 } else {
187 D.Diag(clang::diag::err_drv_no_such_file) << SCLPath;
188 }
189 // Match -fno-sanitize-blacklist.
190 } else if (Arg->getOption().matches(NoSCLOptionID)) {
191 Arg->claim();
192 SCLFiles.clear();
193 }
194 }
195 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID);
196 }
197
198 /// Sets group bits for every group that has at least one representative already
199 /// enabled in \p Kinds.
setGroupBits(SanitizerMask Kinds)200 static SanitizerMask setGroupBits(SanitizerMask Kinds) {
201 #define SANITIZER(NAME, ID)
202 #define SANITIZER_GROUP(NAME, ID, ALIAS) \
203 if (Kinds & SanitizerKind::ID) \
204 Kinds |= SanitizerKind::ID##Group;
205 #include "clang/Basic/Sanitizers.def"
206 return Kinds;
207 }
208
parseSanitizeTrapArgs(const Driver & D,const llvm::opt::ArgList & Args)209 static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
210 const llvm::opt::ArgList &Args) {
211 SanitizerMask TrapRemove; // During the loop below, the accumulated set of
212 // sanitizers disabled by the current sanitizer
213 // argument or any argument after it.
214 SanitizerMask TrappingKinds;
215 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported);
216
217 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
218 I != E; ++I) {
219 const auto *Arg = *I;
220 if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) {
221 Arg->claim();
222 SanitizerMask Add = parseArgValues(D, Arg, true);
223 Add &= ~TrapRemove;
224 if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
225 SanitizerSet S;
226 S.Mask = InvalidValues;
227 D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap"
228 << toString(S);
229 }
230 TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove;
231 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) {
232 Arg->claim();
233 TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true));
234 }
235 }
236
237 // Apply default trapping behavior.
238 TrappingKinds |= TrappingDefault & ~TrapRemove;
239
240 return TrappingKinds;
241 }
242
needsUbsanRt() const243 bool SanitizerArgs::needsUbsanRt() const {
244 // All of these include ubsan.
245 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
246 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() ||
247 (needsScudoRt() && !requiresMinimalRuntime()))
248 return false;
249
250 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
251 CoverageFeatures;
252 }
253
needsCfiRt() const254 bool SanitizerArgs::needsCfiRt() const {
255 return !(Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
256 CfiCrossDso && !ImplicitCfiRuntime;
257 }
258
needsCfiDiagRt() const259 bool SanitizerArgs::needsCfiDiagRt() const {
260 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
261 CfiCrossDso && !ImplicitCfiRuntime;
262 }
263
requiresPIE() const264 bool SanitizerArgs::requiresPIE() const {
265 return NeedPIE || (Sanitizers.Mask & RequiresPIE);
266 }
267
needsUnwindTables() const268 bool SanitizerArgs::needsUnwindTables() const {
269 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables);
270 }
271
needsLTO() const272 bool SanitizerArgs::needsLTO() const {
273 return static_cast<bool>(Sanitizers.Mask & NeedsLTO);
274 }
275
SanitizerArgs(const ToolChain & TC,const llvm::opt::ArgList & Args)276 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
277 const llvm::opt::ArgList &Args) {
278 SanitizerMask AllRemove; // During the loop below, the accumulated set of
279 // sanitizers disabled by the current sanitizer
280 // argument or any argument after it.
281 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by
282 // -fsanitize= flags (directly or via group
283 // expansion), some of which may be disabled
284 // later. Used to carefully prune
285 // unused-argument diagnostics.
286 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now.
287 // Used to deduplicate diagnostics.
288 SanitizerMask Kinds;
289 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
290
291 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
292 options::OPT_fno_sanitize_cfi_cross_dso, false);
293
294 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
295
296 const Driver &D = TC.getDriver();
297 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
298 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
299
300 MinimalRuntime =
301 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
302 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
303
304 // The object size sanitizer should not be enabled at -O0.
305 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
306 bool RemoveObjectSizeAtO0 =
307 !OptLevel || OptLevel->getOption().matches(options::OPT_O0);
308
309 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
310 I != E; ++I) {
311 const auto *Arg = *I;
312 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
313 Arg->claim();
314 SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true);
315
316 if (RemoveObjectSizeAtO0) {
317 AllRemove |= SanitizerKind::ObjectSize;
318
319 // The user explicitly enabled the object size sanitizer. Warn
320 // that this does nothing at -O0.
321 if (Add & SanitizerKind::ObjectSize)
322 D.Diag(diag::warn_drv_object_size_disabled_O0)
323 << Arg->getAsString(Args);
324 }
325
326 AllAddedKinds |= expandSanitizerGroups(Add);
327
328 // Avoid diagnosing any sanitizer which is disabled later.
329 Add &= ~AllRemove;
330 // At this point we have not expanded groups, so any unsupported
331 // sanitizers in Add are those which have been explicitly enabled.
