xref: /freebsd/contrib/llvm-project/clang/lib/Driver/SanitizerArgs.cpp (revision 9e5787d2284e187abb5b654d924394a65772e004)
1 //===--- SanitizerArgs.cpp - Arguments for sanitizer tools  ---------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 #include "clang/Driver/SanitizerArgs.h"
9 #include "ToolChains/CommonArgs.h"
10 #include "clang/Basic/Sanitizers.h"
11 #include "clang/Driver/Driver.h"
12 #include "clang/Driver/DriverDiagnostic.h"
13 #include "clang/Driver/Options.h"
14 #include "clang/Driver/ToolChain.h"
15 #include "llvm/ADT/StringExtras.h"
16 #include "llvm/ADT/StringSwitch.h"
17 #include "llvm/Support/Path.h"
18 #include "llvm/Support/SpecialCaseList.h"
19 #include "llvm/Support/TargetParser.h"
20 #include "llvm/Support/VirtualFileSystem.h"
21 #include <memory>
22 
23 using namespace clang;
24 using namespace clang::driver;
25 using namespace llvm::opt;
26 
27 static const SanitizerMask NeedsUbsanRt =
28     SanitizerKind::Undefined | SanitizerKind::Integer |
29     SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
30     SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
31     SanitizerKind::ObjCCast;
32 static const SanitizerMask NeedsUbsanCxxRt =
33     SanitizerKind::Vptr | SanitizerKind::CFI;
34 static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
35 static const SanitizerMask NotAllowedWithMinimalRuntime =
36     SanitizerKind::Function | SanitizerKind::Vptr;
37 static const SanitizerMask RequiresPIE =
38     SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo;
39 static const SanitizerMask NeedsUnwindTables =
40     SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |
41     SanitizerKind::Memory | SanitizerKind::DataFlow;
42 static const SanitizerMask SupportsCoverage =
43     SanitizerKind::Address | SanitizerKind::HWAddress |
44     SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
45     SanitizerKind::MemTag | SanitizerKind::Memory |
46     SanitizerKind::KernelMemory | SanitizerKind::Leak |
47     SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
48     SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
49     SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
50     SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
51     SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
52     SanitizerKind::Thread | SanitizerKind::ObjCCast;
53 static const SanitizerMask RecoverableByDefault =
54     SanitizerKind::Undefined | SanitizerKind::Integer |
55     SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
56     SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
57 static const SanitizerMask Unrecoverable =
58     SanitizerKind::Unreachable | SanitizerKind::Return;
59 static const SanitizerMask AlwaysRecoverable =
60     SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress;
61 static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
62 static const SanitizerMask TrappingSupported =
63     (SanitizerKind::Undefined & ~SanitizerKind::Vptr) |
64     SanitizerKind::UnsignedIntegerOverflow | SanitizerKind::ImplicitConversion |
65     SanitizerKind::Nullability | SanitizerKind::LocalBounds |
66     SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
67     SanitizerKind::ObjCCast;
68 static const SanitizerMask TrappingDefault = SanitizerKind::CFI;
69 static const SanitizerMask CFIClasses =
70     SanitizerKind::CFIVCall | SanitizerKind::CFINVCall |
71     SanitizerKind::CFIMFCall | SanitizerKind::CFIDerivedCast |
72     SanitizerKind::CFIUnrelatedCast;
73 static const SanitizerMask CompatibleWithMinimalRuntime =
74     TrappingSupported | SanitizerKind::Scudo | SanitizerKind::ShadowCallStack |
75     SanitizerKind::MemTag;
76 
77 enum CoverageFeature {
78   CoverageFunc = 1 << 0,
79   CoverageBB = 1 << 1,
80   CoverageEdge = 1 << 2,
81   CoverageIndirCall = 1 << 3,
82   CoverageTraceBB = 1 << 4, // Deprecated.
83   CoverageTraceCmp = 1 << 5,
84   CoverageTraceDiv = 1 << 6,
85   CoverageTraceGep = 1 << 7,
86   Coverage8bitCounters = 1 << 8, // Deprecated.
87   CoverageTracePC = 1 << 9,
88   CoverageTracePCGuard = 1 << 10,
89   CoverageNoPrune = 1 << 11,
90   CoverageInline8bitCounters = 1 << 12,
91   CoveragePCTable = 1 << 13,
92   CoverageStackDepth = 1 << 14,
93   CoverageInlineBoolFlag = 1 << 15,
94 };
95 
96 /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
97 /// invalid components. Returns a SanitizerMask.
98 static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
99                                     bool DiagnoseErrors);
100 
101 /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
102 /// components. Returns OR of members of \c CoverageFeature enumeration.
103 static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A);
104 
105 /// Produce an argument string from ArgList \p Args, which shows how it
106 /// provides some sanitizer kind from \p Mask. For example, the argument list
107 /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
108 /// would produce "-fsanitize=vptr".
109 static std::string lastArgumentForMask(const Driver &D,
110                                        const llvm::opt::ArgList &Args,
111                                        SanitizerMask Mask);
112 
113 /// Produce an argument string from argument \p A, which shows how it provides
114 /// a value in \p Mask. For instance, the argument
115 /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
116 /// "-fsanitize=alignment".
117 static std::string describeSanitizeArg(const llvm::opt::Arg *A,
118                                        SanitizerMask Mask);
119 
120 /// Produce a string containing comma-separated names of sanitizers in \p
121 /// Sanitizers set.
