This is an archive of the discontinued LLVM Phabricator instance.

Differential D10464

Introduce -fsanitize-trap= flag.
ClosedPublic

Authored by pcc on Jun 15 2015, 5:04 PM.

Details

Reviewers
samsonov
Commits
rG9881b78b53dd: Introduce -fsanitize-trap= flag.
rC240105: Introduce -fsanitize-trap= flag.
rL240105: Introduce -fsanitize-trap= flag.
Summary

This flag controls whether a given sanitizer traps upon detecting
an error. It currently only supports UBSan. The existing flag
-fsanitize-undefined-trap-on-error has been made an alias of
-fsanitize-trap=undefined.

This change also cleans up some awkward behavior around the combination
of -fsanitize-trap=undefined and -fsanitize=undefined. Previously we
would reject command lines containing the combination of these two flags,
as -fsanitize=vptr is not compatible with trapping. This required the
creation of -fsanitize=undefined-trap, which excluded -fsanitize=vptr
(and -fsanitize=function, but this seems like an oversight).

Now, -fsanitize=undefined is an alias for -fsanitize=undefined-trap,
and if -fsanitize-trap=undefined is specified, we treat -fsanitize=vptr
as an "unsupported" flag, which means that we error out if the flag is
specified explicitly, but implicitly disable it if the flag was implied
by -fsanitize=undefined.

Diff Detail

Event Timeline

pcc updated this revision to Diff 27731.Jun 15 2015, 5:04 PM
pcc retitled this revision from to Introduce -fsanitize-trap= flag..
pcc updated this object.
pcc edited the test plan for this revision. (Show Details)
pcc added a reviewer: samsonov.
pcc added subscribers: rsmith, Unknown Object (MLST).
rsmith added inline comments.Jun 15 2015, 5:57 PM
docs/UsersManual.rst
1112

Missing 'the' before -fsanitize=?

1113–1115

I think this description will leave people wondering why we have a per-sanitizer trap flag rather than a global flag. It'd be good to extend this description with the CFI case.

1118

It's probably better to refer to the group as "`undefined" rather than "UndefinedBehaviorSanitizer", for symmetry with "vptr`".

lib/CodeGen/CGExpr.cpp
2306–2315

The differing style in these two cases is strange. Please pick one or the other and apply it to both the Recover and the Trap cases.

lib/Driver/SanitizerArgs.cpp
210

I think this should be TrappingKinds & Vptr. If I write -fsanitize-trap=undefined -fsanitize=vptr -fno-sanitize-trap=vptr, I think you'll currently mark vptr as unavailable, but it seems reasonable to support that case.

samsonov added inline comments.Jun 15 2015, 6:09 PM
docs/UsersManual.rst
973–975

"deprecated alias"

1110

Please move it next to -fsanitize-recover=.

1117

Do you think we should allow other trapping sanitizers (like local-bounds) here? Or you plan to do it in subsequent patches?

include/clang/Driver/Options.td
526

Please move next to fsanitize_recover

lib/Driver/SanitizerArgs.cpp
37

Could we use smth. like getSanitizersWithNoRequiredRuntime() from http://reviews.llvm.org/D10467 instead (if we decide to allow -fsanitize-trap=` for other checks)?

37

I'd prefer to not use UndefinedGroup here, and instead add special case for Vptr to the loop iterating over -fsanitize-trap= arguments. E.g. see how we handle special-case for vptr+RTTI in the main loop in SanitizerArgs constructor (not that it's elegant, it's just... more literal).

528–530
if (!TrapSanitizers.empty())
pcc updated this revision to Diff 27747.Jun 15 2015, 7:56 PM
  • Address review comments
docs/UsersManual.rst
973–975

Done

1110

Done

1112

Added

1113–1115

The CFI case will be implemented in a separate patch, which will include a documentation update here. For now we do not support -fsanitize-trap=cfi.

1117

Added.

1118

Done

include/clang/Driver/Options.td
526

Done

lib/CodeGen/CGExpr.cpp
2306–2315

Done

lib/Driver/SanitizerArgs.cpp
37

Could we use smth. like getSanitizersWithNoRequiredRuntime() from http://reviews.llvm.org/D10467 instead (if we decide to allow -fsanitize-trap=` for other checks)?

Most likely, I'll do that once your change lands.

I'd prefer to not use UndefinedGroup here, and instead add special case for Vptr to the loop iterating over -fsanitize-trap= arguments.

I don't see how that would work. I think we'd always need groups in the thing we mask against, otherwise we'd incorrectly diagnose things like -fsanitize-trap=undefined due to the presence of the group. Seems like the setGroupBits thing you added in D10467 does what I want?

210

Done

528–530

Done

samsonov added inline comments.Jun 16 2015, 11:41 AM
lib/CodeGen/CGExpr.cpp
2306

Should we clarify this behavior in the docs?
We can also handle this case in the driver, so that frontend can assert that each sanitizer check is listed in at most one of -fsanitize-recover= and -fsanitize-trap= lists. (i.e. intersection of SanitizeTrap and SanitizeRecover is empty).

Another interesting question is handling the relative order of -fsanitize-trap= and -fsanitize-recover= flags. Now we parse them completely independently, but this may not be the best solution. Consider global

CFLAGS='-fsanitize=undefined -fsanitize-trap=undefined'

and now I want to compile a special program, and enable recovery for alignment issues. Using

clang++ $(CFLAGS) -fsanitize-recover=alignment a.cc

wouldn't work, I would have to write

clang++ $(CFLAGS) -fno-sanitize-trap=alignment -fsanitize-recover=alignment a.cc

Do you think we should instead parse -fsanitize-trap and -fsanitize-recover in a single pass, and maintain the recovery setting for each sanitizer kind to be one of

  • diagnosed, recoverable
  • diagnosed, unrecoverable/fatal
  • undiagnosed, trapping.

?

lib/Driver/SanitizerArgs.cpp
37

Yep, let's use setGroupBits. Specifying the groups here manually is error-prone - one can easily forget to change this part if Sanitizers.def is re-orrganized.

503

Note that you can also strip out sanitizers which were not enabled eventually from here

TrappingKinds &= Kinds;

as we do for recoverable sanitizers.

pcc updated this revision to Diff 27799.Jun 16 2015, 5:13 PM
  • Fix disablement logic
pcc updated this revision to Diff 27804.Jun 16 2015, 5:51 PM
pcc mentioned this in D10268: Implement non-trapping variant of -fsanitize=cfi* sanitizers..
  • Document -fsanitize-trap precedence over -fsanitize-recover
  • Filter TrappingKinds based on Kinds
lib/CodeGen/CGExpr.cpp
2306

Should we clarify this behavior in the docs?

Yes, done.

Do you think we should instead parse -fsanitize-trap and -fsanitize-recover in a single pass

The logic around parsing these flags is already too complicated and I would be against making it more complex than it already is. I would prefer to solve this problem with documentation.

lib/Driver/SanitizerArgs.cpp
503

Done

samsonov added inline comments.Jun 17 2015, 1:04 PM
include/clang/Driver/Options.td
565

Add some HelpText

lib/Driver/SanitizerArgs.cpp
37

If you're happy with http://reviews.llvm.org/D10467, we can submit that one first, and add setGroupBits to this patch. Or steal setGroupBits part from there if you want this patch to go in first.

210

We already have NotAllowedWithTrap mask. I think we should use it, and probably split diagnosing the sanitizers unsupported because they cannot trap, and those that are not supported by the toolchain. You already do some of the former in parseSanitizeTrapArgs above, I think we should handle vptr in that function as well somehow.

pcc updated this revision to Diff 27904.Jun 17 2015, 5:33 PM
  • Address reviewer comments
include/clang/Driver/Options.td
565

Done

lib/Driver/SanitizerArgs.cpp
37

Done. Per offline discussion I've moved setGroupBits to this patch.

210

We already have NotAllowedWithTrap mask. I think we should use it

Done.

and probably split diagnosing the sanitizers unsupported because they cannot trap, and those that are not supported by the toolchain. You already do some of the former in parseSanitizeTrapArgs above, I think we should handle vptr in that function as well somehow.

Not really sure how that would work. We only know which sanitizers to forbid once we have looked at all -fsanitize-trap arguments. At the very least it makes the code easier to read if all unsupported sanitizer diagnostics are done in a single place. (This would have fit much better into the original design from D1990 with an extra clause in filterUnsupportedKinds; oh well.)

samsonov accepted this revision.Jun 18 2015, 4:22 PM
samsonov edited edge metadata.

I'm mostly happy with this patch. Accepting it, so that you can land it without yet another round of review, but please consider addressing the comments below.