332 // Diagnose them.
333 if (SanitizerMask KindsToDiagnose =
334 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
335 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
336 D.Diag(diag::err_drv_argument_not_allowed_with)
337 << Desc << "-fsanitize-trap=undefined";
338 DiagnosedKinds |= KindsToDiagnose;
339 }
340 Add &= ~InvalidTrappingKinds;
341
342 if (MinimalRuntime) {
343 if (SanitizerMask KindsToDiagnose =
344 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
345 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
346 D.Diag(diag::err_drv_argument_not_allowed_with)
347 << Desc << "-fsanitize-minimal-runtime";
348 DiagnosedKinds |= KindsToDiagnose;
349 }
350 Add &= ~NotAllowedWithMinimalRuntime;
351 }
352
353 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
354 // There are currently two problems:
355 // - Virtual function call checks need to pass a pointer to the function
356 // address to llvm.type.test and a pointer to the address point to the
357 // diagnostic function. Currently we pass the same pointer to both
358 // places.
359 // - Non-virtual function call checks may need to check multiple type
360 // identifiers.
361 // Fixing both of those may require changes to the cross-DSO CFI
362 // interface.
363 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) {
364 D.Diag(diag::err_drv_argument_not_allowed_with)
365 << "-fsanitize=cfi-mfcall"
366 << "-fsanitize-cfi-cross-dso";
367 Add &= ~SanitizerKind::CFIMFCall;
368 DiagnosedKinds |= SanitizerKind::CFIMFCall;
369 }
370
371 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
372 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
373 D.Diag(diag::err_drv_unsupported_opt_for_target)
374 << Desc << TC.getTriple().str();
375 DiagnosedKinds |= KindsToDiagnose;
376 }
377 Add &= Supported;
378
379 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
380 // so we don't error out if -fno-rtti and -fsanitize=undefined were
381 // passed.
382 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
383 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
384 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
385 "RTTI disabled without -fno-rtti option?");
386 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
387 // the vptr sanitizer requires RTTI, so this is a user error.
388 D.Diag(diag::err_drv_argument_not_allowed_with)
389 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
390 } else {
391 // The vptr sanitizer requires RTTI, but RTTI is disabled (by
392 // default). Warn that the vptr sanitizer is being disabled.
393 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default);
394 }
395
396 // Take out the Vptr sanitizer from the enabled sanitizers
397 AllRemove |= SanitizerKind::Vptr;
398 }
399
400 Add = expandSanitizerGroups(Add);
401 // Group expansion may have enabled a sanitizer which is disabled later.
402 Add &= ~AllRemove;
403 // Silently discard any unsupported sanitizers implicitly enabled through
404 // group expansion.
405 Add &= ~InvalidTrappingKinds;
406 if (MinimalRuntime) {
407 Add &= ~NotAllowedWithMinimalRuntime;
408 }
409 if (CfiCrossDso)
410 Add &= ~SanitizerKind::CFIMFCall;
411 Add &= Supported;
412
413 if (Add & SanitizerKind::Fuzzer)
414 Add |= SanitizerKind::FuzzerNoLink;
415
416 // Enable coverage if the fuzzing flag is set.
417 if (Add & SanitizerKind::FuzzerNoLink) {
418 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
419 CoverageTraceCmp | CoveragePCTable;
420 // Due to TLS differences, stack depth tracking is only enabled on Linux
421 if (TC.getTriple().isOSLinux())
422 CoverageFeatures |= CoverageStackDepth;
423 }
424
425 Kinds |= Add;
426 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
427 Arg->claim();
428 SanitizerMask Remove = parseArgValues(D, Arg, true);
429 AllRemove |= expandSanitizerGroups(Remove);
430 }
431 }
432
433 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
434 std::make_pair(SanitizerKind::Address,
435 SanitizerKind::Thread | SanitizerKind::Memory),
436 std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory),
437 std::make_pair(SanitizerKind::Leak,
438 SanitizerKind::Thread | SanitizerKind::Memory),
439 std::make_pair(SanitizerKind::KernelAddress,
440 SanitizerKind::Address | SanitizerKind::Leak |
441 SanitizerKind::Thread | SanitizerKind::Memory),
442 std::make_pair(SanitizerKind::HWAddress,
443 SanitizerKind::Address | SanitizerKind::Thread |
444 SanitizerKind::Memory | SanitizerKind::KernelAddress),
445 std::make_pair(SanitizerKind::Scudo,
446 SanitizerKind::Address | SanitizerKind::HWAddress |
447 SanitizerKind::Leak | SanitizerKind::Thread |
448 SanitizerKind::Memory | SanitizerKind::KernelAddress),
449 std::make_pair(SanitizerKind::SafeStack,
450 (TC.getTriple().isOSFuchsia() ? SanitizerMask()
451 : SanitizerKind::Leak) |
452 SanitizerKind::Address | SanitizerKind::HWAddress |
453 SanitizerKind::Thread | SanitizerKind::Memory |
454 SanitizerKind::KernelAddress),
455 std::make_pair(SanitizerKind::KernelHWAddress,
456 SanitizerKind::Address | SanitizerKind::HWAddress |
457 SanitizerKind::Leak | SanitizerKind::Thread |
458 SanitizerKind::Memory | SanitizerKind::KernelAddress |
459 SanitizerKind::SafeStack),
460 std::make_pair(SanitizerKind::KernelMemory,
461 SanitizerKind::Address | SanitizerKind::HWAddress |
462 SanitizerKind::Leak | SanitizerKind::Thread |
463 SanitizerKind::Memory | SanitizerKind::KernelAddress |
464 SanitizerKind::Scudo | SanitizerKind::SafeStack),
465 std::make_pair(SanitizerKind::MemTag,
466 SanitizerKind::Address | SanitizerKind::KernelAddress |
467 SanitizerKind::HWAddress |
468 SanitizerKind::KernelHWAddress)};
469 // Enable toolchain specific default sanitizers if not explicitly disabled.
