1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools ---------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 #include "clang/Driver/SanitizerArgs.h" 9 #include "ToolChains/CommonArgs.h" 10 #include "clang/Basic/Sanitizers.h" 11 #include "clang/Driver/Driver.h" 12 #include "clang/Driver/DriverDiagnostic.h" 13 #include "clang/Driver/Options.h" 14 #include "clang/Driver/ToolChain.h" 15 #include "llvm/ADT/StringExtras.h" 16 #include "llvm/ADT/StringSwitch.h" 17 #include "llvm/Support/Path.h" 18 #include "llvm/Support/SpecialCaseList.h" 19 #include "llvm/Support/TargetParser.h" 20 #include "llvm/Support/VirtualFileSystem.h" 21 #include <memory> 22 23 using namespace clang; 24 using namespace clang::driver; 25 using namespace llvm::opt; 26 27 static const SanitizerMask NeedsUbsanRt = 28 SanitizerKind::Undefined | SanitizerKind::Integer | 29 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | 30 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero | 31 SanitizerKind::ObjCCast; 32 static const SanitizerMask NeedsUbsanCxxRt = 33 SanitizerKind::Vptr | SanitizerKind::CFI; 34 static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr; 35 static const SanitizerMask NotAllowedWithMinimalRuntime = 36 SanitizerKind::Function | SanitizerKind::Vptr; 37 static const SanitizerMask RequiresPIE = 38 SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo; 39 static const SanitizerMask NeedsUnwindTables = 40 SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread | 41 SanitizerKind::Memory | SanitizerKind::DataFlow; 42 static const SanitizerMask SupportsCoverage = 43 SanitizerKind::Address | SanitizerKind::HWAddress | 44 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress | 45 SanitizerKind::MemTag | SanitizerKind::Memory | 46 SanitizerKind::KernelMemory | SanitizerKind::Leak | 47 SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds | 48 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | 49 SanitizerKind::DataFlow | SanitizerKind::Fuzzer | 50 SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero | 51 SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack | 52 SanitizerKind::Thread | SanitizerKind::ObjCCast; 53 static const SanitizerMask RecoverableByDefault = 54 SanitizerKind::Undefined | SanitizerKind::Integer | 55 SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | 56 SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast; 57 static const SanitizerMask Unrecoverable = 58 SanitizerKind::Unreachable | SanitizerKind::Return; 59 static const SanitizerMask AlwaysRecoverable = 60 SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress; 61 static const SanitizerMask NeedsLTO = SanitizerKind::CFI; 62 static const SanitizerMask TrappingSupported = 63 (SanitizerKind::Undefined & ~SanitizerKind::Vptr) | 64 SanitizerKind::UnsignedIntegerOverflow | SanitizerKind::ImplicitConversion | 65 SanitizerKind::Nullability | SanitizerKind::LocalBounds | 66 SanitizerKind::CFI | SanitizerKind::FloatDivideByZero | 67 SanitizerKind::ObjCCast; 68 static const SanitizerMask TrappingDefault = SanitizerKind::CFI; 69 static const SanitizerMask CFIClasses = 70 SanitizerKind::CFIVCall | SanitizerKind::CFINVCall | 71 SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast | 72 SanitizerKind::CFIUnrelatedCast; 73 static const SanitizerMask CompatibleWithMinimalRuntime = 74 TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack | 75 SanitizerKind::MemTag; 76 77 enum CoverageFeature { 78 CoverageFunc = 1 << 0, 79 CoverageBB = 1 << 1, 80 CoverageEdge = 1 << 2, 81 CoverageIndirCall = 1 << 3, 82 CoverageTraceBB = 1 << 4, // Deprecated. 83 CoverageTraceCmp = 1 << 5, 84 CoverageTraceDiv = 1 << 6, 85 CoverageTraceGep = 1 << 7, 86 Coverage8bitCounters = 1 << 8, // Deprecated. 87 CoverageTracePC = 1 << 9, 88 CoverageTracePCGuard = 1 << 10, 89 CoverageNoPrune = 1 << 11, 90 CoverageInline8bitCounters = 1 << 12, 91 CoveragePCTable = 1 << 13, 92 CoverageStackDepth = 1 << 14, 93 CoverageInlineBoolFlag = 1 << 15, 94 }; 95 96 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any 97 /// invalid components. Returns a SanitizerMask. 98 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, 99 bool DiagnoseErrors); 100 101 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid 102 /// components. Returns OR of members of \c CoverageFeature enumeration. 103 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A); 104 105 /// Produce an argument string from ArgList \p Args, which shows how it 106 /// provides some sanitizer kind from \p Mask. For example, the argument list 107 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt 108 /// would produce "-fsanitize=vptr". 109 static std::string lastArgumentForMask(const Driver &D, 110 const llvm::opt::ArgList &Args, 111 SanitizerMask Mask); 112 113 /// Produce an argument string from argument \p A, which shows how it provides 114 /// a value in \p Mask. For instance, the argument 115 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce 116 /// "-fsanitize=alignment". 117 static std::string describeSanitizeArg(const llvm::opt::Arg *A, 118 SanitizerMask Mask); 119 120 /// Produce a string containing comma-separated names of sanitizers in \p 121 /// Sanitizers set. 122 static std::string toString(const clang::SanitizerSet &Sanitizers); 123 124 static void validateSpecialCaseListFormat(const Driver &D, 125 std::vector<std::string> &SCLFiles, 126 unsigned MalformedSCLErrorDiagID) { 127 if (SCLFiles.empty()) 128 return; 129 130 std::string BLError; 131 std::unique_ptr<llvm::SpecialCaseList> SCL( 132 llvm::SpecialCaseList::create(SCLFiles, D.getVFS(), BLError)); 133 if (!SCL.get()) 134 D.Diag(MalformedSCLErrorDiagID) << BLError; 135 } 136 137 static void addDefaultBlacklists(const Driver &D, SanitizerMask Kinds, 138 std::vector<std::string> &BlacklistFiles) { 139 struct Blacklist { 140 const char *File; 141 SanitizerMask Mask; 142 } Blacklists[] = {{"asan_blacklist.txt", SanitizerKind::Address}, 143 {"hwasan_blacklist.txt", SanitizerKind::HWAddress}, 144 {"memtag_blacklist.txt", SanitizerKind::MemTag}, 145 {"msan_blacklist.txt", SanitizerKind::Memory}, 146 {"tsan_blacklist.txt", SanitizerKind::Thread}, 147 {"dfsan_abilist.txt", SanitizerKind::DataFlow}, 148 {"cfi_blacklist.txt", SanitizerKind::CFI}, 149 {"ubsan_blacklist.txt", 150 SanitizerKind::Undefined | SanitizerKind::Integer | 151 SanitizerKind::Nullability | 152 SanitizerKind::FloatDivideByZero}}; 153 154 for (auto BL : Blacklists) { 155 if (!