122 static std::string toString(const clang::SanitizerSet &Sanitizers);
123 
124 static void validateSpecialCaseListFormat(const Driver &D,
125                                           std::vector<std::string> &SCLFiles,
126                                           unsigned MalformedSCLErrorDiagID) {
127   if (SCLFiles.empty())
128     return;
129 
130   std::string BLError;
131   std::unique_ptr<llvm::SpecialCaseList> SCL(
132       llvm::SpecialCaseList::create(SCLFiles, D.getVFS(), BLError));
133   if (!SCL.get())
134     D.Diag(MalformedSCLErrorDiagID) << BLError;
135 }
136 
137 static void addDefaultBlacklists(const Driver &D, SanitizerMask Kinds,
138                                  std::vector<std::string> &BlacklistFiles) {
139   struct Blacklist {
140     const char *File;
141     SanitizerMask Mask;
142   } Blacklists[] = {{"asan_blacklist.txt", SanitizerKind::Address},
143                     {"hwasan_blacklist.txt", SanitizerKind::HWAddress},
144                     {"memtag_blacklist.txt", SanitizerKind::MemTag},
145                     {"msan_blacklist.txt", SanitizerKind::Memory},
146                     {"tsan_blacklist.txt", SanitizerKind::Thread},
147                     {"dfsan_abilist.txt", SanitizerKind::DataFlow},
148                     {"cfi_blacklist.txt", SanitizerKind::CFI},
149                     {"ubsan_blacklist.txt",
150                      SanitizerKind::Undefined | SanitizerKind::Integer |
151                          SanitizerKind::Nullability |
152                          SanitizerKind::FloatDivideByZero}};
153 
154   for (auto BL : Blacklists) {
155     if (!(Kinds & BL.Mask))
156       continue;
157 
158     clang::SmallString<64> Path(D.ResourceDir);
159     llvm::sys::path::append(Path, "share", BL.File);
160     if (D.getVFS().exists(Path))
161       BlacklistFiles.push_back(std::string(Path.str()));
162     else if (BL.Mask == SanitizerKind::CFI)
163       // If cfi_blacklist.txt cannot be found in the resource dir, driver
164       // should fail.
165       D.Diag(clang::diag::err_drv_no_such_file) << Path;
166   }
167   validateSpecialCaseListFormat(
168       D, BlacklistFiles, clang::diag::err_drv_malformed_sanitizer_blacklist);
169 }
170 
171 /// Parse -f(no-)?sanitize-(coverage-)?(white|black)list argument's values,
172 /// diagnosing any invalid file paths and validating special case list format.
173 static void parseSpecialCaseListArg(const Driver &D,
174                                     const llvm::opt::ArgList &Args,
175                                     std::vector<std::string> &SCLFiles,
176                                     llvm::opt::OptSpecifier SCLOptionID,
177                                     llvm::opt::OptSpecifier NoSCLOptionID,
178                                     unsigned MalformedSCLErrorDiagID) {
179   for (const auto *Arg : Args) {
180     // Match -fsanitize-(coverage-)?(white|black)list.
181     if (Arg->getOption().matches(SCLOptionID)) {
182       Arg->claim();
183       std::string SCLPath = Arg->getValue();
184       if (D.getVFS().exists(SCLPath)) {
185         SCLFiles.push_back(SCLPath);
186       } else {
187         D.Diag(clang::diag::err_drv_no_such_file) << SCLPath;
188       }
189       // Match -fno-sanitize-blacklist.
190     } else if (Arg->getOption().matches(NoSCLOptionID)) {
191       Arg->claim();
192       SCLFiles.clear();
193     }
194   }
195   validateSpecialCaseListFormat(D, SCLFiles, MalformedSCLErrorDiagID);
196 }
197 
198 /// Sets group bits for every group that has at least one representative already
199 /// enabled in \p Kinds.
200 static SanitizerMask setGroupBits(SanitizerMask Kinds) {
201 #define SANITIZER(NAME, ID)
202 #define SANITIZER_GROUP(NAME, ID, ALIAS)                                       \
203   if (Kinds & SanitizerKind::ID)                                               \
204     Kinds |= SanitizerKind::ID##Group;
205 #include "clang/Basic/Sanitizers.def"
206   return Kinds;
207 }
208 
209 static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
210                                            const llvm::opt::ArgList &Args) {
211   SanitizerMask TrapRemove;     // During the loop below, the accumulated set of
212                                 // sanitizers disabled by the current sanitizer
213                                 // argument or any argument after it.
214   SanitizerMask TrappingKinds;
215   SanitizerMask TrappingSupportedWithGroups = setGroupBits(TrappingSupported);
216 
217   for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
218        I != E; ++I) {
219     const auto *Arg = *I;
220     if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) {
221       Arg->claim();
222       SanitizerMask Add = parseArgValues(D, Arg, true);
223       Add &= ~TrapRemove;
224       if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
225         SanitizerSet S;
226         S.Mask = InvalidValues;
227         D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap"
228                                                           << toString(S);
229       }
230       TrappingKinds |= expandSanitizerGroups(Add) & ~TrapRemove;
231     } else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) {
232       Arg->claim();
233       TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true));
234     }
235   }
236 
237   // Apply default trapping behavior.
238   TrappingKinds |= TrappingDefault & ~TrapRemove;
239 
240   return TrappingKinds;
241 }
242 
243 bool SanitizerArgs::needsUbsanRt() const {
244   // All of these include ubsan.
245   if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
246       needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() ||
247       (needsScudoRt() && !requiresMinimalRuntime()))
248     return false;
249 
250   return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
251          CoverageFeatures;
252 }
253 
254 bool SanitizerArgs::needsCfiRt() const {
255   return !(Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
256          CfiCrossDso && !ImplicitCfiRuntime;
257 }
258 
259 bool SanitizerArgs::needsCfiDiagRt() const {
260   return (Sanitizers.Mask & SanitizerKind::CFI & ~TrapSanitizers.Mask) &&
261          CfiCrossDso && !ImplicitCfiRuntime;
262 }
263 
264 bool SanitizerArgs::requiresPIE() const {
265   return NeedPIE || (Sanitizers.Mask & RequiresPIE);
266 }
267 
268 bool SanitizerArgs::needsUnwindTables() const {
269   return static_cast<bool>(Sanitizers.Mask & NeedsUnwindTables);
270 }
271 
272 bool SanitizerArgs::needsLTO() const {
273   return static_cast<bool>(Sanitizers.Mask & NeedsLTO);
274 }
275 
276 SanitizerArgs::SanitizerArgs(const ToolChain &TC,
277                              const llvm::opt::ArgList &Args) {
278   SanitizerMask AllRemove;      // During the loop below, the accumulated set of
279                                 // sanitizers disabled by the current sanitizer
280                                 // argument or any argument after it.
281   SanitizerMask AllAddedKinds;      // Mask of all sanitizers ever enabled by
282                                     // -fsanitize= flags (directly or via group
283                                     // expansion), some of which may be disabled
284                                     // later. Used to carefully prune
285                                     // unused-argument diagnostics.
286   SanitizerMask DiagnosedKinds;      // All Kinds we have diagnosed up to now.
287                                      // Used to deduplicate diagnostics.
288   SanitizerMask Kinds;
289   const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers());
290 
291   CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
292                              options::OPT_fno_sanitize_cfi_cross_dso, false);
293 
294   ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
295 
296   const Driver &D = TC.getDriver();
297   SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
298   SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
299 
300   MinimalRuntime =
301       Args.hasFlag(options::OPT_fsanitize_minimal_runtime,
302                    options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime);
303 
304   // The object size sanitizer should not be enabled at -O0.
