1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 #include "clang/Driver/SanitizerArgs.h" 9 #include "ToolChains/CommonArgs.h" 10 #include "clang/Basic/Sanitizers.h" 11 #include "clang/Driver/Driver.h" 12 #include "clang/Driver/DriverDiagnostic.h" 13 #include "clang/Driver/Options.h" 14 #include "clang/Driver/ToolChain.h" 15 #include "llvm/ADT/StringExtras.h" 16 #include "llvm/ADT/StringSwitch.h" 17 #include "llvm/Support/Path.h" 18 #include "llvm/Support/SpecialCaseList.h" 19 #include "llvm/Support/TargetParser.h" 20 #include "llvm/Support/VirtualFileSystem.h" 21 #include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h" 22 #include <memory> 23 24 using namespace clang; 25 using namespace clang::driver; 26 using namespace llvm::opt; 27 28 static const SanitizerMask NeedsUbsanRt = 29 SanitizerKind::Undefined | SanitizerKind::Integer | 30 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | 31 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero | 32 SanitizerKind::ObjCCast; 33 static const SanitizerMask NeedsUbsanCxxRt = 34 SanitizerKind::Vptr | SanitizerKind::CFI; 35 static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr; 36 static const SanitizerMask NotAllowedWithMinimalRuntime = 37 SanitizerKind::Function | SanitizerKind::Vptr; 38 static const SanitizerMask RequiresPIE = 39 SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo; 40 static const SanitizerMask NeedsUnwindTables = 41 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread | 42 SanitizerKind::Memory | SanitizerKind::DataFlow; 43 static const SanitizerMask SupportsCoverage = 44 SanitizerKind::Address | SanitizerKind::HWAddress | 45 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress | 46 SanitizerKind::MemTag | SanitizerKind::Memory | 47 SanitizerKind::KernelMemory | SanitizerKind::Leak | 48 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds | 49 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | 50 SanitizerKind::DataFlow | SanitizerKind::Fuzzer | 51 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero | 52 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack | 53 SanitizerKind::Thread | SanitizerKind::ObjCCast; 54 static const SanitizerMask RecoverableByDefault = 55 SanitizerKind::Undefined | SanitizerKind::Integer | 56 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | 57 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast; 58 static const SanitizerMask Unrecoverable = 59 SanitizerKind::Unreachable | SanitizerKind::Return; 60 static const SanitizerMask AlwaysRecoverable = 61 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress; 62 static const SanitizerMask NeedsLTO = SanitizerKind::CFI; 63 static const SanitizerMask TrappingSupported = 64 (SanitizerKind::Undefined & ~SanitizerKind::Vptr) | SanitizerKind::Integer | 65 SanitizerKind::Nullability | SanitizerKind::LocalBounds | 66 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero | 67 SanitizerKind::ObjCCast; 68 static const SanitizerMask TrappingDefault = SanitizerKind::CFI; 69 static const SanitizerMask CFIClasses = 70 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall | 71 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast | 72 SanitizerKind::CFIUnrelatedCast; 73 static const SanitizerMask CompatibleWithMinimalRuntime = 74 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack | 75 SanitizerKind::MemTag; 76 77 enum CoverageFeature { 78 CoverageFunc = 1 << 0, 79 CoverageBB = 1 << 1, 80 CoverageEdge = 1 << 2, 81 CoverageIndirCall = 1 << 3, 82 CoverageTraceBB = 1 << 4, // Deprecated. 83 CoverageTraceCmp = 1 << 5, 84 CoverageTraceDiv = 1 << 6, 85 CoverageTraceGep = 1 << 7, 86 Coverage8bitCounters = 1 << 8, // Deprecated. 87 CoverageTracePC = 1 << 9, 88 CoverageTracePCGuard = 1 << 10, 89 CoverageNoPrune = 1 << 11, 90 CoverageInline8bitCounters = 1 << 12, 91 CoveragePCTable = 1 << 13, 92 CoverageStackDepth = 1 << 14, 93 CoverageInlineBoolFlag = 1 << 15, 94 CoverageTraceLoads = 1 << 16, 95 CoverageTraceStores = 1 << 17, 96 }; 97 98 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any 99 /// invalid components. Returns a SanitizerMask. 100 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, 101 bool DiagnoseErrors); 102 103 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid 104 /// components. Returns OR of members of \c CoverageFeature enumeration. 105 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A, 106 bool DiagnoseErrors); 107 108 /// Produce an argument string from ArgList \p Args, which shows how it 109 /// provides some sanitizer kind from \p Mask. For example, the argument list 110 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt 111 /// would produce "-fsanitize=vptr". 112 static std::string lastArgumentForMask(const Driver &D, 113 const llvm::opt::ArgList &Args, 114 SanitizerMask Mask); 115 116 /// Produce an argument string from argument \p A, which shows how it provides 117 /// a value in \p Mask. For instance, the argument 118 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce 119 /// "-fsanitize=alignment". 120 static std::string describeSanitizeArg(const llvm::opt::Arg *A, 121 SanitizerMask Mask); 122 123 /// Produce a string containing comma-separated names of sanitizers in \p 124 /// Sanitizers set. 125 static std::string toString(const clang::SanitizerSet &Sanitizers); 126 127 static void validateSpecialCaseListFormat(const Driver &D, 128 std::vector<std::string> &SCLFiles, 129 unsigned MalformedSCLErrorDiagID, 130 bool DiagnoseErrors) { 131 if (SCLFiles.empty()) 132 return; 133 134 std::string BLError; 135 std::unique_ptr<llvm::SpecialCaseList> SCL( 136 llvm::SpecialCaseList::create(SCLFiles, D.getVFS(), BLError)); 137 if (!SCL.get() && DiagnoseErrors) 138 D.Diag(MalformedSCLErrorDiagID) << BLError; 139 } 140 141 static void addDefaultIgnorelists(const Driver &D, SanitizerMask Kinds, 142 std::vector<std::string> &IgnorelistFiles, 143 bool DiagnoseErrors) { 144 struct Ignorelist { 145 const char *File; 146 SanitizerMask Mask; 147 } Ignorelists[] = {{"asan_ignorelist.txt", SanitizerKind::Address}, 148 {"hwasan_ignorelist.txt", SanitizerKind::HWAddress}, 149 {"memtag_ignorelist.txt", SanitizerKind::MemTag}, 150 {"msan_ignorelist.txt", SanitizerKind::Memory}, 151 {"tsan_ignorelist.txt", SanitizerKind::Thread}, 152 {"dfsan_abilist.txt", SanitizerKind::DataFlow}, 153 {"cfi_ignorelist.txt", SanitizerKind::CFI}, 154 {"ubsan_ignorelist.txt", 155 SanitizerKind::Undefined | SanitizerKind::Integer | 156 SanitizerKind::Nullability | 157 SanitizerKind::FloatDivideByZero}}; 158 159 for (auto BL : Ignorelists) { 160 if (!