(Kinds & BL.Mask)) 156 continue; 157 158 clang::SmallString<64> Path(D.ResourceDir); 159 llvm::sys::path::append(Path, "share", BL.File); 160 if (D.getVFS().exists(Path)) 161 BlacklistFiles.push_back(std::string(Path.str())); 162 else if (BL.Mask == SanitizerKind::CFI) 163 // If cfi_blacklist.txt cannot be found in the resource dir, driver 164 // should fail. 165 D.Diag(clang::diag::err_drv_no_such_file) << Path; 166 } 167 validateSpecialCaseListFormat( 168 D, BlacklistFiles, clang::diag::err_drv_malformed_sanitizer_blacklist); 169 } 170 171 /// Parse -f(no-)?sanitize-(coverage-)?(white|black)list argument's values, 172 /// diagnosing any invalid file paths and validating special case list format. 173 static void parseSpecialCaseListArg(const Driver &D, 174 const llvm::opt::ArgList &Args, 175 std::vector<std::string> &SCLFiles, 176 llvm::opt::OptSpecifier SCLOptionID, 177 llvm::opt::OptSpecifier NoSCLOptionID, 178 unsigned MalformedSCLErrorDiagID) { 179 for (const auto *Arg : Args) { 180 // Match -fsanitize-(coverage-)?(white|black)list. 181 if (Arg->getOption().matches(SCLOptionID)) { 182 Arg->claim(); 183 std::string SCLPath = Arg->getValue(); 184 if (D.getVFS().exists(SCLPath)) { 185 SCLFiles.push_back(SCLPath); 186 } else { 187 D.Diag(clang::diag::err_drv_no_such_file) << SCLPath; 188 } 189 // Match -fno-sanitize-blacklist. 190 } else if (Arg->getOption().matches(NoSCLOptionID)) { 191 Arg->claim(); 192 SCLFiles.clear(); 193 } 194 } 195 validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID); 196 } 197 198 /// Sets group bits for every group that has at least one representative already 199 /// enabled in \p Kinds. 200 static SanitizerMask setGroupBits(SanitizerMask Kinds) { 201 #define SANITIZER(NAME, ID) 202 #define SANITIZER_GROUP(NAME, ID, ALIAS) \ 203 if (Kinds & SanitizerKind::ID) \ 204 Kinds |= SanitizerKind::ID##Group; 205 #include "clang/Basic/Sanitizers.def" 206 return Kinds; 207 } 208 209 static SanitizerMask parseSanitizeTrapArgs(const Driver &D, 210 const llvm::opt::ArgList &Args) { 211 SanitizerMask TrapRemove; // During the loop below, the accumulated set of 212 // sanitizers disabled by the current sanitizer 213 // argument or any argument after it. 214 SanitizerMask TrappingKinds; 215 SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported); 216 217 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend(); 218 I != E; ++I) { 219 const auto *Arg = *I; 220 if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) { 221 Arg->claim(); 222 SanitizerMask Add = parseArgValues(D, Arg, true); 223 Add &= ~TrapRemove; 224 if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) { 225 SanitizerSet S; 226 S.Mask = InvalidValues; 227 D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap" 228 << toString(S); 229 } 230 TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove; 231 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) { 232 Arg->claim(); 233 TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true)); 234 } 235 } 236 237 // Apply default trapping behavior. 238 TrappingKinds |= TrappingDefault & ~TrapRemove; 239 240 return TrappingKinds; 241 } 242 243 bool SanitizerArgs::needsUbsanRt() const { 244 // All of these include ubsan. 245 if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() || 246 needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() || 247 (needsScudoRt() && !requiresMinimalRuntime())) 248 return false; 249 250 return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) || 251 CoverageFeatures; 252 } 253 254 bool SanitizerArgs::needsCfiRt() const { 255 return !(Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) && 256 CfiCrossDso && !ImplicitCfiRuntime; 257 } 258 259 bool SanitizerArgs::needsCfiDiagRt() const { 260 return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) && 261 CfiCrossDso && !ImplicitCfiRuntime; 262 } 263 264 bool SanitizerArgs::requiresPIE() const { 265 return NeedPIE || (Sanitizers.Mask & RequiresPIE); 266 } 267 268 bool SanitizerArgs::needsUnwindTables() const { 269 return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables); 270 } 271 272 bool SanitizerArgs::needsLTO() const { 273 return static_cast<bool>(Sanitizers.Mask & NeedsLTO); 274 } 275 276 SanitizerArgs::SanitizerArgs(const ToolChain &TC, 277 const llvm::opt::ArgList &Args) { 278 SanitizerMask AllRemove; // During the loop below, the accumulated set of 279 // sanitizers disabled by the current sanitizer 280 // argument or any argument after it. 281 SanitizerMask AllAddedKinds; // Mask of all sanitizers ever enabled by 282 // -fsanitize= flags (directly or via group 283 // expansion), some of which may be disabled 284 // later. Used to carefully prune 285 // unused-argument diagnostics. 286 SanitizerMask DiagnosedKinds; // All Kinds we have diagnosed up to now. 287 // Used to deduplicate diagnostics. 288 SanitizerMask Kinds; 289 const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers()); 290 291 CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso, 292 options::OPT_fno_sanitize_cfi_cross_dso, false); 293 294 ToolChain::RTTIMode RTTIMode = TC.getRTTIMode(); 295 296 const Driver &D = TC.getDriver(); 297 SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args); 298 SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap; 299 300 MinimalRuntime = 301 Args.hasFlag(options::OPT_fsanitize_minimal_runtime, 302 options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime); 303 304 // The object size sanitizer should not be enabled at -O0. 