305   Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
306   bool RemoveObjectSizeAtO0 =
307       !OptLevel || OptLevel->getOption().matches(options::OPT_O0);
308 
309   for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
310        I != E; ++I) {
311     const auto *Arg = *I;
312     if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
313       Arg->claim();
314       SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true);
315 
316       if (RemoveObjectSizeAtO0) {
317         AllRemove |= SanitizerKind::ObjectSize;
318 
319         // The user explicitly enabled the object size sanitizer. Warn
320         // that this does nothing at -O0.
321         if (Add & SanitizerKind::ObjectSize)
322           D.Diag(diag::warn_drv_object_size_disabled_O0)
323               << Arg->getAsString(Args);
324       }
325 
326       AllAddedKinds |= expandSanitizerGroups(Add);
327 
328       // Avoid diagnosing any sanitizer which is disabled later.
329       Add &= ~AllRemove;
330       // At this point we have not expanded groups, so any unsupported
331       // sanitizers in Add are those which have been explicitly enabled.
332       // Diagnose them.
333       if (SanitizerMask KindsToDiagnose =
334               Add & InvalidTrappingKinds & ~DiagnosedKinds) {
335         std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
336         D.Diag(diag::err_drv_argument_not_allowed_with)
337             << Desc << "-fsanitize-trap=undefined";
338         DiagnosedKinds |= KindsToDiagnose;
339       }
340       Add &= ~InvalidTrappingKinds;
341 
342       if (MinimalRuntime) {
343         if (SanitizerMask KindsToDiagnose =
344                 Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) {
345           std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
346           D.Diag(diag::err_drv_argument_not_allowed_with)
347               << Desc << "-fsanitize-minimal-runtime";
348           DiagnosedKinds |= KindsToDiagnose;
349         }
350         Add &= ~NotAllowedWithMinimalRuntime;
351       }
352 
353       // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
354       // There are currently two problems:
355       // - Virtual function call checks need to pass a pointer to the function
356       //   address to llvm.type.test and a pointer to the address point to the
357       //   diagnostic function. Currently we pass the same pointer to both
358       //   places.
359       // - Non-virtual function call checks may need to check multiple type
360       //   identifiers.
361       // Fixing both of those may require changes to the cross-DSO CFI
362       // interface.
363       if (CfiCrossDso && (Add & SanitizerKind::CFIMFCall & ~DiagnosedKinds)) {
364         D.Diag(diag::err_drv_argument_not_allowed_with)
365             << "-fsanitize=cfi-mfcall"
366             << "-fsanitize-cfi-cross-dso";
367         Add &= ~SanitizerKind::CFIMFCall;
368         DiagnosedKinds |= SanitizerKind::CFIMFCall;
369       }
370 
371       if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) {
372         std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
373         D.Diag(diag::err_drv_unsupported_opt_for_target)
374             << Desc << TC.getTriple().str();
375         DiagnosedKinds |= KindsToDiagnose;
376       }
377       Add &= Supported;
378 
379       // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups
380       // so we don't error out if -fno-rtti and -fsanitize=undefined were
381       // passed.
382       if ((Add & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
383         if (const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg()) {
384           assert(NoRTTIArg->getOption().matches(options::OPT_fno_rtti) &&
385                   "RTTI disabled without -fno-rtti option?");
386           // The user explicitly passed -fno-rtti with -fsanitize=vptr, but
387           // the vptr sanitizer requires RTTI, so this is a user error.
388           D.Diag(diag::err_drv_argument_not_allowed_with)
389               << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args);
390         } else {
391           // The vptr sanitizer requires RTTI, but RTTI is disabled (by
392           // default). Warn that the vptr sanitizer is being disabled.
393           D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default);
394         }
395 
396         // Take out the Vptr sanitizer from the enabled sanitizers
397         AllRemove |= SanitizerKind::Vptr;
398       }
399 
400       Add = expandSanitizerGroups(Add);
401       // Group expansion may have enabled a sanitizer which is disabled later.
402       Add &= ~AllRemove;
403       // Silently discard any unsupported sanitizers implicitly enabled through
404       // group expansion.
405       Add &= ~InvalidTrappingKinds;
406       if (MinimalRuntime) {
407         Add &= ~NotAllowedWithMinimalRuntime;
408       }
409       if (CfiCrossDso)
410         Add &= ~SanitizerKind::CFIMFCall;
411       Add &= Supported;
412 
413       if (Add & SanitizerKind::Fuzzer)
414         Add |= SanitizerKind::FuzzerNoLink;
415 
416       // Enable coverage if the fuzzing flag is set.
417       if (Add & SanitizerKind::FuzzerNoLink) {
418         CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall |
419                             CoverageTraceCmp | CoveragePCTable;
420         // Due to TLS differences, stack depth tracking is only enabled on Linux
421         if (TC.getTriple().isOSLinux())
422           CoverageFeatures |= CoverageStackDepth;
423       }
424 
425       Kinds |= Add;
426     } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
427       Arg->claim();
428       SanitizerMask Remove = parseArgValues(D, Arg, true);
429       AllRemove |= expandSanitizerGroups(Remove);
430     }
431   }
432 
433   std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
434       std::make_pair(SanitizerKind::Address,
435                      SanitizerKind::Thread | SanitizerKind::Memory),
436       std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory),
437       std::make_pair(SanitizerKind::Leak,
438                      SanitizerKind::Thread | SanitizerKind::Memory),
439       std::make_pair(SanitizerKind::KernelAddress,
440                      SanitizerKind::Address | SanitizerKind::Leak |
441                          SanitizerKind::Thread | SanitizerKind::Memory),
442       std::make_pair(SanitizerKind::HWAddress,
443                      SanitizerKind::Address | SanitizerKind::Thread |
444                          SanitizerKind::Memory | SanitizerKind::KernelAddress),
445       std::make_pair(SanitizerKind::Scudo,
446                      SanitizerKind::Address | SanitizerKind::HWAddress |
447                          SanitizerKind::Leak | SanitizerKind::Thread |
448                          SanitizerKind::Memory | SanitizerKind::KernelAddress),
449       std::make_pair(SanitizerKind::SafeStack,
450                      (TC.getTriple().isOSFuchsia() ? SanitizerMask()
451                                                    : SanitizerKind::Leak) |
452                          SanitizerKind::Address | SanitizerKind::HWAddress |
453                          SanitizerKind::Thread | SanitizerKind::Memory |
454                          SanitizerKind::KernelAddress),
455       std::make_pair(SanitizerKind::KernelHWAddress,
456                      SanitizerKind::Address | SanitizerKind::HWAddress |
457                          SanitizerKind::Leak | SanitizerKind::Thread |
458                          SanitizerKind::Memory | SanitizerKind::KernelAddress |
459                          SanitizerKind::SafeStack),
460       std::make_pair(SanitizerKind::KernelMemory,
461                      SanitizerKind::Address | SanitizerKind::HWAddress |
462                          SanitizerKind::Leak | SanitizerKind::Thread |
463                          SanitizerKind::Memory | SanitizerKind::KernelAddress |
464                          SanitizerKind::Scudo | SanitizerKind::SafeStack),
465       std::make_pair(SanitizerKind::MemTag,
466                      SanitizerKind::Address | SanitizerKind::KernelAddress |
467                          SanitizerKind::HWAddress |
468                          SanitizerKind::KernelHWAddress)};
469   // Enable toolchain specific default sanitizers if not explicitly disabled.