(Kinds & BL.Mask)) 161 continue; 162 163 clang::SmallString<64> Path(D.ResourceDir); 164 llvm::sys::path::append(Path, "share", BL.File); 165 if (D.getVFS().exists(Path)) 166 IgnorelistFiles.push_back(std::string(Path.str())); 167 else if (BL.Mask == SanitizerKind::CFI && DiagnoseErrors) 168 // If cfi_ignorelist.txt cannot be found in the resource dir, driver 169 // should fail. 170 D.Diag(clang::diag::err_drv_no_such_file) << Path; 171 } 172 validateSpecialCaseListFormat( 173 D, IgnorelistFiles, clang::diag::err_drv_malformed_sanitizer_ignorelist, 174 DiagnoseErrors); 175 } 176 177 /// Parse -f(no-)?sanitize-(coverage-)?(white|ignore)list argument's values, 178 /// diagnosing any invalid file paths and validating special case list format. 179 static void parseSpecialCaseListArg(const Driver &D, 180 const llvm::opt::ArgList &Args, 181 std::vector<std::string> &SCLFiles, 182 llvm::opt::OptSpecifier SCLOptionID, 183 llvm::opt::OptSpecifier NoSCLOptionID, 184 unsigned MalformedSCLErrorDiagID, 185 bool DiagnoseErrors) { 186 for (const auto *Arg : Args) { 187 // Match -fsanitize-(coverage-)?(white|ignore)list. 188 if (Arg->getOption().matches(SCLOptionID)) { 189 Arg->claim(); 190 std::string SCLPath = Arg->getValue(); 191 if (D.getVFS().exists(SCLPath)) { 192 SCLFiles.push_back(SCLPath); 193 } else if (DiagnoseErrors) { 194 D.Diag(clang::diag::err_drv_no_such_file) << SCLPath; 195 } 196 // Match -fno-sanitize-ignorelist. 197 } else if (Arg->getOption().matches(NoSCLOptionID)) { 198 Arg->claim(); 199 SCLFiles.clear(); 200 } 201 } 202 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID, 203 DiagnoseErrors); 204 } 205 206 /// Sets group bits for every group that has at least one representative already 207 /// enabled in \p Kinds. 208 static SanitizerMask setGroupBits(SanitizerMask Kinds) { 209 #define SANITIZER(NAME, ID) 210 #define SANITIZER_GROUP(NAME, ID, ALIAS) \ 211 if (Kinds & SanitizerKind::ID) \ 212 Kinds |= SanitizerKind::ID##Group; 213 #include "clang/Basic/Sanitizers.def" 214 return Kinds; 215 } 216 217 static SanitizerMask parseSanitizeTrapArgs(const Driver &D, 218 const llvm::opt::ArgList &Args, 219 bool DiagnoseErrors) { 220 SanitizerMask TrapRemove; // During the loop below, the accumulated set of 221 // sanitizers disabled by the current sanitizer 222 // argument or any argument after it. 223 SanitizerMask TrappingKinds; 224 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported); 225 226 for (const llvm::opt::Arg *Arg : llvm::reverse(Args)) { 227 if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) { 228 Arg->claim(); 229 SanitizerMask Add = parseArgValues(D, Arg, true); 230 Add &= ~TrapRemove; 231 SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups; 232 if (InvalidValues && DiagnoseErrors) { 233 SanitizerSet S; 234 S.Mask = InvalidValues; 235 D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap" 236 << toString(S); 237 } 238 TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove; 239 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) { 240 Arg->claim(); 241 TrapRemove |= 242 expandSanitizerGroups(parseArgValues(D, Arg, DiagnoseErrors)); 243 } 244 } 245 246 // Apply default trapping behavior. 247 TrappingKinds |= TrappingDefault & ~TrapRemove; 248 249 return TrappingKinds; 250 } 251 252 bool SanitizerArgs::needsFuzzerInterceptors() const { 253 return needsFuzzer() && !needsAsanRt() && !needsTsanRt() && !needsMsanRt(); 254 } 255 256 bool SanitizerArgs::needsUbsanRt() const { 257 // All of these include ubsan. 258 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() || 259 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() || 260 (needsScudoRt() && !requiresMinimalRuntime())) 261 return false; 262 263 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) || 264 CoverageFeatures; 265 } 266 267 bool SanitizerArgs::needsCfiRt() const { 268 return !(Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) && 269 CfiCrossDso && !ImplicitCfiRuntime; 270 } 271 272 bool SanitizerArgs::needsCfiDiagRt() const { 273 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) && 274 CfiCrossDso && !ImplicitCfiRuntime; 275 } 276 277 bool SanitizerArgs::requiresPIE() const { 278 return NeedPIE || (Sanitizers.Mask & RequiresPIE); 279 } 280 281 bool SanitizerArgs::needsUnwindTables() const { 282 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables); 283 } 284 285 bool SanitizerArgs::needsLTO() const { 286 return static_cast<bool>(Sanitizers.Mask & NeedsLTO); 287 } 288 289 SanitizerArgs::SanitizerArgs(const ToolChain &TC, 290 const llvm::opt::ArgList &Args, 291 bool DiagnoseErrors) { 292 SanitizerMask AllRemove; // During the loop below, the accumulated set of 293 // sanitizers disabled by the current sanitizer 294 // argument or any argument after it. 295 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by 296 // -fsanitize= flags (directly or via group 297 // expansion), some of which may be disabled 298 // later. Used to carefully prune 299 // unused-argument diagnostics. 300 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now. 301 // Used to deduplicate diagnostics. 302 SanitizerMask Kinds; 303 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers()); 304 305 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso, 306 options::OPT_fno_sanitize_cfi_cross_dso, false); 307 308 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode(); 309 310 const Driver &D = TC.getDriver(); 311 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args, DiagnoseErrors); 312 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap; 313 314 MinimalRuntime = 315 Args.hasFlag(options::OPT_fsanitize_minimal_runtime, 316 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime); 317 318 // The object size sanitizer should not be enabled at -O0. 319 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group); 320 bool RemoveObjectSizeAtO0 = 321 !OptLevel || OptLevel->getOption().matches(options::OPT_O0); 322 323 for (const llvm::opt::Arg *Arg : llvm::reverse(Args)) { 324 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { 325 Arg->claim(); 326 SanitizerMask Add = parseArgValues(D, Arg, DiagnoseErrors); 327 328 if (RemoveObjectSizeAtO0) { 329 AllRemove |= SanitizerKind::ObjectSize; 330 331 // The user explicitly enabled the object size sanitizer. Warn 332 // that this does nothing at -O0. 