305 Arg *OptLevel = Args.getLastArg(options::OPT_O_Group); 306 bool RemoveObjectSizeAtO0 = 307 !OptLevel || OptLevel->getOption().matches(options::OPT_O0); 308 309 for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend(); 310 I != E; ++I) { 311 const auto *Arg = *I; 312 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { 313 Arg->claim(); 314 SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true); 315 316 if (RemoveObjectSizeAtO0) { 317 AllRemove |= SanitizerKind::ObjectSize; 318 319 // The user explicitly enabled the object size sanitizer. Warn 320 // that this does nothing at -O0. 321 if (Add & SanitizerKind::ObjectSize) 322 D.Diag(diag::warn_drv_object_size_disabled_O0) 323 << Arg->getAsString(Args); 324 } 325 326 AllAddedKinds |= expandSanitizerGroups(Add); 327 328 // Avoid diagnosing any sanitizer which is disabled later. 329 Add &= ~AllRemove; 330 // At this point we have not expanded groups, so any unsupported 331 // sanitizers in Add are those which have been explicitly enabled. 332 // Diagnose them. 333 if (SanitizerMask KindsToDiagnose = 334 Add & InvalidTrappingKinds & ~DiagnosedKinds) { 335 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); 336 D.Diag(diag::err_drv_argument_not_allowed_with) 337 << Desc << "-fsanitize-trap=undefined"; 338 DiagnosedKinds |= KindsToDiagnose; 339 } 340 Add &= ~InvalidTrappingKinds; 341 342 if (MinimalRuntime) { 343 if (SanitizerMask KindsToDiagnose = 344 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) { 345 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); 346 D.Diag(diag::err_drv_argument_not_allowed_with) 347 << Desc << "-fsanitize-minimal-runtime"; 348 DiagnosedKinds |= KindsToDiagnose; 349 } 350 Add &= ~NotAllowedWithMinimalRuntime; 351 } 352 353 // FIXME: Make CFI on member function calls compatible with cross-DSO CFI. 354 // There are currently two problems: 355 // - Virtual function call checks need to pass a pointer to the function 356 // address to llvm.type.test and a pointer to the address point to the 357 // diagnostic function. Currently we pass the same pointer to both 358 // places. 359 // - Non-virtual function call checks may need to check multiple type 360 // identifiers. 361 // Fixing both of those may require changes to the cross-DSO CFI 362 // interface. 363 if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) { 364 D.Diag(diag::err_drv_argument_not_allowed_with) 365 << "-fsanitize=cfi-mfcall" 366 << "-fsanitize-cfi-cross-dso"; 367 Add &= ~SanitizerKind::CFIMFCall; 368 DiagnosedKinds |= SanitizerKind::CFIMFCall; 369 } 370 371 if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) { 372 std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); 373 D.Diag(diag::err_drv_unsupported_opt_for_target) 374 << Desc << TC.getTriple().str(); 375 DiagnosedKinds |= KindsToDiagnose; 376 } 377 Add &= Supported; 378 379 // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups 380 // so we don't error out if -fno-rtti and -fsanitize=undefined were 381 // passed. 382 if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) { 383 if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) { 384 assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) && 385 "RTTI disabled without -fno-rtti option?"); 386 // The user explicitly passed -fno-rtti with -fsanitize=vptr, but 387 // the vptr sanitizer requires RTTI, so this is a user error. 388 D.Diag(diag::err_drv_argument_not_allowed_with) 389 << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args); 390 } else { 391 // The vptr sanitizer requires RTTI, but RTTI is disabled (by 392 // default). Warn that the vptr sanitizer is being disabled. 393 D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default); 394 } 395 396 // Take out the Vptr sanitizer from the enabled sanitizers 397 AllRemove |= SanitizerKind::Vptr; 398 } 399 400 Add = expandSanitizerGroups(Add); 401 // Group expansion may have enabled a sanitizer which is disabled later. 402 Add &= ~AllRemove; 403 // Silently discard any unsupported sanitizers implicitly enabled through 404 // group expansion. 405 Add &= ~InvalidTrappingKinds; 406 if (MinimalRuntime) { 407 Add &= ~NotAllowedWithMinimalRuntime; 408 } 409 if (CfiCrossDso) 410 Add &= ~SanitizerKind::CFIMFCall; 411 Add &= Supported; 412 413 if (Add & SanitizerKind::Fuzzer) 414 Add |= SanitizerKind::FuzzerNoLink; 415 416 // Enable coverage if the fuzzing flag is set. 417 if (Add & SanitizerKind::FuzzerNoLink) { 418 CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall | 419 CoverageTraceCmp | CoveragePCTable; 420 // Due to TLS differences, stack depth tracking is only enabled on Linux 421 if (TC.getTriple().isOSLinux()) 422 CoverageFeatures |= CoverageStackDepth; 423 } 424 425 Kinds |= Add; 426 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { 427 Arg->claim(); 428 SanitizerMask Remove = parseArgValues(D, Arg, true); 429 AllRemove |= expandSanitizerGroups(Remove); 430 } 431 } 432 433 std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { 434 std::make_pair(SanitizerKind::Address, 435 SanitizerKind::Thread | SanitizerKind::Memory), 436 std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory), 437 std::make_pair(SanitizerKind::Leak, 438 SanitizerKind::Thread | SanitizerKind::Memory), 439 std::make_pair(SanitizerKind::KernelAddress, 440 SanitizerKind::Address | SanitizerKind::Leak | 441 SanitizerKind::Thread | SanitizerKind::Memory), 442 std::make_pair(SanitizerKind::HWAddress, 443 SanitizerKind::Address | SanitizerKind::Thread | 444 SanitizerKind::Memory | SanitizerKind::KernelAddress), 