Thank you for doing this!

lib/Driver/SanitizerArgs.cpp
147
if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
  SanitizerSet S;
  S.Mask = InvalidValues;
  //....
}
165
TrapRemove |= expandSanitizerGroups(UndefinedGroup);
227

I don't think this is right. Suppose -fsanitize=vptr is not supported on target foo (by corresponding toolchain). Then

clang -target foo -fsanitize=vptr a.cc

would produce confusing

"-fsanitize=vptr" is not allowed with "-fsanitize-trap=undefined"

I think you would need separate clause for that

if (SanitizerMask KindsToDiagnose = Add & TrappingKinds & NotAllowedWithTrap & ~DiagnosedKinds) {
  std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
  D.Diag(diag::err_drv_argument_not_allowed_with) << Desc << lastTrapArgumentForMask(KindsToDiagnose);
  DiagnosedKinds |= KindsToDiagnose;
}
This revision is now accepted and ready to land.Jun 18 2015, 4:22 PM
pcc added inline comments.Jun 18 2015, 5:03 PM
lib/Driver/SanitizerArgs.cpp
147

Done

165

Done

227

Done. (We know that the second argument to the diagnostic can only ever be "-fsanitize-trap=undefined", so I've hard coded that for now.)

Closed by commit rL240105: Introduce -fsanitize-trap= flag. (authored by pcc). · Explain WhyJun 18 2015, 5:09 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
docs/
35 lines
include/
clang/
Basic/
15 lines
Driver/
5 lines
2 lines
Frontend/
3 lines
2 lines
lib/
CodeGen/
24 lines
Driver/
80 lines
Frontend/
5 lines
test/
CodeGen/
2 lines
2 lines
25 lines
Driver/
17 lines

Diff 27747

docs/UsersManual.rst

Show First 20 LinesShow All 964 Lines▼ Show 20 Lines**-f[no-]sanitize=check1,check2,...**
- .. _opt_fsanitize_undefined: - .. _opt_fsanitize_undefined:
``-fsanitize=undefined``: Fast and compatible undefined behavior ``-fsanitize=undefined``: Fast and compatible undefined behavior
checker. Enables the undefined behavior checks that have small checker. Enables the undefined behavior checks that have small
runtime cost and no impact on address space layout or ABI. This runtime cost and no impact on address space layout or ABI. This
includes all of the checks listed below other than includes all of the checks listed below other than
``unsigned-integer-overflow``. ``unsigned-integer-overflow``.
- ``-fsanitize=undefined-trap``: This includes all sanitizers - ``-fsanitize=undefined-trap``: This is a deprecated alias for
included by ``-fsanitize=undefined``, except those that require ``-fsanitize=undefined``.
runtime support. This group of sanitizers is intended to be
samsonovUnsubmitted
Not Done
ReplyInline Actions

"deprecated alias"

samsonov: "deprecated alias"
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
used in conjunction with the ``-fsanitize-undefined-trap-on-error``
flag. This includes all of the checks listed below other than
``unsigned-integer-overflow`` and ``vptr``.
- ``-fsanitize=dataflow``: :doc:`DataFlowSanitizer`, a general data - ``-fsanitize=dataflow``: :doc:`DataFlowSanitizer`, a general data
flow analysis. flow analysis.
- ``-fsanitize=cfi``: :doc:`control flow integrity <ControlFlowIntegrity>` - ``-fsanitize=cfi``: :doc:`control flow integrity <ControlFlowIntegrity>`
checks. Implies ``-flto``. checks. Implies ``-flto``.
- ``-fsanitize=safe-stack``: :doc:`safe stack <SafeStack>` - ``-fsanitize=safe-stack``: :doc:`safe stack <SafeStack>`
protection against stack-based memory corruption errors. protection against stack-based memory corruption errors.
The following more fine-grained checks are also available: The following more fine-grained checks are also available:
▲ Show 20 LinesShow All 77 Lines▼ Show 20 Lines - ``-fsanitize-memory-track-origins[=level]``: Enables origin tracking in
1.5x-2x. 1.5x-2x.
Possible values for level are 0 (off), 1, 2 (default). Level 2 Possible values for level are 0 (off), 1, 2 (default). Level 2
adds more sections to MemorySanitizer reports describing the adds more sections to MemorySanitizer reports describing the
order of memory stores the uninitialized value went order of memory stores the uninitialized value went
through. This mode may use extra memory in programs that copy through. This mode may use extra memory in programs that copy
uninitialized memory a lot. uninitialized memory a lot.
Extra features of UndefinedBehaviorSanitizer:
- ``-fsanitize-undefined-trap-on-error``: Causes traps to be emitted
rather than calls to runtime libraries when a problem is detected.
This option is intended for use in cases where the sanitizer runtime
cannot be used (for instance, when building libc or a kernel module).
This is only compatible with the sanitizers in the ``undefined-trap``
group.
The ``-fsanitize=`` argument must also be provided when linking, in The ``-fsanitize=`` argument must also be provided when linking, in
order to link to the appropriate runtime library. When using order to link to the appropriate runtime library. When using
``-fsanitize=vptr`` (or a group that includes it, such as ``-fsanitize=vptr`` (or a group that includes it, such as
``-fsanitize=undefined``) with a C++ program, the link must be ``-fsanitize=undefined``) with a C++ program, the link must be
performed by ``clang++``, not ``clang``, in order to link against the performed by ``clang++``, not ``clang``, in order to link against the
C++-specific parts of the runtime library. C++-specific parts of the runtime library.
It is not possible to combine more than one of the ``-fsanitize=address``, It is not possible to combine more than one of the ``-fsanitize=address``,
``-fsanitize=thread``, and ``-fsanitize=memory`` checkers in the same ``-fsanitize=thread``, and ``-fsanitize=memory`` checkers in the same
program. The ``-fsanitize=undefined`` checks can only be combined with program. The ``-fsanitize=undefined`` checks can only be combined with
``-fsanitize=address``. ``-fsanitize=address``.
**-f[no-]sanitize-recover=check1,check2,...** **-f[no-]sanitize-recover=check1,check2,...**
Controls which checks enabled by ``-fsanitize=`` flag are non-fatal. Controls which checks enabled by ``-fsanitize=`` flag are non-fatal.
If the check is fatal, program will halt after the first error If the check is fatal, program will halt after the first error
of this kind is detected and error report is printed. of this kind is detected and error report is printed.
By default, non-fatal checks are those enabled by UndefinedBehaviorSanitizer, By default, non-fatal checks are those enabled by UndefinedBehaviorSanitizer,
except for ``-fsanitize=return`` and ``-fsanitize=unreachable``. Some except for ``-fsanitize=return`` and ``-fsanitize=unreachable``. Some
sanitizers (e.g. :doc:`AddressSanitizer`) may not support recovery, sanitizers (e.g. :doc:`AddressSanitizer`) may not support recovery,
and always crash the program after the issue is detected. and always crash the program after the issue is detected.
**-f[no-]sanitize-trap=check1,check2,...**
Controls which checks enabled by the ``-fsanitize=`` flag trap. This
option is intended for use in cases where the sanitizer runtime cannot
be used (for instance, when building libc or a kernel module), or where
the binary size increase caused by the sanitizer runtime is a concern.
This flag is only compatible with ``local-bounds``,
``unsigned-integer-overflow`` and sanitizers in the ``undefined``
group other than ``vptr``. If this flag is supplied together with
``-fsanitize=undefined``, the ``vptr`` sanitizer will be implicitly
disabled.
**-f[no-]sanitize-coverage=[type,features,...]** **-f[no-]sanitize-coverage=[type,features,...]**
Enable simple code coverage in addition to certain sanitizers. Enable simple code coverage in addition to certain sanitizers.
See :doc:`SanitizerCoverage` for more details. See :doc:`SanitizerCoverage` for more details.
.. option:: -fsanitize-undefined-trap-on-error
samsonovUnsubmitted
Not Done
ReplyInline Actions

Please move it next to -fsanitize-recover=.

samsonov: Please move it next to `-fsanitize-recover=`.
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
Deprecated alias for ``-fsanitize-trap=undefined``.
rsmithUnsubmitted
Not Done
ReplyInline Actions

Missing 'the' before -fsanitize=?

rsmith: Missing 'the' before `-fsanitize=`?
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Added

pcc: Added
.. option:: -fno-assume-sane-operator-new .. option:: -fno-assume-sane-operator-new
rsmithUnsubmitted
Not Done
ReplyInline Actions

I think this description will leave people wondering why we have a per-sanitizer trap flag rather than a global flag. It'd be good to extend this description with the CFI case.