470   SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
471 
472   // Disable default sanitizers that are incompatible with explicitly requested
473   // ones.
474   for (auto G : IncompatibleGroups) {
475     SanitizerMask Group = G.first;
476     if ((Default & Group) && (Kinds & G.second))
477       Default &= ~Group;
478   }
479 
480   Kinds |= Default;
481 
482   // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
483   // is disabled.
484   if ((Kinds & SanitizerKind::Vptr) && (RTTIMode == ToolChain::RM_Disabled)) {
485     Kinds &= ~SanitizerKind::Vptr;
486   }
487 
488   // Check that LTO is enabled if we need it.
489   if ((Kinds & NeedsLTO) && !D.isUsingLTO()) {
490     D.Diag(diag::err_drv_argument_only_allowed_with)
491         << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
492   }
493 
494   if ((Kinds & SanitizerKind::ShadowCallStack) && TC.getTriple().isAArch64() &&
495       !llvm::AArch64::isX18ReservedByDefault(TC.getTriple()) &&
496       !Args.hasArg(options::OPT_ffixed_x18)) {
497     D.Diag(diag::err_drv_argument_only_allowed_with)
498         << lastArgumentForMask(D, Args, Kinds & SanitizerKind::ShadowCallStack)
499         << "-ffixed-x18";
500   }
501 
502   // Report error if there are non-trapping sanitizers that require
503   // c++abi-specific  parts of UBSan runtime, and they are not provided by the
504   // toolchain. We don't have a good way to check the latter, so we just
505   // check if the toolchan supports vptr.
506   if (~Supported & SanitizerKind::Vptr) {
507     SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
508     // The runtime library supports the Microsoft C++ ABI, but only well enough
509     // for CFI. FIXME: Remove this once we support vptr on Windows.
510     if (TC.getTriple().isOSWindows())
511       KindsToDiagnose &= ~SanitizerKind::CFI;
512     if (KindsToDiagnose) {
513       SanitizerSet S;
514       S.Mask = KindsToDiagnose;
515       D.Diag(diag::err_drv_unsupported_opt_for_target)
516           << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str();
517       Kinds &= ~KindsToDiagnose;
518     }
519   }
520 
521   // Warn about incompatible groups of sanitizers.
522   for (auto G : IncompatibleGroups) {
523     SanitizerMask Group = G.first;
524     if (Kinds & Group) {
525       if (SanitizerMask Incompatible = Kinds & G.second) {
526         D.Diag(clang::diag::err_drv_argument_not_allowed_with)
527             << lastArgumentForMask(D, Args, Group)
528             << lastArgumentForMask(D, Args, Incompatible);
529         Kinds &= ~Incompatible;
530       }
531     }
532   }
533   // FIXME: Currently -fsanitize=leak is silently ignored in the presence of
534   // -fsanitize=address. Perhaps it should print an error, or perhaps
535   // -f(-no)sanitize=leak should change whether leak detection is enabled by
536   // default in ASan?
537 
538   // Parse -f(no-)?sanitize-recover flags.
539   SanitizerMask RecoverableKinds = RecoverableByDefault | AlwaysRecoverable;
540   SanitizerMask DiagnosedUnrecoverableKinds;
541   SanitizerMask DiagnosedAlwaysRecoverableKinds;
542   for (const auto *Arg : Args) {
543     if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
544       SanitizerMask Add = parseArgValues(D, Arg, true);
545       // Report error if user explicitly tries to recover from unrecoverable
546       // sanitizer.
547       if (SanitizerMask KindsToDiagnose =
548               Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
549         SanitizerSet SetToDiagnose;
550         SetToDiagnose.Mask |= KindsToDiagnose;
551         D.Diag(diag::err_drv_unsupported_option_argument)
552             << Arg->getOption().getName() << toString(SetToDiagnose);
553         DiagnosedUnrecoverableKinds |= KindsToDiagnose;
554       }
555       RecoverableKinds |= expandSanitizerGroups(Add);
556       Arg->claim();
557     } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
558       SanitizerMask Remove = parseArgValues(D, Arg, true);
559       // Report error if user explicitly tries to disable recovery from
560       // always recoverable sanitizer.
561       if (SanitizerMask KindsToDiagnose =
562               Remove & AlwaysRecoverable & ~DiagnosedAlwaysRecoverableKinds) {
563         SanitizerSet SetToDiagnose;
564         SetToDiagnose.Mask |= KindsToDiagnose;
565         D.Diag(diag::err_drv_unsupported_option_argument)
566             << Arg->getOption().getName() << toString(SetToDiagnose);
567         DiagnosedAlwaysRecoverableKinds |= KindsToDiagnose;
568       }
569       RecoverableKinds &= ~expandSanitizerGroups(Remove);
570       Arg->claim();
571     }
572   }
573   RecoverableKinds &= Kinds;
574   RecoverableKinds &= ~Unrecoverable;
575 
576   TrappingKinds &= Kinds;
577   RecoverableKinds &= ~TrappingKinds;
578 
579   // Setup blacklist files.
580   // Add default blacklist from resource directory for activated sanitizers, and
581   // validate special case lists format.
582   if (!Args.hasArgNoClaim(options::OPT_fno_sanitize_blacklist))
583     addDefaultBlacklists(D, Kinds, SystemBlacklistFiles);
584 
585   // Parse -f(no-)?sanitize-blacklist options.
