SanitizerArgs::SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args) { clear(); SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of // sanitizers disabled by the current sanitizer // argument or any argument after it. SanitizerMask AllAddedKinds = 0; // Mask of all sanitizers ever enabled by // -fsanitize= flags (directly or via group // expansion), some of which may be disabled // later. Used to carefully prune // unused-argument diagnostics. SanitizerMask DiagnosedKinds = 0; // All Kinds we have diagnosed up to now. // Used to deduplicate diagnostics. SanitizerMask Kinds = 0; const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers()); ToolChain::RTTIMode RTTIMode = TC.getRTTIMode(); const Driver &D = TC.getDriver(); SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args); SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap; for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend(); I != E; ++I) { const auto *Arg = *I; if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { Arg->claim(); SanitizerMask Add = parseArgValues(D, Arg, true); AllAddedKinds |= expandSanitizerGroups(Add); // Avoid diagnosing any sanitizer which is disabled later. Add &= ~AllRemove; // At this point we have not expanded groups, so any unsupported // sanitizers in Add are those which have been explicitly enabled. // Diagnose them. if (SanitizerMask KindsToDiagnose = Add & InvalidTrappingKinds & ~DiagnosedKinds) { std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); D.Diag(diag::err_drv_argument_not_allowed_with) << Desc << "-fsanitize-trap=undefined"; DiagnosedKinds |= KindsToDiagnose; } Add &= ~InvalidTrappingKinds; if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) { std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); D.Diag(diag::err_drv_unsupported_opt_for_target) << Desc << TC.getTriple().str(); DiagnosedKinds |= KindsToDiagnose; } Add &= Supported; // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups // so we don't error out if -fno-rtti and -fsanitize=undefined were // passed. if (Add & Vptr && (RTTIMode == ToolChain::RM_DisabledImplicitly || RTTIMode == ToolChain::RM_DisabledExplicitly)) { if (RTTIMode == ToolChain::RM_DisabledImplicitly) // Warn about not having rtti enabled if the vptr sanitizer is // explicitly enabled D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default); else { const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg(); assert(NoRTTIArg && "RTTI disabled explicitly but we have no argument!"); D.Diag(diag::err_drv_argument_not_allowed_with) << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args); } // Take out the Vptr sanitizer from the enabled sanitizers AllRemove |= Vptr; } Add = expandSanitizerGroups(Add); // Group expansion may have enabled a sanitizer which is disabled later. Add &= ~AllRemove; // Silently discard any unsupported sanitizers implicitly enabled through // group expansion. Add &= ~InvalidTrappingKinds; Add &= Supported; Kinds |= Add; } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { Arg->claim(); SanitizerMask Remove = parseArgValues(D, Arg, true); AllRemove |= expandSanitizerGroups(Remove); } } // We disable the vptr sanitizer if it was enabled by group expansion but RTTI // is disabled. if ((Kinds & Vptr) && (RTTIMode == ToolChain::RM_DisabledImplicitly || RTTIMode == ToolChain::RM_DisabledExplicitly)) { Kinds &= ~Vptr; } // Check that LTO is enabled if we need it. if ((Kinds & NeedsLTO) && !D.isUsingLTO()) { D.Diag(diag::err_drv_argument_only_allowed_with) << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto"; } // Report error if there are non-trapping sanitizers that require // c++abi-specific parts of UBSan runtime, and they are not provided by the // toolchain. We don't have a good way to check the latter, so we just // check if the toolchan supports vptr. if (~Supported & Vptr) { SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt; // The runtime library supports the Microsoft C++ ABI, but only well enough // for CFI. FIXME: Remove this once we support vptr on Windows. if (TC.getTriple().isOSWindows()) KindsToDiagnose &= ~CFI; if (KindsToDiagnose) { SanitizerSet S; S.Mask = KindsToDiagnose; D.Diag(diag::err_drv_unsupported_opt_for_target) << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str(); Kinds &= ~KindsToDiagnose; } } // Warn about incompatible groups of sanitizers. std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { std::make_pair(Address, Thread), std::make_pair(Address, Memory), std::make_pair(Thread, Memory), std::make_pair(Leak, Thread), std::make_pair(Leak, Memory), std::make_pair(KernelAddress, Address), std::make_pair(KernelAddress, Leak), std::make_pair(KernelAddress, Thread), std::make_pair(KernelAddress, Memory)}; for (auto G : IncompatibleGroups) { SanitizerMask Group = G.first; if (Kinds & Group) { if (SanitizerMask Incompatible = Kinds & G.second) { D.Diag(clang::diag::err_drv_argument_not_allowed_with) << lastArgumentForMask(D, Args, Group) << lastArgumentForMask(D, Args, Incompatible); Kinds &= ~Incompatible; } } } // FIXME: Currently -fsanitize=leak is silently ignored in the presence of // -fsanitize=address. Perhaps it should print an error, or perhaps // -f(-no)sanitize=leak should change whether leak detection is enabled by // default in ASan? // Parse -f(no-)?sanitize-recover flags. SanitizerMask RecoverableKinds = RecoverableByDefault; SanitizerMask DiagnosedUnrecoverableKinds = 0; for (const auto *Arg : Args) { const char *DeprecatedReplacement = nullptr; if (Arg->getOption().matches(options::OPT_fsanitize_recover)) { DeprecatedReplacement = "-fsanitize-recover=undefined,integer"; RecoverableKinds |= expandSanitizerGroups(LegacyFsanitizeRecoverMask); Arg->claim(); } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover)) { DeprecatedReplacement = "-fno-sanitize-recover=undefined,integer"; RecoverableKinds &= ~expandSanitizerGroups(LegacyFsanitizeRecoverMask); Arg->claim(); } else if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) { SanitizerMask Add = parseArgValues(D, Arg, true); // Report error if user explicitly tries to recover from unrecoverable // sanitizer. if (SanitizerMask KindsToDiagnose = Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) { SanitizerSet SetToDiagnose; SetToDiagnose.Mask |= KindsToDiagnose; D.Diag(diag::err_drv_unsupported_option_argument) << Arg->getOption().getName() << toString(SetToDiagnose); DiagnosedUnrecoverableKinds |= KindsToDiagnose; } RecoverableKinds |= expandSanitizerGroups(Add); Arg->claim(); } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) { RecoverableKinds &= ~expandSanitizerGroups(parseArgValues(D, Arg, true)); Arg->claim(); } if (DeprecatedReplacement) { D.Diag(diag::warn_drv_deprecated_arg) << Arg->getAsString(Args) << DeprecatedReplacement; } } RecoverableKinds &= Kinds; RecoverableKinds &= ~Unrecoverable; TrappingKinds &= Kinds; // Setup blacklist files. // Add default blacklist from resource directory. { std::string BLPath; if (getDefaultBlacklist(D, Kinds, BLPath) && llvm::sys::fs::exists(BLPath)) BlacklistFiles.push_back(BLPath); } // Parse -f(no-)sanitize-blacklist options. for (const auto *Arg : Args) { if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) { Arg->claim(); std::string BLPath = Arg->getValue(); if (llvm::sys::fs::exists(BLPath)) { BlacklistFiles.push_back(BLPath); ExtraDeps.push_back(BLPath); } else D.Diag(clang::diag::err_drv_no_such_file) << BLPath; } else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) { Arg->claim(); BlacklistFiles.clear(); ExtraDeps.clear(); } } // Validate blacklists format. { std::string BLError; std::unique_ptr<llvm::SpecialCaseList> SCL( llvm::SpecialCaseList::create(BlacklistFiles, BLError)); if (!SCL.get()) D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError; } // Parse -f[no-]sanitize-memory-track-origins[=level] options. if (AllAddedKinds & Memory) { if (Arg *A = Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ, options::OPT_fsanitize_memory_track_origins, options::OPT_fno_sanitize_memory_track_origins)) { if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) { MsanTrackOrigins = 2; } else if (A->getOption().matches( options::OPT_fno_sanitize_memory_track_origins)) { MsanTrackOrigins = 0; } else { StringRef S = A->getValue(); if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 || MsanTrackOrigins > 2) { D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; } } } MsanUseAfterDtor = Args.hasArg(options::OPT_fsanitize_memory_use_after_dtor); NeedPIE |= !