rsmith: I think this description will leave people wondering why we have a per-sanitizer trap flag…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

The CFI case will be implemented in a separate patch, which will include a documentation update here. For now we do not support -fsanitize-trap=cfi.

pcc: The CFI case will be implemented in a separate patch, which will include a documentation update…
Don't assume that the C++'s new operator is sane. Don't assume that the C++'s new operator is sane.
samsonovUnsubmitted
Not Done
ReplyInline Actions

Do you think we should allow other trapping sanitizers (like local-bounds) here? Or you plan to do it in subsequent patches?

samsonov: Do you think we should allow other trapping sanitizers (like `local-bounds`) here? Or you plan…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Added.

pcc: Added.
This option tells the compiler to do not assume that C++'s global This option tells the compiler to do not assume that C++'s global
rsmithUnsubmitted
Not Done
ReplyInline Actions

It's probably better to refer to the group as "`undefined" rather than "UndefinedBehaviorSanitizer", for symmetry with "vptr`".

rsmith: It's probably better to refer to the group as "``undefined``" rather than…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
new operator will always return a pointer that does not alias any new operator will always return a pointer that does not alias any
other pointer when the function returns. other pointer when the function returns.
.. option:: -ftrap-function=[name] .. option:: -ftrap-function=[name]
Instruct code generator to emit a function call to the specified Instruct code generator to emit a function call to the specified
function name for ``__builtin_trap()``. function name for ``__builtin_trap()``.
▲ Show 20 LinesShow All 927 LinesShow Last 20 Lines

include/clang/Basic/Sanitizers.def

Show First 20 LinesShow All 84 Lines▼ Show 20 Lines
SANITIZER("cfi-nvcall", CFINVCall) SANITIZER("cfi-nvcall", CFINVCall)
SANITIZER("cfi-vcall", CFIVCall) SANITIZER("cfi-vcall", CFIVCall)
SANITIZER_GROUP("cfi", CFI, SANITIZER_GROUP("cfi", CFI,
CFIDerivedCast | CFIUnrelatedCast | CFINVCall | CFIVCall) CFIDerivedCast | CFIUnrelatedCast | CFINVCall | CFIVCall)
// Safe Stack // Safe Stack
SANITIZER("safe-stack", SafeStack) SANITIZER("safe-stack", SafeStack)
// -fsanitize=undefined-trap includes sanitizers from -fsanitize=undefined // -fsanitize=undefined includes all the sanitizers which have low overhead, no
// that can be used without runtime support, generally by providing extra // ABI or address space layout implications, and only catch undefined behavior.
// -fsanitize-undefined-trap-on-error flag. SANITIZER_GROUP("undefined", Undefined,
SANITIZER_GROUP("undefined-trap", UndefinedTrap,
Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow | Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow |
FloatDivideByZero | IntegerDivideByZero | NonnullAttribute | FloatDivideByZero | IntegerDivideByZero | NonnullAttribute |
Null | ObjectSize | Return | ReturnsNonnullAttribute | Null | ObjectSize | Return | ReturnsNonnullAttribute |
Shift | SignedIntegerOverflow | Unreachable | VLABound) Shift | SignedIntegerOverflow | Unreachable | VLABound |
Function | Vptr)
// -fsanitize=undefined includes all the sanitizers which have low overhead, no // -fsanitize=undefined-trap is an alias for -fsanitize=undefined.
// ABI or address space layout implications, and only catch undefined behavior. SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined)
SANITIZER_GROUP("undefined", Undefined, UndefinedTrap | Function | Vptr)
SANITIZER_GROUP("integer", Integer, SANITIZER_GROUP("integer", Integer,
SignedIntegerOverflow | UnsignedIntegerOverflow | Shift | SignedIntegerOverflow | UnsignedIntegerOverflow | Shift |
IntegerDivideByZero) IntegerDivideByZero)
SANITIZER("local-bounds", LocalBounds) SANITIZER("local-bounds", LocalBounds)
SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds) SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds)
// Magic group, containing all sanitizers. For example, "-fno-sanitize=all" // Magic group, containing all sanitizers. For example, "-fno-sanitize=all"
// can be used to disable all the sanitizers. // can be used to disable all the sanitizers.
SANITIZER_GROUP("all", All, ~0ULL) SANITIZER_GROUP("all", All, ~0ULL)
#undef SANITIZER #undef SANITIZER
#undef SANITIZER_GROUP #undef SANITIZER_GROUP

include/clang/Driver/Options.td

Show First 20 LinesShow All 517 Lines▼ Show 20 Lines
def fbracket_depth_EQ : Joined<["-"], "fbracket-depth=">, Group<f_Group>; def fbracket_depth_EQ : Joined<["-"], "fbracket-depth=">, Group<f_Group>;
def fsignaling_math : Flag<["-"], "fsignaling-math">, Group<f_Group>; def fsignaling_math : Flag<["-"], "fsignaling-math">, Group<f_Group>;
def fno_signaling_math : Flag<["-"], "fno-signaling-math">, Group<f_Group>; def fno_signaling_math : Flag<["-"], "fno-signaling-math">, Group<f_Group>;
def fsanitize_EQ : CommaJoined<["-"], "fsanitize=">, Group<f_clang_Group>, def fsanitize_EQ : CommaJoined<["-"], "fsanitize=">, Group<f_clang_Group>,
Flags<[CC1Option, CoreOption]>, MetaVarName<"<check>">, Flags<[CC1Option, CoreOption]>, MetaVarName<"<check>">,
HelpText<"Turn on runtime checks for various forms of undefined " HelpText<"Turn on runtime checks for various forms of undefined "
"or suspicious behavior. See user manual for available checks ">; "or suspicious behavior. See user manual for available checks ">;
def fno_sanitize_EQ : CommaJoined<["-"], "fno-sanitize=">, Group<f_clang_Group>; def fno_sanitize_EQ : CommaJoined<["-"], "fno-sanitize=">, Group<f_clang_Group>;
def fsanitize_blacklist : Joined<["-"], "fsanitize-blacklist=">, def fsanitize_blacklist : Joined<["-"], "fsanitize-blacklist=">,
samsonovUnsubmitted
Not Done
ReplyInline Actions

Please move next to fsanitize_recover

samsonov: Please move next to fsanitize_recover
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
Group<f_clang_Group>, Flags<[CC1Option, CoreOption]>, Group<f_clang_Group>, Flags<[CC1Option, CoreOption]>,
HelpText<"Path to blacklist file for sanitizers">; HelpText<"Path to blacklist file for sanitizers">;
def fno_sanitize_blacklist : Flag<["-"], "fno-sanitize-blacklist">, def fno_sanitize_blacklist : Flag<["-"], "fno-sanitize-blacklist">,
Group<f_clang_Group>, Group<f_clang_Group>,
HelpText<"Don't use blacklist file for sanitizers">; HelpText<"Don't use blacklist file for sanitizers">;
def fsanitize_coverage def fsanitize_coverage
: CommaJoined<["-"], "fsanitize-coverage=">, : CommaJoined<["-"], "fsanitize-coverage=">,
Group<f_clang_Group>, Flags<[CoreOption]>, Group<f_clang_Group>, Flags<[CoreOption]>,
Show All 21 Lines
def fsanitize_recover_EQ : CommaJoined<["-"], "fsanitize-recover=">, def fsanitize_recover_EQ : CommaJoined<["-"], "fsanitize-recover=">,
Group<f_clang_Group>, Group<f_clang_Group>,
Flags<[CC1Option]>, Flags<[CC1Option]>,
HelpText<"Enable recovery for specified sanitizers">; HelpText<"Enable recovery for specified sanitizers">;
def fno_sanitize_recover_EQ def fno_sanitize_recover_EQ
: CommaJoined<["-"], "fno-sanitize-recover=">, : CommaJoined<["-"], "fno-sanitize-recover=">,
Group<f_clang_Group>, Group<f_clang_Group>,
HelpText<"Disable recovery for specified sanitizers">; HelpText<"Disable recovery for specified sanitizers">;
def fsanitize_trap_EQ : CommaJoined<["-"], "fsanitize-trap=">, Group<f_clang_Group>,
Flags<[CC1Option, CoreOption]>;
samsonovUnsubmitted
Not Done
ReplyInline Actions

