1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 #include "clang/Driver/SanitizerArgs.h"
9 #include "clang/Basic/Sanitizers.h"
10 #include "clang/Driver/Driver.h"
11 #include "clang/Driver/Options.h"
12 #include "clang/Driver/ToolChain.h"
13 #include "llvm/ADT/SmallVector.h"
14 #include "llvm/ADT/StringRef.h"
15 #include "llvm/ADT/StringSwitch.h"
16 #include "llvm/Support/Path.h"
17 #include "llvm/Support/SpecialCaseList.h"
18 #include "llvm/Support/VirtualFileSystem.h"
19 #include "llvm/TargetParser/AArch64TargetParser.h"
20 #include "llvm/TargetParser/RISCVTargetParser.h"
21 #include "llvm/TargetParser/TargetParser.h"
22 #include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
23 #include <memory>
24
25 using namespace clang;
26 using namespace clang::driver;
27 using namespace llvm::opt;
28
29 static const SanitizerMask NeedsUbsanRt =
30 SanitizerKind::Undefined | SanitizerKind::Integer |
31 SanitizerKind::LocalBounds | SanitizerKind::ImplicitConversion |
32 SanitizerKind::Nullability | SanitizerKind::CFI |
33 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast |
34 SanitizerKind::Vptr;
35 static const SanitizerMask NeedsUbsanCxxRt =
36 SanitizerKind::Vptr | SanitizerKind::CFI;
37 static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
38 static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr;
39 static const SanitizerMask NotAllowedWithExecuteOnly =
40 SanitizerKind::Function | SanitizerKind::KCFI;
41 static const SanitizerMask NeedsUnwindTables =
42 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Type |
43 SanitizerKind::Thread | SanitizerKind::Memory | SanitizerKind::DataFlow |
44 SanitizerKind::NumericalStability;
45 static const SanitizerMask SupportsCoverage =
46 SanitizerKind::Address | SanitizerKind::HWAddress |
47 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
48 SanitizerKind::Type | SanitizerKind::MemtagStack |
49 SanitizerKind::MemtagHeap | SanitizerKind::MemtagGlobals |
50 SanitizerKind::Memory | SanitizerKind::KernelMemory | SanitizerKind::Leak |
51 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
52 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
53 SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
54 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
55 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
56 SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI |
57 SanitizerKind::NumericalStability | SanitizerKind::Vptr |
58 SanitizerKind::CFI;
59 static const SanitizerMask RecoverableByDefault =
60 SanitizerKind::Undefined | SanitizerKind::Integer |
61 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
62 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast |
63 SanitizerKind::Vptr;
64 static const SanitizerMask Unrecoverable =
65 SanitizerKind::Unreachable | SanitizerKind::Return;
66 static const SanitizerMask AlwaysRecoverable = SanitizerKind::KernelAddress |
67 SanitizerKind::KernelHWAddress |
68 SanitizerKind::KCFI;
69 static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
70 static const SanitizerMask TrappingSupported =
71 SanitizerKind::Undefined | SanitizerKind::Integer |
72 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
73 SanitizerKind::LocalBounds | SanitizerKind::CFI |
74 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
75 static const SanitizerMask MergeDefault =
76 SanitizerKind::Undefined | SanitizerKind::Vptr;
77 static const SanitizerMask TrappingDefault =
78 SanitizerKind::CFI | SanitizerKind::LocalBounds;
79 static const SanitizerMask AnnotateDebugInfoDefault;
80 static const SanitizerMask CFIClasses =
81 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall |
82 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast |
83 SanitizerKind::CFIUnrelatedCast;
84 static const SanitizerMask CompatibleWithMinimalRuntime =
85 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack |
86 SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap |
87 SanitizerKind::MemtagGlobals | SanitizerKind::KCFI;
88
89 enum CoverageFeature {
90 CoverageFunc = 1 << 0,
91 CoverageBB = 1 << 1,
92 CoverageEdge = 1 << 2,
93 CoverageIndirCall = 1 << 3,
94 CoverageTraceBB = 1 << 4, // Deprecated.
95 CoverageTraceCmp = 1 << 5,
96 CoverageTraceDiv = 1 << 6,
97 CoverageTraceGep = 1 << 7,
98 Coverage8bitCounters = 1 << 8, // Deprecated.
99 CoverageTracePC = 1 << 9,
100 CoverageTracePCGuard = 1 << 10,
101 CoverageNoPrune = 1 << 11,
102 CoverageInline8bitCounters = 1 << 12,
103 CoveragePCTable = 1 << 13,
104 CoverageStackDepth = 1 << 14,
105 CoverageInlineBoolFlag = 1 << 15,
106 CoverageTraceLoads = 1 << 16,
107 CoverageTraceStores = 1 << 17,
108 CoverageControlFlow = 1 << 18,
109 };
110
111 enum BinaryMetadataFeature {
112 BinaryMetadataCovered = 1 << 0,
113 BinaryMetadataAtomics = 1 << 1,
114 BinaryMetadataUAR = 1 << 2,
115 };
116
117 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
118 /// invalid components. Returns a SanitizerMask.
119 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
120 bool DiagnoseErrors);
121
122 /// Parse a -fsanitize=<sanitizer1>=<value1>... or -fno-sanitize= argument's
123 /// values, diagnosing any invalid components.
124 /// Cutoffs are stored in the passed parameter.
125 static void parseArgCutoffs(const Driver &D, const llvm::opt::Arg *A,
126 bool DiagnoseErrors, SanitizerMaskCutoffs &Cutoffs);
127
128 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
129 /// components. Returns OR of members of \c CoverageFeature enumeration.
130 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
131 bool DiagnoseErrors);
132
133 /// Parse -fsanitize-undefined-ignore-overflow-pattern= flag values, diagnosing
134 /// any invalid values. Returns a mask of excluded overflow patterns.
135 static int parseOverflowPatternExclusionValues(const Driver &D,
136 const llvm::opt::Arg *A,
137 bool DiagnoseErrors);
138
139 /// Parse -f(no-)?sanitize-metadata= flag values, diagnosing any invalid
140 /// components. Returns OR of members of \c BinaryMetadataFeature enumeration.
141 static int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
142 bool DiagnoseErrors);
143
144 /// Produce an argument string from ArgList \p Args, which shows how it
145 /// provides some sanitizer kind from \p Mask. For example, the argument list
146 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
147 /// would produce "-fsanitize=vptr".
148 static std::string lastArgumentForMask(const Driver &D,
149 const llvm::opt::ArgList &Args,
150 SanitizerMask Mask);
151
152 /// Produce an argument string from argument \p A, which shows how it provides
153 /// a value in \p Mask. For instance, the argument
154 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
155 /// "-fsanitize=alignment".
156 static std::string describeSanitizeArg(const llvm::opt::Arg *A,
157 SanitizerMask Mask);
158
159 /// Produce a string containing comma-separated names of sanitizers in \p
160 /// Sanitizers set.
161 static std::string toString(const clang::SanitizerSet &Sanitizers);
162
163 /// Produce a string containing comma-separated names of sanitizers and
164 /// sanitizer groups in \p Sanitizers set.
165 static std::string toStringWithGroups(const clang::SanitizerSet &Sanitizers);
166
167 /// Return true if an execute-only target disallows data access to code
168 /// sections.
isExecuteOnlyTarget(const llvm::Triple & Triple,const llvm::opt::ArgList & Args)169 static bool isExecuteOnlyTarget(const llvm::Triple &Triple,
170 const llvm::opt::ArgList &Args) {
171 if (Triple.isPS5())
172 return true;
173 return Args.hasFlagNoClaim(options::OPT_mexecute_only,
174 options::OPT_mno_execute_only, false);
175 }
176
validateSpecialCaseListFormat(const Driver & D,std::vector<std::string> & SCLFiles,unsigned MalformedSCLErrorDiagID,bool DiagnoseErrors)177 static void validateSpecialCaseListFormat(const Driver &D,
178 std::vector<std::string> &SCLFiles,
179 unsigned MalformedSCLErrorDiagID,
180 bool DiagnoseErrors) {
181 if (SCLFiles.empty())
182 return;
183
184 std::string BLError;
185 std::unique_ptr<llvm::SpecialCaseList> SCL(
186 llvm::SpecialCaseList::create(SCLFiles, D.getVFS(), BLError));
187 if (!SCL && DiagnoseErrors)
188 D.Diag(MalformedSCLErrorDiagID) << BLError;
189 }
190
addDefaultIgnorelists(const Driver & D,SanitizerMask Kinds,std::vector<std::string> & IgnorelistFiles,bool DiagnoseErrors)191 static void addDefaultIgnorelists(const Driver &D, SanitizerMask Kinds,
192 std::vector<std::string> &IgnorelistFiles,
193 bool DiagnoseErrors) {
194 struct Ignorelist {
195 const char *File;
196 SanitizerMask Mask;
197 } Ignorelists[] = {{"asan_ignorelist.txt", SanitizerKind::Address},
198 {"hwasan_ignorelist.txt", SanitizerKind::HWAddress},
199 {"memtag_ignorelist.txt", SanitizerKind::MemTag},
200 {"msan_ignorelist.txt", SanitizerKind::Memory},
201 {"nsan_ignorelist.txt", SanitizerKind::NumericalStability},
202 {"tsan_ignorelist.txt", SanitizerKind::Thread},
203 {"tysan_blacklist.txt", SanitizerKind::Type},
204 {"dfsan_abilist.txt", SanitizerKind::DataFlow},
205 {"cfi_ignorelist.txt", SanitizerKind::CFI},
206 {"ubsan_ignorelist.txt",
207 SanitizerKind::Undefined | SanitizerKind::Vptr |
208 SanitizerKind::Integer | SanitizerKind::Nullability |
209 SanitizerKind::FloatDivideByZero}};
210
211 for (auto BL : Ignorelists) {
212 if (!(Kinds & BL.Mask))
213 continue;
214
215 clang::SmallString<64> Path(D.ResourceDir);
216 llvm::sys::path::append(Path, "share", BL.File);
217 if (D.getVFS().exists(Path))
218 IgnorelistFiles.push_back(std::string(Path));
219 else if (BL.Mask == SanitizerKind::CFI && DiagnoseErrors)
220 // If cfi_ignorelist.txt cannot be found in the resource dir, driver
221 // should fail.
