This is an archive of the discontinued LLVM Phabricator instance.

Differential D20347

Add support to clang-cl driver for /GS switch
ClosedPublic

Authored by etienneb on May 17 2016, 5:57 PM.

Details

Reviewers
hans
rnk
Commits
rGe28e7f234d6d: Add support to clang-cl driver for /GS switch
rC272832: Add support to clang-cl driver for /GS switch
rL272832: Add support to clang-cl driver for /GS switch
Summary

This patch is adding command-line support for the MSVC buffer security check.

The buffer security check is turned on with the '/GS' compiler switch.
https://msdn.microsoft.com/en-us/library/8dbf701c.aspx

The MSVC buffer security check in implemented here:
http://reviews.llvm.org/D20346

Diff Detail

Event Timeline

etienneb updated this revision to Diff 57545.May 17 2016, 5:57 PM
etienneb retitled this revision from to [draft] Prototyping GS on MSVC: plug the command-line switch..
etienneb updated this object.
etienneb updated this revision to Diff 57548.May 17 2016, 6:09 PM

nits

etienneb updated this revision to Diff 57550.May 17 2016, 6:12 PM

revert

etienneb retitled this revision from [draft] Prototyping GS on MSVC: plug the command-line switch. to Add support to clang-cl driver for /GS switch.May 18 2016, 9:39 AM
etienneb updated this object.
etienneb updated this object.
etienneb updated this revision to Diff 58460.May 25 2016, 11:10 AM
etienneb updated this object.

turn /GS on by default

etienneb added subscribers: thakis, hans, rnk.May 25 2016, 11:11 AM
hans added a comment.May 25 2016, 11:18 AM

The approach looks good, but please add tests (probably in test/Driver/cl-options.c).

include/clang/Driver/CLCompatOptions.td
81

The description is not super informative, but it does match the MSVC description (except in the command-line options listing they say "Buffers security check".

Would it make more sense to call it something like stack canary, cookie, protector?

lib/Driver/Tools.cpp
9990

Why is this needed?

etienneb updated this revision to Diff 58475.May 25 2016, 12:53 PM

fix hans@ comments

etienneb updated this revision to Diff 58483.May 25 2016, 1:01 PM

add unittests

etienneb added a comment.May 25 2016, 1:02 PM

added unittests. Should be fine now.

lib/Driver/Tools.cpp
9990

copy paste bug!
Good catch.

hans added a comment.May 25 2016, 1:17 PM

Please also add a test in test/Driver/cl-options.c which tests that /GS causes the correct flag to be passed to the cc1 invocation, that it happens by default, and that /GS- makes it go away.

etienneb updated this revision to Diff 58497.May 25 2016, 1:46 PM

more tests

hans accepted this revision.May 25 2016, 1:50 PM
hans added a reviewer: hans.

lgtm with comments addressed

test/Driver/cl-options.c
62

I'd suggest a test that checks that it's on by default too. You can reuse the same -check-prefix:

// RUN: %clang_cl -### -- %s 2>&1 | FileCheck -check-prefix=GS %s

Also, shouldn't the checks below be for "--stack-protector 2" or something, since we're enabling the strong level?

This revision is now accepted and ready to land.May 25 2016, 1:50 PM
etienneb edited edge metadata.May 25 2016, 1:54 PM
etienneb added a subscriber: cfe-commits.
etienneb updated this revision to Diff 58502.May 25 2016, 2:04 PM
etienneb marked an inline comment as done.

more tests

etienneb added a comment.May 25 2016, 2:05 PM

This patch needs land after http://reviews.llvm.org/D20346.
thx for the review.

etienneb added a subscriber: chrisha.Jun 9 2016, 10:56 AM
hans added a comment.Jun 9 2016, 11:36 AM

Is this waiting for anything more now that http://reviews.llvm.org/D20346 has landed?

thakis added a comment.Jun 9 2016, 11:58 AM

probably at least the "the XOR with RSP/EBP/ESP" bit still (and maybe EH function upgrades instead of bailing)

lib/Driver/Tools.cpp
9990

To pass on /GS- to the fallback compiler when needed, I suppose.