445 std::make_pair(SanitizerKind::Scudo, 446 SanitizerKind::Address | SanitizerKind::HWAddress | 447 SanitizerKind::Leak | SanitizerKind::Thread | 448 SanitizerKind::Memory | SanitizerKind::KernelAddress), 449 std::make_pair(SanitizerKind::SafeStack, 450 (TC.getTriple().isOSFuchsia() ? SanitizerMask() 451 : SanitizerKind::Leak) | 452 SanitizerKind::Address | SanitizerKind::HWAddress | 453 SanitizerKind::Thread | SanitizerKind::Memory | 454 SanitizerKind::KernelAddress), 455 std::make_pair(SanitizerKind::KernelHWAddress, 456 SanitizerKind::Address | SanitizerKind::HWAddress | 457 SanitizerKind::Leak | SanitizerKind::Thread | 458 SanitizerKind::Memory | SanitizerKind::KernelAddress | 459 SanitizerKind::SafeStack), 460 std::make_pair(SanitizerKind::KernelMemory, 461 SanitizerKind::Address | SanitizerKind::HWAddress | 462 SanitizerKind::Leak | SanitizerKind::Thread | 463 SanitizerKind::Memory | SanitizerKind::KernelAddress | 464 SanitizerKind::Scudo | SanitizerKind::SafeStack), 465 std::make_pair(SanitizerKind::MemTag, 466 SanitizerKind::Address | SanitizerKind::KernelAddress | 467 SanitizerKind::HWAddress | 468 SanitizerKind::KernelHWAddress)}; 469 // Enable toolchain specific default sanitizers if not explicitly disabled. 470 SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove; 471 472 // Disable default sanitizers that are incompatible with explicitly requested 473 // ones. 474 for (auto G : IncompatibleGroups) { 475 SanitizerMask Group = G.first; 476 if ((Default & Group) && (Kinds & G.second)) 477 Default &= ~Group; 478 } 479 480 Kinds |= Default; 481 482 // We disable the vptr sanitizer if it was enabled by group expansion but RTTI 483 // is disabled. 484 if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) { 485 Kinds &= ~SanitizerKind::Vptr; 486 } 487 488 // Check that LTO is enabled if we need it. 489 if ((Kinds & NeedsLTO) && !D.isUsingLTO()) { 490 D.Diag(diag::err_drv_argument_only_allowed_with) 491 << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto"; 492 } 493 494 if ((Kinds & SanitizerKind::ShadowCallStack) && TC.getTriple().isAArch64() && 495 !llvm::AArch64::isX18ReservedByDefault(TC.getTriple()) && 496 !Args.hasArg(options::OPT_ffixed_x18)) { 497 D.Diag(diag::err_drv_argument_only_allowed_with) 498 << lastArgumentForMask(D, Args, Kinds & SanitizerKind::ShadowCallStack) 499 << "-ffixed-x18"; 500 } 501 502 // Report error if there are non-trapping sanitizers that require 503 // c++abi-specific parts of UBSan runtime, and they are not provided by the 504 // toolchain. We don't have a good way to check the latter, so we just 505 // check if the toolchan supports vptr. 506 if (~Supported & SanitizerKind::Vptr) { 507 SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt; 508 // The runtime library supports the Microsoft C++ ABI, but only well enough 509 // for CFI. FIXME: Remove this once we support vptr on Windows. 510 if (TC.getTriple().isOSWindows()) 511 KindsToDiagnose &= ~SanitizerKind::CFI; 512 if (KindsToDiagnose) { 513 SanitizerSet S; 514 S.Mask = KindsToDiagnose; 515 D.Diag(diag::err_drv_unsupported_opt_for_target) 516 << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str(); 517 Kinds &= ~KindsToDiagnose; 518 } 519 } 520 521 // Warn about incompatible groups of sanitizers. 522 for (auto G : IncompatibleGroups) { 523 SanitizerMask Group = G.first; 524 if (Kinds & Group) { 525 if (SanitizerMask Incompatible = Kinds & G.second) { 526 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 527 << lastArgumentForMask(D, Args, Group) 528 << lastArgumentForMask(D, Args, Incompatible); 529 Kinds &= ~Incompatible; 530 } 531 } 532 } 533 // FIXME: Currently -fsanitize=leak is silently ignored in the presence of 534 // -fsanitize=address. Perhaps it should print an error, or perhaps 535 // -f(-no)sanitize=leak should change whether leak detection is enabled by 536 // default in ASan? 537 538 // Parse -f(no-)?sanitize-recover flags. 539 SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable; 540 SanitizerMask DiagnosedUnrecoverableKinds; 541 SanitizerMask DiagnosedAlwaysRecoverableKinds; 542 for (const auto *Arg : Args) { 543 if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) { 544 SanitizerMask Add = parseArgValues(D, Arg, true); 545 // Report error if user explicitly tries to recover from unrecoverable 546 // sanitizer. 547 if (SanitizerMask KindsToDiagnose = 548 Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) { 549 SanitizerSet SetToDiagnose; 550 SetToDiagnose.Mask |= KindsToDiagnose; 551 D.Diag(diag::err_drv_unsupported_option_argument) 552 << Arg->getOption().getName() << toString(SetToDiagnose); 553 DiagnosedUnrecoverableKinds |= KindsToDiagnose; 554 } 555 RecoverableKinds |= expandSanitizerGroups(Add); 556 Arg->claim(); 557 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) { 558 SanitizerMask Remove = parseArgValues(D, Arg, true); 559 // Report error if user explicitly tries to disable recovery from 560 // always recoverable sanitizer. 561 if (SanitizerMask KindsToDiagnose = 562 Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) { 563 SanitizerSet SetToDiagnose; 564 SetToDiagnose.Mask |= KindsToDiagnose; 565 D.Diag(diag::err_drv_unsupported_option_argument) 566 << Arg->getOption().getName() << toString(SetToDiagnose); 567 DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose; 568 } 569 RecoverableKinds &= ~expandSanitizerGroups(Remove); 570 Arg->claim(); 571 } 572 } 573 RecoverableKinds &= Kinds; 574 RecoverableKinds &= ~Unrecoverable; 575 576 TrappingKinds &= Kinds; 577 RecoverableKinds &= ~TrappingKinds; 578 579 // Setup blacklist files. 580 // Add default blacklist from resource directory for activated sanitizers, and 581 // validate special case lists format. 582 if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_blacklist)) 583 addDefaultBlacklists(D, Kinds, SystemBlacklistFiles); 584 585 // Parse -f(no-)?sanitize-blacklist options. 