222 D.Diag(clang::diag::err_drv_missing_sanitizer_ignorelist) << Path;
223 }
224 validateSpecialCaseListFormat(
225 D, IgnorelistFiles, clang::diag::err_drv_malformed_sanitizer_ignorelist,
226 DiagnoseErrors);
227 }
228
229 /// Parse -f(no-)?sanitize-(coverage-)?(allow|ignore)list argument's values,
230 /// diagnosing any invalid file paths and validating special case list format.
parseSpecialCaseListArg(const Driver & D,const llvm::opt::ArgList & Args,std::vector<std::string> & SCLFiles,llvm::opt::OptSpecifier SCLOptionID,llvm::opt::OptSpecifier NoSCLOptionID,unsigned MalformedSCLErrorDiagID,bool DiagnoseErrors)231 static void parseSpecialCaseListArg(const Driver &D,
232 const llvm::opt::ArgList &Args,
233 std::vector<std::string> &SCLFiles,
234 llvm::opt::OptSpecifier SCLOptionID,
235 llvm::opt::OptSpecifier NoSCLOptionID,
236 unsigned MalformedSCLErrorDiagID,
237 bool DiagnoseErrors) {
238 for (const auto *Arg : Args) {
239 // Match -fsanitize-(coverage-)?(allow|ignore)list.
240 if (Arg->getOption().matches(SCLOptionID)) {
241 Arg->claim();
242 std::string SCLPath = Arg->getValue();
243 if (D.getVFS().exists(SCLPath)) {
244 SCLFiles.push_back(SCLPath);
245 } else if (DiagnoseErrors) {
246 D.Diag(clang::diag::err_drv_no_such_file) << SCLPath;
247 }
248 // Match -fno-sanitize-ignorelist.
249 } else if (Arg->getOption().matches(NoSCLOptionID)) {
250 Arg->claim();
251 SCLFiles.clear();
252 }
253 }
254 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID,
255 DiagnoseErrors);
256 }
257
258 /// Sets group bits for every group that has at least one representative already
259 /// enabled in \p Kinds.
setGroupBits(SanitizerMask Kinds)260 static SanitizerMask setGroupBits(SanitizerMask Kinds) {
261 #define SANITIZER(NAME, ID)
262 #define SANITIZER_GROUP(NAME, ID, ALIAS) \
263 if (Kinds & SanitizerKind::ID) \
264 Kinds |= SanitizerKind::ID##Group;
265 #include "clang/Basic/Sanitizers.def"
266 return Kinds;
267 }
268
269 // Computes the sanitizer mask as:
270 // Default + Arguments (in or out) + AlwaysIn - AlwaysOut
271 // with arguments parsed from left to right.
272 static SanitizerMask
parseSanitizeArgs(const Driver & D,const llvm::opt::ArgList & Args,bool DiagnoseErrors,SanitizerMask Default,SanitizerMask AlwaysIn,SanitizerMask AlwaysOut,int OptInID,int OptOutID)273 parseSanitizeArgs(const Driver &D, const llvm::opt::ArgList &Args,
274 bool DiagnoseErrors, SanitizerMask Default,
275 SanitizerMask AlwaysIn, SanitizerMask AlwaysOut, int OptInID,
276 int OptOutID) {
277 assert(!(AlwaysIn & AlwaysOut) &&
278 "parseSanitizeArgs called with contradictory in/out requirements");
279
280 SanitizerMask Output = Default;
281 // Keep track of which violations we have already reported, to avoid
282 // duplicate error messages.
283 SanitizerMask DiagnosedAlwaysInViolations;
284 SanitizerMask DiagnosedAlwaysOutViolations;
285 for (const auto *Arg : Args) {
286 if (Arg->getOption().matches(OptInID)) {
287 SanitizerMask Add = parseArgValues(D, Arg, DiagnoseErrors);
288 // Report error if user explicitly tries to opt-in to an always-out
289 // sanitizer.
290 if (SanitizerMask KindsToDiagnose =
291 Add & AlwaysOut & ~DiagnosedAlwaysOutViolations) {
292 if (DiagnoseErrors) {
293 SanitizerSet SetToDiagnose;
294 SetToDiagnose.Mask |= KindsToDiagnose;
295 D.Diag(diag::err_drv_unsupported_option_argument)
296 << Arg->getSpelling() << toStringWithGroups(SetToDiagnose);
297 DiagnosedAlwaysOutViolations |= KindsToDiagnose;
298 }
299 }
300 Output |= expandSanitizerGroups(Add);
301 Arg->claim();
302 } else if (Arg->getOption().matches(OptOutID)) {
303 SanitizerMask Remove = parseArgValues(D, Arg, DiagnoseErrors);
304 // Report error if user explicitly tries to opt-out of an always-in
305 // sanitizer.
306 if (SanitizerMask KindsToDiagnose =
307 Remove & AlwaysIn & ~DiagnosedAlwaysInViolations) {
308 if (DiagnoseErrors) {
309 SanitizerSet SetToDiagnose;
310 SetToDiagnose.Mask |= KindsToDiagnose;
311 D.Diag(diag::err_drv_unsupported_option_argument)
312 << Arg->getSpelling() << toStringWithGroups(SetToDiagnose);
313 DiagnosedAlwaysInViolations |= KindsToDiagnose;
314 }
315 }
316 Output &= ~expandSanitizerGroups(Remove);
317 Arg->claim();
318 }
319 }
320
321 Output |= AlwaysIn;
322 Output &= ~AlwaysOut;
323
324 return Output;
325 }
326
parseSanitizeTrapArgs(const Driver & D,const llvm::opt::ArgList & Args,bool DiagnoseErrors)327 static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
328 const llvm::opt::ArgList &Args,
329 bool DiagnoseErrors) {
330 SanitizerMask AlwaysTrap; // Empty
331 SanitizerMask NeverTrap = ~(setGroupBits(TrappingSupported));
332
333 return parseSanitizeArgs(D, Args, DiagnoseErrors, TrappingDefault, AlwaysTrap,
334 NeverTrap, options::OPT_fsanitize_trap_EQ,
335 options::OPT_fno_sanitize_trap_EQ);
336 }
337
338 static SanitizerMaskCutoffs
parseSanitizeSkipHotCutoffArgs(const Driver & D,const llvm::opt::ArgList & Args,bool DiagnoseErrors)339 parseSanitizeSkipHotCutoffArgs(const Driver &D, const llvm::opt::ArgList &Args,
340 bool DiagnoseErrors) {
341 SanitizerMaskCutoffs Cutoffs;
342 for (const auto *Arg : Args)
343 if (Arg->getOption().matches(options::OPT_fsanitize_skip_hot_cutoff_EQ)) {
344 Arg->claim();
345 parseArgCutoffs(D, Arg, DiagnoseErrors, Cutoffs);
346 }
347
348 return Cutoffs;
349 }
350
needsFuzzerInterceptors() const351 bool SanitizerArgs::needsFuzzerInterceptors() const {
352 return needsFuzzer() && !needsAsanRt() && !needsTsanRt() && !needsMsanRt();
353 }
354
needsUbsanRt() const355 bool SanitizerArgs::needsUbsanRt() const {
356 // All of these include ubsan.
357 if (needsAsanRt() || needsMsanRt() || needsNsanRt() || needsHwasanRt() ||
358 needsTsanRt() || needsDfsanRt() || needsLsanRt() ||
359 needsCfiCrossDsoDiagRt() || (needsScudoRt() && !requiresMinimalRuntime()))
360 return false;
361
362 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
363 CoverageFeatures;
364 }
365
needsUbsanCXXRt() const366 bool SanitizerArgs::needsUbsanCXXRt() const {
367 // Link UBSAN C++ runtime very selectively, as it's needed in only very
368 // specific cases, but forces the program to depend on C++ ABI. UBSAN C++
369 // runtime is not included with other sanitizers.
370 return static_cast<bool>(Sanitizers.Mask & NeedsUbsanCxxRt &
371 ~TrapSanitizers.Mask);
372 }
373
needsCfiCrossDsoRt() const374 bool SanitizerArgs::needsCfiCrossDsoRt() const {
375 // Diag runtime includes cross dso runtime.
376 return !needsCfiCrossDsoDiagRt() && CfiCrossDso && !ImplicitCfiRuntime;
377 }
378
needsCfiCrossDsoDiagRt() const379 bool SanitizerArgs::needsCfiCrossDsoDiagRt() const {
380 // UBSsan handles CFI diagnostics without cross-DSO suppport.
381 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
382 CfiCrossDso && !ImplicitCfiRuntime;
383 }
384
requiresPIE() const385 bool SanitizerArgs::requiresPIE() const { return NeedPIE; }
386
needsUnwindTables() const387 bool SanitizerArgs::needsUnwindTables() const {
388 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables);
389 }
390
needsLTO() const391 bool SanitizerArgs::needsLTO() const {
392 return static_cast<bool>(Sanitizers.Mask & NeedsLTO);
393 }
394
SanitizerArgs(const ToolChain & TC,const llvm::opt::ArgList & Args,bool DiagnoseErrors)395 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
396 const llvm::opt::ArgList &Args,
397 bool DiagnoseErrors) {
398 SanitizerMask AllRemove; // During the loop below, the accumulated set of
399 // sanitizers disabled by the current sanitizer
400 // argument or any argument after it.
