1//===--- Sanitizers.def - Runtime sanitizer options -------------*- C++ -*-===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8// 9// This file defines the options for specifying which runtime sanitizers to 10// enable. Users of this file must define the SANITIZER macro to make use of 11// this information. Users of this file can also define the SANITIZER_GROUP 12// macro to get information on options which refer to sets of sanitizers. 13// 14//===----------------------------------------------------------------------===// 15 16#ifndef SANITIZER 17#error "Define SANITIZER prior to including this file!" 18#endif 19 20// SANITIZER(NAME, ID) 21 22// The first value is the name of the sanitizer as a string. The sanitizer can 23// be enabled by specifying -fsanitize=NAME. 24 25// The second value is an identifier which can be used to refer to the 26// sanitizer. 27 28 29// SANITIZER_GROUP(NAME, ID, ALIAS) 30 31// The first two values have the same semantics as the corresponding SANITIZER 32// values. The third value is an expression ORing together the IDs of individual 33// sanitizers in this group. 34 35#ifndef SANITIZER_GROUP 36#define SANITIZER_GROUP(NAME, ID, ALIAS) 37#endif 38 39 40// AddressSanitizer 41SANITIZER("address", Address) 42 43// Requires AddressSanitizer 44SANITIZER("pointer-compare", PointerCompare) 45 46// Requires AddressSanitizer 47SANITIZER("pointer-subtract", PointerSubtract) 48 49// Kernel AddressSanitizer (KASan) 50SANITIZER("kernel-address", KernelAddress) 51 52// Hardware-assisted AddressSanitizer 53SANITIZER("hwaddress", HWAddress) 54 55// Kernel Hardware-assisted AddressSanitizer (KHWASan) 56SANITIZER("kernel-hwaddress", KernelHWAddress) 57 58// A variant of AddressSanitizer using AArch64 MTE extension. 59SANITIZER("memtag-stack", MemtagStack) 60SANITIZER("memtag-heap", MemtagHeap) 61SANITIZER("memtag-globals", MemtagGlobals) 62SANITIZER_GROUP("memtag", MemTag, MemtagStack | MemtagHeap | MemtagGlobals) 63 64// MemorySanitizer 65SANITIZER("memory", Memory) 66 67// Kernel MemorySanitizer (KMSAN) 68SANITIZER("kernel-memory", KernelMemory) 69 70// libFuzzer 71SANITIZER("fuzzer", Fuzzer) 72 73// libFuzzer-required instrumentation, no linking. 74SANITIZER("fuzzer-no-link", FuzzerNoLink) 75 76// ThreadSanitizer 77SANITIZER("thread", Thread) 78 79// Numerical stability sanitizer. 80SANITIZER("numerical", NumericalStability) 81 82// LeakSanitizer 83SANITIZER("leak", Leak) 84 85// UndefinedBehaviorSanitizer 86SANITIZER("alignment", Alignment) 87SANITIZER("array-bounds", ArrayBounds) 88SANITIZER("bool", Bool) 89SANITIZER("builtin", Builtin) 90SANITIZER("enum", Enum) 91SANITIZER("float-cast-overflow", FloatCastOverflow) 92SANITIZER("float-divide-by-zero", FloatDivideByZero) 93SANITIZER("function", Function) 94SANITIZER("integer-divide-by-zero", IntegerDivideByZero) 95SANITIZER("nonnull-attribute", NonnullAttribute) 96SANITIZER("null", Null) 97SANITIZER("nullability-arg", NullabilityArg) 98SANITIZER("nullability-assign", NullabilityAssign) 99SANITIZER("nullability-return", NullabilityReturn) 100SANITIZER_GROUP("nullability", Nullability, 101 NullabilityArg | NullabilityAssign | NullabilityReturn) 102SANITIZER("object-size", ObjectSize) 103SANITIZER("pointer-overflow", PointerOverflow) 104SANITIZER("return", Return) 105SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute) 106SANITIZER("shift-base", ShiftBase) 