586 // This also validates special case lists format. 587 parseSpecialCaseListArg(D, Args, UserBlacklistFiles, 588 options::OPT_fsanitize_blacklist, 589 options::OPT_fno_sanitize_blacklist, 590 clang::diag::err_drv_malformed_sanitizer_blacklist); 591 592 // Parse -f[no-]sanitize-memory-track-origins[=level] options. 593 if (AllAddedKinds & SanitizerKind::Memory) { 594 if (Arg *A = 595 Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ, 596 options::OPT_fsanitize_memory_track_origins, 597 options::OPT_fno_sanitize_memory_track_origins)) { 598 if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) { 599 MsanTrackOrigins = 2; 600 } else if (A->getOption().matches( 601 options::OPT_fno_sanitize_memory_track_origins)) { 602 MsanTrackOrigins = 0; 603 } else { 604 StringRef S = A->getValue(); 605 if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 || 606 MsanTrackOrigins > 2) { 607 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; 608 } 609 } 610 } 611 MsanUseAfterDtor = 612 Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor, 613 options::OPT_fno_sanitize_memory_use_after_dtor, 614 MsanUseAfterDtor); 615 NeedPIE |= !(TC.getTriple().isOSLinux() && 616 TC.getTriple().getArch() == llvm::Triple::x86_64); 617 } else { 618 MsanUseAfterDtor = false; 619 } 620 621 if (AllAddedKinds & SanitizerKind::Thread) { 622 TsanMemoryAccess = Args.hasFlag( 623 options::OPT_fsanitize_thread_memory_access, 624 options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess); 625 TsanFuncEntryExit = Args.hasFlag( 626 options::OPT_fsanitize_thread_func_entry_exit, 627 options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit); 628 TsanAtomics = 629 Args.hasFlag(options::OPT_fsanitize_thread_atomics, 630 options::OPT_fno_sanitize_thread_atomics, TsanAtomics); 631 } 632 633 if (AllAddedKinds & SanitizerKind::CFI) { 634 // Without PIE, external function address may resolve to a PLT record, which 635 // can not be verified by the target module. 636 NeedPIE |= CfiCrossDso; 637 CfiICallGeneralizePointers = 638 Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers); 639 640 if (CfiCrossDso && CfiICallGeneralizePointers) 641 D.Diag(diag::err_drv_argument_not_allowed_with) 642 << "-fsanitize-cfi-cross-dso" 643 << "-fsanitize-cfi-icall-generalize-pointers"; 644 645 CfiCanonicalJumpTables = 646 Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables, 647 options::OPT_fno_sanitize_cfi_canonical_jump_tables, true); 648 } 649 650 Stats = Args.hasFlag(options::OPT_fsanitize_stats, 651 options::OPT_fno_sanitize_stats, false); 652 653 if (MinimalRuntime) { 654 SanitizerMask IncompatibleMask = 655 Kinds & ~setGroupBits(CompatibleWithMinimalRuntime); 656 if (IncompatibleMask) 657 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 658 << "-fsanitize-minimal-runtime" 659 << lastArgumentForMask(D, Args, IncompatibleMask); 660 661 SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds; 662 if (NonTrappingCfi) 663 D.Diag(clang::diag::err_drv_argument_only_allowed_with) 664 << "fsanitize-minimal-runtime" 665 << "fsanitize-trap=cfi"; 666 } 667 668 // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the 669 // enabled sanitizers. 670 for (const auto *Arg : Args) { 671 if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) { 672 int LegacySanitizeCoverage; 673 if (Arg->getNumValues() == 1 && 674 !StringRef(Arg->getValue(0)) 675 .getAsInteger(0, LegacySanitizeCoverage)) { 676 CoverageFeatures = 0; 677 Arg->claim(); 678 if (LegacySanitizeCoverage != 0) { 679 D.Diag(diag::warn_drv_deprecated_arg) 680 << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard"; 681 } 682 continue; 683 } 684 CoverageFeatures |= parseCoverageFeatures(D, Arg); 685 686 // Disable coverage and not claim the flags if there is at least one 687 // non-supporting sanitizer. 688 if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) { 689 Arg->claim(); 690 } else { 691 CoverageFeatures = 0; 692 } 693 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) { 694 Arg->claim(); 695 CoverageFeatures &= ~parseCoverageFeatures(D, Arg); 696 } 697 } 698 // Choose at most one coverage type: function, bb, or edge. 699 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB)) 700 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 701 << "-fsanitize-coverage=func" 702 << "-fsanitize-coverage=bb"; 703 if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge)) 704 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 705 << "-fsanitize-coverage=func" 706 << "-fsanitize-coverage=edge"; 707 if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge)) 708 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 709 << "-fsanitize-coverage=bb" 710 << "-fsanitize-coverage=edge"; 711 // Basic block tracing and 8-bit counters require some type of coverage 712 // enabled. 713 if (CoverageFeatures & CoverageTraceBB) 714 D.Diag(clang::diag::warn_drv_deprecated_arg) 715 << "-fsanitize-coverage=trace-bb" 716 << "-fsanitize-coverage=trace-pc-guard"; 717 if (CoverageFeatures & Coverage8bitCounters) 718 D.Diag(clang::diag::warn_drv_deprecated_arg) 719 << "-fsanitize-coverage=8bit-counters" 720 << "-fsanitize-coverage=trace-pc-guard"; 721 722 int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge; 723 int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard | 724 CoverageInline8bitCounters | 725 CoverageInlineBoolFlag; 726 if ((CoverageFeatures & InsertionPointTypes) && 727 !(CoverageFeatures & InstrumentationTypes)) { 728 D.Diag(clang::diag::warn_drv_deprecated_arg) 729 << "-fsanitize-coverage=[func|bb|edge]" 730 << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]"; 731 } 732 733 // trace-pc w/o func/bb/edge implies edge. 734 if (!