401 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by
402 // -fsanitize= flags (directly or via group
403 // expansion), some of which may be disabled
404 // later. Used to carefully prune
405 // unused-argument diagnostics.
406 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now.
407 // Used to deduplicate diagnostics.
408 SanitizerMask Kinds;
409 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
410
411 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
412 options::OPT_fno_sanitize_cfi_cross_dso, false);
413
414 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
415
416 const Driver &D = TC.getDriver();
417 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args, DiagnoseErrors);
418 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
419
420 MinimalRuntime =
421 Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
422 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
423
424 // The object size sanitizer should not be enabled at -O0.
425 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
426 bool RemoveObjectSizeAtO0 =
427 !OptLevel || OptLevel->getOption().matches(options::OPT_O0);
428
429 for (const llvm::opt::Arg *Arg : llvm::reverse(Args)) {
430 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
431 Arg->claim();
432 SanitizerMask Add = parseArgValues(D, Arg, DiagnoseErrors);
433
434 if (RemoveObjectSizeAtO0) {
435 AllRemove |= SanitizerKind::ObjectSize;
436
437 // The user explicitly enabled the object size sanitizer. Warn
438 // that this does nothing at -O0.
439 if ((Add & SanitizerKind::ObjectSize) && DiagnoseErrors)
440 D.Diag(diag::warn_drv_object_size_disabled_O0)
441 << Arg->getAsString(Args);
442 }
443
444 AllAddedKinds |= expandSanitizerGroups(Add);
445
446 // Avoid diagnosing any sanitizer which is disabled later.
447 Add &= ~AllRemove;
448 // At this point we have not expanded groups, so any unsupported
449 // sanitizers in Add are those which have been explicitly enabled.
450 // Diagnose them.
451 if (SanitizerMask KindsToDiagnose =
452 Add & InvalidTrappingKinds & ~DiagnosedKinds) {
453 if (DiagnoseErrors) {
454 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose);
455 D.Diag(diag::err_drv_argument_not_allowed_with)
456 << Desc << "-fsanitize-trap=undefined";
457 }
458 DiagnosedKinds |= KindsToDiagnose;
459 }
460 Add &= ~InvalidTrappingKinds;
461
462 if (MinimalRuntime) {
463 if (SanitizerMask KindsToDiagnose =
464 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
465 if (DiagnoseErrors) {
466 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose);
467 D.Diag(diag::err_drv_argument_not_allowed_with)
468 << Desc << "-fsanitize-minimal-runtime";
469 }
470 DiagnosedKinds |= KindsToDiagnose;
471 }
472 Add &= ~NotAllowedWithMinimalRuntime;
473 }
474
475 if (llvm::opt::Arg *A = Args.getLastArg(options::OPT_mcmodel_EQ)) {
476 StringRef CM = A->getValue();
477 if (CM != "small" &&
478 (Add & SanitizerKind::Function & ~DiagnosedKinds)) {
479 if (DiagnoseErrors)
480 D.Diag(diag::err_drv_argument_only_allowed_with)
481 << "-fsanitize=function"
482 << "-mcmodel=small";
483 Add &= ~SanitizerKind::Function;
484 DiagnosedKinds |= SanitizerKind::Function;
485 }
486 }
487 // -fsanitize=function and -fsanitize=kcfi instrument indirect function
488 // calls to load a type hash before the function label. Therefore, an
489 // execute-only target doesn't support the function and kcfi sanitizers.
490 const llvm::Triple &Triple = TC.getTriple();
491 if (isExecuteOnlyTarget(Triple, Args)) {
492 if (SanitizerMask KindsToDiagnose =
493 Add & NotAllowedWithExecuteOnly & ~DiagnosedKinds) {
494 if (DiagnoseErrors) {
495 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose);
496 llvm::opt::Arg *A = Args.getLastArgNoClaim(
497 options::OPT_mexecute_only, options::OPT_mno_execute_only);
498 if (A && A->getOption().matches(options::OPT_mexecute_only))
499 D.Diag(diag::err_drv_argument_not_allowed_with)
500 << Desc << A->getAsString(Args);
501 else
502 D.Diag(diag::err_drv_unsupported_opt_for_target)
503 << Desc << Triple.str();
504 }
505 DiagnosedKinds |= KindsToDiagnose;
506 }
507 Add &= ~NotAllowedWithExecuteOnly;
508 }
509
510 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
511 // There are currently two problems:
512 // - Virtual function call checks need to pass a pointer to the function
513 // address to llvm.type.test and a pointer to the address point to the
514 // diagnostic function. Currently we pass the same pointer to both
515 // places.
516 // - Non-virtual function call checks may need to check multiple type
517 // identifiers.
518 // Fixing both of those may require changes to the cross-DSO CFI
519 // interface.
520 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) {
521 if (DiagnoseErrors)
522 D.Diag(diag::err_drv_argument_not_allowed_with)
523 << "-fsanitize=cfi-mfcall"
524 << "-fsanitize-cfi-cross-dso";
525 Add &= ~SanitizerKind::CFIMFCall;
526 DiagnosedKinds |= SanitizerKind::CFIMFCall;
527 }
528
529 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
530 if (DiagnoseErrors) {
531 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose);
532 D.Diag(diag::err_drv_unsupported_opt_for_target)
533 << Desc << TC.getTriple().str();
534 }
535 DiagnosedKinds |= KindsToDiagnose;
536 }
537 Add &= Supported;
538
539 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
540 // so we don't error out if -fno-rtti and -fsanitize=undefined were
541 // passed.
542 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
543 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
544 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
545 "RTTI disabled without -fno-rtti option?");
546 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
547 // the vptr sanitizer requires RTTI, so this is a user error.
548 if (DiagnoseErrors)
549 D.Diag(diag::err_drv_argument_not_allowed_with)
550 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
551 } else {
552 // The vptr sanitizer requires RTTI, but RTTI is disabled (by
553 // default). Warn that the vptr sanitizer is being disabled.
554 if (DiagnoseErrors)
555 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default);
556 }
557
558 // Take out the Vptr sanitizer from the enabled sanitizers
559 AllRemove |= SanitizerKind::Vptr;
560 }
561
562 Add = expandSanitizerGroups(Add);
563 // Group expansion may have enabled a sanitizer which is disabled later.
564 Add &= ~AllRemove;
565 // Silently discard any unsupported sanitizers implicitly enabled through
566 // group expansion.
567 Add &= ~InvalidTrappingKinds;
568 if (MinimalRuntime) {
569 Add &= ~NotAllowedWithMinimalRuntime;
570 }
571 // NotAllowedWithExecuteOnly is silently discarded on an execute-only
572 // target if implicitly enabled through group expansion.
573 if (isExecuteOnlyTarget(Triple, Args))
574 Add &= ~NotAllowedWithExecuteOnly;
575 if (CfiCrossDso)
576 Add &= ~SanitizerKind::CFIMFCall;
577 // -fsanitize=undefined does not expand to signed-integer-overflow in
578 // -fwrapv (implied by -fno-strict-overflow) mode.
579 if (Add & SanitizerKind::UndefinedGroup) {
580 bool S = Args.hasFlagNoClaim(options::OPT_fno_strict_overflow,
581 options::OPT_fstrict_overflow, false);
582 if (Args.hasFlagNoClaim(options::OPT_fwrapv, options::OPT_fno_wrapv, S))
583 Add &= ~SanitizerKind::SignedIntegerOverflow;
584 if (Args.hasFlagNoClaim(options::OPT_fwrapv_pointer,
585 options::OPT_fno_wrapv_pointer, S))
586 Add &= ~SanitizerKind::PointerOverflow;
587 }
588 Add &= Supported;
589
590 if (Add & SanitizerKind::Fuzzer)
591 Add |= SanitizerKind::FuzzerNoLink;
592
593 // Enable coverage if the fuzzing flag is set.