Add some HelpText

samsonov: Add some HelpText
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
def fno_sanitize_trap_EQ : CommaJoined<["-"], "fno-sanitize-trap=">, Group<f_clang_Group>;
def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">, def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">,
Group<f_clang_Group>, Flags<[CC1Option]>; Group<f_clang_Group>;
def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">, def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">,
Group<f_clang_Group>; Group<f_clang_Group>;
def fsanitize_link_cxx_runtime : Flag<["-"], "fsanitize-link-c++-runtime">, def fsanitize_link_cxx_runtime : Flag<["-"], "fsanitize-link-c++-runtime">,
Group<f_clang_Group>; Group<f_clang_Group>;
def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">, def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">,
Group<f_Group>; Group<f_Group>;
def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">, def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">,
Group<f_Group>; Group<f_Group>;
▲ Show 20 LinesShow All 1,393 LinesShow Last 20 Lines

include/clang/Driver/SanitizerArgs.h

Show All 17 Lines
namespace clang { namespace clang {
namespace driver { namespace driver {
class ToolChain; class ToolChain;
class SanitizerArgs { class SanitizerArgs {
SanitizerSet Sanitizers; SanitizerSet Sanitizers;
SanitizerSet RecoverableSanitizers; SanitizerSet RecoverableSanitizers;
SanitizerSet TrapSanitizers;
std::vector<std::string> BlacklistFiles; std::vector<std::string> BlacklistFiles;
int CoverageFeatures; int CoverageFeatures;
int MsanTrackOrigins; int MsanTrackOrigins;
int AsanFieldPadding; int AsanFieldPadding;
bool AsanZeroBaseShadow; bool AsanZeroBaseShadow;
bool UbsanTrapOnError;
bool AsanSharedRuntime; bool AsanSharedRuntime;
bool LinkCXXRuntimes; bool LinkCXXRuntimes;
public: public:
/// Parses the sanitizer arguments from an argument list. /// Parses the sanitizer arguments from an argument list.
SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args); SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args);
bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); } bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); }
Show All 28 Lines

include/clang/Frontend/CodeGenOptions.h

Show First 20 LinesShow All 191 Lines▼ Show 20 Linespublic:
/// Set of files definining the rules for the symbol rewriting. /// Set of files definining the rules for the symbol rewriting.
std::vector<std::string> RewriteMapFiles; std::vector<std::string> RewriteMapFiles;
/// Set of sanitizer checks that are non-fatal (i.e. execution should be /// Set of sanitizer checks that are non-fatal (i.e. execution should be
/// continued when possible). /// continued when possible).
SanitizerSet SanitizeRecover; SanitizerSet SanitizeRecover;
/// Set of sanitizer checks that trap rather than diagnose.
SanitizerSet SanitizeTrap;
public: public:
// Define accessors/mutators for code generation options of enumeration type. // Define accessors/mutators for code generation options of enumeration type.
#define CODEGENOPT(Name, Bits, Default) #define CODEGENOPT(Name, Bits, Default)
#define ENUM_CODEGENOPT(Name, Type, Bits, Default) \ #define ENUM_CODEGENOPT(Name, Type, Bits, Default) \
Type get##Name() const { return static_cast<Type>(Name); } \ Type get##Name() const { return static_cast<Type>(Name); } \
void set##Name(Type Value) { Name = static_cast<unsigned>(Value); } void set##Name(Type Value) { Name = static_cast<unsigned>(Value); }
#include "clang/Frontend/CodeGenOptions.def" #include "clang/Frontend/CodeGenOptions.def"
CodeGenOptions(); CodeGenOptions();
}; };
} // end namespace clang } // end namespace clang
#endif #endif

include/clang/Frontend/CodeGenOptions.def

Show First 20 LinesShow All 114 Lines▼ Show 20 Lines
CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage
///< for indirect calls. ///< for indirect calls.
CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverageTraceCmp, 1, 0) ///< Enable cmp instruction tracing CODEGENOPT(SanitizeCoverageTraceCmp, 1, 0) ///< Enable cmp instruction tracing
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverage8bitCounters, 1, 0) ///< Use 8-bit frequency counters CODEGENOPT(SanitizeCoverage8bitCounters, 1, 0) ///< Use 8-bit frequency counters
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeUndefinedTrapOnError, 1, 0) ///< Set on
/// -fsanitize-undefined-trap-on-error
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled. CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float. CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition. CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition.
CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report is enabled. CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report is enabled.
CODEGENOPT(UnitAtATime , 1, 1) ///< Unused. For mirroring GCC optimization CODEGENOPT(UnitAtATime , 1, 1) ///< Unused. For mirroring GCC optimization
///< selection. ///< selection.
CODEGENOPT(UnrollLoops , 1, 0) ///< Control whether loops are unrolled. CODEGENOPT(UnrollLoops , 1, 0) ///< Control whether loops are unrolled.
CODEGENOPT(RerollLoops , 1, 0) ///< Control whether loops are rerolled. CODEGENOPT(RerollLoops , 1, 0) ///< Control whether loops are rerolled.
▲ Show 20 LinesShow All 52 LinesShow Last 20 Lines

lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 2,294 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitCheck(
ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked, ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked,
StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs, StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs) { ArrayRef<llvm::Value *> DynamicArgs) {
assert(IsSanitizerScope); assert(IsSanitizerScope);
assert(Checked.size() > 0); assert(Checked.size() > 0);
llvm::Value *FatalCond = nullptr; llvm::Value *FatalCond = nullptr;
llvm::Value *RecoverableCond = nullptr; llvm::Value *RecoverableCond = nullptr;
llvm::Value *TrapCond = nullptr;
for (int i = 0, n = Checked.size(); i < n; ++i) { for (int i = 0, n = Checked.size(); i < n; ++i) {
llvm::Value *Check = Checked[i].first; llvm::Value *Check = Checked[i].first;
// -fsanitize-trap= overrides -fsanitize-recover=.
samsonovUnsubmitted
Not Done
ReplyInline Actions

Should we clarify this behavior in the docs?
We can also handle this case in the driver, so that frontend can assert that each sanitizer check is listed in at most one of -fsanitize-recover= and -fsanitize-trap= lists. (i.e. intersection of SanitizeTrap and SanitizeRecover is empty).

Another interesting question is handling the relative order of -fsanitize-trap= and -fsanitize-recover= flags. Now we parse them completely independently, but this may not be the best solution. Consider global

CFLAGS='-fsanitize=undefined -fsanitize-trap=undefined'

and now I want to compile a special program, and enable recovery for alignment issues. Using

clang++ $(CFLAGS) -fsanitize-recover=alignment a.cc

wouldn't work, I would have to write

clang++ $(CFLAGS) -fno-sanitize-trap=alignment -fsanitize-recover=alignment a.cc

Do you think we should instead parse -fsanitize-trap and -fsanitize-recover in a single pass, and maintain the recovery setting for each sanitizer kind to be one of

  • diagnosed, recoverable
  • diagnosed, unrecoverable/fatal
  • undiagnosed, trapping.

?

samsonov: Should we clarify this behavior in the docs? We can also handle this case in the driver, so…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Should we clarify this behavior in the docs?

Yes, done.

Do you think we should instead parse -fsanitize-trap and -fsanitize-recover in a single pass

The logic around parsing these flags is already too complicated and I would be against making it more complex than it already is. I would prefer to solve this problem with documentation.

pcc: > Should we clarify this behavior in the docs? Yes, done. > Do you think we should instead…
llvm::Value *&Cond = llvm::Value *&Cond =
CGM.getCodeGenOpts().SanitizeRecover.has(Checked[i].second) CGM.getCodeGenOpts().SanitizeTrap.has(Checked[i].second)
? TrapCond
: CGM.getCodeGenOpts().SanitizeRecover.has(Checked[i].second)
? RecoverableCond ? RecoverableCond
: FatalCond; : FatalCond;
Cond = Cond ? Builder.CreateAnd(Cond, Check) : Check; Cond = Cond ? Builder.CreateAnd(Cond, Check) : Check;
} }
rsmithUnsubmitted
Not Done
ReplyInline Actions

The differing style in these two cases is strange. Please pick one or the other and apply it to both the Recover and the Trap cases.