333 if ((Add & SanitizerKind::ObjectSize) && DiagnoseErrors) 334 D.Diag(diag::warn_drv_object_size_disabled_O0) 335 << Arg->getAsString(Args); 336 } 337 338 AllAddedKinds |= expandSanitizerGroups(Add); 339 340 // Avoid diagnosing any sanitizer which is disabled later. 341 Add &= ~AllRemove; 342 // At this point we have not expanded groups, so any unsupported 343 // sanitizers in Add are those which have been explicitly enabled. 344 // Diagnose them. 345 if (SanitizerMask KindsToDiagnose = 346 Add & InvalidTrappingKinds & ~DiagnosedKinds) { 347 if (DiagnoseErrors) { 348 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose); 349 D.Diag(diag::err_drv_argument_not_allowed_with) 350 << Desc << "-fsanitize-trap=undefined"; 351 } 352 DiagnosedKinds |= KindsToDiagnose; 353 } 354 Add &= ~InvalidTrappingKinds; 355 356 if (MinimalRuntime) { 357 if (SanitizerMask KindsToDiagnose = 358 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) { 359 if (DiagnoseErrors) { 360 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose); 361 D.Diag(diag::err_drv_argument_not_allowed_with) 362 << Desc << "-fsanitize-minimal-runtime"; 363 } 364 DiagnosedKinds |= KindsToDiagnose; 365 } 366 Add &= ~NotAllowedWithMinimalRuntime; 367 } 368 369 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI. 370 // There are currently two problems: 371 // - Virtual function call checks need to pass a pointer to the function 372 // address to llvm.type.test and a pointer to the address point to the 373 // diagnostic function. Currently we pass the same pointer to both 374 // places. 375 // - Non-virtual function call checks may need to check multiple type 376 // identifiers. 377 // Fixing both of those may require changes to the cross-DSO CFI 378 // interface. 379 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) { 380 if (DiagnoseErrors) 381 D.Diag(diag::err_drv_argument_not_allowed_with) 382 << "-fsanitize=cfi-mfcall" 383 << "-fsanitize-cfi-cross-dso"; 384 Add &= ~SanitizerKind::CFIMFCall; 385 DiagnosedKinds |= SanitizerKind::CFIMFCall; 386 } 387 388 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) { 389 if (DiagnoseErrors) { 390 std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose); 391 D.Diag(diag::err_drv_unsupported_opt_for_target) 392 << Desc << TC.getTriple().str(); 393 } 394 DiagnosedKinds |= KindsToDiagnose; 395 } 396 Add &= Supported; 397 398 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups 399 // so we don't error out if -fno-rtti and -fsanitize=undefined were 400 // passed. 401 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) { 402 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) { 403 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) && 404 "RTTI disabled without -fno-rtti option?"); 405 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but 406 // the vptr sanitizer requires RTTI, so this is a user error. 407 if (DiagnoseErrors) 408 D.Diag(diag::err_drv_argument_not_allowed_with) 409 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args); 410 } else { 411 // The vptr sanitizer requires RTTI, but RTTI is disabled (by 412 // default). Warn that the vptr sanitizer is being disabled. 413 if (DiagnoseErrors) 414 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default); 415 } 416 417 // Take out the Vptr sanitizer from the enabled sanitizers 418 AllRemove |= SanitizerKind::Vptr; 419 } 420 421 Add = expandSanitizerGroups(Add); 422 // Group expansion may have enabled a sanitizer which is disabled later. 423 Add &= ~AllRemove; 424 // Silently discard any unsupported sanitizers implicitly enabled through 425 // group expansion. 426 Add &= ~InvalidTrappingKinds; 427 if (MinimalRuntime) { 428 Add &= ~NotAllowedWithMinimalRuntime; 429 } 430 if (CfiCrossDso) 431 Add &= ~SanitizerKind::CFIMFCall; 432 Add &= Supported; 433 434 if (Add & SanitizerKind::Fuzzer) 435 Add |= SanitizerKind::FuzzerNoLink; 436 437 // Enable coverage if the fuzzing flag is set. 438 if (Add & SanitizerKind::FuzzerNoLink) { 439 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall | 440 CoverageTraceCmp | CoveragePCTable; 441 // Due to TLS differences, stack depth tracking is only enabled on Linux 442 if (TC.getTriple().isOSLinux()) 443 CoverageFeatures |= CoverageStackDepth; 444 } 445 446 Kinds |= Add; 447 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { 448 Arg->claim(); 449 SanitizerMask Remove = parseArgValues(D, Arg, DiagnoseErrors); 450 AllRemove |= expandSanitizerGroups(Remove); 451 } 452 } 453 454 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { 455 std::make_pair(SanitizerKind::Address, 456 SanitizerKind::Thread | SanitizerKind::Memory), 457 std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory), 458 std::make_pair(SanitizerKind::Leak, 459 SanitizerKind::Thread | SanitizerKind::Memory), 460 std::make_pair(SanitizerKind::KernelAddress, 461 SanitizerKind::Address | SanitizerKind::Leak | 462 SanitizerKind::Thread | SanitizerKind::Memory), 463 std::make_pair(SanitizerKind::HWAddress, 464 SanitizerKind::Address | SanitizerKind::Thread | 465 SanitizerKind::Memory | SanitizerKind::KernelAddress), 466 std::make_pair(SanitizerKind::Scudo, 467 SanitizerKind::Address | SanitizerKind::HWAddress | 468 SanitizerKind::Leak | SanitizerKind::Thread | 469 SanitizerKind::Memory | SanitizerKind::KernelAddress), 470 std::make_pair(SanitizerKind::SafeStack, 471 (TC.getTriple().isOSFuchsia() ? SanitizerMask() 472 : SanitizerKind::Leak) | 473 SanitizerKind::Address | SanitizerKind::HWAddress | 474 SanitizerKind::Thread | SanitizerKind::Memory | 475 SanitizerKind::KernelAddress), 476 std::make_pair(SanitizerKind::KernelHWAddress, 477 SanitizerKind::Address | SanitizerKind::HWAddress | 478 SanitizerKind::Leak | SanitizerKind::Thread | 479 SanitizerKind::Memory | SanitizerKind::KernelAddress | 480 SanitizerKind::SafeStack), 481 std::make_pair(SanitizerKind::KernelMemory, 482 SanitizerKind::Address | SanitizerKind::HWAddress | 483 SanitizerKind::Leak | SanitizerKind::Thread | 484 SanitizerKind::Memory | SanitizerKind::KernelAddress | 485 SanitizerKind::Scudo | SanitizerKind::SafeStack), 486 std::make_pair(SanitizerKind::MemTag, 487 SanitizerKind::Address | SanitizerKind::KernelAddress | 488 SanitizerKind::HWAddress | 489 SanitizerKind::KernelHWAddress)}; 490 // Enable toolchain specific default sanitizers if not explicitly disabled. 