470 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
471
472 // Disable default sanitizers that are incompatible with explicitly requested
473 // ones.
474 for (auto G : IncompatibleGroups) {
475 SanitizerMask Group = G.first;
476 if ((Default & Group) && (Kinds & G.second))
477 Default &= ~Group;
478 }
479
480 Kinds |= Default;
481
482 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
483 // is disabled.
484 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
485 Kinds &= ~SanitizerKind::Vptr;
486 }
487
488 // Check that LTO is enabled if we need it.
489 if ((Kinds & NeedsLTO) && !D.isUsingLTO()) {
490 D.Diag(diag::err_drv_argument_only_allowed_with)
491 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
492 }
493
494 if ((Kinds & SanitizerKind::ShadowCallStack) && TC.getTriple().isAArch64() &&
495 !llvm::AArch64::isX18ReservedByDefault(TC.getTriple()) &&
496 !Args.hasArg(options::OPT_ffixed_x18)) {
497 D.Diag(diag::err_drv_argument_only_allowed_with)
498 << lastArgumentForMask(D, Args, Kinds & SanitizerKind::ShadowCallStack)
499 << "-ffixed-x18";
500 }
501
502 // Report error if there are non-trapping sanitizers that require
503 // c++abi-specific parts of UBSan runtime, and they are not provided by the
504 // toolchain. We don't have a good way to check the latter, so we just
505 // check if the toolchan supports vptr.
506 if (~Supported & SanitizerKind::Vptr) {
507 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
508 // The runtime library supports the Microsoft C++ ABI, but only well enough
509 // for CFI. FIXME: Remove this once we support vptr on Windows.
510 if (TC.getTriple().isOSWindows())
511 KindsToDiagnose &= ~SanitizerKind::CFI;
512 if (KindsToDiagnose) {
513 SanitizerSet S;
514 S.Mask = KindsToDiagnose;
515 D.Diag(diag::err_drv_unsupported_opt_for_target)
516 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str();
517 Kinds &= ~KindsToDiagnose;
518 }
519 }
520
521 // Warn about incompatible groups of sanitizers.
522 for (auto G : IncompatibleGroups) {
523 SanitizerMask Group = G.first;
524 if (Kinds & Group) {
525 if (SanitizerMask Incompatible = Kinds & G.second) {
526 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
527 << lastArgumentForMask(D, Args, Group)
528 << lastArgumentForMask(D, Args, Incompatible);
529 Kinds &= ~Incompatible;
530 }
531 }
532 }
533 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
534 // -fsanitize=address. Perhaps it should print an error, or perhaps
535 // -f(-no)sanitize=leak should change whether leak detection is enabled by
536 // default in ASan?
537
538 // Parse -f(no-)?sanitize-recover flags.
539 SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable;
540 SanitizerMask DiagnosedUnrecoverableKinds;
541 SanitizerMask DiagnosedAlwaysRecoverableKinds;
542 for (const auto *Arg : Args) {
543 if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
544 SanitizerMask Add = parseArgValues(D, Arg, true);
545 // Report error if user explicitly tries to recover from unrecoverable
546 // sanitizer.
547 if (SanitizerMask KindsToDiagnose =
548 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
549 SanitizerSet SetToDiagnose;
550 SetToDiagnose.Mask |= KindsToDiagnose;
551 D.Diag(diag::err_drv_unsupported_option_argument)
552 << Arg->getOption().getName() << toString(SetToDiagnose);
553 DiagnosedUnrecoverableKinds |= KindsToDiagnose;
554 }
555 RecoverableKinds |= expandSanitizerGroups(Add);
556 Arg->claim();
557 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
558 SanitizerMask Remove = parseArgValues(D, Arg, true);
559 // Report error if user explicitly tries to disable recovery from
560 // always recoverable sanitizer.