rsmith: The differing style in these two cases is strange. Please pick one or the other and apply it to…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
if (TrapCond)
EmitTrapCheck(TrapCond);
if (!FatalCond && !RecoverableCond)
return;
llvm::Value *JointCond; llvm::Value *JointCond;
if (FatalCond && RecoverableCond) if (FatalCond && RecoverableCond)
JointCond = Builder.CreateAnd(FatalCond, RecoverableCond); JointCond = Builder.CreateAnd(FatalCond, RecoverableCond);
else else
JointCond = FatalCond ? FatalCond : RecoverableCond; JointCond = FatalCond ? FatalCond : RecoverableCond;
assert(JointCond); assert(JointCond);
CheckRecoverableKind RecoverKind = getRecoverableKind(Checked[0].second); CheckRecoverableKind RecoverKind = getRecoverableKind(Checked[0].second);
assert(SanOpts.has(Checked[0].second)); assert(SanOpts.has(Checked[0].second));
#ifndef NDEBUG #ifndef NDEBUG
for (int i = 1, n = Checked.size(); i < n; ++i) { for (int i = 1, n = Checked.size(); i < n; ++i) {
assert(RecoverKind == getRecoverableKind(Checked[i].second) && assert(RecoverKind == getRecoverableKind(Checked[i].second) &&
"All recoverable kinds in a single check must be same!"); "All recoverable kinds in a single check must be same!");
assert(SanOpts.has(Checked[i].second)); assert(SanOpts.has(Checked[i].second));
} }
#endif #endif
if (CGM.getCodeGenOpts().SanitizeUndefinedTrapOnError) {
assert(RecoverKind != CheckRecoverableKind::AlwaysRecoverable &&
"Runtime call required for AlwaysRecoverable kind!");
// Assume that -fsanitize-undefined-trap-on-error overrides
// -fsanitize-recover= options, as we can only print meaningful error
// message and recover if we have a runtime support.
return EmitTrapCheck(JointCond);
}
llvm::BasicBlock *Cont = createBasicBlock("cont"); llvm::BasicBlock *Cont = createBasicBlock("cont");
llvm::BasicBlock *Handlers = createBasicBlock("handler." + CheckName); llvm::BasicBlock *Handlers = createBasicBlock("handler." + CheckName);
llvm::Instruction *Branch = Builder.CreateCondBr(JointCond, Cont, Handlers); llvm::Instruction *Branch = Builder.CreateCondBr(JointCond, Cont, Handlers);
// Give hint that we very much don't expect to execute the handler // Give hint that we very much don't expect to execute the handler
// Value chosen to match UR_NONTAKEN_WEIGHT, see BranchProbabilityInfo.cpp // Value chosen to match UR_NONTAKEN_WEIGHT, see BranchProbabilityInfo.cpp
llvm::MDBuilder MDHelper(getLLVMContext()); llvm::MDBuilder MDHelper(getLLVMContext());
llvm::MDNode *Node = MDHelper.createBranchWeights((1U << 20) - 1, 1); llvm::MDNode *Node = MDHelper.createBranchWeights((1U << 20) - 1, 1);
Branch->setMetadata(llvm::LLVMContext::MD_prof, Node); Branch->setMetadata(llvm::LLVMContext::MD_prof, Node);
▲ Show 20 LinesShow All 1,219 LinesShow Last 20 Lines

lib/Driver/SanitizerArgs.cpp

Show All 28 Linesenum : SanitizerMask {
NotAllowedWithTrap = Vptr, NotAllowedWithTrap = Vptr,
RequiresPIE = Memory | DataFlow, RequiresPIE = Memory | DataFlow,
NeedsUnwindTables = Address | Thread | Memory | DataFlow, NeedsUnwindTables = Address | Thread | Memory | DataFlow,
SupportsCoverage = Address | Memory | Leak | Undefined | Integer | DataFlow, SupportsCoverage = Address | Memory | Leak | Undefined | Integer | DataFlow,
RecoverableByDefault = Undefined | Integer, RecoverableByDefault = Undefined | Integer,
Unrecoverable = Address | Unreachable | Return, Unrecoverable = Address | Unreachable | Return,
LegacyFsanitizeRecoverMask = Undefined | Integer, LegacyFsanitizeRecoverMask = Undefined | Integer,
NeedsLTO = CFI, NeedsLTO = CFI,
TrappingSupported = (Undefined & ~Vptr) | UndefinedGroup |
samsonovUnsubmitted
Not Done
ReplyInline Actions

Could we use smth. like getSanitizersWithNoRequiredRuntime() from http://reviews.llvm.org/D10467 instead (if we decide to allow -fsanitize-trap=` for other checks)?

samsonov: Could we use smth. like `getSanitizersWithNoRequiredRuntime()` from http://reviews.llvm.
samsonovUnsubmitted
Not Done
ReplyInline Actions

I'd prefer to not use UndefinedGroup here, and instead add special case for Vptr to the loop iterating over -fsanitize-trap= arguments. E.g. see how we handle special-case for vptr+RTTI in the main loop in SanitizerArgs constructor (not that it's elegant, it's just... more literal).

samsonov: I'd prefer to not use `UndefinedGroup` here, and instead add special case for `Vptr` to the…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Could we use smth. like getSanitizersWithNoRequiredRuntime() from http://reviews.llvm.org/D10467 instead (if we decide to allow -fsanitize-trap=` for other checks)?

Most likely, I'll do that once your change lands.

I'd prefer to not use UndefinedGroup here, and instead add special case for Vptr to the loop iterating over -fsanitize-trap= arguments.

I don't see how that would work. I think we'd always need groups in the thing we mask against, otherwise we'd incorrectly diagnose things like -fsanitize-trap=undefined due to the presence of the group. Seems like the setGroupBits thing you added in D10467 does what I want?

pcc: > Could we use smth. like getSanitizersWithNoRequiredRuntime() from http://reviews.llvm.
samsonovUnsubmitted
Not Done
ReplyInline Actions

Yep, let's use setGroupBits. Specifying the groups here manually is error-prone - one can easily forget to change this part if Sanitizers.def is re-orrganized.

samsonov: Yep, let's use `setGroupBits`. Specifying the groups here manually is error-prone - one can…
samsonovUnsubmitted
Not Done
ReplyInline Actions

If you're happy with http://reviews.llvm.org/D10467, we can submit that one first, and add setGroupBits to this patch. Or steal setGroupBits part from there if you want this patch to go in first.

samsonov: If you're happy with http://reviews.llvm.org/D10467, we can submit that one first, and add…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done. Per offline discussion I've moved setGroupBits to this patch.