586   // This also validates special case lists format.
587   parseSpecialCaseListArg(D, Args, UserBlacklistFiles,
588                           options::OPT_fsanitize_blacklist,
589                           options::OPT_fno_sanitize_blacklist,
590                           clang::diag::err_drv_malformed_sanitizer_blacklist);
591 
592   // Parse -f[no-]sanitize-memory-track-origins[=level] options.
593   if (AllAddedKinds & SanitizerKind::Memory) {
594     if (Arg *A =
595             Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
596                             options::OPT_fsanitize_memory_track_origins,
597                             options::OPT_fno_sanitize_memory_track_origins)) {
598       if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) {
599         MsanTrackOrigins = 2;
600       } else if (A->getOption().matches(
601                      options::OPT_fno_sanitize_memory_track_origins)) {
602         MsanTrackOrigins = 0;
603       } else {
604         StringRef S = A->getValue();
605         if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 ||
606             MsanTrackOrigins > 2) {
607           D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
608         }
609       }
610     }
611     MsanUseAfterDtor =
612         Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor,
613                      options::OPT_fno_sanitize_memory_use_after_dtor,
614                      MsanUseAfterDtor);
615     NeedPIE |= !(TC.getTriple().isOSLinux() &&
616                  TC.getTriple().getArch() == llvm::Triple::x86_64);
617   } else {
618     MsanUseAfterDtor = false;
619   }
620 
621   if (AllAddedKinds & SanitizerKind::Thread) {
622     TsanMemoryAccess = Args.hasFlag(
623         options::OPT_fsanitize_thread_memory_access,
624         options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess);
625     TsanFuncEntryExit = Args.hasFlag(
626         options::OPT_fsanitize_thread_func_entry_exit,
627         options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit);
628     TsanAtomics =
629         Args.hasFlag(options::OPT_fsanitize_thread_atomics,
630                      options::OPT_fno_sanitize_thread_atomics, TsanAtomics);
631   }
632 
633   if (AllAddedKinds & SanitizerKind::CFI) {
634     // Without PIE, external function address may resolve to a PLT record, which
635     // can not be verified by the target module.
636     NeedPIE |= CfiCrossDso;
637     CfiICallGeneralizePointers =
638         Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
639 
640     if (CfiCrossDso && CfiICallGeneralizePointers)
641       D.Diag(diag::err_drv_argument_not_allowed_with)
642           << "-fsanitize-cfi-cross-dso"
643           << "-fsanitize-cfi-icall-generalize-pointers";
644 
645     CfiCanonicalJumpTables =
646         Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
647                      options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
648   }
649 
650   Stats = Args.hasFlag(options::OPT_fsanitize_stats,
651                        options::OPT_fno_sanitize_stats, false);
652 
653   if (MinimalRuntime) {
654     SanitizerMask IncompatibleMask =
655         Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
656     if (IncompatibleMask)
657       D.Diag(clang::diag::err_drv_argument_not_allowed_with)
658           << "-fsanitize-minimal-runtime"
659           << lastArgumentForMask(D, Args, IncompatibleMask);
660 
661     SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds;
662     if (NonTrappingCfi)
663       D.Diag(clang::diag::err_drv_argument_only_allowed_with)
664           << "fsanitize-minimal-runtime"
665           << "fsanitize-trap=cfi";
666   }
667 
668   // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
669   // enabled sanitizers.
670   for (const auto *Arg : Args) {
671     if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
672       int LegacySanitizeCoverage;
673       if (Arg->getNumValues() == 1 &&
674           !StringRef(Arg->getValue(0))
675                .getAsInteger(0, LegacySanitizeCoverage)) {
676         CoverageFeatures = 0;
677         Arg->claim();
678         if (LegacySanitizeCoverage != 0) {
679           D.Diag(diag::warn_drv_deprecated_arg)
680               << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard";
681         }
682         continue;
683       }
684       CoverageFeatures |= parseCoverageFeatures(D, Arg);
685 
686       // Disable coverage and not claim the flags if there is at least one
687       // non-supporting sanitizer.
688       if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) {
689         Arg->claim();
690       } else {
691         CoverageFeatures = 0;
692       }
693     } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) {
694       Arg->claim();
695       CoverageFeatures &= ~parseCoverageFeatures(D, Arg);
696     }
697   }
698   // Choose at most one coverage type: function, bb, or edge.
699   if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB))
700     D.Diag(clang::diag::err_drv_argument_not_allowed_with)
701         << "-fsanitize-coverage=func"
702         << "-fsanitize-coverage=bb";
703   if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge))
704     D.Diag(clang::diag::err_drv_argument_not_allowed_with)
705         << "-fsanitize-coverage=func"
706         << "-fsanitize-coverage=edge";
707   if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge))
708     D.Diag(clang::diag::err_drv_argument_not_allowed_with)
709         << "-fsanitize-coverage=bb"
710         << "-fsanitize-coverage=edge";
711   // Basic block tracing and 8-bit counters require some type of coverage
712   // enabled.
713   if (CoverageFeatures & CoverageTraceBB)
714     D.Diag(clang::diag::warn_drv_deprecated_arg)
715         << "-fsanitize-coverage=trace-bb"
716         << "-fsanitize-coverage=trace-pc-guard";
717   if (CoverageFeatures & Coverage8bitCounters)
718     D.Diag(clang::diag::warn_drv_deprecated_arg)
719         << "-fsanitize-coverage=8bit-counters"
720         << "-fsanitize-coverage=trace-pc-guard";
721 
722   int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge;
723   int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard |
724                              CoverageInline8bitCounters |
725                              CoverageInlineBoolFlag;
726   if ((CoverageFeatures & InsertionPointTypes) &&
727       !(CoverageFeatures & InstrumentationTypes)) {
728     D.Diag(clang::diag::warn_drv_deprecated_arg)
729         << "-fsanitize-coverage=[func|bb|edge]"
730         << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]";
731   }
732 
733   // trace-pc w/o func/bb/edge implies edge.
734   if (!(CoverageFeatures & InsertionPointTypes)) {
735     if (CoverageFeatures &
736         (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters |
737          CoverageInlineBoolFlag))
738       CoverageFeatures |= CoverageEdge;
739 
740     if (CoverageFeatures & CoverageStackDepth)
741       CoverageFeatures |= CoverageFunc;
742   }
743 
744   // Parse -fsanitize-coverage-(black|white)list options if coverage enabled.