561 if (SanitizerMask KindsToDiagnose =
562 Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) {
563 SanitizerSet SetToDiagnose;
564 SetToDiagnose.Mask |= KindsToDiagnose;
565 D.Diag(diag::err_drv_unsupported_option_argument)
566 << Arg->getOption().getName() << toString(SetToDiagnose);
567 DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose;
568 }
569 RecoverableKinds &= ~expandSanitizerGroups(Remove);
570 Arg->claim();
571 }
572 }
573 RecoverableKinds &= Kinds;
574 RecoverableKinds &= ~Unrecoverable;
575
576 TrappingKinds &= Kinds;
577 RecoverableKinds &= ~TrappingKinds;
578
579 // Setup blacklist files.
580 // Add default blacklist from resource directory for activated sanitizers, and
581 // validate special case lists format.
582 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_blacklist))
583 addDefaultBlacklists(D, Kinds, SystemBlacklistFiles);
584
585 // Parse -f(no-)?sanitize-blacklist options.
586 // This also validates special case lists format.
587 parseSpecialCaseListArg(D, Args, UserBlacklistFiles,
588 options::OPT_fsanitize_blacklist,
589 options::OPT_fno_sanitize_blacklist,
590 clang::diag::err_drv_malformed_sanitizer_blacklist);
591
592 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
593 if (AllAddedKinds & SanitizerKind::Memory) {
594 if (Arg *A =
595 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
596 options::OPT_fsanitize_memory_track_origins,
597 options::OPT_fno_sanitize_memory_track_origins)) {
598 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) {
599 MsanTrackOrigins = 2;
600 } else if (A->getOption().matches(
601 options::OPT_fno_sanitize_memory_track_origins)) {
602 MsanTrackOrigins = 0;
603 } else {
604 StringRef S = A->getValue();
605 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
606 MsanTrackOrigins > 2) {
607 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
608 }
609 }
610 }
611 MsanUseAfterDtor =
612 Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor,
613 options::OPT_fno_sanitize_memory_use_after_dtor,
614 MsanUseAfterDtor);
615 NeedPIE |= !(TC.getTriple().isOSLinux() &&
616 TC.getTriple().getArch() == llvm::Triple::x86_64);
617 } else {
618 MsanUseAfterDtor = false;
619 }
620
621 if (AllAddedKinds & SanitizerKind::Thread) {
622 TsanMemoryAccess = Args.hasFlag(
623 options::OPT_fsanitize_thread_memory_access,
624 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess);
625 TsanFuncEntryExit = Args.hasFlag(
626 options::OPT_fsanitize_thread_func_entry_exit,
627 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit);
628 TsanAtomics =
629 Args.hasFlag(options::OPT_fsanitize_thread_atomics,
630 options::OPT_fno_sanitize_thread_atomics, TsanAtomics);
631 }
632
633 if (AllAddedKinds & SanitizerKind::CFI) {
634 // Without PIE, external function address may resolve to a PLT record, which
635 // can not be verified by the target module.
636 NeedPIE |= CfiCrossDso;
637 CfiICallGeneralizePointers =
638 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
639
640 if (CfiCrossDso && CfiICallGeneralizePointers)
641 D.Diag(diag::err_drv_argument_not_allowed_with)
642 << "-fsanitize-cfi-cross-dso"
643 << "-fsanitize-cfi-icall-generalize-pointers";
644
645 CfiCanonicalJumpTables =
646 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
647 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
648 }
649
650 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
651 options::OPT_fno_sanitize_stats, false);
652
653 if (MinimalRuntime) {
654 SanitizerMask IncompatibleMask =
655 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
656 if (IncompatibleMask)
657 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
658 << "-fsanitize-minimal-runtime"
659 << lastArgumentForMask(D, Args, IncompatibleMask);
660
661 SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds;
662 if (NonTrappingCfi)
663 D.Diag(clang::diag::err_drv_argument_only_allowed_with)
664 << "fsanitize-minimal-runtime"
665 << "fsanitize-trap=cfi";
666 }
667
668 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
669 // enabled sanitizers.
670 for (const auto *Arg : Args) {
671 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
672 int LegacySanitizeCoverage;
673 if (Arg->getNumValues() == 1 &&
674 !StringRef(Arg->getValue(0))
675 .getAsInteger(0, LegacySanitizeCoverage)) {
676 CoverageFeatures = 0;
677 Arg->claim();
678 if (LegacySanitizeCoverage != 0) {
679 D.Diag(diag::warn_drv_deprecated_arg)
680 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard";
681 }
682 continue;
683 }
684 CoverageFeatures |= parseCoverageFeatures(D, Arg);
685
686 // Disable coverage and not claim the flags if there is at least one
687 // non-supporting sanitizer.