491 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove; 492 493 // Disable default sanitizers that are incompatible with explicitly requested 494 // ones. 495 for (auto G : IncompatibleGroups) { 496 SanitizerMask Group = G.first; 497 if ((Default & Group) && (Kinds & G.second)) 498 Default &= ~Group; 499 } 500 501 Kinds |= Default; 502 503 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI 504 // is disabled. 505 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) { 506 Kinds &= ~SanitizerKind::Vptr; 507 } 508 509 // Check that LTO is enabled if we need it. 510 if ((Kinds & NeedsLTO) && !D.isUsingLTO() && DiagnoseErrors) { 511 D.Diag(diag::err_drv_argument_only_allowed_with) 512 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto"; 513 } 514 515 if ((Kinds & SanitizerKind::ShadowCallStack) && 516 ((TC.getTriple().isAArch64() && 517 !llvm::AArch64::isX18ReservedByDefault(TC.getTriple())) || 518 TC.getTriple().isRISCV()) && 519 !Args.hasArg(options::OPT_ffixed_x18) && DiagnoseErrors) { 520 D.Diag(diag::err_drv_argument_only_allowed_with) 521 << lastArgumentForMask(D, Args, Kinds & SanitizerKind::ShadowCallStack) 522 << "-ffixed-x18"; 523 } 524 525 // Report error if there are non-trapping sanitizers that require 526 // c++abi-specific parts of UBSan runtime, and they are not provided by the 527 // toolchain. We don't have a good way to check the latter, so we just 528 // check if the toolchan supports vptr. 529 if (~Supported & SanitizerKind::Vptr) { 530 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt; 531 // The runtime library supports the Microsoft C++ ABI, but only well enough 532 // for CFI. FIXME: Remove this once we support vptr on Windows. 533 if (TC.getTriple().isOSWindows()) 534 KindsToDiagnose &= ~SanitizerKind::CFI; 535 if (KindsToDiagnose) { 536 SanitizerSet S; 537 S.Mask = KindsToDiagnose; 538 if (DiagnoseErrors) 539 D.Diag(diag::err_drv_unsupported_opt_for_target) 540 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str(); 541 Kinds &= ~KindsToDiagnose; 542 } 543 } 544 545 // Warn about incompatible groups of sanitizers. 546 for (auto G : IncompatibleGroups) { 547 SanitizerMask Group = G.first; 548 if (Kinds & Group) { 549 if (SanitizerMask Incompatible = Kinds & G.second) { 550 if (DiagnoseErrors) 551 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 552 << lastArgumentForMask(D, Args, Group) 553 << lastArgumentForMask(D, Args, Incompatible); 554 Kinds &= ~Incompatible; 555 } 556 } 557 } 558 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of 559 // -fsanitize=address. Perhaps it should print an error, or perhaps 560 // -f(-no)sanitize=leak should change whether leak detection is enabled by 561 // default in ASan? 562 563 // Parse -f(no-)?sanitize-recover flags. 564 SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable; 565 SanitizerMask DiagnosedUnrecoverableKinds; 566 SanitizerMask DiagnosedAlwaysRecoverableKinds; 567 for (const auto *Arg : Args) { 568 if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) { 569 SanitizerMask Add = parseArgValues(D, Arg, DiagnoseErrors); 570 // Report error if user explicitly tries to recover from unrecoverable 571 // sanitizer. 572 if (SanitizerMask KindsToDiagnose = 573 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) { 574 SanitizerSet SetToDiagnose; 575 SetToDiagnose.Mask |= KindsToDiagnose; 576 if (DiagnoseErrors) 577 D.Diag(diag::err_drv_unsupported_option_argument) 578 << Arg->getOption().getName() << toString(SetToDiagnose); 579 DiagnosedUnrecoverableKinds |= KindsToDiagnose; 580 } 581 RecoverableKinds |= expandSanitizerGroups(Add); 582 Arg->claim(); 583 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) { 584 SanitizerMask Remove = parseArgValues(D, Arg, DiagnoseErrors); 585 // Report error if user explicitly tries to disable recovery from 586 // always recoverable sanitizer. 587 if (SanitizerMask KindsToDiagnose = 588 Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) { 589 SanitizerSet SetToDiagnose; 590 SetToDiagnose.Mask |= KindsToDiagnose; 591 if (DiagnoseErrors) 592 D.Diag(diag::err_drv_unsupported_option_argument) 593 << Arg->getOption().getName() << toString(SetToDiagnose); 594 DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose; 595 } 596 RecoverableKinds &= ~expandSanitizerGroups(Remove); 597 Arg->claim(); 598 } 599 } 600 RecoverableKinds &= Kinds; 601 RecoverableKinds &= ~Unrecoverable; 602 603 TrappingKinds &= Kinds; 604 RecoverableKinds &= ~TrappingKinds; 605 606 // Setup ignorelist files. 607 // Add default ignorelist from resource directory for activated sanitizers, 608 // and validate special case lists format. 609 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_ignorelist)) 610 addDefaultIgnorelists(D, Kinds, SystemIgnorelistFiles, DiagnoseErrors); 611 612 // Parse -f(no-)?sanitize-ignorelist options. 613 // This also validates special case lists format. 614 parseSpecialCaseListArg( 615 D, Args, UserIgnorelistFiles, options::OPT_fsanitize_ignorelist_EQ, 616 options::OPT_fno_sanitize_ignorelist, 617 clang::diag::err_drv_malformed_sanitizer_ignorelist, DiagnoseErrors); 618 619 // Parse -f[no-]sanitize-memory-track-origins[=level] options. 620 if (AllAddedKinds & SanitizerKind::Memory) { 621 if (Arg *A = 622 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ, 623 options::OPT_fsanitize_memory_track_origins, 624 options::OPT_fno_sanitize_memory_track_origins)) { 625 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) { 626 MsanTrackOrigins = 2; 627 } else if (A->getOption().matches( 628 options::OPT_fno_sanitize_memory_track_origins)) { 629 MsanTrackOrigins = 0; 630 } else { 631 StringRef S = A->getValue(); 632 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 || 633 MsanTrackOrigins > 2) { 634 if (DiagnoseErrors) 635 D.Diag(clang::diag::err_drv_invalid_value) 636 << A->getAsString(Args) << S; 637 } 638 } 639 } 640 MsanUseAfterDtor = 641 Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor, 642 options::OPT_fno_sanitize_memory_use_after_dtor, 643 MsanUseAfterDtor); 644 NeedPIE |= !(TC.getTriple().isOSLinux() && 645 TC.getTriple().getArch() == llvm::Triple::x86_64); 646 } else { 647 MsanUseAfterDtor = false; 648 } 649 650 if (AllAddedKinds & SanitizerKind::Thread) { 651 TsanMemoryAccess = Args.hasFlag( 652 options::OPT_fsanitize_thread_memory_access, 653 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess); 654 TsanFuncEntryExit = Args.hasFlag( 655 options::OPT_fsanitize_thread_func_entry_exit, 656 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit); 657 TsanAtomics = 658 Args.hasFlag(options::OPT_fsanitize_thread_atomics, 659 options::OPT_fno_sanitize_thread_atomics, TsanAtomics); 660 } 661 662 if (AllAddedKinds & SanitizerKind::CFI) { 663 // Without PIE, external function address may resolve to a PLT record, which 664 // can not be verified by the target module. 