745   // This also validates special case lists format.
746   // Here, OptSpecifier() acts as a never-matching command-line argument.
747   // So, there is no way to clear coverage lists but you can append to them.
748   if (CoverageFeatures) {
749     parseSpecialCaseListArg(
750         D, Args, CoverageAllowlistFiles,
751         options::OPT_fsanitize_coverage_allowlist, OptSpecifier(),
752         clang::diag::err_drv_malformed_sanitizer_coverage_whitelist);
753     parseSpecialCaseListArg(
754         D, Args, CoverageBlocklistFiles,
755         options::OPT_fsanitize_coverage_blocklist, OptSpecifier(),
756         clang::diag::err_drv_malformed_sanitizer_coverage_blacklist);
757   }
758 
759   SharedRuntime =
760       Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
761                    TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
762                        TC.getTriple().isOSDarwin());
763 
764   ImplicitCfiRuntime = TC.getTriple().isAndroid();
765 
766   if (AllAddedKinds & SanitizerKind::Address) {
767     NeedPIE |= TC.getTriple().isOSFuchsia();
768     if (Arg *A =
769             Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
770         StringRef S = A->getValue();
771         // Legal values are 0 and 1, 2, but in future we may add more levels.
772         if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
773             AsanFieldPadding > 2) {
774           D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S;
775         }
776     }
777 
778     if (Arg *WindowsDebugRTArg =
779             Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT,
780                             options::OPT__SLASH_MDd, options::OPT__SLASH_MD,
781                             options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) {
782       switch (WindowsDebugRTArg->getOption().getID()) {
783       case options::OPT__SLASH_MTd:
784       case options::OPT__SLASH_MDd:
785       case options::OPT__SLASH_LDd:
786         D.Diag(clang::diag::err_drv_argument_not_allowed_with)
787             << WindowsDebugRTArg->getAsString(Args)
788             << lastArgumentForMask(D, Args, SanitizerKind::Address);
789         D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime);
790       }
791     }
792 
793     AsanUseAfterScope = Args.hasFlag(
794         options::OPT_fsanitize_address_use_after_scope,
795         options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope);
796 
797     AsanPoisonCustomArrayCookie = Args.hasFlag(
798         options::OPT_fsanitize_address_poison_custom_array_cookie,
799         options::OPT_fno_sanitize_address_poison_custom_array_cookie,
800         AsanPoisonCustomArrayCookie);
801 
802     // As a workaround for a bug in gold 2.26 and earlier, dead stripping of
803     // globals in ASan is disabled by default on ELF targets.
804     // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002
805     AsanGlobalsDeadStripping =
806         !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() ||
807         TC.getTriple().isPS4() ||
808         Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping);
809 
810     AsanUseOdrIndicator =
811         Args.hasFlag(options::OPT_fsanitize_address_use_odr_indicator,
812                      options::OPT_fno_sanitize_address_use_odr_indicator,
813                      AsanUseOdrIndicator);
814 
815     if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
816       AsanInvalidPointerCmp = true;
817     }
818 
819     if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
820       AsanInvalidPointerSub = true;
821     }
822 
823   } else {
824     AsanUseAfterScope = false;
825     // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
826     SanitizerMask DetectInvalidPointerPairs =
827         SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
828     if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) {
829       TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
830           << lastArgumentForMask(D, Args,
831                                  SanitizerKind::PointerCompare |
832                                      SanitizerKind::PointerSubtract)
833           << "-fsanitize=address";
834     }
835   }
836 
837   if (AllAddedKinds & SanitizerKind::HWAddress) {
838     if (Arg *HwasanAbiArg =
839             Args.getLastArg(options::OPT_fsanitize_hwaddress_abi_EQ)) {
840       HwasanAbi = HwasanAbiArg->getValue();
841       if (HwasanAbi != "platform" && HwasanAbi != "interceptor")
842         D.Diag(clang::diag::err_drv_invalid_value)
843             << HwasanAbiArg->getAsString(Args) << HwasanAbi;
844     } else {
845       HwasanAbi = "interceptor";
846     }
847   }
848 
849   if (AllAddedKinds & SanitizerKind::SafeStack) {
850     // SafeStack runtime is built into the system on Android and Fuchsia.
851     SafeStackRuntime =
852         !TC.getTriple().isAndroid() && !TC.getTriple().isOSFuchsia();
853   }
854 
855   LinkRuntimes =
856       Args.hasFlag(options::OPT_fsanitize_link_runtime,
857                    options::OPT_fno_sanitize_link_runtime, LinkRuntimes);
858 
859   // Parse -link-cxx-sanitizer flag.
860   LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime,
861                                 options::OPT_fno_sanitize_link_cxx_runtime,
862                                 LinkCXXRuntimes) ||
863                     D.CCCIsCXX();
864 
865   // Finally, initialize the set of available and recoverable sanitizers.
866   Sanitizers.Mask |= Kinds;
867   RecoverableSanitizers.Mask |= RecoverableKinds;
868   TrapSanitizers.Mask |= TrappingKinds;
869   assert(!(RecoverableKinds & TrappingKinds) &&
870          "Overlap between recoverable and trapping sanitizers");
871 }
872 
873 static std::string toString(const clang::SanitizerSet &Sanitizers) {
874   std::string Res;
875 #define SANITIZER(NAME, ID)                                                    \
876   if (Sanitizers.has(SanitizerKind::ID)) {                                     \
877     if (!Res.empty())                                                          \
878       Res += ",";                                                              \
879     Res += NAME;                                                               \
880   }
881 #include "clang/Basic/Sanitizers.def"
882   return Res;
883 }
884 
885 static void addSpecialCaseListOpt(const llvm::opt::ArgList &Args,
886                                   llvm::opt::ArgStringList &CmdArgs,
887                                   const char *SCLOptFlag,
888                                   const std::vector<std::string> &SCLFiles) {
889   for (const auto &SCLPath : SCLFiles) {
890     SmallString<64> SCLOpt(SCLOptFlag);
891     SCLOpt += SCLPath;
892     CmdArgs.push_back(Args.MakeArgString(SCLOpt));
893   }
894 }
895 
896 static void addIncludeLinkerOption(const ToolChain &TC,
897                                    const llvm::opt::ArgList &Args,
898                                    llvm::opt::ArgStringList &CmdArgs,
899                                    StringRef SymbolName) {
900   SmallString<64> LinkerOptionFlag;
901   LinkerOptionFlag = "--linker-option=/include:";
902   if (TC.getTriple().getArch() == llvm::Triple::x86) {
903     // Win32 mangles C function names with a '_' prefix.