(CoverageFeatures & InsertionPointTypes)) { 735 if (CoverageFeatures & 736 (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters | 737 CoverageInlineBoolFlag)) 738 CoverageFeatures |= CoverageEdge; 739 740 if (CoverageFeatures & CoverageStackDepth) 741 CoverageFeatures |= CoverageFunc; 742 } 743 744 // Parse -fsanitize-coverage-(black|white)list options if coverage enabled. 745 // This also validates special case lists format. 746 // Here, OptSpecifier() acts as a never-matching command-line argument. 747 // So, there is no way to clear coverage lists but you can append to them. 748 if (CoverageFeatures) { 749 parseSpecialCaseListArg( 750 D, Args, CoverageAllowlistFiles, 751 options::OPT_fsanitize_coverage_allowlist, OptSpecifier(), 752 clang::diag::err_drv_malformed_sanitizer_coverage_whitelist); 753 parseSpecialCaseListArg( 754 D, Args, CoverageBlocklistFiles, 755 options::OPT_fsanitize_coverage_blocklist, OptSpecifier(), 756 clang::diag::err_drv_malformed_sanitizer_coverage_blacklist); 757 } 758 759 SharedRuntime = 760 Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan, 761 TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() || 762 TC.getTriple().isOSDarwin()); 763 764 ImplicitCfiRuntime = TC.getTriple().isAndroid(); 765 766 if (AllAddedKinds & SanitizerKind::Address) { 767 NeedPIE |= TC.getTriple().isOSFuchsia(); 768 if (Arg *A = 769 Args.getLastArg(options::OPT_fsanitize_address_field_padding)) { 770 StringRef S = A->getValue(); 771 // Legal values are 0 and 1, 2, but in future we may add more levels. 772 if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 || 773 AsanFieldPadding > 2) { 774 D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; 775 } 776 } 777 778 if (Arg *WindowsDebugRTArg = 779 Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT, 780 options::OPT__SLASH_MDd, options::OPT__SLASH_MD, 781 options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) { 782 switch (WindowsDebugRTArg->getOption().getID()) { 783 case options::OPT__SLASH_MTd: 784 case options::OPT__SLASH_MDd: 785 case options::OPT__SLASH_LDd: 786 D.Diag(clang::diag::err_drv_argument_not_allowed_with) 787 << WindowsDebugRTArg->getAsString(Args) 788 << lastArgumentForMask(D, Args, SanitizerKind::Address); 789 D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime); 790 } 791 } 792 793 AsanUseAfterScope = Args.hasFlag( 794 options::OPT_fsanitize_address_use_after_scope, 795 options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope); 796 797 AsanPoisonCustomArrayCookie = Args.hasFlag( 798 options::OPT_fsanitize_address_poison_custom_array_cookie, 799 options::OPT_fno_sanitize_address_poison_custom_array_cookie, 800 AsanPoisonCustomArrayCookie); 801 802 // As a workaround for a bug in gold 2.26 and earlier, dead stripping of 803 // globals in ASan is disabled by default on ELF targets. 804 // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002 805 AsanGlobalsDeadStripping = 806 !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() || 807 TC.getTriple().isPS4() || 808 Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping); 809 810 AsanUseOdrIndicator = 811 Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator, 812 options::OPT_fno_sanitize_address_use_odr_indicator, 813 AsanUseOdrIndicator); 814 815 if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) { 816 AsanInvalidPointerCmp = true; 817 } 818 819 if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) { 820 AsanInvalidPointerSub = true; 821 } 822 823 } else { 824 AsanUseAfterScope = false; 825 // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address. 826 SanitizerMask DetectInvalidPointerPairs = 827 SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract; 828 if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) { 829 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with) 830 << lastArgumentForMask(D, Args, 831 SanitizerKind::PointerCompare | 832 SanitizerKind::PointerSubtract) 833 << "-fsanitize=address"; 834 } 835 } 836 837 if (AllAddedKinds & SanitizerKind::HWAddress) { 838 if (Arg *HwasanAbiArg = 839 Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) { 840 HwasanAbi = HwasanAbiArg->getValue(); 841 if (HwasanAbi != "platform" && HwasanAbi != "interceptor") 842 D.Diag(clang::diag::err_drv_invalid_value) 843 << HwasanAbiArg->getAsString(Args) << HwasanAbi; 844 } else { 845 HwasanAbi = "interceptor"; 846 } 847 } 848 849 if (AllAddedKinds & SanitizerKind::SafeStack) { 850 // SafeStack runtime is built into the system on Android and Fuchsia. 851 SafeStackRuntime = 852 !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia(); 853 } 854 855 LinkRuntimes = 856 Args.hasFlag(options::OPT_fsanitize_link_runtime, 857 options::OPT_fno_sanitize_link_runtime, LinkRuntimes); 858 859 // Parse -link-cxx-sanitizer flag. 860 LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime, 861 options::OPT_fno_sanitize_link_cxx_runtime, 862 LinkCXXRuntimes) || 863 D.CCCIsCXX(); 864 865 // Finally, initialize the set of available and recoverable sanitizers. 866 Sanitizers.Mask |= Kinds; 867 RecoverableSanitizers.Mask |= RecoverableKinds; 868 TrapSanitizers.Mask |= TrappingKinds; 869 assert(!(RecoverableKinds & TrappingKinds) && 870 "Overlap between recoverable and trapping sanitizers"); 871 } 872 873 static std::string toString(const clang::SanitizerSet &Sanitizers) { 874 std::string Res; 875 #define SANITIZER(NAME, ID) \ 876 if (Sanitizers.has(SanitizerKind::ID)) { \ 877 if (!Res.empty()) \ 878 Res += ","; \ 879 Res += NAME; \ 880 } 881 #include "clang/Basic/Sanitizers.def" 882 return Res; 883 } 884 885 static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args, 886 llvm::opt::ArgStringList &CmdArgs, 887 const char *SCLOptFlag, 888 const std::vector<std::string> &SCLFiles) { 889 for (const auto &SCLPath : SCLFiles) { 890 SmallString<64> SCLOpt(SCLOptFlag); 891 SCLOpt += SCLPath; 892 CmdArgs.push_back(Args.MakeArgString(SCLOpt)); 893 } 894 } 895 896 static void addIncludeLinkerOption(const ToolChain &TC, 897 const llvm::opt::ArgList &Args, 898 llvm::opt::ArgStringList &CmdArgs, 899 StringRef SymbolName) { 900 SmallString<64> LinkerOptionFlag; 901 LinkerOptionFlag = "--linker-option=/include:"; 902 if (TC.getTriple().getArch() == llvm::Triple::x86) { 903 // Win32 mangles C function names with a '_' prefix. 