(TC.getTriple().isOSLinux() && TC.getTriple().getArch() == llvm::Triple::x86_64); } // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the // enabled sanitizers. if (AllAddedKinds & SupportsCoverage) { for (const auto *Arg : Args) { if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) { Arg->claim(); int LegacySanitizeCoverage; if (Arg->getNumValues() == 1 && !StringRef(Arg->getValue(0)) .getAsInteger(0, LegacySanitizeCoverage) && LegacySanitizeCoverage >= 0 && LegacySanitizeCoverage <= 4) { // TODO: Add deprecation notice for this form. switch (LegacySanitizeCoverage) { case 0: CoverageFeatures = 0; break; case 1: CoverageFeatures = CoverageFunc; break; case 2: CoverageFeatures = CoverageBB; break; case 3: CoverageFeatures = CoverageEdge; break; case 4: CoverageFeatures = CoverageEdge | CoverageIndirCall; break; } continue; } CoverageFeatures |= parseCoverageFeatures(D, Arg); } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) { Arg->claim(); CoverageFeatures &= ~parseCoverageFeatures(D, Arg); } } } // Choose at most one coverage type: function, bb, or edge. if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB)) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-coverage=func" << "-fsanitize-coverage=bb"; if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge)) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-coverage=func" << "-fsanitize-coverage=edge"; if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge)) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-coverage=bb" << "-fsanitize-coverage=edge"; // Basic block tracing and 8-bit counters require some type of coverage // enabled. int CoverageTypes = CoverageFunc | CoverageBB | CoverageEdge; if ((CoverageFeatures & CoverageTraceBB) && !(CoverageFeatures & CoverageTypes)) D.Diag(clang::diag::err_drv_argument_only_allowed_with) << "-fsanitize-coverage=trace-bb" << "-fsanitize-coverage=(func|bb|edge)"; if ((CoverageFeatures & Coverage8bitCounters) && !(CoverageFeatures & CoverageTypes)) D.Diag(clang::diag::err_drv_argument_only_allowed_with) << "-fsanitize-coverage=8bit-counters" << "-fsanitize-coverage=(func|bb|edge)"; if (AllAddedKinds & Address) { AsanSharedRuntime = Args.hasArg(options::OPT_shared_libasan) || TC.getTriple().isAndroid(); NeedPIE |= TC.getTriple().isAndroid(); if (Arg *A = Args.getLastArg(options::OPT_fsanitize_address_field_padding)) { StringRef S = A->getValue(); // Legal values are 0 and 1, 2, but in future we may add more levels. if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 || AsanFieldPadding > 2) { D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; } } if (Arg *WindowsDebugRTArg = Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT, options::OPT__SLASH_MDd, options::OPT__SLASH_MD, options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) { switch (WindowsDebugRTArg->getOption().getID()) { case options::OPT__SLASH_MTd: case options::OPT__SLASH_MDd: case options::OPT__SLASH_LDd: D.Diag(clang::diag::err_drv_argument_not_allowed_with) << WindowsDebugRTArg->getAsString(Args) << lastArgumentForMask(D, Args, Address); D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime); } } } // Parse -link-cxx-sanitizer flag. LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX(); // Finally, initialize the set of available and recoverable sanitizers. Sanitizers.Mask |= Kinds; RecoverableSanitizers.Mask |= RecoverableKinds; TrapSanitizers.Mask |= TrappingKinds; }