594 if (Add & SanitizerKind::FuzzerNoLink) {
595 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
596 CoverageTraceCmp | CoveragePCTable;
597 // Due to TLS differences, stack depth tracking is only enabled on Linux
598 if (TC.getTriple().isOSLinux())
599 CoverageFeatures |= CoverageStackDepth;
600 }
601
602 Kinds |= Add;
603 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
604 Arg->claim();
605 SanitizerMask Remove = parseArgValues(D, Arg, DiagnoseErrors);
606 AllRemove |= expandSanitizerGroups(Remove);
607 }
608 }
609
610 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
611 std::make_pair(SanitizerKind::Address,
612 SanitizerKind::Thread | SanitizerKind::Memory),
613 std::make_pair(SanitizerKind::Type,
614 SanitizerKind::Address | SanitizerKind::KernelAddress |
615 SanitizerKind::Memory | SanitizerKind::Leak |
616 SanitizerKind::Thread | SanitizerKind::KernelAddress),
617 std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory),
618 std::make_pair(SanitizerKind::Leak,
619 SanitizerKind::Thread | SanitizerKind::Memory),
620 std::make_pair(SanitizerKind::KernelAddress,
621 SanitizerKind::Address | SanitizerKind::Leak |
622 SanitizerKind::Thread | SanitizerKind::Memory),
623 std::make_pair(SanitizerKind::HWAddress,
624 SanitizerKind::Address | SanitizerKind::Thread |
625 SanitizerKind::Memory | SanitizerKind::KernelAddress),
626 std::make_pair(SanitizerKind::Scudo,
627 SanitizerKind::Address | SanitizerKind::HWAddress |
628 SanitizerKind::Leak | SanitizerKind::Thread |
629 SanitizerKind::Memory | SanitizerKind::KernelAddress),
630 std::make_pair(SanitizerKind::SafeStack,
631 (TC.getTriple().isOSFuchsia() ? SanitizerMask()
632 : SanitizerKind::Leak) |
633 SanitizerKind::Address | SanitizerKind::HWAddress |
634 SanitizerKind::Thread | SanitizerKind::Memory |
635 SanitizerKind::KernelAddress),
636 std::make_pair(SanitizerKind::KernelHWAddress,
637 SanitizerKind::Address | SanitizerKind::HWAddress |
638 SanitizerKind::Leak | SanitizerKind::Thread |
639 SanitizerKind::Memory | SanitizerKind::KernelAddress |
640 SanitizerKind::SafeStack),
641 std::make_pair(SanitizerKind::KernelMemory,
642 SanitizerKind::Address | SanitizerKind::HWAddress |
643 SanitizerKind::Leak | SanitizerKind::Thread |
644 SanitizerKind::Memory | SanitizerKind::KernelAddress |
645 SanitizerKind::Scudo | SanitizerKind::SafeStack),
646 std::make_pair(SanitizerKind::MemTag, SanitizerKind::Address |
647 SanitizerKind::KernelAddress |
648 SanitizerKind::HWAddress |
649 SanitizerKind::KernelHWAddress),
650 std::make_pair(SanitizerKind::KCFI, SanitizerKind::Function),
651 std::make_pair(SanitizerKind::Realtime,
652 SanitizerKind::Address | SanitizerKind::Thread |
653 SanitizerKind::Undefined | SanitizerKind::Memory)};
654
655 // Enable toolchain specific default sanitizers if not explicitly disabled.
656 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
657
658 // Disable default sanitizers that are incompatible with explicitly requested
659 // ones.
660 for (auto G : IncompatibleGroups) {
661 SanitizerMask Group = G.first;
662 if ((Default & Group) && (Kinds & G.second))
663 Default &= ~Group;
664 }
665
666 Kinds |= Default;
667
668 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
669 // is disabled.
670 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
671 Kinds &= ~SanitizerKind::Vptr;
672 }
673
674 // Check that LTO is enabled if we need it.
675 if ((Kinds & NeedsLTO) && !D.isUsingLTO() && DiagnoseErrors) {
676 D.Diag(diag::err_drv_argument_only_allowed_with)
677 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
678 }
679
680 if ((Kinds & SanitizerKind::ShadowCallStack) && TC.getTriple().isAArch64() &&
681 !llvm::AArch64::isX18ReservedByDefault(TC.getTriple()) &&
682 !Args.hasArg(options::OPT_ffixed_x18) && DiagnoseErrors) {
683 D.Diag(diag::err_drv_argument_only_allowed_with)
684 << lastArgumentForMask(D, Args, Kinds & SanitizerKind::ShadowCallStack)
685 << "-ffixed-x18";
686 }
687
688 // Report error if there are non-trapping sanitizers that require
689 // c++abi-specific parts of UBSan runtime, and they are not provided by the
690 // toolchain. We don't have a good way to check the latter, so we just
691 // check if the toolchan supports vptr.
692 if (~Supported & SanitizerKind::Vptr) {
693 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
694 // The runtime library supports the Microsoft C++ ABI, but only well enough
695 // for CFI. FIXME: Remove this once we support vptr on Windows.
696 if (TC.getTriple().isOSWindows())
697 KindsToDiagnose &= ~SanitizerKind::CFI;
698 if (KindsToDiagnose) {
699 SanitizerSet S;
700 S.Mask = KindsToDiagnose;
701 if (DiagnoseErrors)
702 D.Diag(diag::err_drv_unsupported_opt_for_target)
703 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str();
704 Kinds &= ~KindsToDiagnose;
705 }
706 }
707
708 // Warn about incompatible groups of sanitizers.
709 for (auto G : IncompatibleGroups) {
710 SanitizerMask Group = G.first;
711 if (Kinds & Group) {
712 if (SanitizerMask Incompatible = Kinds & G.second) {
713 if (DiagnoseErrors)
714 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
715 << lastArgumentForMask(D, Args, Group)
716 << lastArgumentForMask(D, Args, Incompatible);
717 Kinds &= ~Incompatible;
718 }
719 }
720 }
721 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
722 // -fsanitize=address. Perhaps it should print an error, or perhaps
723 // -f(-no)sanitize=leak should change whether leak detection is enabled by
724 // default in ASan?
725
726 // Parse -f(no-)?sanitize-recover flags.
727 SanitizerMask RecoverableKinds = parseSanitizeArgs(
728 D, Args, DiagnoseErrors, RecoverableByDefault, AlwaysRecoverable,
729 Unrecoverable, options::OPT_fsanitize_recover_EQ,
730 options::OPT_fno_sanitize_recover_EQ);
731 RecoverableKinds &= Kinds;
732
733 TrappingKinds &= Kinds;
734 RecoverableKinds &= ~TrappingKinds;
735
736 // Parse -f(no-)?sanitize-nonmerged-handlers flags
737 SanitizerMask MergeKinds =
738 parseSanitizeArgs(D, Args, DiagnoseErrors, MergeDefault, {}, {},
739 options::OPT_fsanitize_merge_handlers_EQ,
740 options::OPT_fno_sanitize_merge_handlers_EQ);
741 MergeKinds &= Kinds;
742
743 // Parse -fno-fsanitize-skip-hot-cutoff flags
744 SkipHotCutoffs = parseSanitizeSkipHotCutoffArgs(D, Args, DiagnoseErrors);
745
746 // Parse -f(no-)?sanitize-annotate-debug-info flags
747 SanitizerMask AnnotateDebugInfoKinds =
748 parseSanitizeArgs(D, Args, DiagnoseErrors, AnnotateDebugInfoDefault, {},
749 {}, options::OPT_fsanitize_annotate_debug_info_EQ,
750 options::OPT_fno_sanitize_annotate_debug_info_EQ);
751 AnnotateDebugInfoKinds &= Kinds;
752
753 // Setup ignorelist files.
754 // Add default ignorelist from resource directory for activated sanitizers,
755 // and validate special case lists format.
756 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_ignorelist))
757 addDefaultIgnorelists(D, Kinds, SystemIgnorelistFiles, DiagnoseErrors);
758
759 // Parse -f(no-)?sanitize-ignorelist options.
760 // This also validates special case lists format.
761 parseSpecialCaseListArg(
762 D, Args, UserIgnorelistFiles, options::OPT_fsanitize_ignorelist_EQ,
763 options::OPT_fno_sanitize_ignorelist,
764 clang::diag::err_drv_malformed_sanitizer_ignorelist, DiagnoseErrors);
765
766 // Verify that -fsanitize-coverage-stack-depth-callback-min is >= 0.
767 if (Arg *A = Args.getLastArg(
768 options::OPT_fsanitize_coverage_stack_depth_callback_min_EQ)) {
769 StringRef S = A->getValue();
770 if (S.getAsInteger(0, CoverageStackDepthCallbackMin) ||
771 CoverageStackDepthCallbackMin < 0) {
772 if (DiagnoseErrors)
773 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
774 }
775 }
776
777 // Parse -f[no-]sanitize-memory-track-origins[=level] options.
778 if (AllAddedKinds & SanitizerKind::Memory) {
779 if (Arg *A =
780 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
781 options::OPT_fno_sanitize_memory_track_origins)) {
782 if (!A->getOption().matches(
783 options::OPT_fno_sanitize_memory_track_origins)) {
784 StringRef S = A->getValue();
785 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
786 MsanTrackOrigins > 2) {
787 if (DiagnoseErrors)
788 D.Diag(clang::diag::err_drv_invalid_value)
789 << A->getAsString(Args) << S;
790 }
791 }
792 }
793 MsanUseAfterDtor = Args.hasFlag(
794 options::OPT_fsanitize_memory_use_after_dtor,
795 options::OPT_fno_sanitize_memory_use_after_dtor, MsanUseAfterDtor);
796 MsanParamRetval = Args.hasFlag(
797 options::OPT_fsanitize_memory_param_retval,
798 options::OPT_fno_sanitize_memory_param_retval, MsanParamRetval);
799 } else if (AllAddedKinds & SanitizerKind::KernelMemory) {
800 MsanUseAfterDtor = false;
801 MsanParamRetval = Args.hasFlag(
802 options::OPT_fsanitize_memory_param_retval,
803 options::OPT_fno_sanitize_memory_param_retval, MsanParamRetval);
804 } else {
805 MsanUseAfterDtor = false;
806 MsanParamRetval = false;
807 }
808
809 if (AllAddedKinds & SanitizerKind::MemTag) {
810 StringRef S =
811 Args.getLastArgValue(options::OPT_fsanitize_memtag_mode_EQ, "sync");
812 if (S == "async" || S == "sync") {
813 MemtagMode = S.str();
814 } else {
815 D.Diag(clang::diag::err_drv_invalid_value_with_suggestion)
816 << "-fsanitize-memtag-mode=" << S << "{async, sync}";
817 MemtagMode = "sync";
818 }
819 }
820
821 if (AllAddedKinds & SanitizerKind::Thread) {
822 TsanMemoryAccess = Args.hasFlag(
823 options::OPT_fsanitize_thread_memory_access,
824 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess);
825 TsanFuncEntryExit = Args.hasFlag(
826 options::OPT_fsanitize_thread_func_entry_exit,
827 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit);
828 TsanAtomics =
829 Args.hasFlag(options::OPT_fsanitize_thread_atomics,
830 options::OPT_fno_sanitize_thread_atomics, TsanAtomics);
831 }
832
833 if (AllAddedKinds & SanitizerKind::CFI) {
834 // Without PIE, external function address may resolve to a PLT record, which
835 // can not be verified by the target module.
