This is an archive of the discontinued LLVM Phabricator instance.

Differential D5676

Add experimental clang/driver flag -fsanitize-address-field-padding=N
ClosedPublic

Authored by kcc on Oct 8 2014, 11:50 AM.

Details

Reviewers
samsonov
Commits
rGaed71a89bc0a: Add experimental clang/driver flag -fsanitize-address-field-padding=N
rC219417: Add experimental clang/driver flag -fsanitize-address-field-padding=N
rL219417: Add experimental clang/driver flag -fsanitize-address-field-padding=N
Summary

This change adds an experimental flag -fsanitize-address-field-padding=N (0, 1, 2)
to clang and driver. With this flag ASAN will be able to detect some cases of
intra-object-overflow bugs,
see https://code.google.com/p/address-sanitizer/wiki/IntraObjectOverflow

There is no actual functionality here yet, just the flag parsing.
The functionality is being reviewed at http://reviews.llvm.org/D5687

Diff Detail

Event Timeline

kcc updated this revision to Diff 14587.Oct 8 2014, 11:50 AM
kcc retitled this revision from to Add experimental clang/driver flag -fsanitize-address-field-padding=N.
kcc updated this object.
kcc edited the test plan for this revision. (Show Details)
kcc added a reviewer: samsonov.
kcc added a subscriber: Unknown Object (MLST).
samsonov edited edge metadata.Oct 8 2014, 4:30 PM

What "level of field padding" is, at all? My best guess is "-fsanitize-address-field-padding=1" is "less aggressive", and "2" is "more aggressive". Can you clarify it somewhere (in LangOptions header?) You may also introduce a enum in LangOptions (smth. ike LangOptions::StackProtectorMode).

Please add a test case to test/Driver/fsanitize.c

include/clang/Basic/LangOptions.h
29

Why not AsanFieldPadding (or at least SanitizeAddressFieldPadding, or AddressSanitizerFieldPadding)?

lib/Driver/SanitizerArgs.cpp
171

Comment doesn't match the code.

kcc updated this revision to Diff 14618.Oct 8 2014, 5:30 PM
kcc edited edge metadata.

addressed all comments, PTAL

samsonov accepted this revision.Oct 8 2014, 5:39 PM
samsonov edited edge metadata.

LGTM.
Please commit this together with http://reviews.llvm.org/D5687, so that we don't have unused flags lying around.

lib/Driver/SanitizerArgs.cpp
30

Put this one line above, to respect the order of declaration.

This revision is now accepted and ready to land.Oct 8 2014, 5:39 PM
kcc updated this revision to Diff 14619.Oct 8 2014, 6:23 PM
kcc edited edge metadata.

I actually wanted to commit this separately to disentangle
the review process. It may actually require some additional changes in flags.

samsonov added a comment.Oct 9 2014, 10:42 AM

Sure, feel free to proceed with this change, and just include the links to the other review threads in the commit message.

kcc added a comment.Oct 9 2014, 10:44 AM

I deliberately did not document the flags in this CL because I don't know what the end state will be.
Maybe we can end up with just one flag, maybe several levels of aggressiveness, maybe even several independent predicates.
This will remain experimental for several months and should not be exposed to users (except for the brave ones)

kcc updated this object.Oct 9 2014, 11:02 AM
kcc closed this revision.Oct 9 2014, 11:03 AM

Revision Contents

PathSize
include/
clang/
Basic/
3 lines
Driver/
3 lines
1 line
lib/
Driver/
14 lines
Frontend/
3 lines
test/
Driver/
11 lines

Diff 14619

include/clang/Basic/LangOptions.h

Show All 20 Lines
#include "clang/Basic/Visibility.h" #include "clang/Basic/Visibility.h"
#include <string> #include <string>
namespace clang { namespace clang {
struct SanitizerOptions { struct SanitizerOptions {
#define SANITIZER(NAME, ID) unsigned ID : 1; #define SANITIZER(NAME, ID) unsigned ID : 1;
#include "clang/Basic/Sanitizers.def" #include "clang/Basic/Sanitizers.def"
/// \brief Controls how agressive is asan field padding (0: none, 1: least
samsonovUnsubmitted
Not Done
ReplyInline Actions