688 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
689 Arg->claim();
690 } else {
691 CoverageFeatures = 0;
692 }
693 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
694 Arg->claim();
695 CoverageFeatures &= ~parseCoverageFeatures(D, Arg);
696 }
697 }
698 // Choose at most one coverage type: function, bb, or edge.
699 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
700 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
701 << "-fsanitize-coverage=func"
702 << "-fsanitize-coverage=bb";
703 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
704 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
705 << "-fsanitize-coverage=func"
706 << "-fsanitize-coverage=edge";
707 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
708 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
709 << "-fsanitize-coverage=bb"
710 << "-fsanitize-coverage=edge";
711 // Basic block tracing and 8-bit counters require some type of coverage
712 // enabled.
713 if (CoverageFeatures & CoverageTraceBB)
714 D.Diag(clang::diag::warn_drv_deprecated_arg)
715 << "-fsanitize-coverage=trace-bb"
716 << "-fsanitize-coverage=trace-pc-guard";
717 if (CoverageFeatures & Coverage8bitCounters)
718 D.Diag(clang::diag::warn_drv_deprecated_arg)
719 << "-fsanitize-coverage=8bit-counters"
720 << "-fsanitize-coverage=trace-pc-guard";
721
722 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
723 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
724 CoverageInline8bitCounters |
725 CoverageInlineBoolFlag;
726 if ((CoverageFeatures & InsertionPointTypes) &&
727 !(CoverageFeatures & InstrumentationTypes)) {
728 D.Diag(clang::diag::warn_drv_deprecated_arg)
729 << "-fsanitize-coverage=[func|bb|edge]"
730 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]";
731 }
732
733 // trace-pc w/o func/bb/edge implies edge.
734 if (!(CoverageFeatures & InsertionPointTypes)) {
735 if (CoverageFeatures &
736 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters |
737 CoverageInlineBoolFlag))
738 CoverageFeatures |= CoverageEdge;
739
740 if (CoverageFeatures & CoverageStackDepth)
741 CoverageFeatures |= CoverageFunc;
742 }
743
744 // Parse -fsanitize-coverage-(black|white)list options if coverage enabled.
745 // This also validates special case lists format.
746 // Here, OptSpecifier() acts as a never-matching command-line argument.
747 // So, there is no way to clear coverage lists but you can append to them.
748 if (CoverageFeatures) {
749 parseSpecialCaseListArg(
750 D, Args, CoverageAllowlistFiles,
751 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(),
752 clang::diag::err_drv_malformed_sanitizer_coverage_whitelist);
753 parseSpecialCaseListArg(
754 D, Args, CoverageBlocklistFiles,
755 options::OPT_fsanitize_coverage_blocklist, OptSpecifier(),
756 clang::diag::err_drv_malformed_sanitizer_coverage_blacklist);
757 }
758
759 SharedRuntime =
760 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
761 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
762 TC.getTriple().isOSDarwin());
763
764 ImplicitCfiRuntime = TC.getTriple().isAndroid();
765
766 if (AllAddedKinds & SanitizerKind::Address) {
767 NeedPIE |= TC.getTriple().isOSFuchsia();
768 if (Arg *A =
769 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
770 StringRef S = A->getValue();
771 // Legal values are 0 and 1, 2, but in future we may add more levels.
772 if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
773 AsanFieldPadding > 2) {
774 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
775 }
776 }
777
778 if (Arg *WindowsDebugRTArg =
779 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
780 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
781 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
782 switch (WindowsDebugRTArg->getOption().getID()) {
783 case options::OPT__SLASH_MTd:
784 case options::OPT__SLASH_MDd:
785 case options::OPT__SLASH_LDd:
786 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
787 << WindowsDebugRTArg->getAsString(Args)
788 << lastArgumentForMask(D, Args, SanitizerKind::Address);
789 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
790 }
791 }
792
793 AsanUseAfterScope = Args.hasFlag(
794 options::OPT_fsanitize_address_use_after_scope,
795 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
796
797 AsanPoisonCustomArrayCookie = Args.hasFlag(
798 options::OPT_fsanitize_address_poison_custom_array_cookie,
799 options::OPT_fno_sanitize_address_poison_custom_array_cookie,
800 AsanPoisonCustomArrayCookie);
801
802 // As a workaround for a bug in gold 2.26 and earlier, dead stripping of
803 // globals in ASan is disabled by default on ELF targets.