rnk accepted this revision.Jun 15 2016, 11:38 AM
rnk added a reviewer: rnk.

lgtm

Surely this is going to break something, but let's throw the switch and find out.

etienneb closed this revision.Jun 15 2016, 1:41 PM

Revision Contents

PathSize
include/
clang/
Driver/
4 lines
lib/
Driver/
13 lines
test/
Driver/
7 lines
10 lines

Diff 58502

include/clang/Driver/CLCompatOptions.td

Show First 20 LinesShow All 71 Lines▼ Show 20 Linesdef _SLASH_fp_precise : CLFlag<"fp:precise">,
HelpText<"">, Alias<fno_fast_math>; HelpText<"">, Alias<fno_fast_math>;
def _SLASH_fp_strict : CLFlag<"fp:strict">, HelpText<"">, Alias<fno_fast_math>; def _SLASH_fp_strict : CLFlag<"fp:strict">, HelpText<"">, Alias<fno_fast_math>;
def _SLASH_GA : CLFlag<"GA">, Alias<ftlsmodel_EQ>, AliasArgs<["local-exec"]>, def _SLASH_GA : CLFlag<"GA">, Alias<ftlsmodel_EQ>, AliasArgs<["local-exec"]>,
HelpText<"Assume thread-local variables are defined in the executable">; HelpText<"Assume thread-local variables are defined in the executable">;
def _SLASH_GR : CLFlag<"GR">, HelpText<"Enable emission of RTTI data">; def _SLASH_GR : CLFlag<"GR">, HelpText<"Enable emission of RTTI data">;
def _SLASH_GR_ : CLFlag<"GR-">, HelpText<"Disable emission of RTTI data">; def _SLASH_GR_ : CLFlag<"GR-">, HelpText<"Disable emission of RTTI data">;
def _SLASH_GF_ : CLFlag<"GF-">, HelpText<"Disable string pooling">, def _SLASH_GF_ : CLFlag<"GF-">, HelpText<"Disable string pooling">,
Alias<fwritable_strings>; Alias<fwritable_strings>;
def _SLASH_GS : CLFlag<"GS">, HelpText<"Enable buffer security check">;
def _SLASH_GS_ : CLFlag<"GS-">, HelpText<"Disable buffer security check">;
hansUnsubmitted
Not Done
ReplyInline Actions

The description is not super informative, but it does match the MSVC description (except in the command-line options listing they say "Buffers security check".

Would it make more sense to call it something like stack canary, cookie, protector?