836 NeedPIE |= CfiCrossDso;
837 CfiICallGeneralizePointers =
838 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
839
840 CfiICallNormalizeIntegers =
841 Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
842
843 if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors)
844 D.Diag(diag::err_drv_argument_not_allowed_with)
845 << "-fsanitize-cfi-cross-dso"
846 << "-fsanitize-cfi-icall-generalize-pointers";
847
848 CfiCanonicalJumpTables =
849 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
850 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
851 }
852
853 if (AllAddedKinds & SanitizerKind::KCFI) {
854 CfiICallNormalizeIntegers =
855 Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
856
857 KcfiArity = Args.hasArg(options::OPT_fsanitize_kcfi_arity);
858
859 if (AllAddedKinds & SanitizerKind::CFI && DiagnoseErrors)
860 D.Diag(diag::err_drv_argument_not_allowed_with)
861 << "-fsanitize=kcfi"
862 << lastArgumentForMask(D, Args, SanitizerKind::CFI);
863 }
864
865 Stats = Args.hasFlag(options::OPT_fsanitize_stats,
866 options::OPT_fno_sanitize_stats, false);
867
868 if (MinimalRuntime) {
869 SanitizerMask IncompatibleMask =
870 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
871 if (IncompatibleMask && DiagnoseErrors)
872 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
873 << "-fsanitize-minimal-runtime"
874 << lastArgumentForMask(D, Args, IncompatibleMask);
875 }
876
877 for (const auto *Arg : Args.filtered(
878 options::OPT_fsanitize_undefined_ignore_overflow_pattern_EQ)) {
879 Arg->claim();
880 OverflowPatternExclusions |=
881 parseOverflowPatternExclusionValues(D, Arg, DiagnoseErrors);
882 }
883
884 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
885 // enabled sanitizers.
886 for (const auto *Arg : Args) {
887 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
888 int LegacySanitizeCoverage;
889 if (Arg->getNumValues() == 1 &&
890 !StringRef(Arg->getValue(0))
891 .getAsInteger(0, LegacySanitizeCoverage)) {
892 CoverageFeatures = 0;
893 Arg->claim();
894 if (LegacySanitizeCoverage != 0 && DiagnoseErrors) {
895 D.Diag(diag::warn_drv_deprecated_arg)
896 << Arg->getAsString(Args) << /*hasReplacement=*/true
897 << "-fsanitize-coverage=trace-pc-guard";
898 }
899 continue;
900 }
901 CoverageFeatures |= parseCoverageFeatures(D, Arg, DiagnoseErrors);
902
903 // Disable coverage and not claim the flags if there is at least one
904 // non-supporting sanitizer.
905 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
906 Arg->claim();
907 } else {
908 CoverageFeatures = 0;
909 }
910 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
911 Arg->claim();
912 CoverageFeatures &= ~parseCoverageFeatures(D, Arg, DiagnoseErrors);
913 }
914 }
915 // Choose at most one coverage type: function, bb, or edge.
916 if (DiagnoseErrors) {
917 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
918 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
919 << "-fsanitize-coverage=func"
920 << "-fsanitize-coverage=bb";
921 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
922 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
923 << "-fsanitize-coverage=func"
924 << "-fsanitize-coverage=edge";
925 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
926 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
927 << "-fsanitize-coverage=bb"
928 << "-fsanitize-coverage=edge";
929 // Basic block tracing and 8-bit counters require some type of coverage
930 // enabled.
931 if (CoverageFeatures & CoverageTraceBB)
932 D.Diag(clang::diag::warn_drv_deprecated_arg)
933 << "-fsanitize-coverage=trace-bb" << /*hasReplacement=*/true
934 << "-fsanitize-coverage=trace-pc-guard";
935 if (CoverageFeatures & Coverage8bitCounters)
936 D.Diag(clang::diag::warn_drv_deprecated_arg)
937 << "-fsanitize-coverage=8bit-counters" << /*hasReplacement=*/true
938 << "-fsanitize-coverage=trace-pc-guard";
939 }
940
941 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
942 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
943 CoverageInline8bitCounters | CoverageTraceLoads |
944 CoverageTraceStores | CoverageInlineBoolFlag |
945 CoverageControlFlow;
946 if ((CoverageFeatures & InsertionPointTypes) &&
947 !(CoverageFeatures & InstrumentationTypes) && DiagnoseErrors) {
948 D.Diag(clang::diag::warn_drv_deprecated_arg)
949 << "-fsanitize-coverage=[func|bb|edge]" << /*hasReplacement=*/true
950 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc],["
951 "control-flow]";
952 }
953
954 // trace-pc w/o func/bb/edge implies edge.
955 if (!(CoverageFeatures & InsertionPointTypes)) {
956 if (CoverageFeatures &
957 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters |
958 CoverageInlineBoolFlag | CoverageControlFlow))
959 CoverageFeatures |= CoverageEdge;
960
961 if (CoverageFeatures & CoverageStackDepth)
962 CoverageFeatures |= CoverageFunc;
963 }
964
965 // Parse -fsanitize-coverage-(allow|ignore)list options if coverage enabled.
966 // This also validates special case lists format.
967 // Here, OptSpecifier() acts as a never-matching command-line argument.
968 // So, there is no way to clear coverage lists but you can append to them.
969 if (CoverageFeatures) {
970 parseSpecialCaseListArg(
971 D, Args, CoverageAllowlistFiles,
972 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(),
973 clang::diag::err_drv_malformed_sanitizer_coverage_allowlist,
974 DiagnoseErrors);
975 parseSpecialCaseListArg(
976 D, Args, CoverageIgnorelistFiles,
977 options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(),
978 clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist,
979 DiagnoseErrors);
980 }
981
982 // Parse -f(no-)?sanitize-metadata.
983 for (const auto *Arg :
984 Args.filtered(options::OPT_fexperimental_sanitize_metadata_EQ,
985 options::OPT_fno_experimental_sanitize_metadata_EQ)) {
986 if (Arg->getOption().matches(
987 options::OPT_fexperimental_sanitize_metadata_EQ)) {
988 Arg->claim();
989 BinaryMetadataFeatures |=
990 parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
991 } else {
992 Arg->claim();
993 BinaryMetadataFeatures &=
994 ~parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
995 }
996 }
997
998 // Parse -fsanitize-metadata-ignorelist option if enabled.
999 if (BinaryMetadataFeatures) {
1000 parseSpecialCaseListArg(
1001 D, Args, BinaryMetadataIgnorelistFiles,
1002 options::OPT_fexperimental_sanitize_metadata_ignorelist_EQ,
1003 OptSpecifier(), // Cannot clear ignore list, only append.
1004 clang::diag::err_drv_malformed_sanitizer_metadata_ignorelist,
1005 DiagnoseErrors);
1006 }
1007
1008 SharedRuntime = Args.hasFlag(
1009 options::OPT_shared_libsan, options::OPT_static_libsan,
1010 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
1011 TC.getTriple().isOSDarwin() || TC.getTriple().isOSWindows());
1012 if (!SharedRuntime && TC.getTriple().isOSWindows()) {
1013 Arg *A =
1014 Args.getLastArg(options::OPT_shared_libsan, options::OPT_static_libsan);
1015 D.Diag(clang::diag::err_drv_unsupported_opt_for_target)
1016 << A->getSpelling() << TC.getTriple().str();
1017 }
1018
1019 ImplicitCfiRuntime = TC.getTriple().isAndroid();
1020
1021 if (AllAddedKinds & SanitizerKind::Address) {
1022 NeedPIE |= TC.getTriple().isOSFuchsia();
1023 if (Arg *A =
1024 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
1025 StringRef S = A->getValue();
1026 // Legal values are 0 and 1, 2, but in future we may add more levels.
1027 if ((S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
1028 AsanFieldPadding > 2) &&
1029 DiagnoseErrors) {
1030 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
1031 }
1032 }
1033
1034 if (Arg *WindowsDebugRTArg =
1035 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
1036 options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
1037 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
1038 switch (WindowsDebugRTArg->getOption().getID()) {
1039 case options::OPT__SLASH_MTd:
1040 case options::OPT__SLASH_MDd:
1041 case options::OPT__SLASH_LDd:
1042 if (DiagnoseErrors) {
1043 D.Diag(clang::diag::err_drv_argument_not_allowed_with)
1044 << WindowsDebugRTArg->getAsString(Args)
1045 << lastArgumentForMask(D, Args, SanitizerKind::Address);
1046 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
1047 }
1048 }
1049 }
1050
1051 StableABI = Args.hasFlag(options::OPT_fsanitize_stable_abi,
1052 options::OPT_fno_sanitize_stable_abi, false);
1053
1054 AsanPoisonCustomArrayCookie = Args.hasFlag(
1055 options::OPT_fsanitize_address_poison_custom_array_cookie,
1056 options::OPT_fno_sanitize_address_poison_custom_array_cookie,
1057 AsanPoisonCustomArrayCookie);
1058
1059 AsanOutlineInstrumentation =
1060 Args.hasFlag(options::OPT_fsanitize_address_outline_instrumentation,
1061 options::OPT_fno_sanitize_address_outline_instrumentation,
1062 AsanOutlineInstrumentation);
1063
1064 AsanGlobalsDeadStripping = Args.hasFlag(
1065 options::OPT_fsanitize_address_globals_dead_stripping,
1066 options::OPT_fno_sanitize_address_globals_dead_stripping, true);
1067
1068 // Enable ODR indicators which allow better handling of mixed instrumented
1069 // and uninstrumented globals. Disable them for Windows where weak odr
1070 // indicators (.weak.__odr_asan_gen*) may cause multiple definition linker
1071 // errors in the absence of -lldmingw.