804 // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002
805 AsanGlobalsDeadStripping =
806 !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() ||
807 TC.getTriple().isPS4() ||
808 Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping);
809
810 AsanUseOdrIndicator =
811 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator,
812 options::OPT_fno_sanitize_address_use_odr_indicator,
813 AsanUseOdrIndicator);
814
815 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
816 AsanInvalidPointerCmp = true;
817 }
818
819 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
820 AsanInvalidPointerSub = true;
821 }
822
823 } else {
824 AsanUseAfterScope = false;
825 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
826 SanitizerMask DetectInvalidPointerPairs =
827 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
828 if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) {
829 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
830 << lastArgumentForMask(D, Args,
831 SanitizerKind::PointerCompare |
832 SanitizerKind::PointerSubtract)
833 << "-fsanitize=address";
834 }
835 }
836
837 if (AllAddedKinds & SanitizerKind::HWAddress) {
838 if (Arg *HwasanAbiArg =
839 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) {
840 HwasanAbi = HwasanAbiArg->getValue();
841 if (HwasanAbi != "platform" && HwasanAbi != "interceptor")
842 D.Diag(clang::diag::err_drv_invalid_value)
843 << HwasanAbiArg->getAsString(Args) << HwasanAbi;
844 } else {
845 HwasanAbi = "interceptor";
846 }
847 }
848
849 if (AllAddedKinds & SanitizerKind::SafeStack) {
850 // SafeStack runtime is built into the system on Android and Fuchsia.
851 SafeStackRuntime =
852 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia();
853 }
854
855 LinkRuntimes =
856 Args.hasFlag(options::OPT_fsanitize_link_runtime,
857 options::OPT_fno_sanitize_link_runtime, LinkRuntimes);
858
859 // Parse -link-cxx-sanitizer flag.
860 LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime,
861 options::OPT_fno_sanitize_link_cxx_runtime,
862 LinkCXXRuntimes) ||
863 D.CCCIsCXX();
864
865 // Finally, initialize the set of available and recoverable sanitizers.
866 Sanitizers.Mask |= Kinds;
867 RecoverableSanitizers.Mask |= RecoverableKinds;
868 TrapSanitizers.Mask |= TrappingKinds;
869 assert(!(RecoverableKinds & TrappingKinds) &&
870 "Overlap between recoverable and trapping sanitizers");
871 }
872
toString(const clang::SanitizerSet & Sanitizers)873 static std::string toString(const clang::SanitizerSet &Sanitizers) {
874 std::string Res;
875 #define SANITIZER(NAME, ID) \
876 if (Sanitizers.has(SanitizerKind::ID)) { \
877 if (!Res.empty()) \
878 Res += ","; \
879 Res += NAME; \
880 }
881 #include "clang/Basic/Sanitizers.def"
882 return Res;
883 }
884
addSpecialCaseListOpt(const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,const char * SCLOptFlag,const std::vector<std::string> & SCLFiles)885 static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args,
886 llvm::opt::ArgStringList &CmdArgs,
887 const char *SCLOptFlag,
888 const std::vector<std::string> &SCLFiles) {
889 for (const auto &SCLPath : SCLFiles) {
890 SmallString<64> SCLOpt(SCLOptFlag);
891 SCLOpt += SCLPath;
892 CmdArgs.push_back(Args.MakeArgString(SCLOpt));
893 }
894 }
895
addIncludeLinkerOption(const ToolChain & TC,const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,StringRef SymbolName)896 static void addIncludeLinkerOption(const ToolChain &TC,
897 const llvm::opt::ArgList &Args,
898 llvm::opt::ArgStringList &CmdArgs,
899 StringRef SymbolName) {
900 SmallString<64> LinkerOptionFlag;
901 LinkerOptionFlag = "--linker-option=/include:";
902 if (TC.getTriple().getArch() == llvm::Triple::x86) {
903 // Win32 mangles C function names with a '_' prefix.
904 LinkerOptionFlag += '_';
905 }
906 LinkerOptionFlag += SymbolName;
907 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
908 }
909
hasTargetFeatureMTE(const llvm::opt::ArgStringList & CmdArgs)910 static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) {
911 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End; ++Start) {
912 auto It = std::find(Start, End, StringRef("+mte"));
913 if (It == End)
914 break;
915 if (It > Start && *std::prev(It) == StringRef("-target-feature"))
916 return true;
917 Start = It;
918 }
919 return false;
920 }
921
addArgs(const ToolChain & TC,const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,types::ID InputType) const922 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
923 llvm::opt::ArgStringList &CmdArgs,
924 types::ID InputType) const {
925 // NVPTX doesn't currently support sanitizers. Bailing out here means that
926 // e.g. -fsanitize=address applies only to host code, which is what we want
927 // for now.
928 if (TC.getTriple().isNVPTX())
929 return;
930
931 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
932 // Do it even if Sanitizers.empty() since some forms of coverage don't require
933 // sanitizers.
