This is an archive of the discontinued LLVM Phabricator instance.

Differential D130888

[Clang] Introduce -fexperimental-sanitize-metadata=
ClosedPublic

Authored by melver on Aug 1 2022, 2:00 AM.

Details

Reviewers
dvyukov
vitalybuka
eugenis
pcc
MaskRay
Commits
rGc4842bb2e98e: [Clang] Introduce -fexperimental-sanitize-metadata=
Summary

Introduces the frontend flag -fexperimental-sanitize-metadata=, which
enables SanitizerBinaryMetadata instrumentation.

The first intended user of the binary metadata emitted will be a variant
of GWP-TSan [1]. The plan is to open source a stable and production
quality version of GWP-TSan. The development of which, however, requires
upstream compiler support.

[1] https://llvm.org/devmtg/2020-09/slides/Morehouse-GWP-Tsan.pdf

Until the tool has been open sourced, we mark this kind of
instrumentation as "experimental", and reserve the option to change
binary format, remove features, and similar.

Depends on D130887

Diff Detail

Event Timeline

melver created this revision.Aug 1 2022, 2:00 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 1 2022, 2:01 AM
Herald added a subscriber: ormris. · View Herald Transcript
melver requested review of this revision.Aug 1 2022, 2:01 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 1 2022, 2:01 AM
Herald added subscribers: cfe-commits, MaskRay. · View Herald Transcript
Harbormaster completed remote builds in B178532: Diff 448957.Aug 1 2022, 4:39 AM
melver mentioned this in D130887: [SanitizerBinaryMetadata] Introduce SanitizerBinaryMetadata instrumentation pass.Aug 1 2022, 4:41 AM
melver added a reviewer: dvyukov.Aug 1 2022, 11:39 PM
MaskRay added inline comments.Aug 2 2022, 8:18 PM
clang/include/clang/Driver/Options.td
5506

Let CC1 options use the same spelling as the driver options.

clang/lib/Driver/SanitizerArgs.cpp
848

Use Args.getLastArg(...)

clang/test/Driver/fsanitize-metadata.c
2

This RUN line is redundant. For other opt-in features, we don't check that the cc1 command line doesn't have an option.

5

-target is legacy. Use --target=. If a feature isn't Linux specific, use --target=x86_64.

melver updated this revision to Diff 449671.Aug 3 2022, 8:21 AM
melver marked 4 inline comments as done.

Address comments.

clang/lib/Driver/SanitizerArgs.cpp
848

This won't work if someone does:

-fsanitize-metadata=feature1 -fsanitize-metadata=feature2

(instead of '-fsanitize-metadata=feature1,feature2')

Added a test case.

clang/test/Driver/fsanitize-metadata.c
2

I've made the negative-presence test more useful by checking -fno- option works.

Harbormaster completed remote builds in B179035: Diff 449671.Aug 3 2022, 9:05 AM
melver updated this revision to Diff 450043.Aug 4 2022, 10:12 AM

Rebase.

melver added reviewers: vitalybuka, eugenis, pcc, MaskRay.Aug 4 2022, 10:36 AM
Herald added a subscriber: StephenFan. · View Herald TranscriptAug 4 2022, 10:36 AM
Harbormaster completed remote builds in B179328: Diff 450043.Aug 4 2022, 12:20 PM
melver updated this revision to Diff 456608.Aug 30 2022, 3:44 AM

Rebase.

Harbormaster completed remote builds in B184124: Diff 456608.Aug 30 2022, 5:49 AM
vitalybuka added a comment.Aug 30 2022, 9:54 AM

Another test under llvm-project/clang/test/CodeGen/ is needed which tests IR generated from C/C++ contains expected info.
Random example clang/test/CodeGen/attr-noundef.cpp

melver updated this revision to Diff 457543.Sep 2 2022, 2:49 AM

Add CodeGen test.

PTAL.

Harbormaster completed remote builds in B184789: Diff 457543.Sep 2 2022, 3:48 AM
vitalybuka accepted this revision.Sep 2 2022, 9:58 AM
vitalybuka added inline comments.
clang/test/Driver/fsanitize-metadata.c
25

If possible, don't split long RUN: line
it's much easier to see a difference between different invocations

clang format is configured to ignore line length in tests nowadays anyway

This revision is now accepted and ready to land.Sep 2 2022, 9:58 AM
melver updated this revision to Diff 457637.Sep 2 2022, 10:52 AM

Don't split RUN lines.