1072 AsanUseOdrIndicator =
1073 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator,
1074 options::OPT_fno_sanitize_address_use_odr_indicator,
1075 !TC.getTriple().isOSWindows());
1076
1077 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
1078 AsanInvalidPointerCmp = true;
1079 }
1080
1081 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
1082 AsanInvalidPointerSub = true;
1083 }
1084
1085 if (TC.getTriple().isOSDarwin() &&
1086 (Args.hasArg(options::OPT_mkernel) ||
1087 Args.hasArg(options::OPT_fapple_kext))) {
1088 AsanDtorKind = llvm::AsanDtorKind::None;
1089 }
1090
1091 if (const auto *Arg =
1092 Args.getLastArg(options::OPT_sanitize_address_destructor_EQ)) {
1093 auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue());
1094 if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid && DiagnoseErrors) {
1095 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
1096 << Arg->getSpelling() << Arg->getValue();
1097 }
1098 AsanDtorKind = parsedAsanDtorKind;
1099 }
1100
1101 if (const auto *Arg = Args.getLastArg(
1102 options::OPT_sanitize_address_use_after_return_EQ)) {
1103 auto parsedAsanUseAfterReturn =
1104 AsanDetectStackUseAfterReturnModeFromString(Arg->getValue());
1105 if (parsedAsanUseAfterReturn ==
1106 llvm::AsanDetectStackUseAfterReturnMode::Invalid &&
1107 DiagnoseErrors) {
1108 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
1109 << Arg->getSpelling() << Arg->getValue();
1110 }
1111 AsanUseAfterReturn = parsedAsanUseAfterReturn;
1112 }
1113
1114 } else {
1115 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
1116 SanitizerMask DetectInvalidPointerPairs =
1117 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
1118 if ((AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) &&
1119 DiagnoseErrors) {
1120 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1121 << lastArgumentForMask(D, Args,
1122 SanitizerKind::PointerCompare |
1123 SanitizerKind::PointerSubtract)
1124 << "-fsanitize=address";
1125 }
1126 }
1127
1128 if (AllAddedKinds & (SanitizerKind::Address | SanitizerKind::KernelAddress)) {
1129 AsanUseAfterScope = Args.hasFlag(
1130 options::OPT_fsanitize_address_use_after_scope,
1131 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
1132 } else {
1133 AsanUseAfterScope = false;
1134 }
1135
1136 if (AllAddedKinds & SanitizerKind::HWAddress) {
1137 if (Arg *HwasanAbiArg =
1138 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) {
1139 HwasanAbi = HwasanAbiArg->getValue();
1140 if (HwasanAbi != "platform" && HwasanAbi != "interceptor" &&
1141 DiagnoseErrors)
1142 D.Diag(clang::diag::err_drv_invalid_value)
1143 << HwasanAbiArg->getAsString(Args) << HwasanAbi;
1144 } else {
1145 HwasanAbi = "interceptor";
1146 }
1147 if (TC.getTriple().getArch() == llvm::Triple::x86_64)
1148 HwasanUseAliases = Args.hasFlag(
1149 options::OPT_fsanitize_hwaddress_experimental_aliasing,
1150 options::OPT_fno_sanitize_hwaddress_experimental_aliasing,
1151 HwasanUseAliases);
1152 }
1153
1154 if (AllAddedKinds & SanitizerKind::SafeStack) {
1155 // SafeStack runtime is built into the system on Android and Fuchsia.
1156 SafeStackRuntime =
1157 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia();
1158 }
1159
1160 LinkRuntimes = Args.hasFlag(options::OPT_fsanitize_link_runtime,
1161 options::OPT_fno_sanitize_link_runtime,
1162 !Args.hasArg(options::OPT_r));
1163
1164 // Parse -link-cxx-sanitizer flag.
1165 LinkCXXRuntimes = D.CCCIsCXX();
1166 LinkCXXRuntimes =
1167 Args.hasFlag(options::OPT_fsanitize_link_cxx_runtime,
1168 options::OPT_fno_sanitize_link_cxx_runtime, LinkCXXRuntimes);
1169
1170 NeedsMemProfRt = Args.hasFlag(options::OPT_fmemory_profile,
1171 options::OPT_fmemory_profile_EQ,
1172 options::OPT_fno_memory_profile, false);
1173
1174 // Finally, initialize the set of available and recoverable sanitizers.
1175 Sanitizers.Mask |= Kinds;
1176 RecoverableSanitizers.Mask |= RecoverableKinds;
1177 TrapSanitizers.Mask |= TrappingKinds;
1178 assert(!(RecoverableKinds & TrappingKinds) &&
1179 "Overlap between recoverable and trapping sanitizers");
1180
1181 MergeHandlers.Mask |= MergeKinds;
1182
1183 AnnotateDebugInfo.Mask |= AnnotateDebugInfoKinds;
1184
1185 // Zero out SkipHotCutoffs for unused sanitizers
1186 SkipHotCutoffs.clear(~Sanitizers.Mask);
1187 }
1188
toString(const clang::SanitizerSet & Sanitizers)1189 static std::string toString(const clang::SanitizerSet &Sanitizers) {
1190 std::string Res;
1191 #define SANITIZER(NAME, ID) \
1192 if (Sanitizers.has(SanitizerKind::ID)) { \
1193 if (!Res.empty()) \
1194 Res += ","; \
1195 Res += NAME; \
1196 }
1197 #include "clang/Basic/Sanitizers.def"
1198 return Res;
1199 }
1200
toString(const clang::SanitizerMaskCutoffs & Cutoffs)1201 static std::string toString(const clang::SanitizerMaskCutoffs &Cutoffs) {
1202 llvm::SmallVector<std::string, 4> Res;
1203 serializeSanitizerMaskCutoffs(Cutoffs, Res);
1204 return llvm::join(Res, ",");
1205 }
1206
toStringWithGroups(const clang::SanitizerSet & Sanitizers)1207 static std::string toStringWithGroups(const clang::SanitizerSet &Sanitizers) {
1208 std::string Res;
1209 #define SANITIZER(NAME, ID) \
1210 if (Sanitizers.has(SanitizerKind::ID)) { \
1211 if (!Res.empty()) \
1212 Res += ","; \
1213 Res += NAME; \
1214 }
1215 #define SANITIZER_GROUP(NAME, ID, ALIAS) SANITIZER(NAME, ID##Group)
1216 #include "clang/Basic/Sanitizers.def"
1217 return Res;
1218 }
1219
addSpecialCaseListOpt(const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,const char * SCLOptFlag,const std::vector<std::string> & SCLFiles)1220 static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args,
1221 llvm::opt::ArgStringList &CmdArgs,
1222 const char *SCLOptFlag,
1223 const std::vector<std::string> &SCLFiles) {
1224 for (const auto &SCLPath : SCLFiles) {
1225 SmallString<64> SCLOpt(SCLOptFlag);
1226 SCLOpt += SCLPath;
1227 CmdArgs.push_back(Args.MakeArgString(SCLOpt));
1228 }
1229 }
1230
addIncludeLinkerOption(const ToolChain & TC,const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,StringRef SymbolName)1231 static void addIncludeLinkerOption(const ToolChain &TC,
1232 const llvm::opt::ArgList &Args,
1233 llvm::opt::ArgStringList &CmdArgs,
1234 StringRef SymbolName) {
1235 SmallString<64> LinkerOptionFlag;
1236 LinkerOptionFlag = "--linker-option=/include:";
1237 if (TC.getTriple().getArch() == llvm::Triple::x86) {
1238 // Win32 mangles C function names with a '_' prefix.
1239 LinkerOptionFlag += '_';
1240 }
1241 LinkerOptionFlag += SymbolName;
1242 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
1243 }
1244
hasTargetFeatureMTE(const llvm::opt::ArgStringList & CmdArgs)1245 static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) {
1246 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End;
1247 ++Start) {
1248 auto It = std::find(Start, End, StringRef("+mte"));
1249 if (It == End)
1250 break;
1251 if (It > Start && *std::prev(It) == StringRef("-target-feature"))
1252 return true;
1253 Start = It;
1254 }
1255 return false;
1256 }
1257
addArgs(const ToolChain & TC,const llvm::opt::ArgList & Args,llvm::opt::ArgStringList & CmdArgs,types::ID InputType) const1258 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
1259 llvm::opt::ArgStringList &CmdArgs,
1260 types::ID InputType) const {
1261 // NVPTX doesn't currently support sanitizers. Bailing out here means
1262 // that e.g. -fsanitize=address applies only to host code, which is what we
1263 // want for now.
1264 if (TC.getTriple().isNVPTX())
1265 return;
1266 // AMDGPU sanitizer support is experimental and controlled by -fgpu-sanitize.
1267 bool GPUSanitize = false;
1268 if (TC.getTriple().isAMDGPU()) {
1269 if (!Args.hasFlag(options::OPT_fgpu_sanitize, options::OPT_fno_gpu_sanitize,
1270 true))
1271 return;
1272 GPUSanitize = true;
1273 }
1274
1275 // Translate available CoverageFeatures to corresponding clang-cc1 flags.
1276 // Do it even if Sanitizers.empty() since some forms of coverage don't require
1277 // sanitizers.