SanitizerArgs::SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args) { SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of // sanitizers disabled by the current sanitizer // argument or any argument after it. SanitizerMask AllAddedKinds = 0; // Mask of all sanitizers ever enabled by // -fsanitize= flags (directly or via group // expansion), some of which may be disabled // later. Used to carefully prune // unused-argument diagnostics. SanitizerMask DiagnosedKinds = 0; // All Kinds we have diagnosed up to now. // Used to deduplicate diagnostics. SanitizerMask Kinds = 0; const SanitizerMask Supported = setGroupBits(TC.getSupportedSanitizers()); ToolChain::RTTIMode RTTIMode = TC.getRTTIMode(); const Driver &D = TC.getDriver(); SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args); SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap; MinimalRuntime = Args.hasFlag(options::OPT_fsanitize_minimal_runtime, options::OPT_fno_sanitize_minimal_runtime, MinimalRuntime); // The object size sanitizer should not be enabled at -O0. Arg *OptLevel = Args.getLastArg(options::OPT_O_Group); bool RemoveObjectSizeAtO0 = !OptLevel || OptLevel->getOption().matches(options::OPT_O0); for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend(); I != E; ++I) { const auto *Arg = *I; if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { Arg->claim(); SanitizerMask Add = parseArgValues(D, Arg, /*AllowGroups=*/true); if (RemoveObjectSizeAtO0) { AllRemove |= SanitizerKind::ObjectSize; // The user explicitly enabled the object size sanitizer. Warn that // that this does nothing at -O0. if (Add & SanitizerKind::ObjectSize) D.Diag(diag::warn_drv_object_size_disabled_O0) << Arg->getAsString(Args); } AllAddedKinds |= expandSanitizerGroups(Add); // Avoid diagnosing any sanitizer which is disabled later. Add &= ~AllRemove; // At this point we have not expanded groups, so any unsupported // sanitizers in Add are those which have been explicitly enabled. // Diagnose them. if (SanitizerMask KindsToDiagnose = Add & InvalidTrappingKinds & ~DiagnosedKinds) { std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); D.Diag(diag::err_drv_argument_not_allowed_with) << Desc << "-fsanitize-trap=undefined"; DiagnosedKinds |= KindsToDiagnose; } Add &= ~InvalidTrappingKinds; if (MinimalRuntime) { if (SanitizerMask KindsToDiagnose = Add & NotAllowedWithMinimalRuntime & ~DiagnosedKinds) { std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); D.Diag(diag::err_drv_argument_not_allowed_with) << Desc << "-fsanitize-minimal-runtime"; DiagnosedKinds |= KindsToDiagnose; } Add &= ~NotAllowedWithMinimalRuntime; } if (SanitizerMask KindsToDiagnose = Add & ~Supported & ~DiagnosedKinds) { std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); D.Diag(diag::err_drv_unsupported_opt_for_target) << Desc << TC.getTriple().str(); DiagnosedKinds |= KindsToDiagnose; } Add &= Supported; // Test for -fno-rtti + explicit -fsanitizer=vptr before expanding groups // so we don't error out if -fno-rtti and -fsanitize=undefined were // passed. if (Add & Vptr && (RTTIMode == ToolChain::RM_DisabledImplicitly || RTTIMode == ToolChain::RM_DisabledExplicitly)) { if (RTTIMode == ToolChain::RM_DisabledImplicitly) // Warn about not having rtti enabled if the vptr sanitizer is // explicitly enabled D.Diag(diag::warn_drv_disabling_vptr_no_rtti_default); else { const llvm::opt::Arg *NoRTTIArg = TC.getRTTIArg(); assert(NoRTTIArg && "RTTI disabled explicitly but we have no argument!"); D.Diag(diag::err_drv_argument_not_allowed_with) << "-fsanitize=vptr" << NoRTTIArg->getAsString(Args); } // Take out the Vptr sanitizer from the enabled sanitizers AllRemove |= Vptr; } Add = expandSanitizerGroups(Add); // Group expansion may have enabled a sanitizer which is disabled later. Add &= ~AllRemove; // Silently discard any unsupported sanitizers implicitly enabled through // group expansion. Add &= ~InvalidTrappingKinds; if (MinimalRuntime) { Add &= ~NotAllowedWithMinimalRuntime; } Add &= Supported; if (Add & Fuzzer) Add |= FuzzerNoLink; // Enable coverage if the fuzzing flag is set. if (Add & FuzzerNoLink) { CoverageFeatures |= CoverageInline8bitCounters | CoverageIndirCall | CoverageTraceCmp | CoveragePCTable; // Due to TLS differences, stack depth tracking is only enabled