hans: The description is not super informative, but it does match the MSVC description (except in the…
def _SLASH_Gs : CLJoined<"Gs">, HelpText<"Set stack probe size">, def _SLASH_Gs : CLJoined<"Gs">, HelpText<"Set stack probe size">,
Alias<mstack_probe_size>; Alias<mstack_probe_size>;
def _SLASH_Gy : CLFlag<"Gy">, HelpText<"Put each function in its own section">, def _SLASH_Gy : CLFlag<"Gy">, HelpText<"Put each function in its own section">,
Alias<ffunction_sections>; Alias<ffunction_sections>;
def _SLASH_Gy_ : CLFlag<"Gy-">, def _SLASH_Gy_ : CLFlag<"Gy-">,
HelpText<"Don't put each function in its own section">, HelpText<"Don't put each function in its own section">,
Alias<fno_function_sections>; Alias<fno_function_sections>;
def _SLASH_Gw : CLFlag<"Gw">, HelpText<"Put each data item in its own section">, def _SLASH_Gw : CLFlag<"Gw">, HelpText<"Put each data item in its own section">,
▲ Show 20 LinesShow All 194 Lines▼ Show 20 Lines
def _SLASH_cgthreads : CLIgnoredJoined<"cgthreads">; def _SLASH_cgthreads : CLIgnoredJoined<"cgthreads">;
def _SLASH_d2FastFail : CLIgnoredFlag<"d2FastFail">; def _SLASH_d2FastFail : CLIgnoredFlag<"d2FastFail">;
def _SLASH_d2Zi_PLUS : CLIgnoredFlag<"d2Zi+">; def _SLASH_d2Zi_PLUS : CLIgnoredFlag<"d2Zi+">;
def _SLASH_errorReport : CLIgnoredJoined<"errorReport">; def _SLASH_errorReport : CLIgnoredJoined<"errorReport">;
def _SLASH_Fd : CLIgnoredJoined<"Fd">; def _SLASH_Fd : CLIgnoredJoined<"Fd">;
def _SLASH_FC : CLIgnoredFlag<"FC">; def _SLASH_FC : CLIgnoredFlag<"FC">;
def _SLASH_FS : CLIgnoredFlag<"FS">, HelpText<"Force synchronous PDB writes">; def _SLASH_FS : CLIgnoredFlag<"FS">, HelpText<"Force synchronous PDB writes">;
def _SLASH_GF : CLIgnoredFlag<"GF">; def _SLASH_GF : CLIgnoredFlag<"GF">;
def _SLASH_GS_ : CLIgnoredFlag<"GS-">;
def _SLASH_kernel_ : CLIgnoredFlag<"kernel-">; def _SLASH_kernel_ : CLIgnoredFlag<"kernel-">;
def _SLASH_nologo : CLIgnoredFlag<"nologo">; def _SLASH_nologo : CLIgnoredFlag<"nologo">;
def _SLASH_Ob1 : CLIgnoredFlag<"Ob1">; def _SLASH_Ob1 : CLIgnoredFlag<"Ob1">;
def _SLASH_Og : CLIgnoredFlag<"Og">; def _SLASH_Og : CLIgnoredFlag<"Og">;
def _SLASH_openmp_ : CLIgnoredFlag<"openmp-">; def _SLASH_openmp_ : CLIgnoredFlag<"openmp-">;
def _SLASH_RTC : CLIgnoredJoined<"RTC">; def _SLASH_RTC : CLIgnoredJoined<"RTC">;
def _SLASH_sdl : CLIgnoredFlag<"sdl">; def _SLASH_sdl : CLIgnoredFlag<"sdl">;
def _SLASH_sdl_ : CLIgnoredFlag<"sdl-">; def _SLASH_sdl_ : CLIgnoredFlag<"sdl-">;
Show All 25 Lines
def _SLASH_G2 : CLFlag<"G2">; def _SLASH_G2 : CLFlag<"G2">;
def _SLASH_Ge : CLFlag<"Ge">; def _SLASH_Ge : CLFlag<"Ge">;
def _SLASH_Gh : CLFlag<"Gh">; def _SLASH_Gh : CLFlag<"Gh">;
def _SLASH_GH : CLFlag<"GH">; def _SLASH_GH : CLFlag<"GH">;
def _SLASH_GL : CLFlag<"GL">; def _SLASH_GL : CLFlag<"GL">;
def _SLASH_GL_ : CLFlag<"GL-">; def _SLASH_GL_ : CLFlag<"GL-">;
def _SLASH_Gm : CLFlag<"Gm">; def _SLASH_Gm : CLFlag<"Gm">;
def _SLASH_Gm_ : CLFlag<"Gm-">; def _SLASH_Gm_ : CLFlag<"Gm-">;
def _SLASH_GS : CLFlag<"GS">;
def _SLASH_GT : CLFlag<"GT">; def _SLASH_GT : CLFlag<"GT">;
def _SLASH_Guard : CLJoined<"guard:">; def _SLASH_Guard : CLJoined<"guard:">;
def _SLASH_GZ : CLFlag<"GZ">; def _SLASH_GZ : CLFlag<"GZ">;
def _SLASH_H : CLFlag<"H">; def _SLASH_H : CLFlag<"H">;
def _SLASH_homeparams : CLFlag<"homeparams">; def _SLASH_homeparams : CLFlag<"homeparams">;
def _SLASH_hotpatch : CLFlag<"hotpatch">; def _SLASH_hotpatch : CLFlag<"hotpatch">;
def _SLASH_kernel : CLFlag<"kernel">; def _SLASH_kernel : CLFlag<"kernel">;
def _SLASH_LN : CLFlag<"LN">; def _SLASH_LN : CLFlag<"LN">;
Show All 20 Lines