665 NeedPIE |= CfiCrossDso; 666 CfiICallGeneralizePointers = 667 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers); 668 669 if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors) 670 D.Diag(diag::err_drv_argument_not_allowed_with) 671 << "-fsanitize-cfi-cross-dso" 672 << "-fsanitize-cfi-icall-generalize-pointers"; 673 674 CfiCanonicalJumpTables = 675 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables, 676 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true); 677 } 678 679 Stats = Args.hasFlag(options::OPT_fsanitize_stats, 680 options::OPT_fno_sanitize_stats, false); 681 682 if (MinimalRuntime) { 683 SanitizerMask IncompatibleMask = 684 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime); 685 if (IncompatibleMask && DiagnoseErrors) 686 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 687 << "-fsanitize-minimal-runtime" 688 << lastArgumentForMask(D, Args, IncompatibleMask); 689 690 SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds; 691 if (NonTrappingCfi && DiagnoseErrors) 692 D.Diag(clang::diag::err_drv_argument_only_allowed_with) 693 << "fsanitize-minimal-runtime" 694 << "fsanitize-trap=cfi"; 695 } 696 697 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the 698 // enabled sanitizers. 699 for (const auto *Arg : Args) { 700 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) { 701 int LegacySanitizeCoverage; 702 if (Arg->getNumValues() == 1 && 703 !StringRef(Arg->getValue(0)) 704 .getAsInteger(0, LegacySanitizeCoverage)) { 705 CoverageFeatures = 0; 706 Arg->claim(); 707 if (LegacySanitizeCoverage != 0 && DiagnoseErrors) { 708 D.Diag(diag::warn_drv_deprecated_arg) 709 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard"; 710 } 711 continue; 712 } 713 CoverageFeatures |= parseCoverageFeatures(D, Arg, DiagnoseErrors); 714 715 // Disable coverage and not claim the flags if there is at least one 716 // non-supporting sanitizer. 717 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) { 718 Arg->claim(); 719 } else { 720 CoverageFeatures = 0; 721 } 722 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) { 723 Arg->claim(); 724 CoverageFeatures &= ~parseCoverageFeatures(D, Arg, DiagnoseErrors); 725 } 726 } 727 // Choose at most one coverage type: function, bb, or edge. 728 if (DiagnoseErrors) { 729 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB)) 730 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 731 << "-fsanitize-coverage=func" 732 << "-fsanitize-coverage=bb"; 733 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge)) 734 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 735 << "-fsanitize-coverage=func" 736 << "-fsanitize-coverage=edge"; 737 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge)) 738 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 739 << "-fsanitize-coverage=bb" 740 << "-fsanitize-coverage=edge"; 741 // Basic block tracing and 8-bit counters require some type of coverage 742 // enabled. 743 if (CoverageFeatures & CoverageTraceBB) 744 D.Diag(clang::diag::warn_drv_deprecated_arg) 745 << "-fsanitize-coverage=trace-bb" 746 << "-fsanitize-coverage=trace-pc-guard"; 747 if (CoverageFeatures & Coverage8bitCounters) 748 D.Diag(clang::diag::warn_drv_deprecated_arg) 749 << "-fsanitize-coverage=8bit-counters" 750 << "-fsanitize-coverage=trace-pc-guard"; 751 } 752 753 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge; 754 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard | 755 CoverageInline8bitCounters | CoverageTraceLoads | 756 CoverageTraceStores | CoverageInlineBoolFlag; 757 if ((CoverageFeatures & InsertionPointTypes) && 758 !(CoverageFeatures & InstrumentationTypes) && DiagnoseErrors) { 759 D.Diag(clang::diag::warn_drv_deprecated_arg) 760 << "-fsanitize-coverage=[func|bb|edge]" 761 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]"; 762 } 763 764 // trace-pc w/o func/bb/edge implies edge. 765 if (!(CoverageFeatures & InsertionPointTypes)) { 766 if (CoverageFeatures & 767 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters | 768 CoverageInlineBoolFlag)) 769 CoverageFeatures |= CoverageEdge; 770 771 if (CoverageFeatures & CoverageStackDepth) 772 CoverageFeatures |= CoverageFunc; 773 } 774 775 // Parse -fsanitize-coverage-(ignore|white)list options if coverage enabled. 776 // This also validates special case lists format. 777 // Here, OptSpecifier() acts as a never-matching command-line argument. 778 // So, there is no way to clear coverage lists but you can append to them. 779 if (CoverageFeatures) { 780 parseSpecialCaseListArg( 781 D, Args, CoverageAllowlistFiles, 782 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(), 783 clang::diag::err_drv_malformed_sanitizer_coverage_allowlist, 784 DiagnoseErrors); 785 parseSpecialCaseListArg( 786 D, Args, CoverageIgnorelistFiles, 787 options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(), 788 clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist, 789 DiagnoseErrors); 790 } 791 792 SharedRuntime = 793 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan, 794 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() || 795 TC.getTriple().isOSDarwin()); 796 797 ImplicitCfiRuntime = TC.getTriple().isAndroid(); 798 799 if (AllAddedKinds & SanitizerKind::Address) { 800 NeedPIE |= TC.getTriple().isOSFuchsia(); 801 if (Arg *A = 802 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) { 803 StringRef S = A->getValue(); 804 // Legal values are 0 and 1, 2, but in future we may add more levels. 