pcc: Done. Per offline discussion I've moved `setGroupBits` to this patch.
UnsignedIntegerOverflow | LocalBounds,
}; };
enum CoverageFeature { enum CoverageFeature {
CoverageFunc = 1 << 0, CoverageFunc = 1 << 0,
CoverageBB = 1 << 1, CoverageBB = 1 << 1,
CoverageEdge = 1 << 2, CoverageEdge = 1 << 2,
CoverageIndirCall = 1 << 3, CoverageIndirCall = 1 << 3,
CoverageTraceBB = 1 << 4, CoverageTraceBB = 1 << 4,
▲ Show 20 LinesShow All 66 Lines▼ Show 20 Lines if (BlacklistFile) {
clang::SmallString<64> Path(D.ResourceDir); clang::SmallString<64> Path(D.ResourceDir);
llvm::sys::path::append(Path, BlacklistFile); llvm::sys::path::append(Path, BlacklistFile);
BLPath = Path.str(); BLPath = Path.str();
return true; return true;
} }
return false; return false;
} }
static SanitizerMask parseSanitizeTrapArgs(const Driver &D,
const llvm::opt::ArgList &Args) {
SanitizerMask TrapRemove = 0; // During the loop below, the accumulated set of
// sanitizers disabled by the current sanitizer
// argument or any argument after it.
SanitizerMask TrappingKinds = 0;
for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
I != E; ++I) {
const auto *Arg = *I;
if (Arg->getOption().matches(options::OPT_fsanitize_trap_EQ)) {
Arg->claim();
SanitizerMask Add = parseArgValues(D, Arg, true);
Add &= ~TrapRemove;
if ((Add & ~TrappingSupported) != 0) {
SanitizerSet S;
S.Mask = Add & ~TrappingSupported;
D.Diag(diag::err_drv_unsupported_option_argument) << "-fsanitize-trap"
<< toString(S);
}
TrappingKinds |= expandSanitizerGroups(Add);
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) {
Arg->claim();
TrapRemove |= expandSanitizerGroups(parseArgValues(D, Arg, true));
} else if (Arg->getOption().matches(
options::OPT_fsanitize_undefined_trap_on_error)) {
Arg->claim();
samsonovUnsubmitted
Not Done
ReplyInline Actions
if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) {
  SanitizerSet S;
  S.Mask = InvalidValues;
  //....
}
samsonov: if (SanitizerMask InvalidValues = Add & ~TrappingSupportedWithGroups) { SanitizerSet S…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
TrappingKinds |= expandSanitizerGroups(UndefinedGroup & ~TrapRemove);
} else if (Arg->getOption().matches(
options::OPT_fno_sanitize_undefined_trap_on_error)) {
Arg->claim();
TrapRemove |= Undefined | UndefinedGroup;
}
}
return TrappingKinds;
}
bool SanitizerArgs::needsUbsanRt() const { bool SanitizerArgs::needsUbsanRt() const {
return !UbsanTrapOnError && (Sanitizers.Mask & NeedsUbsanRt) && return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) &&
!Sanitizers.has(Address) && !Sanitizers.has(Address) &&
!Sanitizers.has(Memory) && !Sanitizers.has(Memory) &&
!Sanitizers.has(Thread); !Sanitizers.has(Thread);
} }
samsonovUnsubmitted
Not Done
ReplyInline Actions
TrapRemove |= expandSanitizerGroups(UndefinedGroup);
samsonov: TrapRemove |= expandSanitizerGroups(UndefinedGroup);
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
bool SanitizerArgs::requiresPIE() const { bool SanitizerArgs::requiresPIE() const {
return AsanZeroBaseShadow || (Sanitizers.Mask & RequiresPIE); return AsanZeroBaseShadow || (Sanitizers.Mask & RequiresPIE);
} }
bool SanitizerArgs::needsUnwindTables() const { bool SanitizerArgs::needsUnwindTables() const {
return Sanitizers.Mask & NeedsUnwindTables; return Sanitizers.Mask & NeedsUnwindTables;
} }
bool SanitizerArgs::needsLTO() const { bool SanitizerArgs::needsLTO() const {
return Sanitizers.Mask & NeedsLTO; return Sanitizers.Mask & NeedsLTO;
} }
void SanitizerArgs::clear() { void SanitizerArgs::clear() {
Sanitizers.clear(); Sanitizers.clear();
RecoverableSanitizers.clear(); RecoverableSanitizers.clear();
TrapSanitizers.clear();
BlacklistFiles.clear(); BlacklistFiles.clear();
CoverageFeatures = 0; CoverageFeatures = 0;
MsanTrackOrigins = 0; MsanTrackOrigins = 0;
AsanFieldPadding = 0; AsanFieldPadding = 0;
AsanZeroBaseShadow = false; AsanZeroBaseShadow = false;
UbsanTrapOnError = false;
AsanSharedRuntime = false; AsanSharedRuntime = false;
LinkCXXRuntimes = false; LinkCXXRuntimes = false;
} }
SanitizerArgs::SanitizerArgs(const ToolChain &TC, SanitizerArgs::SanitizerArgs(const ToolChain &TC,
const llvm::opt::ArgList &Args) { const llvm::opt::ArgList &Args) {
clear(); clear();
SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of
// sanitizers disabled by the current sanitizer // sanitizers disabled by the current sanitizer
// argument or any argument after it. // argument or any argument after it.
SanitizerMask AllAddedKinds = 0; // Mask of all sanitizers ever enabled by SanitizerMask AllAddedKinds = 0; // Mask of all sanitizers ever enabled by
// -fsanitize= flags (directly or via group // -fsanitize= flags (directly or via group
// expansion), some of which may be disabled // expansion), some of which may be disabled
// later. Used to carefully prune // later. Used to carefully prune
// unused-argument diagnostics. // unused-argument diagnostics.
SanitizerMask DiagnosedKinds = 0; // All Kinds we have diagnosed up to now. SanitizerMask DiagnosedKinds = 0; // All Kinds we have diagnosed up to now.
// Used to deduplicate diagnostics. // Used to deduplicate diagnostics.
SanitizerMask Kinds = 0; SanitizerMask Kinds = 0;
SanitizerMask NotSupported = getToolchainUnsupportedKinds(TC); SanitizerMask NotSupported = getToolchainUnsupportedKinds(TC);
ToolChain::RTTIMode RTTIMode = TC.getRTTIMode(); ToolChain::RTTIMode RTTIMode = TC.getRTTIMode();
const Driver &D = TC.getDriver(); const Driver &D = TC.getDriver();
SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
if (TrappingKinds & Vptr)
rsmithUnsubmitted
Not Done
ReplyInline Actions

I think this should be TrappingKinds & Vptr. If I write -fsanitize-trap=undefined -fsanitize=vptr -fno-sanitize-trap=vptr, I think you'll currently mark vptr as unavailable, but it seems reasonable to support that case.

rsmith: I think this should be `TrappingKinds & Vptr`. If I write `-fsanitize-trap=undefined…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
samsonovUnsubmitted
Not Done
ReplyInline Actions

We already have NotAllowedWithTrap mask. I think we should use it, and probably split diagnosing the sanitizers unsupported because they cannot trap, and those that are not supported by the toolchain. You already do some of the former in parseSanitizeTrapArgs above, I think we should handle vptr in that function as well somehow.

samsonov: We already have `NotAllowedWithTrap` mask. I think we should use it, and probably split…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

We already have NotAllowedWithTrap mask. I think we should use it

Done.

and probably split diagnosing the sanitizers unsupported because they cannot trap, and those that are not supported by the toolchain. You already do some of the former in parseSanitizeTrapArgs above, I think we should handle vptr in that function as well somehow.

Not really sure how that would work. We only know which sanitizers to forbid once we have looked at all -fsanitize-trap arguments. At the very least it makes the code easier to read if all unsupported sanitizer diagnostics are done in a single place. (This would have fit much better into the original design from D1990 with an extra clause in filterUnsupportedKinds; oh well.)

pcc: > We already have NotAllowedWithTrap mask. I think we should use it Done. > and probably…
NotSupported |= Vptr;
for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend(); for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
I != E; ++I) { I != E; ++I) {
const auto *Arg = *I; const auto *Arg = *I;
if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
Arg->claim(); Arg->claim();
SanitizerMask Add = parseArgValues(D, Arg, true); SanitizerMask Add = parseArgValues(D, Arg, true);
AllAddedKinds |= expandSanitizerGroups(Add); AllAddedKinds |= expandSanitizerGroups(Add);
// Avoid diagnosing any sanitizer which is disabled later. // Avoid diagnosing any sanitizer which is disabled later.
Add &= ~AllRemove; Add &= ~AllRemove;
// At this point we have not expanded groups, so any unsupported // At this point we have not expanded groups, so any unsupported
// sanitizers in Add are those which have been explicitly enabled. // sanitizers in Add are those which have been explicitly enabled.
// Diagnose them. // Diagnose them.
if (SanitizerMask KindsToDiagnose = SanitizerMask KindsToDiagnose = Add & NotSupported & ~DiagnosedKinds;
Add & NotSupported & ~DiagnosedKinds) { if (KindsToDiagnose & Vptr) {
samsonovUnsubmitted
Not Done
ReplyInline Actions

I don't think this is right. Suppose -fsanitize=vptr is not supported on target foo (by corresponding toolchain). Then

clang -target foo -fsanitize=vptr a.cc

would produce confusing

"-fsanitize=vptr" is not allowed with "-fsanitize-trap=undefined"

I think you would need separate clause for that

if (SanitizerMask KindsToDiagnose = Add & TrappingKinds & NotAllowedWithTrap & ~DiagnosedKinds) {
  std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
  D.Diag(diag::err_drv_argument_not_allowed_with) << Desc << lastTrapArgumentForMask(KindsToDiagnose);
  DiagnosedKinds |= KindsToDiagnose;
}
samsonov: I don't think this is right. Suppose `-fsanitize=vptr` is not supported on target foo (by…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done. (We know that the second argument to the diagnostic can only ever be "-fsanitize-trap=undefined", so I've hard coded that for now.)