934 std::pair<int, const char *> CoverageFlags[] = {
935 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
936 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
937 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
938 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
939 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"),
940 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
941 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"),
942 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"),
943 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"),
944 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"),
945 std::make_pair(CoverageTracePCGuard,
946 "-fsanitize-coverage-trace-pc-guard"),
947 std::make_pair(CoverageInline8bitCounters,
948 "-fsanitize-coverage-inline-8bit-counters"),
949 std::make_pair(CoverageInlineBoolFlag,
950 "-fsanitize-coverage-inline-bool-flag"),
951 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
952 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
953 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")};
954 for (auto F : CoverageFlags) {
955 if (CoverageFeatures & F.first)
956 CmdArgs.push_back(F.second);
957 }
958 addSpecialCaseListOpt(
959 Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles);
960 addSpecialCaseListOpt(
961 Args, CmdArgs, "-fsanitize-coverage-blocklist=", CoverageBlocklistFiles);
962
963 if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
964 // Instruct the code generator to embed linker directives in the object file
965 // that cause the required runtime libraries to be linked.
966 CmdArgs.push_back(
967 Args.MakeArgString("--dependent-lib=" +
968 TC.getCompilerRTBasename(Args, "ubsan_standalone")));
969 if (types::isCXX(InputType))
970 CmdArgs.push_back(Args.MakeArgString(
971 "--dependent-lib=" +
972 TC.getCompilerRTBasename(Args, "ubsan_standalone_cxx")));
973 }
974 if (TC.getTriple().isOSWindows() && needsStatsRt()) {
975 CmdArgs.push_back(Args.MakeArgString(
976 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats_client")));
977
978 // The main executable must export the stats runtime.
979 // FIXME: Only exporting from the main executable (e.g. based on whether the
980 // translation unit defines main()) would save a little space, but having
981 // multiple copies of the runtime shouldn't hurt.
982 CmdArgs.push_back(Args.MakeArgString(
983 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats")));
984 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register");
985 }
986
987 if (Sanitizers.empty())
988 return;
989 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
990
991 if (!RecoverableSanitizers.empty())
992 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
993 toString(RecoverableSanitizers)));
994
995 if (!TrapSanitizers.empty())
996 CmdArgs.push_back(
997 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
998
999 addSpecialCaseListOpt(Args, CmdArgs,
1000 "-fsanitize-blacklist=", UserBlacklistFiles);
1001 addSpecialCaseListOpt(Args, CmdArgs,
1002 "-fsanitize-system-blacklist=", SystemBlacklistFiles);
1003
1004 if (MsanTrackOrigins)
1005 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
1006 Twine(MsanTrackOrigins)));
1007
1008 if (MsanUseAfterDtor)
1009 CmdArgs.push_back("-fsanitize-memory-use-after-dtor");
1010
1011 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
1012 if (!TsanMemoryAccess) {
1013 CmdArgs.push_back("-mllvm");
1014 CmdArgs.push_back("-tsan-instrument-memory-accesses=0");
1015 CmdArgs.push_back("-mllvm");
1016 CmdArgs.push_back("-tsan-instrument-memintrinsics=0");
1017 }
1018 if (!TsanFuncEntryExit) {
1019 CmdArgs.push_back("-mllvm");
1020 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0");
1021 }
1022 if (!TsanAtomics) {
1023 CmdArgs.push_back("-mllvm");
1024 CmdArgs.push_back("-tsan-instrument-atomics=0");
1025 }
1026
1027 if (CfiCrossDso)
1028 CmdArgs.push_back("-fsanitize-cfi-cross-dso");
1029
1030 if (CfiICallGeneralizePointers)
1031 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
1032
1033 if (CfiCanonicalJumpTables)
1034 CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables");
1035
1036 if (Stats)
1037 CmdArgs.push_back("-fsanitize-stats");
1038
1039 if (MinimalRuntime)
1040 CmdArgs.push_back("-fsanitize-minimal-runtime");
1041
1042 if (AsanFieldPadding)
1043 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
1044 Twine(AsanFieldPadding)));
1045
1046 if (AsanUseAfterScope)
1047 CmdArgs.push_back("-fsanitize-address-use-after-scope");
1048
1049 if (AsanPoisonCustomArrayCookie)
1050 CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie");
1051
1052 if (AsanGlobalsDeadStripping)
1053 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping");
1054
1055 if (AsanUseOdrIndicator)
1056 CmdArgs.push_back("-fsanitize-address-use-odr-indicator");
1057
1058 if (AsanInvalidPointerCmp) {
1059 CmdArgs.push_back("-mllvm");
1060 CmdArgs.push_back("-asan-detect-invalid-pointer-cmp");
1061 }
1062
1063 if (AsanInvalidPointerSub) {
1064 CmdArgs.push_back("-mllvm");
1065 CmdArgs.push_back("-asan-detect-invalid-pointer-sub");
1066 }
1067
1068 if (!HwasanAbi.empty()) {
1069 CmdArgs.push_back("-default-function-attr");
1070 CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));
1071 }
1072
1073 if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) {
1074 CmdArgs.push_back("-target-feature");
1075 CmdArgs.push_back("+tagged-globals");
1076 }
1077
1078 // MSan: Workaround for PR16386.