107SANITIZER("shift-exponent", ShiftExponent) 108SANITIZER_GROUP("shift", Shift, ShiftBase | ShiftExponent) 109SANITIZER("signed-integer-overflow", SignedIntegerOverflow) 110SANITIZER("unreachable", Unreachable) 111SANITIZER("vla-bound", VLABound) 112SANITIZER("vptr", Vptr) 113 114// IntegerSanitizer 115SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow) 116SANITIZER("unsigned-shift-base", UnsignedShiftBase) 117 118// DataFlowSanitizer 119SANITIZER("dataflow", DataFlow) 120 121// Control Flow Integrity 122SANITIZER("cfi-cast-strict", CFICastStrict) 123SANITIZER("cfi-derived-cast", CFIDerivedCast) 124SANITIZER("cfi-icall", CFIICall) 125SANITIZER("cfi-mfcall", CFIMFCall) 126SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast) 127SANITIZER("cfi-nvcall", CFINVCall) 128SANITIZER("cfi-vcall", CFIVCall) 129SANITIZER_GROUP("cfi", CFI, 130 CFIDerivedCast | CFIICall | CFIMFCall | CFIUnrelatedCast | 131 CFINVCall | CFIVCall) 132 133// Kernel Control Flow Integrity 134SANITIZER("kcfi", KCFI) 135 136// Safe Stack 137SANITIZER("safe-stack", SafeStack) 138 139// Shadow Call Stack 140SANITIZER("shadow-call-stack", ShadowCallStack) 141 142// -fsanitize=undefined includes all the sanitizers which have low overhead, no 143// ABI or address space layout implications, and only catch undefined behavior. 144SANITIZER_GROUP("undefined", Undefined, 145 Alignment | Bool | Builtin | ArrayBounds | Enum | 146 FloatCastOverflow | 147 IntegerDivideByZero | NonnullAttribute | Null | ObjectSize | 148 PointerOverflow | Return | ReturnsNonnullAttribute | Shift | 149 SignedIntegerOverflow | Unreachable | VLABound | Function | 150 Vptr) 151 152// -fsanitize=undefined-trap is an alias for -fsanitize=undefined. 153SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined) 154 155// ImplicitConversionSanitizer 156SANITIZER("implicit-unsigned-integer-truncation", 157 ImplicitUnsignedIntegerTruncation) 158SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation) 159SANITIZER_GROUP("implicit-integer-truncation", ImplicitIntegerTruncation, 160 ImplicitUnsignedIntegerTruncation | 161 ImplicitSignedIntegerTruncation) 162 163SANITIZER("implicit-integer-sign-change", ImplicitIntegerSignChange) 164 165SANITIZER_GROUP("implicit-integer-arithmetic-value-change", 166 ImplicitIntegerArithmeticValueChange, 167 ImplicitIntegerSignChange | ImplicitSignedIntegerTruncation) 168 169SANITIZER_GROUP("implicit-integer-conversion", ImplicitIntegerConversion, 170 ImplicitIntegerArithmeticValueChange | 171 ImplicitUnsignedIntegerTruncation) 172 173// Implicit bitfield sanitizers 174SANITIZER("implicit-bitfield-conversion", ImplicitBitfieldConversion) 175 176SANITIZER_GROUP("implicit-conversion", ImplicitConversion, 177 ImplicitIntegerConversion | 178 ImplicitBitfieldConversion) 179 180SANITIZER_GROUP("integer", Integer, 181 ImplicitIntegerConversion | IntegerDivideByZero | Shift | 182 SignedIntegerOverflow | UnsignedIntegerOverflow | 183 UnsignedShiftBase) 184 185SANITIZER("objc-cast", ObjCCast) 186 187SANITIZER("local-bounds", LocalBounds) 188SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds) 189 190// Scudo hardened allocator 191SANITIZER("scudo", Scudo) 192 193// Magic group, containing all sanitizers. For example, "-fno-sanitize=all" 194// can be used to disable all the sanitizers. 195SANITIZER_GROUP("all", All, ~SanitizerMask()) 196 197#undef SANITIZER 198#undef SANITIZER_GROUP 199