lib/Driver/Tools.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 6,140 Lines▼ Show 20 Lines if (!Args.hasArg(options::OPT_E) && !Args.hasArg(options::OPT__SLASH_EP))
if (Arg *A = Args.getLastArg(options::OPT_show_includes)) if (Arg *A = Args.getLastArg(options::OPT_show_includes))
A->render(Args, CmdArgs); A->render(Args, CmdArgs);
// This controls whether or not we emit RTTI data for polymorphic types. // This controls whether or not we emit RTTI data for polymorphic types.
if (Args.hasFlag(options::OPT__SLASH_GR_, options::OPT__SLASH_GR, if (Args.hasFlag(options::OPT__SLASH_GR_, options::OPT__SLASH_GR,
/*default=*/false)) /*default=*/false))
CmdArgs.push_back("-fno-rtti-data"); CmdArgs.push_back("-fno-rtti-data");
// This controls whether or not we emit stack-protector instrumentation.
// In MSVC, Buffer Security Check (/GS) is on by default.
if (Args.hasFlag(options::OPT__SLASH_GS, options::OPT__SLASH_GS_,
/*default=*/true)) {
CmdArgs.push_back("-stack-protector");
CmdArgs.push_back(Args.MakeArgString(Twine(LangOptions::SSPStrong)));
}
// Emit CodeView if -Z7 is present. // Emit CodeView if -Z7 is present.
*EmitCodeView = Args.hasArg(options::OPT__SLASH_Z7); *EmitCodeView = Args.hasArg(options::OPT__SLASH_Z7);
if (*EmitCodeView) if (*EmitCodeView)
*DebugInfoKind = codegenoptions::LimitedDebugInfo; *DebugInfoKind = codegenoptions::LimitedDebugInfo;
if (*EmitCodeView) if (*EmitCodeView)
CmdArgs.push_back("-gcodeview"); CmdArgs.push_back("-gcodeview");
const Driver &D = getToolChain().getDriver(); const Driver &D = getToolChain().getDriver();
▲ Show 20 LinesShow All 3,814 Lines▼ Show 20 Lines if (!Args.hasArg(options::OPT_fwritable_strings))
CmdArgs.push_back("/GF"); CmdArgs.push_back("/GF");
// Flags for which clang-cl has an alias. // Flags for which clang-cl has an alias.
// FIXME: How can we ensure this stays in sync with relevant clang-cl options? // FIXME: How can we ensure this stays in sync with relevant clang-cl options?
if (Args.hasFlag(options::OPT__SLASH_GR_, options::OPT__SLASH_GR, if (Args.hasFlag(options::OPT__SLASH_GR_, options::OPT__SLASH_GR,
/*default=*/false)) /*default=*/false))
CmdArgs.push_back("/GR-"); CmdArgs.push_back("/GR-");
if (Args.hasFlag(options::OPT__SLASH_GS_, options::OPT__SLASH_GS,
/*default=*/false))
CmdArgs.push_back("/GS-");
hansUnsubmitted
Not Done
ReplyInline Actions

Why is this needed?

hans: Why is this needed?
etiennebAuthorUnsubmitted
Not Done
ReplyInline Actions

copy paste bug!
Good catch.

etienneb: copy paste bug! Good catch.
thakisUnsubmitted
Not Done
ReplyInline Actions

To pass on /GS- to the fallback compiler when needed, I suppose.

thakis: To pass on /GS- to the fallback compiler when needed, I suppose.
if (Arg *A = Args.getLastArg(options::OPT_ffunction_sections, if (Arg *A = Args.getLastArg(options::OPT_ffunction_sections,
options::OPT_fno_function_sections)) options::OPT_fno_function_sections))
CmdArgs.push_back(A->getOption().getID() == options::OPT_ffunction_sections CmdArgs.push_back(A->getOption().getID() == options::OPT_ffunction_sections
? "/Gy" ? "/Gy"
: "/Gy-"); : "/Gy-");
if (Arg *A = Args.getLastArg(options::OPT_fdata_sections, if (Arg *A = Args.getLastArg(options::OPT_fdata_sections,
options::OPT_fno_data_sections)) options::OPT_fno_data_sections))
CmdArgs.push_back( CmdArgs.push_back(
▲ Show 20 LinesShow All 1,094 LinesShow Last 20 Lines