1278 std::pair<int, const char *> CoverageFlags[] = {
1279 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
1280 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
1281 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
1282 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
1283 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"),
1284 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
1285 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"),
1286 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"),
1287 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"),
1288 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"),
1289 std::make_pair(CoverageTracePCGuard,
1290 "-fsanitize-coverage-trace-pc-guard"),
1291 std::make_pair(CoverageInline8bitCounters,
1292 "-fsanitize-coverage-inline-8bit-counters"),
1293 std::make_pair(CoverageInlineBoolFlag,
1294 "-fsanitize-coverage-inline-bool-flag"),
1295 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
1296 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
1297 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth"),
1298 std::make_pair(CoverageTraceLoads, "-fsanitize-coverage-trace-loads"),
1299 std::make_pair(CoverageTraceStores, "-fsanitize-coverage-trace-stores"),
1300 std::make_pair(CoverageControlFlow, "-fsanitize-coverage-control-flow")};
1301 for (auto F : CoverageFlags) {
1302 if (CoverageFeatures & F.first)
1303 CmdArgs.push_back(F.second);
1304 }
1305 addSpecialCaseListOpt(
1306 Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles);
1307 addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=",
1308 CoverageIgnorelistFiles);
1309
1310 if (CoverageStackDepthCallbackMin)
1311 CmdArgs.push_back(
1312 Args.MakeArgString("-fsanitize-coverage-stack-depth-callback-min=" +
1313 Twine(CoverageStackDepthCallbackMin)));
1314
1315 if (!GPUSanitize) {
1316 // Translate available BinaryMetadataFeatures to corresponding clang-cc1
1317 // flags. Does not depend on any other sanitizers. Unsupported on GPUs.
1318 const std::pair<int, std::string> BinaryMetadataFlags[] = {
1319 std::make_pair(BinaryMetadataCovered, "covered"),
1320 std::make_pair(BinaryMetadataAtomics, "atomics"),
1321 std::make_pair(BinaryMetadataUAR, "uar")};
1322 for (const auto &F : BinaryMetadataFlags) {
1323 if (BinaryMetadataFeatures & F.first)
1324 CmdArgs.push_back(
1325 Args.MakeArgString("-fexperimental-sanitize-metadata=" + F.second));
1326 }
1327 addSpecialCaseListOpt(Args, CmdArgs,
1328 "-fexperimental-sanitize-metadata-ignorelist=",
1329 BinaryMetadataIgnorelistFiles);
1330 }
1331
1332 if (TC.getTriple().isOSWindows() && needsUbsanRt() &&
1333 Args.hasFlag(options::OPT_frtlib_defaultlib,
1334 options::OPT_fno_rtlib_defaultlib, true)) {
1335 // Instruct the code generator to embed linker directives in the object file
1336 // that cause the required runtime libraries to be linked.
1337 CmdArgs.push_back(
1338 Args.MakeArgString("--dependent-lib=" +
1339 TC.getCompilerRTBasename(Args, "ubsan_standalone")));
1340 if (types::isCXX(InputType))
1341 CmdArgs.push_back(Args.MakeArgString(
1342 "--dependent-lib=" +
1343 TC.getCompilerRTBasename(Args, "ubsan_standalone_cxx")));
1344 }
1345 if (TC.getTriple().isOSWindows() && needsStatsRt() &&
1346 Args.hasFlag(options::OPT_frtlib_defaultlib,
1347 options::OPT_fno_rtlib_defaultlib, true)) {
1348 CmdArgs.push_back(Args.MakeArgString(
1349 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats_client")));
1350
1351 // The main executable must export the stats runtime.
1352 // FIXME: Only exporting from the main executable (e.g. based on whether the
1353 // translation unit defines main()) would save a little space, but having
1354 // multiple copies of the runtime shouldn't hurt.
1355 CmdArgs.push_back(Args.MakeArgString(
1356 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats")));
1357 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register");
1358 }
1359
1360 if (Sanitizers.empty())
1361 return;
1362 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
1363
1364 if (!RecoverableSanitizers.empty())
1365 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
1366 toString(RecoverableSanitizers)));
1367
1368 if (!TrapSanitizers.empty())
1369 CmdArgs.push_back(
1370 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
1371
1372 if (!MergeHandlers.empty())
1373 CmdArgs.push_back(
1374 Args.MakeArgString("-fsanitize-merge=" + toString(MergeHandlers)));
1375
1376 std::string SkipHotCutoffsStr = toString(SkipHotCutoffs);
1377 if (!SkipHotCutoffsStr.empty())
1378 CmdArgs.push_back(
1379 Args.MakeArgString("-fsanitize-skip-hot-cutoff=" + SkipHotCutoffsStr));
1380
1381 if (!AnnotateDebugInfo.empty())
1382 CmdArgs.push_back(Args.MakeArgString("-fsanitize-annotate-debug-info=" +
1383 toString(AnnotateDebugInfo)));
1384
1385 addSpecialCaseListOpt(Args, CmdArgs,
1386 "-fsanitize-ignorelist=", UserIgnorelistFiles);
1387 addSpecialCaseListOpt(Args, CmdArgs,
1388 "-fsanitize-system-ignorelist=", SystemIgnorelistFiles);
1389
1390 if (OverflowPatternExclusions)
1391 Args.AddAllArgs(
1392 CmdArgs, options::OPT_fsanitize_undefined_ignore_overflow_pattern_EQ);
1393
1394 if (MsanTrackOrigins)
1395 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
1396 Twine(MsanTrackOrigins)));
1397
1398 if (MsanUseAfterDtor)
1399 CmdArgs.push_back("-fsanitize-memory-use-after-dtor");
1400
1401 if (!MsanParamRetval)
1402 CmdArgs.push_back("-fno-sanitize-memory-param-retval");
1403
1404 // FIXME: Pass these parameters as function attributes, not as -llvm flags.
1405 if (!TsanMemoryAccess) {
1406 CmdArgs.push_back("-mllvm");
1407 CmdArgs.push_back("-tsan-instrument-memory-accesses=0");
1408 CmdArgs.push_back("-mllvm");
1409 CmdArgs.push_back("-tsan-instrument-memintrinsics=0");
1410 }
1411 if (!TsanFuncEntryExit) {
1412 CmdArgs.push_back("-mllvm");
1413 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0");
1414 }
1415 if (!TsanAtomics) {
1416 CmdArgs.push_back("-mllvm");
1417 CmdArgs.push_back("-tsan-instrument-atomics=0");
1418 }
1419
1420 if (HwasanUseAliases) {
1421 CmdArgs.push_back("-mllvm");
1422 CmdArgs.push_back("-hwasan-experimental-use-page-aliases=1");
1423 }
1424
1425 if (CfiCrossDso)
1426 CmdArgs.push_back("-fsanitize-cfi-cross-dso");
1427
1428 if (CfiICallGeneralizePointers)
1429 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
1430
1431 if (CfiICallNormalizeIntegers)
1432 CmdArgs.push_back("-fsanitize-cfi-icall-experimental-normalize-integers");
1433
1434 if (KcfiArity) {
1435 if (!TC.getTriple().isOSLinux() || !TC.getTriple().isArch64Bit()) {
1436 TC.getDriver().Diag(clang::diag::err_drv_kcfi_arity_unsupported_target)
1437 << TC.getTriple().str();
1438 }
1439 CmdArgs.push_back("-fsanitize-kcfi-arity");
1440 }
1441
1442 if (CfiCanonicalJumpTables)
1443 CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables");
1444
1445 if (Stats)
1446 CmdArgs.push_back("-fsanitize-stats");
1447
1448 if (MinimalRuntime)
1449 CmdArgs.push_back("-fsanitize-minimal-runtime");
1450
1451 if (AsanFieldPadding)
1452 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
1453 Twine(AsanFieldPadding)));
1454
1455 if (AsanUseAfterScope)
1456 CmdArgs.push_back("-fsanitize-address-use-after-scope");
1457
1458 if (AsanPoisonCustomArrayCookie)
1459 CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie");
1460
1461 if (AsanGlobalsDeadStripping)
1462 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping");
1463
1464 if (!AsanUseOdrIndicator)
1465 CmdArgs.push_back("-fno-sanitize-address-use-odr-indicator");
1466
1467 if (AsanInvalidPointerCmp) {
1468 CmdArgs.push_back("-mllvm");
1469 CmdArgs.push_back("-asan-detect-invalid-pointer-cmp");
1470 }
1471
1472 if (AsanInvalidPointerSub) {
1473 CmdArgs.push_back("-mllvm");
1474 CmdArgs.push_back("-asan-detect-invalid-pointer-sub");
1475 }
1476
1477 if (AsanOutlineInstrumentation) {
1478 CmdArgs.push_back("-mllvm");
1479 CmdArgs.push_back("-asan-instrumentation-with-call-threshold=0");
1480 }
1481
1482 // When emitting Stable ABI instrumentation, force outlining calls and avoid
1483 // inlining shadow memory poisoning. While this is a big performance burden
1484 // for now it allows full abstraction from implementation details.
1485 if (StableABI) {
1486 CmdArgs.push_back("-mllvm");
1487 CmdArgs.push_back("-asan-instrumentation-with-call-threshold=0");
1488 CmdArgs.push_back("-mllvm");
1489 CmdArgs.push_back("-asan-max-inline-poisoning-size=0");
1490 CmdArgs.push_back("-mllvm");
1491 CmdArgs.push_back("-asan-guard-against-version-mismatch=0");
1492 }
1493
1494 // Only pass the option to the frontend if the user requested,
1495 // otherwise the frontend will just use the codegen default.