on Linux if (TC.getTriple().isOSLinux()) CoverageFeatures |= CoverageStackDepth; } Kinds |= Add; } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { Arg->claim(); SanitizerMask Remove = parseArgValues(D, Arg, true); AllRemove |= expandSanitizerGroups(Remove); } } // Enable toolchain specific default sanitizers if not explicitly disabled. Kinds |= TC.getDefaultSanitizers() & ~AllRemove; // We disable the vptr sanitizer if it was enabled by group expansion but RTTI // is disabled. if ((Kinds & Vptr) && (RTTIMode == ToolChain::RM_DisabledImplicitly || RTTIMode == ToolChain::RM_DisabledExplicitly)) { Kinds &= ~Vptr; } // Check that LTO is enabled if we need it. if ((Kinds & NeedsLTO) && !D.isUsingLTO()) { D.Diag(diag::err_drv_argument_only_allowed_with) << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto"; } // Report error if there are non-trapping sanitizers that require // c++abi-specific parts of UBSan runtime, and they are not provided by the // toolchain. We don't have a good way to check the latter, so we just // check if the toolchan supports vptr. if (~Supported & Vptr) { SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt; // The runtime library supports the Microsoft C++ ABI, but only well enough // for CFI. FIXME: Remove this once we support vptr on Windows. if (TC.getTriple().isOSWindows()) KindsToDiagnose &= ~CFI; if (KindsToDiagnose) { SanitizerSet S; S.Mask = KindsToDiagnose; D.Diag(diag::err_drv_unsupported_opt_for_target) << ("-fno-sanitize-trap=" + toString(S)) << TC.getTriple().str(); Kinds &= ~KindsToDiagnose; } } // Warn about incompatible groups of sanitizers. std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { std::make_pair(Address, Thread), std::make_pair(Address, Memory), std::make_pair(Thread, Memory), std::make_pair(Leak, Thread), std::make_pair(Leak, Memory), std::make_pair(KernelAddress, Address), std::make_pair(KernelAddress, Leak), std::make_pair(KernelAddress, Thread), std::make_pair(KernelAddress, Memory), std::make_pair(Efficiency, Address), std::make_pair(Efficiency, Leak), std::make_pair(Efficiency, Thread), std::make_pair(Efficiency, Memory), std::make_pair(Efficiency, KernelAddress)}; for (auto G : IncompatibleGroups) { SanitizerMask Group = G.first; if (Kinds & Group) { if (SanitizerMask Incompatible = Kinds & G.second) { D.Diag(clang::diag::err_drv_argument_not_allowed_with) << lastArgumentForMask(D, Args, Group) << lastArgumentForMask(D, Args, Incompatible); Kinds &= ~Incompatible; } } } // FIXME: Currently -fsanitize=leak is silently ignored in the presence of // -fsanitize=address. Perhaps it should print an error, or perhaps // -f(-no)sanitize=leak should change whether leak detection is enabled by // default in ASan? // Parse -f(no-)?sanitize-recover flags. SanitizerMask RecoverableKinds = RecoverableByDefault; SanitizerMask DiagnosedUnrecoverableKinds = 0; for (const auto *Arg : Args) { const char *DeprecatedReplacement = nullptr; if (Arg->getOption().matches(options::OPT_fsanitize_recover)) { DeprecatedReplacement = "-fsanitize-recover=undefined,integer' or '-fsanitize-recover=all"; RecoverableKinds |= expandSanitizerGroups(LegacyFsanitizeRecoverMask); Arg->claim(); } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover)) { DeprecatedReplacement = "-fno-sanitize-recover=undefined,integer' or " "'-fno-sanitize-recover=all"; RecoverableKinds &= ~expandSanitizerGroups(LegacyFsanitizeRecoverMask); Arg->claim(); } else if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) { SanitizerMask Add = parseArgValues(D, Arg, true); // Report error if user explicitly tries to recover from unrecoverable // sanitizer. if (SanitizerMask KindsToDiagnose = Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) { SanitizerSet SetToDiagnose; SetToDiagnose.Mask |= KindsToDiagnose; D.Diag(diag::err_drv_unsupported_option_argument) << Arg->getOption().getName() << toString(SetToDiagnose); DiagnosedUnrecoverableKinds |= KindsToDiagnose; } RecoverableKinds |= expandSanitizerGroups(Add); Arg->claim(); } else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) { RecoverableKinds &= ~expandSanitizerGroups(parseArgValues(D, Arg, true)); Arg->claim(); } if (DeprecatedReplacement) { D.Diag(diag::warn_drv_deprecated_arg) << Arg->getAsString(Args) << DeprecatedReplacement; } } RecoverableKinds &= Kinds; RecoverableKinds &= ~Unrecoverable; TrappingKinds &= Kinds; // Setup blacklist files. // Add default blacklist from resource directory. { std::string BLPath; if (getDefaultBlacklist(D, Kinds, BLPath) && llvm::sys::fs::exists(BLPath)) BlacklistFiles.push_back(BLPath); } // Parse -f(no-)sanitize-blacklist options. for (const auto *Arg : Args) { if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) { Arg->claim(); std::string BLPath = Arg->getValue(); if (llvm::sys::fs::exists(BLPath)) { BlacklistFiles.push_back(BLPath); ExtraDeps.push_back(BLPath); } else D.Diag(clang::diag::err_drv_no_such_file) << BLPath; } else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) { Arg->claim(); BlacklistFiles.clear(); ExtraDeps.clear(); } } // Validate blacklists format. { std::string BLError; std::unique_ptr<llvm::SpecialCaseList> SCL( llvm::SpecialCaseList::create(BlacklistFiles, BLError)); if (!SCL.get()) D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError; } // Parse -f[no-]sanitize-memory-track-origins[=level] options. if (AllAddedKinds & Memory) { if (Arg *A = Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ, options::OPT_fsanitize_memory_track_origins, options::OPT_fno_sanitize_memory_track_origins)) { if (A->getOption().matches(options::OPT_fsanitize_memory_track_origins)) { MsanTrackOrigins = 2; } else if (A->getOption().matches( options::OPT_fno_sanitize_memory_track_origins)) { MsanTrackOrigins = 0; } else { StringRef S = A->getValue(); if (S.getAsInteger(0, MsanTrackOrigins) || MsanTrackOrigins < 0 || MsanTrackOrigins > 2) { D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; } } } MsanUseAfterDtor = Args.hasFlag(options::OPT_fsanitize_memory_use_after_dtor, options::OPT_fno_sanitize_memory_use_after_dtor, MsanUseAfterDtor); NeedPIE |= !(TC.getTriple().isOSLinux() && TC.getTriple().getArch() == llvm::Triple::x86_64); } else { MsanUseAfterDtor = false; } if (AllAddedKinds & Thread) { TsanMemoryAccess = Args.hasFlag(options::OPT_fsanitize_thread_memory_access, options::OPT_fno_sanitize_thread_memory_access, TsanMemoryAccess); TsanFuncEntryExit = Args.hasFlag(options::OPT_fsanitize_thread_func_entry_exit, options::OPT_fno_sanitize_thread_func_entry_exit, TsanFuncEntryExit); TsanAtomics = Args.hasFlag(options::OPT_fsanitize_thread_atomics, options::OPT_fno_sanitize_thread_atomics, TsanAtomics); } if (AllAddedKinds & CFI) { CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso, options::OPT_fno_sanitize_cfi_cross_dso, false); // Without PIE, external function address may resolve to a PLT record, which // can not be verified by the target module. NeedPIE |= CfiCrossDso; } Stats = Args.hasFlag(options::OPT_fsanitize_stats, options::OPT_fno_sanitize_stats, false); if (MinimalRuntime) { SanitizerMask IncompatibleMask = Kinds & ~setGroupBits(CompatibleWithMinimalRuntime); if (IncompatibleMask) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-minimal-runtime" << lastArgumentForMask(D, Args, IncompatibleMask); SanitizerMask NonTrappingCfi = Kinds & CFI & ~TrappingKinds; if (NonTrappingCfi) D.Diag(clang::diag::err_drv_argument_only_allowed_with) << "fsanitize-minimal-runtime" << "fsanitize-trap=cfi"; } // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the // enabled sanitizers. for (const auto *Arg : Args) { if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) { int LegacySanitizeCoverage; if (Arg->getNumValues() == 1 && !StringRef(Arg->getValue(0)) .getAsInteger(0, LegacySanitizeCoverage)) { CoverageFeatures = 0; Arg->claim(); if (LegacySanitizeCoverage != 0) { D.Diag(diag::warn_drv_deprecated_arg) << Arg->getAsString(Args) << "-fsanitize-coverage=trace-pc-guard"; } continue; } CoverageFeatures |= parseCoverageFeatures(D, Arg); // Disable coverage and not claim the flags if there is at least one // non-supporting sanitizer. if (!