test/Driver/cl-fallback.c

// Note: %s must be preceded by --, otherwise it may be interpreted as a // Note: %s must be preceded by --, otherwise it may be interpreted as a
// command-line option, e.g. on Mac where %s is commonly under /Users. // command-line option, e.g. on Mac where %s is commonly under /Users.
// RUN: %clang_cl --target=i686-pc-win32 /fallback /Dfoo=bar /Ubaz /Ifoo /O0 /Ox /GR /GR- /Gy /Gy- \ // RUN: %clang_cl --target=i686-pc-win32 /fallback /Dfoo=bar /Ubaz /Ifoo /O0 /Ox /GR /GR- /GS /GS- /Gy /Gy- \
// RUN: /Gw /Gw- /LD /LDd /EHs /EHs- /Zl /MD /MDd /MTd /MT /FImyheader.h /Zi \ // RUN: /Gw /Gw- /LD /LDd /EHs /EHs- /Zl /MD /MDd /MTd /MT /FImyheader.h /Zi \
// RUN: -garbage -moregarbage \ // RUN: -garbage -moregarbage \
// RUN: -### -- %s 2>&1 \ // RUN: -### -- %s 2>&1 \
// RUN: | FileCheck %s // RUN: | FileCheck %s
// CHECK: "-fdiagnostics-format" "msvc-fallback" // CHECK: "-fdiagnostics-format" "msvc-fallback"
// CHECK: || // CHECK: ||
// CHECK: cl.exe // CHECK: cl.exe
// CHECK: "/nologo" // CHECK: "/nologo"
// CHECK: "/c" // CHECK: "/c"
// CHECK: "/W0" // CHECK: "/W0"
// CHECK: "-D" "foo=bar" // CHECK: "-D" "foo=bar"
// CHECK: "-U" "baz" // CHECK: "-U" "baz"
// CHECK: "-I" "foo" // CHECK: "-I" "foo"
// CHECK: "/Oi" // CHECK: "/Oi"
// CHECK: "/Og" // CHECK: "/Og"
// CHECK: "/Ot" // CHECK: "/Ot"
// CHECK: "/Ob2" // CHECK: "/Ob2"
// CHECK: "/Oy" // CHECK: "/Oy"
// CHECK: "/GF" // CHECK: "/GF"
// CHECK: "/GR-" // CHECK: "/GR-"
// CHECK: "/GS-"
// CHECK: "/Gy-" // CHECK: "/Gy-"
// CHECK: "/Gw-" // CHECK: "/Gw-"
// CHECK: "/Z7" // CHECK: "/Z7"
// CHECK: "/FImyheader.h" // CHECK: "/FImyheader.h"
// CHECK: "/LD" // CHECK: "/LD"
// CHECK: "/LDd" // CHECK: "/LDd"
// CHECK: "/EHs" // CHECK: "/EHs"
// CHECK: "/EHs-" // CHECK: "/EHs-"
// CHECK: "/Zl" // CHECK: "/Zl"
// CHECK: "/MT" // CHECK: "/MT"
// CHECK: "-garbage" // CHECK: "-garbage"
// CHECK: "-moregarbage" // CHECK: "-moregarbage"
// CHECK: "/Tc" "{{.*cl-fallback.c}}" // CHECK: "/Tc" "{{.*cl-fallback.c}}"
// CHECK: "/Fo{{.*cl-fallback.*.obj}}" // CHECK: "/Fo{{.*cl-fallback.*.obj}}"
// RUN: %clang_cl /fallback /GR- -### -- %s 2>&1 | FileCheck -check-prefix=GR %s // RUN: %clang_cl /fallback /GR- -### -- %s 2>&1 | FileCheck -check-prefix=GR %s
// GR: cl.exe // GR: cl.exe
// GR: "/GR-" // GR: "/GR-"
// RUN: %clang_cl /fallback /GS- -### -- %s 2>&1 | FileCheck -check-prefix=GS %s
// GS: cl.exe
// GS: "/GS-"
// RUN: %clang_cl /fallback /Od -### -- %s 2>&1 | FileCheck -check-prefix=O0 %s // RUN: %clang_cl /fallback /Od -### -- %s 2>&1 | FileCheck -check-prefix=O0 %s
// O0: cl.exe // O0: cl.exe
// O0: "/Od" // O0: "/Od"
// RUN: %clang_cl --target=i686-pc-win32 /fallback /O1 -### -- %s 2>&1 | FileCheck -check-prefix=O1 %s // RUN: %clang_cl --target=i686-pc-win32 /fallback /O1 -### -- %s 2>&1 | FileCheck -check-prefix=O1 %s
// O1: cl.exe // O1: cl.exe
// O1: "/Og" "/Os" "/Ob2" "/Oy" "/GF" "/Gy" // O1: "/Og" "/Os" "/Ob2" "/Oy" "/GF" "/Gy"
// RUN: %clang_cl --target=i686-pc-win32 /fallback /O2 -### -- %s 2>&1 | FileCheck -check-prefix=O2 %s // RUN: %clang_cl --target=i686-pc-win32 /fallback /O2 -### -- %s 2>&1 | FileCheck -check-prefix=O2 %s
// O2: cl.exe // O2: cl.exe
Show All 32 Lines