904     LinkerOptionFlag += '_';
905   }
906   LinkerOptionFlag += SymbolName;
907   CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
908 }
909 
910 static bool hasTargetFeatureMTE(const llvm::opt::ArgStringList &CmdArgs) {
911   for (auto Start = CmdArgs.begin(), End = CmdArgs.end(); Start != End; ++Start) {
912     auto It = std::find(Start, End, StringRef("+mte"));
913     if (It == End)
914       break;
915     if (It > Start && *std::prev(It) == StringRef("-target-feature"))
916       return true;
917     Start = It;
918   }
919   return false;
920 }
921 
922 void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
923                             llvm::opt::ArgStringList &CmdArgs,
924                             types::ID InputType) const {
925   // NVPTX doesn't currently support sanitizers.  Bailing out here means that
926   // e.g. -fsanitize=address applies only to host code, which is what we want
927   // for now.
928   if (TC.getTriple().isNVPTX())
929     return;
930 
931   // Translate available CoverageFeatures to corresponding clang-cc1 flags.
932   // Do it even if Sanitizers.empty() since some forms of coverage don't require
933   // sanitizers.
934   std::pair<int, const char *> CoverageFlags[] = {
935       std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
936       std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
937       std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
938       std::make_pair(CoverageIndirCall, "-fsanitize-coverage-indirect-calls"),
939       std::make_pair(CoverageTraceBB, "-fsanitize-coverage-trace-bb"),
940       std::make_pair(CoverageTraceCmp, "-fsanitize-coverage-trace-cmp"),
941       std::make_pair(CoverageTraceDiv, "-fsanitize-coverage-trace-div"),
942       std::make_pair(CoverageTraceGep, "-fsanitize-coverage-trace-gep"),
943       std::make_pair(Coverage8bitCounters, "-fsanitize-coverage-8bit-counters"),
944       std::make_pair(CoverageTracePC, "-fsanitize-coverage-trace-pc"),
945       std::make_pair(CoverageTracePCGuard,
946                      "-fsanitize-coverage-trace-pc-guard"),
947       std::make_pair(CoverageInline8bitCounters,
948                      "-fsanitize-coverage-inline-8bit-counters"),
949       std::make_pair(CoverageInlineBoolFlag,
950                      "-fsanitize-coverage-inline-bool-flag"),
951       std::make_pair(CoveragePCTable, "-fsanitize-coverage-pc-table"),
952       std::make_pair(CoverageNoPrune, "-fsanitize-coverage-no-prune"),
953       std::make_pair(CoverageStackDepth, "-fsanitize-coverage-stack-depth")};
954   for (auto F : CoverageFlags) {
955     if (CoverageFeatures & F.first)
956       CmdArgs.push_back(F.second);
957   }
958   addSpecialCaseListOpt(
959       Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles);
960   addSpecialCaseListOpt(
961       Args, CmdArgs, "-fsanitize-coverage-blocklist=", CoverageBlocklistFiles);
962 
963   if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
964     // Instruct the code generator to embed linker directives in the object file
965     // that cause the required runtime libraries to be linked.
966     CmdArgs.push_back(
967         Args.MakeArgString("--dependent-lib=" +
968                            TC.getCompilerRTBasename(Args, "ubsan_standalone")));
969     if (types::isCXX(InputType))
970       CmdArgs.push_back(Args.MakeArgString(
971           "--dependent-lib=" +
972           TC.getCompilerRTBasename(Args, "ubsan_standalone_cxx")));
973   }
974   if (TC.getTriple().isOSWindows() && needsStatsRt()) {
975     CmdArgs.push_back(Args.MakeArgString(
976         "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats_client")));
977 
978     // The main executable must export the stats runtime.
979     // FIXME: Only exporting from the main executable (e.g. based on whether the
980     // translation unit defines main()) would save a little space, but having
981     // multiple copies of the runtime shouldn't hurt.
982     CmdArgs.push_back(Args.MakeArgString(
983         "--dependent-lib=" + TC.getCompilerRTBasename(Args, "stats")));
984     addIncludeLinkerOption(TC, Args, CmdArgs, "__sanitizer_stats_register");
985   }
986 
987   if (Sanitizers.empty())
988     return;
989   CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
990 
991   if (!RecoverableSanitizers.empty())
992     CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
993                                          toString(RecoverableSanitizers)));
994 
995   if (!TrapSanitizers.empty())
996     CmdArgs.push_back(
997         Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
998 
999   addSpecialCaseListOpt(Args, CmdArgs,
1000                         "-fsanitize-blacklist=", UserBlacklistFiles);
1001   addSpecialCaseListOpt(Args, CmdArgs,
1002                         "-fsanitize-system-blacklist=", SystemBlacklistFiles);
1003 
1004   if (MsanTrackOrigins)
1005     CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
1006                                          Twine(MsanTrackOrigins)));
1007 
1008   if (MsanUseAfterDtor)
1009     CmdArgs.push_back("-fsanitize-memory-use-after-dtor");
1010 
1011   // FIXME: Pass these parameters as function attributes, not as -llvm flags.