pcc: Done. (We know that the second argument to the diagnostic can only ever be `"-fsanitize…
D.Diag(diag::err_drv_argument_not_allowed_with)
<< "-fsanitize=vptr"
<< "-fsanitize-trap=undefined";
DiagnosedKinds |= Vptr;
KindsToDiagnose &= ~Vptr;
}
if (KindsToDiagnose) {
// Only diagnose the new kinds. // Only diagnose the new kinds.
std::string Desc = describeSanitizeArg(*I, KindsToDiagnose); std::string Desc = describeSanitizeArg(*I, KindsToDiagnose);
D.Diag(diag::err_drv_unsupported_opt_for_target) D.Diag(diag::err_drv_unsupported_opt_for_target)
<< Desc << TC.getTriple().str(); << Desc << TC.getTriple().str();
DiagnosedKinds |= KindsToDiagnose; DiagnosedKinds |= KindsToDiagnose;
} }
Add &= ~NotSupported; Add &= ~NotSupported;
Show All 37 LinesSanitizerArgs::SanitizerArgs(const ToolChain &TC,
// We disable the vptr sanitizer if it was enabled by group expansion but RTTI // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
// is disabled. // is disabled.
if ((Kinds & Vptr) && if ((Kinds & Vptr) &&
(RTTIMode == ToolChain::RM_DisabledImplicitly || (RTTIMode == ToolChain::RM_DisabledImplicitly ||
RTTIMode == ToolChain::RM_DisabledExplicitly)) { RTTIMode == ToolChain::RM_DisabledExplicitly)) {
Kinds &= ~Vptr; Kinds &= ~Vptr;
} }
// Warn about undefined sanitizer options that require runtime support.
UbsanTrapOnError =
Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
options::OPT_fno_sanitize_undefined_trap_on_error, false);
if (UbsanTrapOnError && (Kinds & NotAllowedWithTrap)) {
D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< lastArgumentForMask(D, Args, NotAllowedWithTrap)
<< "-fsanitize-undefined-trap-on-error";
Kinds &= ~NotAllowedWithTrap;
}
// Warn about incompatible groups of sanitizers. // Warn about incompatible groups of sanitizers.
std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
std::make_pair(Address, Thread), std::make_pair(Address, Memory), std::make_pair(Address, Thread), std::make_pair(Address, Memory),
std::make_pair(Thread, Memory), std::make_pair(Leak, Thread), std::make_pair(Thread, Memory), std::make_pair(Leak, Thread),
std::make_pair(Leak, Memory)}; std::make_pair(Leak, Memory)};
for (auto G : IncompatibleGroups) { for (auto G : IncompatibleGroups) {
SanitizerMask Group = G.first; SanitizerMask Group = G.first;
if (Kinds & Group) { if (Kinds & Group) {
▲ Show 20 LinesShow All 199 Lines▼ Show 20 LinesSanitizerArgs::SanitizerArgs(const ToolChain &TC,
// Parse -link-cxx-sanitizer flag. // Parse -link-cxx-sanitizer flag.
LinkCXXRuntimes = LinkCXXRuntimes =
Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX(); Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
// Finally, initialize the set of available and recoverable sanitizers. // Finally, initialize the set of available and recoverable sanitizers.
Sanitizers.Mask |= Kinds; Sanitizers.Mask |= Kinds;
RecoverableSanitizers.Mask |= RecoverableKinds; RecoverableSanitizers.Mask |= RecoverableKinds;
TrapSanitizers.Mask |= TrappingKinds;
samsonovUnsubmitted
Not Done
ReplyInline Actions

Note that you can also strip out sanitizers which were not enabled eventually from here

TrappingKinds &= Kinds;

as we do for recoverable sanitizers.

samsonov: Note that you can also strip out sanitizers which were not enabled eventually from here…
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
} }
static std::string toString(const clang::SanitizerSet &Sanitizers) { static std::string toString(const clang::SanitizerSet &Sanitizers) {
std::string Res; std::string Res;
#define SANITIZER(NAME, ID) \ #define SANITIZER(NAME, ID) \
if (Sanitizers.has(ID)) { \ if (Sanitizers.has(ID)) { \
if (!Res.empty()) \ if (!Res.empty()) \
Res += ","; \ Res += ","; \
Res += NAME; \ Res += NAME; \
} }
#include "clang/Basic/Sanitizers.def" #include "clang/Basic/Sanitizers.def"
return Res; return Res;
} }
void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args, void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const { llvm::opt::ArgStringList &CmdArgs) const {
if (Sanitizers.empty()) if (Sanitizers.empty())
return; return;
CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers))); CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
if (!RecoverableSanitizers.empty()) if (!RecoverableSanitizers.empty())
CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
toString(RecoverableSanitizers))); toString(RecoverableSanitizers)));
if (UbsanTrapOnError) if (!TrapSanitizers.empty())
CmdArgs.push_back("-fsanitize-undefined-trap-on-error"); CmdArgs.push_back(
Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
samsonovUnsubmitted
Not Done
ReplyInline Actions
if (!TrapSanitizers.empty())
samsonov: if (!TrapSanitizers.empty())
pccAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

pcc: Done
for (const auto &BLPath : BlacklistFiles) { for (const auto &BLPath : BlacklistFiles) {
SmallString<64> BlacklistOpt("-fsanitize-blacklist="); SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
BlacklistOpt += BLPath; BlacklistOpt += BLPath;
CmdArgs.push_back(Args.MakeArgString(BlacklistOpt)); CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
} }
if (MsanTrackOrigins) if (MsanTrackOrigins)
Show All 26 Lines if (Sanitizers.has(Memory) || Sanitizers.has(Address))
CmdArgs.push_back(Args.MakeArgString("-fno-assume-sane-operator-new")); CmdArgs.push_back(Args.MakeArgString("-fno-assume-sane-operator-new"));
} }
SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors) { bool DiagnoseErrors) {
assert((A->getOption().matches(options::OPT_fsanitize_EQ) || assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
A->getOption().matches(options::OPT_fno_sanitize_EQ) || A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
A->getOption().matches(options::OPT_fsanitize_recover_EQ) || A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
A->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) && A->getOption().matches(options::OPT_fno_sanitize_recover_EQ) ||
A->getOption().matches(options::OPT_fsanitize_trap_EQ) ||
A->getOption().matches(options::OPT_fno_sanitize_trap_EQ)) &&
"Invalid argument in parseArgValues!"); "Invalid argument in parseArgValues!");
SanitizerMask Kinds = 0; SanitizerMask Kinds = 0;
for (int i = 0, n = A->getNumValues(); i != n; ++i) { for (int i = 0, n = A->getNumValues(); i != n; ++i) {
const char *Value = A->getValue(i); const char *Value = A->getValue(i);
SanitizerMask Kind; SanitizerMask Kind;
// Special case: don't accept -fsanitize=all. // Special case: don't accept -fsanitize=all.
if (A->getOption().matches(options::OPT_fsanitize_EQ) && if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
0 == strcmp("all", Value)) 0 == strcmp("all", Value))
▲ Show 20 LinesShow All 74 LinesShow Last 20 Lines

lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 549 Lines▼ Show 20 Linesstatic bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
Opts.SanitizeCoverageIndirectCalls = Opts.SanitizeCoverageIndirectCalls =
Args.hasArg(OPT_fsanitize_coverage_indirect_calls); Args.hasArg(OPT_fsanitize_coverage_indirect_calls);
Opts.SanitizeCoverageTraceBB = Args.hasArg(OPT_fsanitize_coverage_trace_bb); Opts.SanitizeCoverageTraceBB = Args.hasArg(OPT_fsanitize_coverage_trace_bb);
Opts.SanitizeCoverageTraceCmp = Args.hasArg(OPT_fsanitize_coverage_trace_cmp); Opts.SanitizeCoverageTraceCmp = Args.hasArg(OPT_fsanitize_coverage_trace_cmp);
Opts.SanitizeCoverage8bitCounters = Opts.SanitizeCoverage8bitCounters =
Args.hasArg(OPT_fsanitize_coverage_8bit_counters); Args.hasArg(OPT_fsanitize_coverage_8bit_counters);
Opts.SanitizeMemoryTrackOrigins = Opts.SanitizeMemoryTrackOrigins =
getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags); getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags);
Opts.SanitizeUndefinedTrapOnError =
Args.hasArg(OPT_fsanitize_undefined_trap_on_error);
Opts.SSPBufferSize = Opts.SSPBufferSize =
getLastArgIntValue(Args, OPT_stack_protector_buffer_size, 8, Diags); getLastArgIntValue(Args, OPT_stack_protector_buffer_size, 8, Diags);
Opts.StackRealignment = Args.hasArg(OPT_mstackrealign); Opts.StackRealignment = Args.hasArg(OPT_mstackrealign);
if (Arg *A = Args.getLastArg(OPT_mstack_alignment)) { if (Arg *A = Args.getLastArg(OPT_mstack_alignment)) {
StringRef Val = A->getValue(); StringRef Val = A->getValue();
unsigned StackAlignment = Opts.StackAlignment; unsigned StackAlignment = Opts.StackAlignment;
Val.getAsInteger(10, StackAlignment); Val.getAsInteger(10, StackAlignment);
Opts.StackAlignment = StackAlignment; Opts.StackAlignment = StackAlignment;
▲ Show 20 LinesShow All 93 Lines▼ Show 20 Linesstatic bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
Opts.RewriteMapFiles = Args.getAllArgValues(OPT_frewrite_map_file); Opts.RewriteMapFiles = Args.getAllArgValues(OPT_frewrite_map_file);
// Parse -fsanitize-recover= arguments. // Parse -fsanitize-recover= arguments.
// FIXME: Report unrecoverable sanitizers incorrectly specified here. // FIXME: Report unrecoverable sanitizers incorrectly specified here.
parseSanitizerKinds("-fsanitize-recover=", parseSanitizerKinds("-fsanitize-recover=",
Args.getAllArgValues(OPT_fsanitize_recover_EQ), Diags, Args.getAllArgValues(OPT_fsanitize_recover_EQ), Diags,
Opts.SanitizeRecover); Opts.SanitizeRecover);
parseSanitizerKinds("-fsanitize-trap=",
Args.getAllArgValues(OPT_fsanitize_trap_EQ), Diags,
Opts.SanitizeTrap);
Opts.CudaGpuBinaryFileNames = Opts.CudaGpuBinaryFileNames =
Args.getAllArgValues(OPT_fcuda_include_gpubinary); Args.getAllArgValues(OPT_fcuda_include_gpubinary);
return Success; return Success;
} }
static void ParseDependencyOutputArgs(DependencyOutputOptions &Opts, static void ParseDependencyOutputArgs(DependencyOutputOptions &Opts,
▲ Show 20 LinesShow All 1,430 LinesShow Last 20 Lines