805 if ((S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 || 806 AsanFieldPadding > 2) && 807 DiagnoseErrors) { 808 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; 809 } 810 } 811 812 if (Arg *WindowsDebugRTArg = 813 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT, 814 options::OPT__SLASH_MDd, options::OPT__SLASH_MD, 815 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) { 816 switch (WindowsDebugRTArg->getOption().getID()) { 817 case options::OPT__SLASH_MTd: 818 case options::OPT__SLASH_MDd: 819 case options::OPT__SLASH_LDd: 820 if (DiagnoseErrors) { 821 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 822 << WindowsDebugRTArg->getAsString(Args) 823 << lastArgumentForMask(D, Args, SanitizerKind::Address); 824 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime); 825 } 826 } 827 } 828 829 AsanUseAfterScope = Args.hasFlag( 830 options::OPT_fsanitize_address_use_after_scope, 831 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope); 832 833 AsanPoisonCustomArrayCookie = Args.hasFlag( 834 options::OPT_fsanitize_address_poison_custom_array_cookie, 835 options::OPT_fno_sanitize_address_poison_custom_array_cookie, 836 AsanPoisonCustomArrayCookie); 837 838 AsanOutlineInstrumentation = 839 Args.hasFlag(options::OPT_fsanitize_address_outline_instrumentation, 840 options::OPT_fno_sanitize_address_outline_instrumentation, 841 AsanOutlineInstrumentation); 842 843 // As a workaround for a bug in gold 2.26 and earlier, dead stripping of 844 // globals in ASan is disabled by default on ELF targets. 845 // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002 846 AsanGlobalsDeadStripping = 847 !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() || 848 TC.getTriple().isPS4() || 849 Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping); 850 851 AsanUseOdrIndicator = 852 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator, 853 options::OPT_fno_sanitize_address_use_odr_indicator, 854 AsanUseOdrIndicator); 855 856 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) { 857 AsanInvalidPointerCmp = true; 858 } 859 860 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) { 861 AsanInvalidPointerSub = true; 862 } 863 864 if (TC.getTriple().isOSDarwin() && 865 (Args.hasArg(options::OPT_mkernel) || 866 Args.hasArg(options::OPT_fapple_kext))) { 867 AsanDtorKind = llvm::AsanDtorKind::None; 868 } 869 870 if (const auto *Arg = 871 Args.getLastArg(options::OPT_sanitize_address_destructor_EQ)) { 872 auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue()); 873 if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid && DiagnoseErrors) { 874 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument) 875 << Arg->getOption().getName() << Arg->getValue(); 876 } 877 AsanDtorKind = parsedAsanDtorKind; 878 } 879 880 if (const auto *Arg = Args.getLastArg( 881 options::OPT_sanitize_address_use_after_return_EQ)) { 882 auto parsedAsanUseAfterReturn = 883 AsanDetectStackUseAfterReturnModeFromString(Arg->getValue()); 884 if (parsedAsanUseAfterReturn == 885 llvm::AsanDetectStackUseAfterReturnMode::Invalid && 886 DiagnoseErrors) { 887 TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument) 888 << Arg->getOption().getName() << Arg->getValue(); 889 } 890 AsanUseAfterReturn = parsedAsanUseAfterReturn; 891 } 892 893 } else { 894 AsanUseAfterScope = false; 895 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address. 896 SanitizerMask DetectInvalidPointerPairs = 897 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract; 898 if ((AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) && 899 DiagnoseErrors) { 900 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with) 901 << lastArgumentForMask(D, Args, 902 SanitizerKind::PointerCompare | 903 SanitizerKind::PointerSubtract) 904 << "-fsanitize=address"; 905 } 906 } 907 908 if (AllAddedKinds & SanitizerKind::HWAddress) { 909 if (Arg *HwasanAbiArg = 910 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) { 911 HwasanAbi = HwasanAbiArg->getValue(); 912 if (HwasanAbi != "platform" && HwasanAbi != "interceptor" && 913 DiagnoseErrors) 914 D.Diag(clang::diag::err_drv_invalid_value) 915 << HwasanAbiArg->getAsString(Args) << HwasanAbi; 916 } else { 917 HwasanAbi = "interceptor"; 918 } 919 if (TC.getTriple().getArch() == llvm::Triple::x86_64) 920 HwasanUseAliases = Args.hasFlag( 921 options::OPT_fsanitize_hwaddress_experimental_aliasing, 922 options::OPT_fno_sanitize_hwaddress_experimental_aliasing, 923 HwasanUseAliases); 924 } 925 926 if (AllAddedKinds & SanitizerKind::SafeStack) { 927 // SafeStack runtime is built into the system on Android and Fuchsia. 928 SafeStackRuntime = 929 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia(); 930 } 931 932 LinkRuntimes = 933 Args.hasFlag(options::OPT_fsanitize_link_runtime, 934 options::OPT_fno_sanitize_link_runtime, LinkRuntimes); 935 936 // Parse -link-cxx-sanitizer flag. 937 LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime, 938 options::OPT_fno_sanitize_link_cxx_runtime, 939 LinkCXXRuntimes) || 940 D.CCCIsCXX(); 941 942 NeedsMemProfRt = Args.hasFlag(options::OPT_fmemory_profile, 943 options::OPT_fmemory_profile_EQ, 944 options::OPT_fno_memory_profile, false); 945 946 // Finally, initialize the set of available and recoverable sanitizers. 947 Sanitizers.Mask |= Kinds; 948 RecoverableSanitizers.Mask |= RecoverableKinds; 949 TrapSanitizers.Mask |= TrappingKinds; 950 assert(!(RecoverableKinds & TrappingKinds) && 951 "Overlap between recoverable and trapping sanitizers"); 952 } 953 954 static std::string toString(const clang::SanitizerSet &Sanitizers) { 955 std::string Res; 956 #define SANITIZER(NAME, ID) \ 957 if (Sanitizers.has(SanitizerKind::ID)) { \ 958 if (!Res.empty()) \ 959 Res += ","; \ 960 Res += NAME; \ 961 } 962 #include "clang/Basic/Sanitizers.def" 963 return Res; 964 } 965 966 static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args, 967 llvm::opt::ArgStringList &CmdArgs, 968 const char *SCLOptFlag, 969 const std::vector<std::string> &SCLFiles) { 970 for (const auto &SCLPath : SCLFiles) { 971 SmallString<64> SCLOpt(SCLOptFlag); 972 SCLOpt += SCLPath; 973 CmdArgs.push_back(Args.MakeArgString(SCLOpt)); 974 } 975 } 976 977 static void addIncludeLinkerOption(const ToolChain &TC, 978 const llvm::opt::ArgList &Args, 979 llvm::opt::ArgStringList &CmdArgs, 980 StringRef SymbolName) { 981 SmallString<64> LinkerOptionFlag; 982 LinkerOptionFlag = "--linker-option=/include:"; 983 if (TC.getTriple().getArch() == llvm::Triple::x86) { 984 // Win32 mangles C function names with a '_' prefix. 985 LinkerOptionFlag += '_'; 986 } 987 LinkerOptionFlag += SymbolName; 988 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag)); 989 } 990 991 static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) { 992 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End; ++Start) { 993 auto It = std::find(Start, End, StringRef("+mte")); 994 if (It == End) 995 break; 996 if (It > Start && *std::prev(It) == StringRef("-target-feature")) 997 return true; 998 Start = It; 999 } 1000 return false; 1001 } 1002 1003 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, 1004 llvm::opt::ArgStringList &CmdArgs, 1005 types::ID InputType) const { 1006 // NVPTX doesn't currently support sanitizers. Bailing out here means 1007 // that e.g. -fsanitize=address applies only to host code, which is what we 1008 // want for now. 1009 // 1010 // AMDGPU sanitizer support is experimental and controlled by -fgpu-sanitize. 