1496 if (AsanDtorKind != llvm::AsanDtorKind::Invalid) {
1497 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-destructor=" +
1498 AsanDtorKindToString(AsanDtorKind)));
1499 }
1500
1501 if (AsanUseAfterReturn != llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
1502 CmdArgs.push_back(Args.MakeArgString(
1503 "-fsanitize-address-use-after-return=" +
1504 AsanDetectStackUseAfterReturnModeToString(AsanUseAfterReturn)));
1505 }
1506
1507 if (!HwasanAbi.empty()) {
1508 CmdArgs.push_back("-default-function-attr");
1509 CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));
1510 }
1511
1512 if (Sanitizers.has(SanitizerKind::HWAddress) && !HwasanUseAliases) {
1513 CmdArgs.push_back("-target-feature");
1514 CmdArgs.push_back("+tagged-globals");
1515 }
1516
1517 // MSan: Workaround for PR16386.
1518 // ASan: This is mainly to help LSan with cases such as
1519 // https://github.com/google/sanitizers/issues/373
1520 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
1521 // affect compilation.
1522 if (Sanitizers.has(SanitizerKind::Memory) ||
1523 Sanitizers.has(SanitizerKind::Address))
1524 CmdArgs.push_back("-fno-assume-sane-operator-new");
1525
1526 // libFuzzer wants to intercept calls to certain library functions, so the
1527 // following -fno-builtin-* flags force the compiler to emit interposable
1528 // libcalls to these functions. Other sanitizers effectively do the same thing
1529 // by marking all library call sites with NoBuiltin attribute in their LLVM
1530 // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin)
1531 if (Sanitizers.has(SanitizerKind::FuzzerNoLink)) {
1532 CmdArgs.push_back("-fno-builtin-bcmp");
1533 CmdArgs.push_back("-fno-builtin-memcmp");
1534 CmdArgs.push_back("-fno-builtin-strncmp");
1535 CmdArgs.push_back("-fno-builtin-strcmp");
1536 CmdArgs.push_back("-fno-builtin-strncasecmp");
1537 CmdArgs.push_back("-fno-builtin-strcasecmp");
1538 CmdArgs.push_back("-fno-builtin-strstr");
1539 CmdArgs.push_back("-fno-builtin-strcasestr");
1540 CmdArgs.push_back("-fno-builtin-memmem");
1541 }
1542
1543 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
1544 // enabled.
1545 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
1546 !Args.hasArg(options::OPT_fvisibility_EQ)) {
1547 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1548 << lastArgumentForMask(TC.getDriver(), Args,
1549 Sanitizers.Mask & CFIClasses)
1550 << "-fvisibility=";
1551 }
1552
1553 if (Sanitizers.has(SanitizerKind::MemtagStack) &&
1554 !hasTargetFeatureMTE(CmdArgs))
1555 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature);
1556 }
1557
parseArgValues(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors)1558 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
1559 bool DiagnoseErrors) {
1560 assert(
1561 (A->getOption().matches(options::OPT_fsanitize_EQ) ||
1562 A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
1563 A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
1564 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
1565 A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
1566 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ) ||
1567 A->getOption().matches(options::OPT_fsanitize_merge_handlers_EQ) ||
1568 A->getOption().matches(options::OPT_fno_sanitize_merge_handlers_EQ) ||
1569 A->getOption().matches(options::OPT_fsanitize_annotate_debug_info_EQ) ||
1570 A->getOption().matches(
1571 options::OPT_fno_sanitize_annotate_debug_info_EQ)) &&
1572 "Invalid argument in parseArgValues!");
1573 SanitizerMask Kinds;
1574 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1575 const char *Value = A->getValue(i);
1576 SanitizerMask Kind;
1577 // Special case: don't accept -fsanitize=all.
1578 if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
1579 0 == strcmp("all", Value))
1580 Kind = SanitizerMask();
1581 else
1582 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
1583
1584 if (Kind)
1585 Kinds |= Kind;
1586 else if (DiagnoseErrors)
1587 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1588 << A->getSpelling() << Value;
1589 }
1590 return Kinds;
1591 }
1592
parseArgCutoffs(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors,SanitizerMaskCutoffs & Cutoffs)1593 void parseArgCutoffs(const Driver &D, const llvm::opt::Arg *A,
1594 bool DiagnoseErrors, SanitizerMaskCutoffs &Cutoffs) {
1595 assert(A->getOption().matches(options::OPT_fsanitize_skip_hot_cutoff_EQ) &&
1596 "Invalid argument in parseArgCutoffs!");
1597 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1598 const char *Value = A->getValue(i);
1599
1600 // We don't check the value of Cutoffs[i]: it's legal to specify
1601 // a cutoff of 0.
1602 if (!parseSanitizerWeightedValue(Value, /*AllowGroups=*/true, Cutoffs) &&
1603 DiagnoseErrors)
1604 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1605 << A->getSpelling() << Value;
1606 }
1607 }
1608
parseOverflowPatternExclusionValues(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors)1609 static int parseOverflowPatternExclusionValues(const Driver &D,
1610 const llvm::opt::Arg *A,
1611 bool DiagnoseErrors) {
1612 int Exclusions = 0;
1613 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1614 const char *Value = A->getValue(i);
1615 int E =
1616 llvm::StringSwitch<int>(Value)
1617 .Case("none", LangOptionsBase::None)
1618 .Case("all", LangOptionsBase::All)
1619 .Case("add-unsigned-overflow-test",
1620 LangOptionsBase::AddUnsignedOverflowTest)
1621 .Case("add-signed-overflow-test",
1622 LangOptionsBase::AddSignedOverflowTest)
1623 .Case("negated-unsigned-const", LangOptionsBase::NegUnsignedConst)
1624 .Case("unsigned-post-decr-while", LangOptionsBase::PostDecrInWhile)
1625 .Default(0);
1626 if (E == 0)
1627 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1628 << A->getSpelling() << Value;
1629 Exclusions |= E;
1630 }
1631 return Exclusions;
1632 }
1633
parseCoverageFeatures(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors)1634 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
1635 bool DiagnoseErrors) {
1636 assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
1637 A->getOption().matches(options::OPT_fno_sanitize_coverage));
1638 int Features = 0;
1639 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1640 const char *Value = A->getValue(i);
1641 int F = llvm::StringSwitch<int>(Value)
1642 .Case("func", CoverageFunc)
1643 .Case("bb", CoverageBB)
1644 .Case("edge", CoverageEdge)
1645 .Case("indirect-calls", CoverageIndirCall)
1646 .Case("trace-bb", CoverageTraceBB)
1647 .Case("trace-cmp", CoverageTraceCmp)
1648 .Case("trace-div", CoverageTraceDiv)
1649 .Case("trace-gep", CoverageTraceGep)
1650 .Case("8bit-counters", Coverage8bitCounters)
1651 .Case("trace-pc", CoverageTracePC)
1652 .Case("trace-pc-guard", CoverageTracePCGuard)
1653 .Case("no-prune", CoverageNoPrune)
1654 .Case("inline-8bit-counters", CoverageInline8bitCounters)
1655 .Case("inline-bool-flag", CoverageInlineBoolFlag)
1656 .Case("pc-table", CoveragePCTable)
1657 .Case("stack-depth", CoverageStackDepth)
1658 .Case("trace-loads", CoverageTraceLoads)
1659 .Case("trace-stores", CoverageTraceStores)
1660 .Case("control-flow", CoverageControlFlow)
1661 .Default(0);
1662 if (F == 0 && DiagnoseErrors)
1663 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1664 << A->getSpelling() << Value;
1665 Features |= F;
1666 }
1667 return Features;
1668 }
1669
parseBinaryMetadataFeatures(const Driver & D,const llvm::opt::Arg * A,bool DiagnoseErrors)1670 int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
1671 bool DiagnoseErrors) {
1672 assert(
1673 A->getOption().matches(options::OPT_fexperimental_sanitize_metadata_EQ) ||
1674 A->getOption().matches(
1675 options::OPT_fno_experimental_sanitize_metadata_EQ));
1676 int Features = 0;
1677 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1678 const char *Value = A->getValue(i);
1679 int F = llvm::StringSwitch<int>(Value)
1680 .Case("covered", BinaryMetadataCovered)
1681 .Case("atomics", BinaryMetadataAtomics)
1682 .Case("uar", BinaryMetadataUAR)
1683 .Case("all", ~0)
1684 .Default(0);
1685 if (F == 0 && DiagnoseErrors)
1686 D.Diag(clang::diag::err_drv_unsupported_option_argument)
1687 << A->getSpelling() << Value;
1688 Features |= F;
1689 }
1690 return Features;
1691 }
1692
lastArgumentForMask(const Driver & D,const llvm::opt::ArgList & Args,SanitizerMask Mask)1693 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
1694 SanitizerMask Mask) {
1695 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
1696 E = Args.rend();
1697 I != E; ++I) {
1698 const auto *Arg = *I;
1699 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
1700 SanitizerMask AddKinds =
1701 expandSanitizerGroups(parseArgValues(D, Arg, false));
1702 if (AddKinds & Mask)
1703 return describeSanitizeArg(Arg, Mask);
1704 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
1705 SanitizerMask RemoveKinds =
1706 expandSanitizerGroups(parseArgValues(D, Arg, false));
1707 Mask &= ~RemoveKinds;
1708 }
1709 }
1710 llvm_unreachable("arg list didn't provide expected value");
1711 }
1712
describeSanitizeArg(const llvm::opt::Arg * A,SanitizerMask Mask)1713 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1714 assert(A->getOption().matches(options::OPT_fsanitize_EQ) &&
1715 "Invalid argument in describeSanitizerArg!");
1716
1717 std::string Sanitizers;
1718 for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1719 if (expandSanitizerGroups(
1720 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) &
1721 Mask) {
1722 if (!Sanitizers.empty())
1723 Sanitizers += ",";
1724 Sanitizers += A->getValue(i);
1725 }
1726 }
1727
1728 assert(!Sanitizers.empty() && "arg didn't provide expected value");
1729 return "-fsanitize=" + Sanitizers;
1730 }
1731