Harbormaster completed remote builds in B184853: Diff 457637.Sep 2 2022, 12:13 PM
MaskRay accepted this revision.Sep 2 2022, 1:27 PM
MaskRay added inline comments.
clang/include/clang/Driver/Options.td
1677

You can use f_Group instead of f_clang_Group. There are so many clang-specific (not in gcc) options, so the group is not useful.

Remove NoXarchOption.

clang/test/Driver/fsanitize-metadata.c
2

-fno-experimental-sanitize-metadata= works on bitmasks. You can change this run line to remove one bit instead of all.

melver updated this revision to Diff 457779.Sep 3 2022, 3:41 AM
melver marked 3 inline comments as done.
  • Options.td: s/f_clang_Group/f_Group/, remove NoXarchOption
  • Driver test: also test -fexperimental-sanitize-metadata=all -fno-experimental-metadata=<some option>
clang/test/Driver/fsanitize-metadata.c
2

Added more tests to check removing one bit after =all, but left this in place for the extra coverage.

Harbormaster completed remote builds in B184946: Diff 457779.Sep 3 2022, 4:17 AM
This revision was landed with ongoing or failed builds.Sep 7 2022, 12:26 PM
Closed by commit rGc4842bb2e98e: [Clang] Introduce -fexperimental-sanitize-metadata= (authored by melver). · Explain Why
This revision was automatically updated to reflect the committed changes.
melver added a commit: rGc4842bb2e98e: [Clang] Introduce -fexperimental-sanitize-metadata=.

Revision Contents

PathSize
clang/
include/
clang/
Basic/
5 lines
2 lines
Driver/
14 lines
1 line
lib/
CodeGen/
14 lines
Driver/
59 lines
test/
CodeGen/
31 lines
Driver/
23 lines

Diff 458532

clang/include/clang/Basic/CodeGenOptions.h

Show First 20 LinesShow All 479 Lines▼ Show 20 Lines#include "clang/Basic/CodeGenOptions.def"
} }
// Check if any one of SanitizeCoverage* is enabled. // Check if any one of SanitizeCoverage* is enabled.
bool hasSanitizeCoverage() const { bool hasSanitizeCoverage() const {
return SanitizeCoverageType || SanitizeCoverageIndirectCalls || return SanitizeCoverageType || SanitizeCoverageIndirectCalls ||
SanitizeCoverageTraceCmp || SanitizeCoverageTraceLoads || SanitizeCoverageTraceCmp || SanitizeCoverageTraceLoads ||
SanitizeCoverageTraceStores; SanitizeCoverageTraceStores;
} }
// Check if any one of SanitizeBinaryMetadata* is enabled.
bool hasSanitizeBinaryMetadata() const {
return SanitizeBinaryMetadataCovered || SanitizeBinaryMetadataAtomics;
}
}; };
} // end namespace clang } // end namespace clang
#endif #endif

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 280 Lines▼ Show 20 LinesCODEGENOPT(SanitizeCoverageTracePCGuard, 1, 0) ///< Enable PC tracing with guard
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverageInline8bitCounters, 1, 0) ///< Use inline 8bit counters. CODEGENOPT(SanitizeCoverageInline8bitCounters, 1, 0) ///< Use inline 8bit counters.
CODEGENOPT(SanitizeCoverageInlineBoolFlag, 1, 0) ///< Use inline bool flag. CODEGENOPT(SanitizeCoverageInlineBoolFlag, 1, 0) ///< Use inline bool flag.
CODEGENOPT(SanitizeCoveragePCTable, 1, 0) ///< Create a PC Table. CODEGENOPT(SanitizeCoveragePCTable, 1, 0) ///< Create a PC Table.
CODEGENOPT(SanitizeCoverageNoPrune, 1, 0) ///< Disable coverage pruning. CODEGENOPT(SanitizeCoverageNoPrune, 1, 0) ///< Disable coverage pruning.
CODEGENOPT(SanitizeCoverageStackDepth, 1, 0) ///< Enable max stack depth tracing CODEGENOPT(SanitizeCoverageStackDepth, 1, 0) ///< Enable max stack depth tracing
CODEGENOPT(SanitizeCoverageTraceLoads, 1, 0) ///< Enable tracing of loads. CODEGENOPT(SanitizeCoverageTraceLoads, 1, 0) ///< Enable tracing of loads.
CODEGENOPT(SanitizeCoverageTraceStores, 1, 0) ///< Enable tracing of stores. CODEGENOPT(SanitizeCoverageTraceStores, 1, 0) ///< Enable tracing of stores.
CODEGENOPT(SanitizeBinaryMetadataCovered, 1, 0) ///< Emit PCs for covered functions.
CODEGENOPT(SanitizeBinaryMetadataAtomics, 1, 0) ///< Emit PCs for atomic operations.
CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers. CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers.
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled. CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float. CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening. CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening.
CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses. CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses.
CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition. CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition.
CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers
CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled. CODEGENOPT(TimePasses , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled.
▲ Show 20 LinesShow All 196 LinesShow Last 20 Lines