1011 if (TC.getTriple().isNVPTX() || 1012 (TC.getTriple().isAMDGPU() && 1013 !Args.hasFlag(options::OPT_fgpu_sanitize, 1014 options::OPT_fno_gpu_sanitize))) 1015 return; 1016 1017 // Translate available CoverageFeatures to corresponding clang-cc1 flags. 1018 // Do it even if Sanitizers.empty() since some forms of coverage don't require 1019 // sanitizers. 1020 std::pair<int, const char *> CoverageFlags[] = { 1021 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"), 1022 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"), 1023 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"), 1024 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"), 1025 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"), 1026 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"), 1027 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"), 1028 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"), 1029 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"), 1030 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"), 1031 std::make_pair(CoverageTracePCGuard, 1032 "-fsanitize-coverage-trace-pc-guard"), 1033 std::make_pair(CoverageInline8bitCounters, 1034 "-fsanitize-coverage-inline-8bit-counters"), 1035 std::make_pair(CoverageInlineBoolFlag, 1036 "-fsanitize-coverage-inline-bool-flag"), 1037 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"), 1038 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"), 1039 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth"), 1040 std::make_pair(CoverageTraceLoads, "-fsanitize-coverage-trace-loads"), 1041 std::make_pair(CoverageTraceStores, "-fsanitize-coverage-trace-stores")}; 1042 for (auto F : CoverageFlags) { 1043 if (CoverageFeatures & F.first) 1044 CmdArgs.push_back(F.second); 1045 } 1046 addSpecialCaseListOpt( 1047 Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles); 1048 addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=", 1049 CoverageIgnorelistFiles); 1050 1051 if (TC.getTriple().isOSWindows() && needsUbsanRt()) { 1052 // Instruct the code generator to embed linker directives in the object file 1053 // that cause the required runtime libraries to be linked. 1054 CmdArgs.push_back( 1055 Args.MakeArgString("--dependent-lib=" + 1056 TC.getCompilerRTBasename(Args, "ubsan_standalone"))); 1057 if (types::isCXX(InputType)) 1058 CmdArgs.push_back(Args.MakeArgString( 1059 "--dependent-lib=" + 1060 TC.getCompilerRTBasename(Args, "ubsan_standalone_cxx"))); 1061 } 1062 if (TC.getTriple().isOSWindows() && needsStatsRt()) { 1063 CmdArgs.push_back(Args.MakeArgString( 1064 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats_client"))); 1065 1066 // The main executable must export the stats runtime. 1067 // FIXME: Only exporting from the main executable (e.g. based on whether the 1068 // translation unit defines main()) would save a little space, but having 1069 // multiple copies of the runtime shouldn't hurt. 1070 CmdArgs.push_back(Args.MakeArgString( 1071 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats"))); 1072 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register"); 1073 } 1074 1075 if (Sanitizers.empty()) 1076 return; 1077 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers))); 1078 1079 if (!RecoverableSanitizers.empty()) 1080 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" + 1081 toString(RecoverableSanitizers))); 1082 1083 if (!TrapSanitizers.empty()) 1084 CmdArgs.push_back( 1085 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers))); 1086 1087 addSpecialCaseListOpt(Args, CmdArgs, 1088 "-fsanitize-ignorelist=", UserIgnorelistFiles); 1089 addSpecialCaseListOpt(Args, CmdArgs, 1090 "-fsanitize-system-ignorelist=", SystemIgnorelistFiles); 1091 1092 if (MsanTrackOrigins) 1093 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" + 1094 Twine(MsanTrackOrigins))); 1095 1096 if (MsanUseAfterDtor) 1097 CmdArgs.push_back("-fsanitize-memory-use-after-dtor"); 1098 1099 // FIXME: Pass these parameters as function attributes, not as -llvm flags. 1100 if (!TsanMemoryAccess) { 1101 CmdArgs.push_back("-mllvm"); 1102 CmdArgs.push_back("-tsan-instrument-memory-accesses=0"); 1103 CmdArgs.push_back("-mllvm"); 1104 CmdArgs.push_back("-tsan-instrument-memintrinsics=0"); 1105 } 1106 if (!TsanFuncEntryExit) { 1107 CmdArgs.push_back("-mllvm"); 1108 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0"); 1109 } 1110 if (!TsanAtomics) { 1111 CmdArgs.push_back("-mllvm"); 1112 CmdArgs.push_back("-tsan-instrument-atomics=0"); 1113 } 1114 1115 if (HwasanUseAliases) { 1116 CmdArgs.push_back("-mllvm"); 1117 CmdArgs.push_back("-hwasan-experimental-use-page-aliases=1"); 1118 } 1119 1120 if (CfiCrossDso) 1121 CmdArgs.push_back("-fsanitize-cfi-cross-dso"); 1122 1123 if (CfiICallGeneralizePointers) 1124 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers"); 1125 1126 if (CfiCanonicalJumpTables) 1127 CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables"); 1128 1129 if (Stats) 1130 CmdArgs.push_back("-fsanitize-stats"); 1131 1132 if (MinimalRuntime) 1133 CmdArgs.push_back("-fsanitize-minimal-runtime"); 1134 1135 if (AsanFieldPadding) 1136 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" + 1137 Twine(AsanFieldPadding))); 1138 1139 if (AsanUseAfterScope) 1140 CmdArgs.push_back("-fsanitize-address-use-after-scope"); 1141 1142 if (AsanPoisonCustomArrayCookie) 1143 CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie"); 1144 1145 if (AsanGlobalsDeadStripping) 1146 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping"); 1147 1148 if (AsanUseOdrIndicator) 1149 CmdArgs.push_back("-fsanitize-address-use-odr-indicator"); 1150 1151 if (AsanInvalidPointerCmp) { 1152 CmdArgs.push_back("-mllvm"); 1153 CmdArgs.push_back("-asan-detect-invalid-pointer-cmp"); 1154 } 1155 1156 if (AsanInvalidPointerSub) { 1157 CmdArgs.push_back("-mllvm"); 1158 CmdArgs.push_back("-asan-detect-invalid-pointer-sub"); 1159 } 1160 1161 if (AsanOutlineInstrumentation) { 1162 CmdArgs.push_back("-mllvm"); 1163 CmdArgs.push_back("-asan-instrumentation-with-call-threshold=0"); 1164 } 1165 1166 // Only pass the option to the frontend if the user requested, 1167 // otherwise the frontend will just use the codegen default. 