Why not AsanFieldPadding (or at least SanitizeAddressFieldPadding, or AddressSanitizerFieldPadding)?

samsonov: Why not AsanFieldPadding (or at least SanitizeAddressFieldPadding, or…
/// aggressive, 2: more aggressive).
unsigned SanitizeAddressFieldPadding : 2;
/// \brief Cached set of sanitizer options with all sanitizers disabled. /// \brief Cached set of sanitizer options with all sanitizers disabled.
static const SanitizerOptions Disabled; static const SanitizerOptions Disabled;
}; };
/// Bitfields of LangOptions, split out from LangOptions in order to ensure that /// Bitfields of LangOptions, split out from LangOptions in order to ensure that
/// this large collection of bitfields is a trivial class type. /// this large collection of bitfields is a trivial class type.
class LangOptionsBase { class LangOptionsBase {
▲ Show 20 LinesShow All 122 LinesShow Last 20 Lines

include/clang/Driver/Options.td

Show First 20 LinesShow All 520 Lines▼ Show 20 Linesdef fsanitize_memory_track_origins_EQ : Joined<["-"], "fsanitize-memory-track-origins=">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Enable origins tracking in MemorySanitizer">; HelpText<"Enable origins tracking in MemorySanitizer">;
def fsanitize_memory_track_origins : Flag<["-"], "fsanitize-memory-track-origins">, def fsanitize_memory_track_origins : Flag<["-"], "fsanitize-memory-track-origins">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Enable origins tracking in MemorySanitizer">; HelpText<"Enable origins tracking in MemorySanitizer">;
def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">, def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Disable origins tracking in MemorySanitizer">; HelpText<"Disable origins tracking in MemorySanitizer">;
def fsanitize_address_field_padding : Joined<["-"], "fsanitize-address-field-padding=">,
Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Level of field padding for AddressSanitizer">;
def fsanitize_recover : Flag<["-"], "fsanitize-recover">, def fsanitize_recover : Flag<["-"], "fsanitize-recover">,
Group<f_clang_Group>; Group<f_clang_Group>;
def fno_sanitize_recover : Flag<["-"], "fno-sanitize-recover">, def fno_sanitize_recover : Flag<["-"], "fno-sanitize-recover">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Disable sanitizer check recovery">; HelpText<"Disable sanitizer check recovery">;
def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">, def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">,
Group<f_clang_Group>, Flags<[CC1Option]>; Group<f_clang_Group>, Flags<[CC1Option]>;
def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">, def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">,
▲ Show 20 LinesShow All 1,277 LinesShow Last 20 Lines

include/clang/Driver/SanitizerArgs.h

Show First 20 LinesShow All 43 Lines▼ Show 20 Lines#include "clang/Basic/Sanitizers.def"
NotAllowedWithTrap = Vptr, NotAllowedWithTrap = Vptr,
HasZeroBaseShadow = Thread | Memory | DataFlow, HasZeroBaseShadow = Thread | Memory | DataFlow,
NeedsUnwindTables = Address | Thread | Memory | DataFlow NeedsUnwindTables = Address | Thread | Memory | DataFlow
}; };
unsigned Kind; unsigned Kind;
std::string BlacklistFile; std::string BlacklistFile;
int MsanTrackOrigins; int MsanTrackOrigins;
int AsanFieldPadding;
bool AsanZeroBaseShadow; bool AsanZeroBaseShadow;
bool UbsanTrapOnError; bool UbsanTrapOnError;
bool AsanSharedRuntime; bool AsanSharedRuntime;
bool LinkCXXRuntimes; bool LinkCXXRuntimes;
public: public:
/// Parses the sanitizer arguments from an argument list. /// Parses the sanitizer arguments from an argument list.
SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args); SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args);
▲ Show 20 LinesShow All 92 LinesShow Last 20 Lines

lib/Driver/SanitizerArgs.cpp

Show All 19 Lines
using namespace clang::driver; using namespace clang::driver;
using namespace llvm::opt; using namespace llvm::opt;
void SanitizerArgs::clear() { void SanitizerArgs::clear() {
Kind = 0; Kind = 0;
BlacklistFile = ""; BlacklistFile = "";
MsanTrackOrigins = 0; MsanTrackOrigins = 0;
AsanFieldPadding = 0;
AsanZeroBaseShadow = false; AsanZeroBaseShadow = false;
UbsanTrapOnError = false; UbsanTrapOnError = false;
samsonovUnsubmitted
Not Done
ReplyInline Actions