904 LinkerOptionFlag += '_'; 905 } 906 LinkerOptionFlag += SymbolName; 907 CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag)); 908 } 909 910 static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) { 911 for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End; ++Start) { 912 auto It = std::find(Start, End, StringRef("+mte")); 913 if (It == End) 914 break; 915 if (It > Start && *std::prev(It) == StringRef("-target-feature")) 916 return true; 917 Start = It; 918 } 919 return false; 920 } 921 922 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, 923 llvm::opt::ArgStringList &CmdArgs, 924 types::ID InputType) const { 925 // NVPTX doesn't currently support sanitizers. Bailing out here means that 926 // e.g. -fsanitize=address applies only to host code, which is what we want 927 // for now. 928 if (TC.getTriple().isNVPTX()) 929 return; 930 931 // Translate available CoverageFeatures to corresponding clang-cc1 flags. 932 // Do it even if Sanitizers.empty() since some forms of coverage don't require 933 // sanitizers. 934 std::pair<int, const char *> CoverageFlags[] = { 935 std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"), 936 std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"), 937 std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"), 938 std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"), 939 std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"), 940 std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"), 941 std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"), 942 std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"), 943 std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"), 944 std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"), 945 std::make_pair(CoverageTracePCGuard, 946 "-fsanitize-coverage-trace-pc-guard"), 947 std::make_pair(CoverageInline8bitCounters, 948 "-fsanitize-coverage-inline-8bit-counters"), 949 std::make_pair(CoverageInlineBoolFlag, 950 "-fsanitize-coverage-inline-bool-flag"), 951 std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"), 952 std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"), 953 std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")}; 954 for (auto F : CoverageFlags) { 955 if (CoverageFeatures & F.first) 956 CmdArgs.push_back(F.second); 957 } 958 addSpecialCaseListOpt( 959 Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles); 960 addSpecialCaseListOpt( 961 Args, CmdArgs, "-fsanitize-coverage-blocklist=", CoverageBlocklistFiles); 962 963 if (TC.getTriple().isOSWindows() && needsUbsanRt()) { 964 // Instruct the code generator to embed linker directives in the object file 965 // that cause the required runtime libraries to be linked. 966 CmdArgs.push_back( 967 Args.MakeArgString("--dependent-lib=" + 968 TC.getCompilerRTBasename(Args, "ubsan_standalone"))); 969 if (types::isCXX(InputType)) 970 CmdArgs.push_back(Args.MakeArgString( 971 "--dependent-lib=" + 972 TC.getCompilerRTBasename(Args, "ubsan_standalone_cxx"))); 973 } 974 if (TC.getTriple().isOSWindows() && needsStatsRt()) { 975 CmdArgs.push_back(Args.MakeArgString( 976 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats_client"))); 977 978 // The main executable must export the stats runtime. 979 // FIXME: Only exporting from the main executable (e.g. based on whether the 980 // translation unit defines main()) would save a little space, but having 981 // multiple copies of the runtime shouldn't hurt. 982 CmdArgs.push_back(Args.MakeArgString( 983 "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats"))); 984 addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register"); 985 } 986 987 if (Sanitizers.empty()) 988 return; 989 CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers))); 990 991 if (!RecoverableSanitizers.empty()) 992 CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" + 993 toString(RecoverableSanitizers))); 994 995 if (!TrapSanitizers.empty()) 996 CmdArgs.push_back( 997 Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers))); 998 999 addSpecialCaseListOpt(Args, CmdArgs, 1000 "-fsanitize-blacklist=", UserBlacklistFiles); 1001 addSpecialCaseListOpt(Args, CmdArgs, 1002 "-fsanitize-system-blacklist=", SystemBlacklistFiles); 1003 1004 if (MsanTrackOrigins) 1005 CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" + 1006 Twine(MsanTrackOrigins))); 1007 1008 if (MsanUseAfterDtor) 1009 CmdArgs.push_back("-fsanitize-memory-use-after-dtor"); 1010 1011 // FIXME: Pass these parameters as function attributes, not as -llvm flags. 1012 if (!TsanMemoryAccess) { 1013 CmdArgs.push_back("-mllvm"); 1014 CmdArgs.push_back("-tsan-instrument-memory-accesses=0"); 1015 CmdArgs.push_back("-mllvm"); 1016 CmdArgs.push_back("-tsan-instrument-memintrinsics=0"); 1017 } 1018 if (!TsanFuncEntryExit) { 1019 CmdArgs.push_back("-mllvm"); 1020 CmdArgs.push_back("-tsan-instrument-func-entry-exit=0"); 1021 } 1022 if (!TsanAtomics) { 1023 CmdArgs.push_back("-mllvm"); 1024 CmdArgs.push_back("-tsan-instrument-atomics=0"); 1025 } 1026 1027 if (CfiCrossDso) 1028 CmdArgs.push_back("-fsanitize-cfi-cross-dso"); 1029 1030 if (CfiICallGeneralizePointers) 1031 CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers"); 1032 1033 if (CfiCanonicalJumpTables) 1034 CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables"); 1035 1036 if (Stats) 1037 CmdArgs.push_back("-fsanitize-stats"); 1038 1039 if (MinimalRuntime) 1040 CmdArgs.push_back("-fsanitize-minimal-runtime"); 