1012   if (!TsanMemoryAccess) {
1013     CmdArgs.push_back("-mllvm");
1014     CmdArgs.push_back("-tsan-instrument-memory-accesses=0");
1015     CmdArgs.push_back("-mllvm");
1016     CmdArgs.push_back("-tsan-instrument-memintrinsics=0");
1017   }
1018   if (!TsanFuncEntryExit) {
1019     CmdArgs.push_back("-mllvm");
1020     CmdArgs.push_back("-tsan-instrument-func-entry-exit=0");
1021   }
1022   if (!TsanAtomics) {
1023     CmdArgs.push_back("-mllvm");
1024     CmdArgs.push_back("-tsan-instrument-atomics=0");
1025   }
1026 
1027   if (CfiCrossDso)
1028     CmdArgs.push_back("-fsanitize-cfi-cross-dso");
1029 
1030   if (CfiICallGeneralizePointers)
1031     CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
1032 
1033   if (CfiCanonicalJumpTables)
1034     CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables");
1035 
1036   if (Stats)
1037     CmdArgs.push_back("-fsanitize-stats");
1038 
1039   if (MinimalRuntime)
1040     CmdArgs.push_back("-fsanitize-minimal-runtime");
1041 
1042   if (AsanFieldPadding)
1043     CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
1044                                          Twine(AsanFieldPadding)));
1045 
1046   if (AsanUseAfterScope)
1047     CmdArgs.push_back("-fsanitize-address-use-after-scope");
1048 
1049   if (AsanPoisonCustomArrayCookie)
1050     CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie");
1051 
1052   if (AsanGlobalsDeadStripping)
1053     CmdArgs.push_back("-fsanitize-address-globals-dead-stripping");
1054 
1055   if (AsanUseOdrIndicator)
1056     CmdArgs.push_back("-fsanitize-address-use-odr-indicator");
1057 
1058   if (AsanInvalidPointerCmp) {
1059     CmdArgs.push_back("-mllvm");
1060     CmdArgs.push_back("-asan-detect-invalid-pointer-cmp");
1061   }
1062 
1063   if (AsanInvalidPointerSub) {
1064     CmdArgs.push_back("-mllvm");
1065     CmdArgs.push_back("-asan-detect-invalid-pointer-sub");
1066   }
1067 
1068   if (!HwasanAbi.empty()) {
1069     CmdArgs.push_back("-default-function-attr");
1070     CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));
1071   }
1072 
1073   if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) {
1074     CmdArgs.push_back("-target-feature");
1075     CmdArgs.push_back("+tagged-globals");
1076   }
1077 
1078   // MSan: Workaround for PR16386.
1079   // ASan: This is mainly to help LSan with cases such as
1080   // https://github.com/google/sanitizers/issues/373
1081   // We can't make this conditional on -fsanitize=leak, as that flag shouldn't
1082   // affect compilation.
1083   if (Sanitizers.has(SanitizerKind::Memory) ||
1084       Sanitizers.has(SanitizerKind::Address))
1085     CmdArgs.push_back("-fno-assume-sane-operator-new");
1086 
1087   // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
1088   // enabled.
1089   if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
1090       !Args.hasArg(options::OPT_fvisibility_EQ)) {
1091     TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
1092         << lastArgumentForMask(TC.getDriver(), Args,
1093                                Sanitizers.Mask & CFIClasses)
1094         << "-fvisibility=";
1095   }
1096 
1097   if (Sanitizers.has(SanitizerKind::MemTag) && !hasTargetFeatureMTE(CmdArgs))
1098     TC.getDriver().Diag(diag::err_stack_tagging_requires_hardware_feature);
1099 }
1100 
1101 SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
1102                              bool DiagnoseErrors) {
1103   assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
1104           A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
1105           A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
1106           A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
1107           A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
1108           A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
1109          "Invalid argument in parseArgValues!");
1110   SanitizerMask Kinds;
1111   for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1112     const char *Value = A->getValue(i);
1113     SanitizerMask Kind;
1114     // Special case: don't accept -fsanitize=all.
1115     if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
1116         0 == strcmp("all", Value))
1117       Kind = SanitizerMask();
1118     else
1119       Kind = parseSanitizerValue(Value, /*AllowGroups=*/true);
1120 
1121     if (Kind)
1122       Kinds |= Kind;
1123     else if (DiagnoseErrors)
1124       D.Diag(clang::diag::err_drv_unsupported_option_argument)
1125           << A->getOption().getName() << Value;
1126   }
1127   return Kinds;
1128 }
1129 
1130 int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A) {
1131   assert(A->getOption().matches(options::OPT_fsanitize_coverage) ||
1132          A->getOption().matches(options::OPT_fno_sanitize_coverage));
1133   int Features = 0;
1134   for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1135     const char *Value = A->getValue(i);
1136     int F = llvm::StringSwitch<int>(Value)
1137                 .Case("func", CoverageFunc)
1138                 .Case("bb", CoverageBB)
1139                 .Case("edge", CoverageEdge)
1140                 .Case("indirect-calls", CoverageIndirCall)
1141                 .Case("trace-bb", CoverageTraceBB)
1142                 .Case("trace-cmp", CoverageTraceCmp)
1143                 .Case("trace-div", CoverageTraceDiv)
1144                 .Case("trace-gep", CoverageTraceGep)
1145                 .Case("8bit-counters", Coverage8bitCounters)
1146                 .Case("trace-pc", CoverageTracePC)
1147                 .Case("trace-pc-guard", CoverageTracePCGuard)
1148                 .Case("no-prune", CoverageNoPrune)
1149                 .Case("inline-8bit-counters", CoverageInline8bitCounters)
1150                 .Case("inline-bool-flag", CoverageInlineBoolFlag)
1151                 .Case("pc-table", CoveragePCTable)
1152                 .Case("stack-depth", CoverageStackDepth)
1153                 .Default(0);
1154     if (F == 0)
1155       D.Diag(clang::diag::err_drv_unsupported_option_argument)
1156           << A->getOption().getName() << Value;
1157     Features |= F;
1158   }
1159   return Features;
1160 }
1161 
1162 std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
1163                                 SanitizerMask Mask) {
1164   for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
1165                                                   E = Args.rend();
1166        I != E; ++I) {
1167     const auto *Arg = *I;
1168     if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
1169       SanitizerMask AddKinds =
1170           expandSanitizerGroups(parseArgValues(D, Arg, false));
1171       if (AddKinds & Mask)
1172         return describeSanitizeArg(Arg, Mask);
1173     } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
1174       SanitizerMask RemoveKinds =
1175           expandSanitizerGroups(parseArgValues(D, Arg, false));
1176       Mask &= ~RemoveKinds;
1177     }
1178   }
1179   llvm_unreachable("arg list didn't provide expected value");
1180 }
1181 
1182 std::string describeSanitizeArg(const llvm::opt::Arg *A, SanitizerMask Mask) {
1183   assert(A->getOption().matches(options::OPT_fsanitize_EQ)
1184          && "Invalid argument in describeSanitizerArg!");
1185 
1186   std::string Sanitizers;
1187   for (int i = 0, n = A->getNumValues(); i != n; ++i) {
1188     if (expandSanitizerGroups(
1189             parseSanitizerValue(A->getValue(i), /*AllowGroups=*/true)) &
1190         Mask) {
1191       if (!Sanitizers.empty())
1192         Sanitizers += ",";
1193       Sanitizers += A->getValue(i);
1194     }
1195   }
1196 
1197   assert(!Sanitizers.empty() && "arg didn't provide expected value");
1198   return "-fsanitize=" + Sanitizers;
1199 }
1200