test/Driver/cl-options.c

Show First 20 LinesShow All 53 Lines▼ Show 20 Lines
// GA: -ftls-model=local-exec // GA: -ftls-model=local-exec
// RTTI is on by default; just check that we don't error. // RTTI is on by default; just check that we don't error.
// RUN: %clang_cl /Zs /GR -- %s 2>&1 // RUN: %clang_cl /Zs /GR -- %s 2>&1
// RUN: %clang_cl /GR- -### -- %s 2>&1 | FileCheck -check-prefix=GR_ %s // RUN: %clang_cl /GR- -### -- %s 2>&1 | FileCheck -check-prefix=GR_ %s
// GR_: -fno-rtti // GR_: -fno-rtti
// Security Buffer Check is on by default.
hansUnsubmitted
Done
ReplyInline Actions

I'd suggest a test that checks that it's on by default too. You can reuse the same -check-prefix:

// RUN: %clang_cl -### -- %s 2>&1 | FileCheck -check-prefix=GS %s

Also, shouldn't the checks below be for "--stack-protector 2" or something, since we're enabling the strong level?

hans: I'd suggest a test that checks that it's on by default too. You can reuse the same -check…
// RUN: %clang_cl -### -- %s 2>&1 | FileCheck -check-prefix=GS-default %s
// GS-default: "-stack-protector" "2"
// RUN: %clang_cl /GS -### -- %s 2>&1 | FileCheck -check-prefix=GS %s
// GS: "-stack-protector" "2"
// RUN: %clang_cl /GS- -### -- %s 2>&1 | FileCheck -check-prefix=GS_ %s
// GS_-NOT: -stack-protector
// RUN: %clang_cl /Gy -### -- %s 2>&1 | FileCheck -check-prefix=Gy %s // RUN: %clang_cl /Gy -### -- %s 2>&1 | FileCheck -check-prefix=Gy %s
// Gy: -ffunction-sections // Gy: -ffunction-sections
// RUN: %clang_cl /Gy /Gy- -### -- %s 2>&1 | FileCheck -check-prefix=Gy_ %s // RUN: %clang_cl /Gy /Gy- -### -- %s 2>&1 | FileCheck -check-prefix=Gy_ %s
// Gy_-NOT: -ffunction-sections // Gy_-NOT: -ffunction-sections
// RUN: %clang_cl /Gs -### -- %s 2>&1 | FileCheck -check-prefix=Gs %s // RUN: %clang_cl /Gs -### -- %s 2>&1 | FileCheck -check-prefix=Gs %s
// Gs: "-mstack-probe-size=0" // Gs: "-mstack-probe-size=0"
▲ Show 20 LinesShow All 403 LinesShow Last 20 Lines