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,667 Lines▼ Show 20 Linesdef fsanitize_coverage_allowlist : Joined<["-"], "fsanitize-coverage-allowlist=">,
Group<f_clang_Group>, Flags<[CoreOption, NoXarchOption]>, Group<f_clang_Group>, Flags<[CoreOption, NoXarchOption]>,
HelpText<"Restrict sanitizer coverage instrumentation exclusively to modules and functions that match the provided special case list, except the blocked ones">, HelpText<"Restrict sanitizer coverage instrumentation exclusively to modules and functions that match the provided special case list, except the blocked ones">,
MarshallingInfoStringVector<CodeGenOpts<"SanitizeCoverageAllowlistFiles">>; MarshallingInfoStringVector<CodeGenOpts<"SanitizeCoverageAllowlistFiles">>;
def fsanitize_coverage_ignorelist : Joined<["-"], "fsanitize-coverage-ignorelist=">, def fsanitize_coverage_ignorelist : Joined<["-"], "fsanitize-coverage-ignorelist=">,
Group<f_clang_Group>, Flags<[CoreOption, NoXarchOption]>, Group<f_clang_Group>, Flags<[CoreOption, NoXarchOption]>,
HelpText<"Disable sanitizer coverage instrumentation for modules and functions " HelpText<"Disable sanitizer coverage instrumentation for modules and functions "
"that match the provided special case list, even the allowed ones">, "that match the provided special case list, even the allowed ones">,
MarshallingInfoStringVector<CodeGenOpts<"SanitizeCoverageIgnorelistFiles">>; MarshallingInfoStringVector<CodeGenOpts<"SanitizeCoverageIgnorelistFiles">>;
def fexperimental_sanitize_metadata_EQ : CommaJoined<["-"], "fexperimental-sanitize-metadata=">,
Group<f_Group>,
MaskRayUnsubmitted
Done
ReplyInline Actions

You can use f_Group instead of f_clang_Group. There are so many clang-specific (not in gcc) options, so the group is not useful.

Remove NoXarchOption.

MaskRay: You can use f_Group instead of f_clang_Group. There are so many clang-specific (not in gcc)…
HelpText<"Specify the type of metadata to emit for binary analysis sanitizers">;
def fno_experimental_sanitize_metadata_EQ : CommaJoined<["-"], "fno-experimental-sanitize-metadata=">,
Group<f_Group>, Flags<[CoreOption]>,
HelpText<"Disable emitting metadata for binary analysis sanitizers">;
def fsanitize_memory_track_origins_EQ : Joined<["-"], "fsanitize-memory-track-origins=">, def fsanitize_memory_track_origins_EQ : Joined<["-"], "fsanitize-memory-track-origins=">,
Group<f_clang_Group>, Group<f_clang_Group>,
HelpText<"Enable origins tracking in MemorySanitizer">, HelpText<"Enable origins tracking in MemorySanitizer">,
MarshallingInfoInt<CodeGenOpts<"SanitizeMemoryTrackOrigins">>; MarshallingInfoInt<CodeGenOpts<"SanitizeMemoryTrackOrigins">>;
def fsanitize_memory_track_origins : Flag<["-"], "fsanitize-memory-track-origins">, def fsanitize_memory_track_origins : Flag<["-"], "fsanitize-memory-track-origins">,
Group<f_clang_Group>, Group<f_clang_Group>,
HelpText<"Enable origins tracking in MemorySanitizer">; HelpText<"Enable origins tracking in MemorySanitizer">;
def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">, def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">,
▲ Show 20 LinesShow All 3,808 Lines▼ Show 20 Lines
def fsanitize_coverage_trace_loads def fsanitize_coverage_trace_loads
: Flag<["-"], "fsanitize-coverage-trace-loads">, : Flag<["-"], "fsanitize-coverage-trace-loads">,
HelpText<"Enable tracing of loads">, HelpText<"Enable tracing of loads">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageTraceLoads">>; MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageTraceLoads">>;
def fsanitize_coverage_trace_stores def fsanitize_coverage_trace_stores
: Flag<["-"], "fsanitize-coverage-trace-stores">, : Flag<["-"], "fsanitize-coverage-trace-stores">,
HelpText<"Enable tracing of stores">, HelpText<"Enable tracing of stores">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageTraceStores">>; MarshallingInfoFlag<CodeGenOpts<"SanitizeCoverageTraceStores">>;
def fexperimental_sanitize_metadata_EQ_covered
MaskRayUnsubmitted
Done
ReplyInline Actions

Let CC1 options use the same spelling as the driver options.