Put this one line above, to respect the order of declaration.

samsonov: Put this one line above, to respect the order of declaration.
AsanSharedRuntime = false; AsanSharedRuntime = false;
LinkCXXRuntimes = false; LinkCXXRuntimes = false;
} }
SanitizerArgs::SanitizerArgs(const ToolChain &TC, SanitizerArgs::SanitizerArgs(const ToolChain &TC,
const llvm::opt::ArgList &Args) { const llvm::opt::ArgList &Args) {
clear(); clear();
unsigned AllAdd = 0; // All kinds of sanitizers that were turned on unsigned AllAdd = 0; // All kinds of sanitizers that were turned on
▲ Show 20 LinesShow All 121 Lines▼ Show 20 LinesSanitizerArgs::SanitizerArgs(const ToolChain &TC,
} }
if (NeedsAsan) { if (NeedsAsan) {
AsanSharedRuntime = AsanSharedRuntime =
Args.hasArg(options::OPT_shared_libasan) || Args.hasArg(options::OPT_shared_libasan) ||
(TC.getTriple().getEnvironment() == llvm::Triple::Android); (TC.getTriple().getEnvironment() == llvm::Triple::Android);
AsanZeroBaseShadow = AsanZeroBaseShadow =
(TC.getTriple().getEnvironment() == llvm::Triple::Android); (TC.getTriple().getEnvironment() == llvm::Triple::Android);
if (Arg *A =
Args.getLastArg(options::OPT_fsanitize_address_field_padding)) {
StringRef S = A->getValue();
// Legal values are 0 and 1, 2, but in future we may add more levels.
samsonovUnsubmitted
Not Done
ReplyInline Actions

Comment doesn't match the code.

samsonov: Comment doesn't match the code.
if (S.getAsInteger(0, AsanFieldPadding) || AsanFieldPadding < 0 ||
AsanFieldPadding > 2) {
D.Diag(diag::err_drv_invalid_value) << A->getAsString(Args) << S;
}
}
} }
// Parse -link-cxx-sanitizer flag. // Parse -link-cxx-sanitizer flag.
LinkCXXRuntimes = LinkCXXRuntimes =
Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX(); Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
} }
void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args, void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args,
Show All 11 Lines if (!BlacklistFile.empty()) {
SmallString<64> BlacklistOpt("-fsanitize-blacklist="); SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
BlacklistOpt += BlacklistFile; BlacklistOpt += BlacklistFile;
CmdArgs.push_back(Args.MakeArgString(BlacklistOpt)); CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
} }
if (MsanTrackOrigins) if (MsanTrackOrigins)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
llvm::utostr(MsanTrackOrigins))); llvm::utostr(MsanTrackOrigins)));
if (AsanFieldPadding)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
llvm::utostr(AsanFieldPadding)));
// Workaround for PR16386. // Workaround for PR16386.
if (needsMsanRt()) if (needsMsanRt())
CmdArgs.push_back(Args.MakeArgString("-fno-assume-sane-operator-new")); CmdArgs.push_back(Args.MakeArgString("-fno-assume-sane-operator-new"));
} }
unsigned SanitizerArgs::parse(const char *Value) { unsigned SanitizerArgs::parse(const char *Value) {
unsigned ParsedKind = llvm::StringSwitch<SanitizeKind>(Value) unsigned ParsedKind = llvm::StringSwitch<SanitizeKind>(Value)
#define SANITIZER(NAME, ID) .Case(NAME, ID) #define SANITIZER(NAME, ID) .Case(NAME, ID)
▲ Show 20 LinesShow All 137 LinesShow Last 20 Lines

lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 1,622 Lines▼ Show 20 Lines
#include "clang/Basic/Sanitizers.def" #include "clang/Basic/Sanitizers.def"
case Unknown: case Unknown:
Diags.Report(diag::err_drv_invalid_value) Diags.Report(diag::err_drv_invalid_value)
<< "-fsanitize=" << Sanitizers[I]; << "-fsanitize=" << Sanitizers[I];
break; break;
} }
} }
// -fsanitize-address-field-padding=N has to be a LangOpt, parse it here.
Opts.Sanitize.SanitizeAddressFieldPadding =
getLastArgIntValue(Args, OPT_fsanitize_address_field_padding, 0, Diags);
} }
static void ParsePreprocessorArgs(PreprocessorOptions &Opts, ArgList &Args, static void ParsePreprocessorArgs(PreprocessorOptions &Opts, ArgList &Args,
FileManager &FileMgr, FileManager &FileMgr,
DiagnosticsEngine &Diags) { DiagnosticsEngine &Diags) {
using namespace options; using namespace options;
Opts.ImplicitPCHInclude = Args.getLastArgValue(OPT_include_pch); Opts.ImplicitPCHInclude = Args.getLastArgValue(OPT_include_pch);
Opts.ImplicitPTHInclude = Args.getLastArgValue(OPT_include_pth); Opts.ImplicitPTHInclude = Args.getLastArgValue(OPT_include_pth);
▲ Show 20 LinesShow All 419 LinesShow Last 20 Lines

test/Driver/fsanitize.c

Show First 20 LinesShow All 74 Lines▼ Show 20 Lines
// CHECK-NO-TRACK-ORIGINS-NOT: sanitize-memory-track-origins // CHECK-NO-TRACK-ORIGINS-NOT: sanitize-memory-track-origins
// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fsanitize-memory-track-origins=2 -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-2 // RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fsanitize-memory-track-origins=2 -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-2
// CHECK-TRACK-ORIGINS-2: -fsanitize-memory-track-origins=2 // CHECK-TRACK-ORIGINS-2: -fsanitize-memory-track-origins=2
// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fsanitize-memory-track-origins=3 -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-3 // RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fsanitize-memory-track-origins=3 -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-3
// CHECK-TRACK-ORIGINS-3: error: invalid value '3' in '-fsanitize-memory-track-origins=3' // CHECK-TRACK-ORIGINS-3: error: invalid value '3' in '-fsanitize-memory-track-origins=3'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-field-padding=0 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FIELD-PADDING-0
// CHECK-ASAN-FIELD-PADDING-0-NOT: -fsanitize-address-field-padding
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-field-padding=1 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FIELD-PADDING-1
// CHECK-ASAN-FIELD-PADDING-1: -fsanitize-address-field-padding=1
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-field-padding=2 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FIELD-PADDING-2
// CHECK-ASAN-FIELD-PADDING-2: -fsanitize-address-field-padding=2
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-field-padding=3 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FIELD-PADDING-3
// CHECK-ASAN-FIELD-PADDING-3: error: invalid value '3' in '-fsanitize-address-field-padding=3'
// RUN: %clang -target x86_64-linux-gnu -fsanitize-address-field-padding=2 %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FIELD-PADDING-NO-ASAN
// CHECK-ASAN-FIELD-PADDING-NO-ASAN: warning: argument unused during compilation: '-fsanitize-address-field-padding=2'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-sanitize=vptr -fsanitize=undefined,address %s -### 2>&1 // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-sanitize=vptr -fsanitize=undefined,address %s -### 2>&1
// OK // OK
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TSAN-NO-PIE // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TSAN-NO-PIE
// CHECK-TSAN-NO-PIE: "-mrelocation-model" "pic" "-pic-level" "2" "-pie-level" "2" // CHECK-TSAN-NO-PIE: "-mrelocation-model" "pic" "-pic-level" "2" "-pie-level" "2"
// CHECK-TSAN-NO-PIE: "-pie" // CHECK-TSAN-NO-PIE: "-pie"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MSAN-NO-PIE // RUN: %clang -target x86_64-linux-gnu -fsanitize=memory %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MSAN-NO-PIE
▲ Show 20 LinesShow All 54 LinesShow Last 20 Lines