1079 // ASan: This is mainly to help LSan with cases such as
1080 // https://github.com/google/sanitizers/issues/373
1081 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
1082 // affect compilation.
1083 if (Sanitizers.has(SanitizerKind::Memory) ||
1084 Sanitizers.has(SanitizerKind::Address))
1085 CmdArgs.push_back("-fno-assume-sane-operator-new");
1086
1087 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
1088 // enabled.
1089 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
1090 !Args.hasArg(options::OPT_fvisibility_EQ)) {
1091 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1092 << lastArgumentForMask(TC.getDriver(), Args,
1093 Sanitizers.Mask & CFIClasses)
1094 << "-fvisibility=";
1095 }
1096
1097 if (Sanitizers.has(SanitizerKind::MemTag) && !hasTargetFeatureMTE(CmdArgs))
1098 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature);
1099 }
1100
parseArgValues(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors)1101 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
1102 bool DiagnoseErrors) {
1103 assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
1104 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
1105 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
1106 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
1107 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
1108 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
1109 "Invalid argument in parseArgValues!");
1110 SanitizerMask Kinds;
1111 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1112 const char *Value = A->getValue(i);
1113 SanitizerMask Kind;
1114 // Special case: don't accept -fsanitize=all.
1115 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
1116 0 == strcmp("all", Value))
1117 Kind = SanitizerMask();
1118 else
1119 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
1120
1121 if (Kind)
1122 Kinds |= Kind;
1123 else if (DiagnoseErrors)
1124 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1125 << A->getOption().getName() << Value;
1126 }
1127 return Kinds;
1128 }
1129
parseCoverageFeatures(const Driver & D,const llvm::opt::Arg * A)1130 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) {
1131 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
1132 A->getOption().matches(options::OPT_fno_sanitize_coverage));
1133 int Features = 0;
1134 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1135 const char *Value = A->getValue(i);
1136 int F = llvm::StringSwitch<int>(Value)
1137 .Case("func", CoverageFunc)
1138 .Case("bb", CoverageBB)
1139 .Case("edge", CoverageEdge)
1140 .Case("indirect-calls", CoverageIndirCall)
1141 .Case("trace-bb", CoverageTraceBB)
1142 .Case("trace-cmp", CoverageTraceCmp)
1143 .Case("trace-div", CoverageTraceDiv)
1144 .Case("trace-gep", CoverageTraceGep)
1145 .Case("8bit-counters", Coverage8bitCounters)
1146 .Case("trace-pc", CoverageTracePC)
1147 .Case("trace-pc-guard", CoverageTracePCGuard)
1148 .Case("no-prune", CoverageNoPrune)
1149 .Case("inline-8bit-counters", CoverageInline8bitCounters)
1150 .Case("inline-bool-flag", CoverageInlineBoolFlag)
1151 .Case("pc-table", CoveragePCTable)
1152 .Case("stack-depth", CoverageStackDepth)
1153 .Default(0);
1154 if (F == 0)
1155 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1156 << A->getOption().getName() << Value;
1157 Features |= F;
1158 }
1159 return Features;
1160 }
1161
lastArgumentForMask(const Driver & D,const llvm::opt::ArgList & Args,SanitizerMask Mask)1162 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
1163 SanitizerMask Mask) {
1164 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
1165 E = Args.rend();
1166 I != E; ++I) {
1167 const auto *Arg = *I;
1168 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
1169 SanitizerMask AddKinds =
1170 expandSanitizerGroups(parseArgValues(D, Arg, false));
1171 if (AddKinds & Mask)
1172 return describeSanitizeArg(Arg, Mask);
1173 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
1174 SanitizerMask RemoveKinds =
1175 expandSanitizerGroups(parseArgValues(D, Arg, false));
1176 Mask &= ~RemoveKinds;
1177 }
1178 }
1179 llvm_unreachable("arg list didn't provide expected value");
1180 }
1181
describeSanitizeArg(const llvm::opt::Arg * A,SanitizerMask Mask)1182 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1183 assert(A->getOption().matches(options::OPT_fsanitize_EQ)
1184 && "Invalid argument in describeSanitizerArg!");
1185
1186 std::string Sanitizers;
1187 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1188 if (expandSanitizerGroups(
1189 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) &
1190 Mask) {
1191 if (!Sanitizers.empty())
1192 Sanitizers += ",";
1193 Sanitizers += A->getValue(i);
1194 }
1195 }
1196
1197 assert(!Sanitizers.empty() && "arg didn't provide expected value");
1198 return "-fsanitize=" + Sanitizers;
1199 }
1200