(AllAddedKinds & ~AllRemove & ~setGroupBits(SupportsCoverage))) { Arg->claim(); } else { CoverageFeatures = 0; } } else if (Arg->getOption().matches(options::OPT_fno_sanitize_coverage)) { Arg->claim(); CoverageFeatures &= ~parseCoverageFeatures(D, Arg); } } // Choose at most one coverage type: function, bb, or edge. if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageBB)) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-coverage=func" << "-fsanitize-coverage=bb"; if ((CoverageFeatures & CoverageFunc) && (CoverageFeatures & CoverageEdge)) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-coverage=func" << "-fsanitize-coverage=edge"; if ((CoverageFeatures & CoverageBB) && (CoverageFeatures & CoverageEdge)) D.Diag(clang::diag::err_drv_argument_not_allowed_with) << "-fsanitize-coverage=bb" << "-fsanitize-coverage=edge"; // Basic block tracing and 8-bit counters require some type of coverage // enabled. if (CoverageFeatures & CoverageTraceBB) D.Diag(clang::diag::warn_drv_deprecated_arg) << "-fsanitize-coverage=trace-bb" << "-fsanitize-coverage=trace-pc-guard"; if (CoverageFeatures & Coverage8bitCounters) D.Diag(clang::diag::warn_drv_deprecated_arg) << "-fsanitize-coverage=8bit-counters" << "-fsanitize-coverage=trace-pc-guard"; int InsertionPointTypes = CoverageFunc | CoverageBB | CoverageEdge; int InstrumentationTypes = CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters; if ((CoverageFeatures & InsertionPointTypes) && !(CoverageFeatures & InstrumentationTypes)) { D.Diag(clang::diag::warn_drv_deprecated_arg) << "-fsanitize-coverage=[func|bb|edge]" << "-fsanitize-coverage=[func|bb|edge],[trace-pc-guard|trace-pc]"; } // trace-pc w/o func/bb/edge implies edge. if (!(CoverageFeatures & InsertionPointTypes)) { if (CoverageFeatures & (CoverageTracePC | CoverageTracePCGuard | CoverageInline8bitCounters)) CoverageFeatures |= CoverageEdge; if (CoverageFeatures & CoverageStackDepth) CoverageFeatures |= CoverageFunc; } if (AllAddedKinds & Address) { AsanSharedRuntime = Args.hasArg(options::OPT_shared_libasan) || TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia(); NeedPIE |= TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia(); if (Arg *A = Args.getLastArg(options::OPT_fsanitize_address_field_padding)) { StringRef S = A->getValue(); // Legal values are 0 and 1, 2, but in future we may add more levels. if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 || AsanFieldPadding > 2) { D.Diag(clang::diag::err_drv_invalid_value) << A->getAsString(Args) << S; } } if (Arg *WindowsDebugRTArg = Args.getLastArg(options::OPT__SLASH_MTd, options::OPT__SLASH_MT, options::OPT__SLASH_MDd, options::OPT__SLASH_MD, options::OPT__SLASH_LDd, options::OPT__SLASH_LD)) { switch (WindowsDebugRTArg->getOption().getID()) { case options::OPT__SLASH_MTd: case options::OPT__SLASH_MDd: case options::OPT__SLASH_LDd: D.Diag(clang::diag::err_drv_argument_not_allowed_with) << WindowsDebugRTArg->getAsString(Args) << lastArgumentForMask(D, Args, Address); D.Diag(clang::diag::note_drv_address_sanitizer_debug_runtime); } } AsanUseAfterScope = Args.hasFlag( options::OPT_fsanitize_address_use_after_scope, options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope); // As a workaround for a bug in gold 2.26 and earlier, dead stripping of // globals in ASan is disabled by default on ELF targets. // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002 AsanGlobalsDeadStripping = !TC.getTriple().isOSBinFormatELF() || TC.getTriple().isOSFuchsia() || Args.hasArg(options::OPT_fsanitize_address_globals_dead_stripping); } else { AsanUseAfterScope = false; } if (AllAddedKinds & SafeStack) { // SafeStack runtime is built into the system on Fuchsia. SafeStackRuntime = !TC.getTriple().isOSFuchsia(); } // Parse -link-cxx-sanitizer flag. LinkCXXRuntimes = Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX(); // Finally, initialize the set of available and recoverable sanitizers. Sanitizers.Mask |= Kinds; RecoverableSanitizers.Mask |= RecoverableKinds; TrapSanitizers.Mask |= TrappingKinds; }