test/CodeGen/bounds-checking.c

// RUN: %clang_cc1 -fsanitize=local-bounds -emit-llvm -triple x86_64-apple-darwin10 %s -o - | FileCheck %s // RUN: %clang_cc1 -fsanitize=local-bounds -emit-llvm -triple x86_64-apple-darwin10 %s -o - | FileCheck %s
// RUN: %clang_cc1 -fsanitize=array-bounds -O -fsanitize-undefined-trap-on-error -emit-llvm -triple x86_64-apple-darwin10 -DNO_DYNAMIC %s -o - | FileCheck %s // RUN: %clang_cc1 -fsanitize=array-bounds -O -fsanitize-trap=array-bounds -emit-llvm -triple x86_64-apple-darwin10 -DNO_DYNAMIC %s -o - | FileCheck %s
// CHECK-LABEL: @f // CHECK-LABEL: @f
double f(int b, int i) { double f(int b, int i) {
double a[b]; double a[b];
// CHECK: call {{.*}} @llvm.trap // CHECK: call {{.*}} @llvm.trap
return a[i]; return a[i];
} }
Show All 19 Lines

test/CodeGen/catch-undef-behavior.c

// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-UBSAN // RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-UBSAN
// RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-TRAP // RUN: %clang_cc1 -fsanitize-trap=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-TRAP
// RUN: %clang_cc1 -fsanitize=null -fsanitize-recover=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL // RUN: %clang_cc1 -fsanitize=null -fsanitize-recover=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
// RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW // RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
// REQUIRES: asserts // REQUIRES: asserts
// CHECK-UBSAN: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" } // CHECK-UBSAN: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" }
// FIXME: When we only emit each type once, use [[INT]] more below. // FIXME: When we only emit each type once, use [[INT]] more below.
// CHECK-UBSAN: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i64 4, i8 1 // CHECK-UBSAN: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i64 4, i8 1
▲ Show 20 LinesShow All 407 LinesShow Last 20 Lines

test/CodeGen/sanitize-trap.c

  • This file was added.
// RUN: %clang_cc1 -emit-llvm -o - %s -fsanitize=signed-integer-overflow,integer-divide-by-zero -fsanitize-trap=integer-divide-by-zero | FileCheck %s
int f(int x, int y) {
// CHECK: %[[B1:.*]] = icmp ne i32 %[[D:.*]], 0
// CHECK: %[[B2:.*]] = icmp ne i32 %[[N:.*]], -2147483648
// CHECK: %[[B3:.*]] = icmp ne i32 %[[D]], -1
// CHECK: %[[B4:.*]] = or i1 %[[B2]], %[[B3]]
// CHECK: br i1 %[[B1]], label %[[L1:[0-9a-z_.]*]], label %[[L2:[0-9a-z_.]*]]
// CHECK: [[L2]]
// CHECK-NEXT: call void @llvm.trap()
// CHECK-NEXT: unreachable
// CHECK: [[L1]]
// CHECK-NEXT: br i1 %[[B4]], label %[[L3:[0-9a-z_.]*]], label %[[L4:[0-9a-z_.]*]]
// CHECK: [[L4]]
// CHECK-NEXT: zext
// CHECK-NEXT: zext
// CHECK-NEXT: __ubsan_handle_divrem_overflow
// CHECK: [[L3]]
// CHECK-NEXT: sdiv i32 %[[N]], %[[D]]
return x / y;
}

test/Driver/fsanitize.c

// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-trap=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){17}"}} // CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute|function),?){18}"}}
// CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error" // CHECK-UNDEFINED-TRAP: "-fsanitize-trap={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute|function),?){18}.}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){19}"}} // CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){19}"}}
// RUN: %clang -target x86_64-apple-darwin10 -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN // RUN: %clang -target x86_64-apple-darwin10 -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN
// CHECK-UNDEFINED-DARWIN: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}} // CHECK-UNDEFINED-DARWIN: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER
Show All 9 Lines
// CHECK-FNO-SANITIZE-ALL: "-fsanitize=thread" // CHECK-FNO-SANITIZE-ALL: "-fsanitize=thread"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|array-bounds|returns-nonnull-attribute|nonnull-attribute),?){15}"}} // CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|array-bounds|returns-nonnull-attribute|nonnull-attribute),?){15}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=shift -fno-sanitize=shift-base %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-FSANITIZE-SHIFT-PARTIAL // RUN: %clang -target x86_64-linux-gnu -fsanitize=shift -fno-sanitize=shift-base %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-FSANITIZE-SHIFT-PARTIAL
// CHECK-FSANITIZE-SHIFT-PARTIAL: "-fsanitize=shift-exponent" // CHECK-FSANITIZE-SHIFT-PARTIAL: "-fsanitize=shift-exponent"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-trap=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-TRAP-UNDEF
// CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error' // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-TRAP-UNDEF
// CHECK-VPTR-TRAP-UNDEF: error: invalid argument '-fsanitize=vptr' not allowed with '-fsanitize-trap=undefined'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR
// CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR: '-fsanitize=vptr' not allowed with '-fsanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
// CHECK-VPTR-NO-RTTI: '-fsanitize=vptr' not allowed with '-fno-rtti' // CHECK-VPTR-NO-RTTI: '-fsanitize=vptr' not allowed with '-fno-rtti'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-NO-RTTI // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-NO-RTTI
// CHECK-UNDEFINED-NO-RTTI-NOT: vptr // CHECK-UNDEFINED-NO-RTTI-NOT: vptr
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address,thread -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANA-SANT // RUN: %clang -target x86_64-linux-gnu -fsanitize=address,thread -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANA-SANT
▲ Show 20 LinesShow All 151 Lines▼ Show 20 Lines
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-nvcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NVCALL // RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-nvcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NVCALL
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-vcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-VCALL // RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-vcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-VCALL
// CHECK-CFI: -emit-llvm-bc{{.*}}-fsanitize=cfi-derived-cast,cfi-unrelated-cast,cfi-nvcall,cfi-vcall // CHECK-CFI: -emit-llvm-bc{{.*}}-fsanitize=cfi-derived-cast,cfi-unrelated-cast,cfi-nvcall,cfi-vcall
// CHECK-CFI-DCAST: -emit-llvm-bc{{.*}}-fsanitize=cfi-derived-cast // CHECK-CFI-DCAST: -emit-llvm-bc{{.*}}-fsanitize=cfi-derived-cast
// CHECK-CFI-UCAST: -emit-llvm-bc{{.*}}-fsanitize=cfi-unrelated-cast // CHECK-CFI-UCAST: -emit-llvm-bc{{.*}}-fsanitize=cfi-unrelated-cast
// CHECK-CFI-NVCALL: -emit-llvm-bc{{.*}}-fsanitize=cfi-nvcall // CHECK-CFI-NVCALL: -emit-llvm-bc{{.*}}-fsanitize=cfi-nvcall
// CHECK-CFI-VCALL: -emit-llvm-bc{{.*}}-fsanitize=cfi-vcall // CHECK-CFI-VCALL: -emit-llvm-bc{{.*}}-fsanitize=cfi-vcall
// RUN: %clang -target x86_64-linux-gnu -fsanitize-trap=address -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-TRAP
// CHECK-ASAN-TRAP: error: unsupported argument 'address' to option '-fsanitize-trap'
// RUN: %clang_cl -fsanitize=address -c -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MD -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MD -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MT -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MT -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -LD -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -LD -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// CHECK-ASAN-DEBUGRTL: error: invalid argument // CHECK-ASAN-DEBUGRTL: error: invalid argument
// CHECK-ASAN-DEBUGRTL: not allowed with '-fsanitize=address' // CHECK-ASAN-DEBUGRTL: not allowed with '-fsanitize=address'
Show All 21 Lines