1168 if (AsanDtorKind != llvm::AsanDtorKind::Invalid) { 1169 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-destructor=" + 1170 AsanDtorKindToString(AsanDtorKind))); 1171 } 1172 1173 if (AsanUseAfterReturn != llvm::AsanDetectStackUseAfterReturnMode::Invalid) { 1174 CmdArgs.push_back(Args.MakeArgString( 1175 "-fsanitize-address-use-after-return=" + 1176 AsanDetectStackUseAfterReturnModeToString(AsanUseAfterReturn))); 1177 } 1178 1179 if (!HwasanAbi.empty()) { 1180 CmdArgs.push_back("-default-function-attr"); 1181 CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi)); 1182 } 1183 1184 if (Sanitizers.has(SanitizerKind::HWAddress) && !HwasanUseAliases) { 1185 CmdArgs.push_back("-target-feature"); 1186 CmdArgs.push_back("+tagged-globals"); 1187 } 1188 1189 // MSan: Workaround for PR16386. 1190 // ASan: This is mainly to help LSan with cases such as 1191 // https://github.com/google/sanitizers/issues/373 1192 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't 1193 // affect compilation. 1194 if (Sanitizers.has(SanitizerKind::Memory) || 1195 Sanitizers.has(SanitizerKind::Address)) 1196 CmdArgs.push_back("-fno-assume-sane-operator-new"); 1197 1198 // libFuzzer wants to intercept calls to certain library functions, so the 1199 // following -fno-builtin-* flags force the compiler to emit interposable 1200 // libcalls to these functions. Other sanitizers effectively do the same thing 1201 // by marking all library call sites with NoBuiltin attribute in their LLVM 1202 // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin) 1203 if (Sanitizers.has(SanitizerKind::FuzzerNoLink)) { 1204 CmdArgs.push_back("-fno-builtin-bcmp"); 1205 CmdArgs.push_back("-fno-builtin-memcmp"); 1206 CmdArgs.push_back("-fno-builtin-strncmp"); 1207 CmdArgs.push_back("-fno-builtin-strcmp"); 1208 CmdArgs.push_back("-fno-builtin-strncasecmp"); 1209 CmdArgs.push_back("-fno-builtin-strcasecmp"); 1210 CmdArgs.push_back("-fno-builtin-strstr"); 1211 CmdArgs.push_back("-fno-builtin-strcasestr"); 1212 CmdArgs.push_back("-fno-builtin-memmem"); 1213 } 1214 1215 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is 1216 // enabled. 1217 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() && 1218 !Args.hasArg(options::OPT_fvisibility_EQ)) { 1219 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with) 1220 << lastArgumentForMask(TC.getDriver(), Args, 1221 Sanitizers.Mask & CFIClasses) 1222 << "-fvisibility="; 1223 } 1224 1225 if (Sanitizers.has(SanitizerKind::MemTag) && !hasTargetFeatureMTE(CmdArgs)) 1226 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature); 1227 } 1228 1229 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, 1230 bool DiagnoseErrors) { 1231 assert((A->getOption().matches(options::OPT_fsanitize_EQ) || 1232 A->getOption().matches(options::OPT_fno_sanitize_EQ) || 1233 A->getOption().matches(options::OPT_fsanitize_recover_EQ) || 1234 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) || 1235 A->getOption().matches(options::OPT_fsanitize_trap_EQ) || 1236 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) && 1237 "Invalid argument in parseArgValues!"); 1238 SanitizerMask Kinds; 1239 for (int i = 0, n = A->getNumValues(); i != n; ++i) { 1240 const char *Value = A->getValue(i); 1241 SanitizerMask Kind; 1242 // Special case: don't accept -fsanitize=all. 1243 if (A->getOption().matches(options::OPT_fsanitize_EQ) && 1244 0 == strcmp("all", Value)) 1245 Kind = SanitizerMask(); 1246 else 1247 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true); 1248 1249 if (Kind) 1250 Kinds |= Kind; 1251 else if (DiagnoseErrors) 1252 D.Diag(clang::diag::err_drv_unsupported_option_argument) 1253 << A->getOption().getName() << Value; 1254 } 1255 return Kinds; 1256 } 1257 1258 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A, 1259 bool DiagnoseErrors) { 1260 assert(A->getOption().matches(options::OPT_fsanitize_coverage) || 1261 A->getOption().matches(options::OPT_fno_sanitize_coverage)); 1262 int Features = 0; 1263 for (int i = 0, n = A->getNumValues(); i != n; ++i) { 1264 const char *Value = A->getValue(i); 1265 int F = llvm::StringSwitch<int>(Value) 1266 .Case("func", CoverageFunc) 1267 .Case("bb", CoverageBB) 1268 .Case("edge", CoverageEdge) 1269 .Case("indirect-calls", CoverageIndirCall) 1270 .Case("trace-bb", CoverageTraceBB) 1271 .Case("trace-cmp", CoverageTraceCmp) 1272 .Case("trace-div", CoverageTraceDiv) 1273 .Case("trace-gep", CoverageTraceGep) 1274 .Case("8bit-counters", Coverage8bitCounters) 1275 .Case("trace-pc", CoverageTracePC) 1276 .Case("trace-pc-guard", CoverageTracePCGuard) 1277 .Case("no-prune", CoverageNoPrune) 1278 .Case("inline-8bit-counters", CoverageInline8bitCounters) 1279 .Case("inline-bool-flag", CoverageInlineBoolFlag) 1280 .Case("pc-table", CoveragePCTable) 1281 .Case("stack-depth", CoverageStackDepth) 1282 .Case("trace-loads", CoverageTraceLoads) 1283 .Case("trace-stores", CoverageTraceStores) 1284 .Default(0); 1285 if (F == 0 && DiagnoseErrors) 1286 D.Diag(clang::diag::err_drv_unsupported_option_argument) 1287 << A->getOption().getName() << Value; 1288 Features |= F; 1289 } 1290 return Features; 1291 } 1292 1293 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args, 1294 SanitizerMask Mask) { 1295 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(), 1296 E = Args.rend(); 1297 I != E; ++I) { 1298 const auto *Arg = *I; 1299 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { 1300 SanitizerMask AddKinds = 1301 expandSanitizerGroups(parseArgValues(D, Arg, false)); 1302 if (AddKinds & Mask) 1303 return describeSanitizeArg(Arg, Mask); 1304 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { 1305 SanitizerMask RemoveKinds = 1306 expandSanitizerGroups(parseArgValues(D, Arg, false)); 1307 Mask &= ~RemoveKinds; 1308 } 1309 } 1310 llvm_unreachable("arg list didn't provide expected value"); 1311 } 1312 1313 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) { 1314 assert(A->getOption().matches(options::OPT_fsanitize_EQ) 1315 && "Invalid argument in describeSanitizerArg!"); 1316 1317 std::string Sanitizers; 1318 for (int i = 0, n = A->getNumValues(); i != n; ++i) { 1319 if (expandSanitizerGroups( 1320 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) & 1321 Mask) { 1322 if (!Sanitizers.empty()) 1323 Sanitizers += ","; 1324 Sanitizers += A->getValue(i); 1325 } 1326 } 1327 1328 assert(!Sanitizers.empty() && "arg didn't provide expected value"); 1329 return "-fsanitize=" + Sanitizers; 1330 } 1331