1041 1042 if (AsanFieldPadding) 1043 CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" + 1044 Twine(AsanFieldPadding))); 1045 1046 if (AsanUseAfterScope) 1047 CmdArgs.push_back("-fsanitize-address-use-after-scope"); 1048 1049 if (AsanPoisonCustomArrayCookie) 1050 CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie"); 1051 1052 if (AsanGlobalsDeadStripping) 1053 CmdArgs.push_back("-fsanitize-address-globals-dead-stripping"); 1054 1055 if (AsanUseOdrIndicator) 1056 CmdArgs.push_back("-fsanitize-address-use-odr-indicator"); 1057 1058 if (AsanInvalidPointerCmp) { 1059 CmdArgs.push_back("-mllvm"); 1060 CmdArgs.push_back("-asan-detect-invalid-pointer-cmp"); 1061 } 1062 1063 if (AsanInvalidPointerSub) { 1064 CmdArgs.push_back("-mllvm"); 1065 CmdArgs.push_back("-asan-detect-invalid-pointer-sub"); 1066 } 1067 1068 if (!HwasanAbi.empty()) { 1069 CmdArgs.push_back("-default-function-attr"); 1070 CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi)); 1071 } 1072 1073 if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) { 1074 CmdArgs.push_back("-target-feature"); 1075 CmdArgs.push_back("+tagged-globals"); 1076 } 1077 1078 // MSan: Workaround for PR16386. 1079 // ASan: This is mainly to help LSan with cases such as 1080 // https://github.com/google/sanitizers/issues/373 1081 // We can't make this conditional on -fsanitize=leak, as that flag shouldn't 1082 // affect compilation. 1083 if (Sanitizers.has(SanitizerKind::Memory) || 1084 Sanitizers.has(SanitizerKind::Address)) 1085 CmdArgs.push_back("-fno-assume-sane-operator-new"); 1086 1087 // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is 1088 // enabled. 1089 if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() && 1090 !Args.hasArg(options::OPT_fvisibility_EQ)) { 1091 TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with) 1092 << lastArgumentForMask(TC.getDriver(), Args, 1093 Sanitizers.Mask & CFIClasses) 1094 << "-fvisibility="; 1095 } 1096 1097 if (Sanitizers.has(SanitizerKind::MemTag) && !hasTargetFeatureMTE(CmdArgs)) 1098 TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature); 1099 } 1100 1101 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, 1102 bool DiagnoseErrors) { 1103 assert((A->getOption().matches(options::OPT_fsanitize_EQ) || 1104 A->getOption().matches(options::OPT_fno_sanitize_EQ) || 1105 A->getOption().matches(options::OPT_fsanitize_recover_EQ) || 1106 A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) || 1107 A->getOption().matches(options::OPT_fsanitize_trap_EQ) || 1108 A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) && 1109 "Invalid argument in parseArgValues!"); 1110 SanitizerMask Kinds; 1111 for (int i = 0, n = A->getNumValues(); i != n; ++i) { 1112 const char *Value = A->getValue(i); 1113 SanitizerMask Kind; 1114 // Special case: don't accept -fsanitize=all. 1115 if (A->getOption().matches(options::OPT_fsanitize_EQ) && 1116 0 == strcmp("all", Value)) 1117 Kind = SanitizerMask(); 1118 else 1119 Kind = parseSanitizerValue(Value, /*AllowGroups=*/true); 1120 1121 if (Kind) 1122 Kinds |= Kind; 1123 else if (DiagnoseErrors) 1124 D.Diag(clang::diag::err_drv_unsupported_option_argument) 1125 << A->getOption().getName() << Value; 1126 } 1127 return Kinds; 1128 } 1129 1130 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) { 1131 assert(A->getOption().matches(options::OPT_fsanitize_coverage) || 1132 A->getOption().matches(options::OPT_fno_sanitize_coverage)); 1133 int Features = 0; 1134 for (int i = 0, n = A->getNumValues(); i != n; ++i) { 1135 const char *Value = A->getValue(i); 1136 int F = llvm::StringSwitch<int>(Value) 1137 .Case("func", CoverageFunc) 1138 .Case("bb", CoverageBB) 1139 .Case("edge", CoverageEdge) 1140 .Case("indirect-calls", CoverageIndirCall) 1141 .Case("trace-bb", CoverageTraceBB) 1142 .Case("trace-cmp", CoverageTraceCmp) 1143 .Case("trace-div", CoverageTraceDiv) 1144 .Case("trace-gep", CoverageTraceGep) 1145 .Case("8bit-counters", Coverage8bitCounters) 1146 .Case("trace-pc", CoverageTracePC) 1147 .Case("trace-pc-guard", CoverageTracePCGuard) 1148 .Case("no-prune", CoverageNoPrune) 1149 .Case("inline-8bit-counters", CoverageInline8bitCounters) 1150 .Case("inline-bool-flag", CoverageInlineBoolFlag) 1151 .Case("pc-table", CoveragePCTable) 1152 .Case("stack-depth", CoverageStackDepth) 1153 .Default(0); 1154 if (F == 0) 1155 D.Diag(clang::diag::err_drv_unsupported_option_argument) 1156 << A->getOption().getName() << Value; 1157 Features |= F; 1158 } 1159 return Features; 1160 } 1161 1162 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args, 1163 SanitizerMask Mask) { 1164 for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(), 1165 E = Args.rend(); 1166 I != E; ++I) { 1167 const auto *Arg = *I; 1168 if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { 1169 SanitizerMask AddKinds = 1170 expandSanitizerGroups(parseArgValues(D, Arg, false)); 1171 if (AddKinds & Mask) 1172 return describeSanitizeArg(Arg, Mask); 1173 } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { 1174 SanitizerMask RemoveKinds = 1175 expandSanitizerGroups(parseArgValues(D, Arg, false)); 1176 Mask &= ~RemoveKinds; 1177 } 1178 } 1179 llvm_unreachable("arg list didn't provide expected value"); 1180 } 1181 1182 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) { 1183 assert(A->getOption().matches(options::OPT_fsanitize_EQ) 1184 && "Invalid argument in describeSanitizerArg!"); 1185 1186 std::string Sanitizers; 1187 for (int i = 0, n = A->getNumValues(); i != n; ++i) { 1188 if (expandSanitizerGroups( 1189 parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) & 1190 Mask) { 1191 if (!Sanitizers.empty()) 1192 Sanitizers += ","; 1193 Sanitizers += A->getValue(i); 1194 } 1195 } 1196 1197 assert(!Sanitizers.empty() && "arg didn't provide expected value"); 1198 return "-fsanitize=" + Sanitizers; 1199 } 1200