MaskRay: Let CC1 options use the same spelling as the driver options.
: Flag<["-"], "fexperimental-sanitize-metadata=covered">,
HelpText<"Emit PCs for code covered with binary analysis sanitizers">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeBinaryMetadataCovered">>;
def fexperimental_sanitize_metadata_EQ_atomics
: Flag<["-"], "fexperimental-sanitize-metadata=atomics">,
HelpText<"Emit PCs for atomic operations used by binary analysis sanitizers">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeBinaryMetadataAtomics">>;
def fpatchable_function_entry_offset_EQ def fpatchable_function_entry_offset_EQ
: Joined<["-"], "fpatchable-function-entry-offset=">, MetaVarName<"<M>">, : Joined<["-"], "fpatchable-function-entry-offset=">, MetaVarName<"<M>">,
HelpText<"Generate M NOPs before function entry">, HelpText<"Generate M NOPs before function entry">,
MarshallingInfoInt<CodeGenOpts<"PatchableFunctionEntryOffset">>; MarshallingInfoInt<CodeGenOpts<"PatchableFunctionEntryOffset">>;
def fprofile_instrument_EQ : Joined<["-"], "fprofile-instrument=">, def fprofile_instrument_EQ : Joined<["-"], "fprofile-instrument=">,
HelpText<"Enable PGO instrumentation">, Values<"none,clang,llvm,csllvm">, HelpText<"Enable PGO instrumentation">, Values<"none,clang,llvm,csllvm">,
NormalizedValuesScope<"CodeGenOptions">, NormalizedValuesScope<"CodeGenOptions">,
NormalizedValues<["ProfileNone", "ProfileClangInstr", "ProfileIRInstr", "ProfileCSIRInstr"]>, NormalizedValues<["ProfileNone", "ProfileClangInstr", "ProfileIRInstr", "ProfileCSIRInstr"]>,
▲ Show 20 LinesShow All 1,425 LinesShow Last 20 Lines

clang/include/clang/Driver/SanitizerArgs.h

Show All 25 Linesclass SanitizerArgs {
SanitizerSet RecoverableSanitizers; SanitizerSet RecoverableSanitizers;
SanitizerSet TrapSanitizers; SanitizerSet TrapSanitizers;
std::vector<std::string> UserIgnorelistFiles; std::vector<std::string> UserIgnorelistFiles;
std::vector<std::string> SystemIgnorelistFiles; std::vector<std::string> SystemIgnorelistFiles;
std::vector<std::string> CoverageAllowlistFiles; std::vector<std::string> CoverageAllowlistFiles;
std::vector<std::string> CoverageIgnorelistFiles; std::vector<std::string> CoverageIgnorelistFiles;
int CoverageFeatures = 0; int CoverageFeatures = 0;
int BinaryMetadataFeatures = 0;
int MsanTrackOrigins = 0; int MsanTrackOrigins = 0;
bool MsanUseAfterDtor = true; bool MsanUseAfterDtor = true;
bool MsanParamRetval = false; bool MsanParamRetval = false;
bool CfiCrossDso = false; bool CfiCrossDso = false;
bool CfiICallGeneralizePointers = false; bool CfiICallGeneralizePointers = false;
bool CfiCanonicalJumpTables = false; bool CfiCanonicalJumpTables = false;
int AsanFieldPadding = 0; int AsanFieldPadding = 0;
bool SharedRuntime = false; bool SharedRuntime = false;
▲ Show 20 LinesShow All 92 LinesShow Last 20 Lines

clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines
#include "llvm/Transforms/Instrumentation/BoundsChecking.h" #include "llvm/Transforms/Instrumentation/BoundsChecking.h"
#include "llvm/Transforms/Instrumentation/DataFlowSanitizer.h" #include "llvm/Transforms/Instrumentation/DataFlowSanitizer.h"
#include "llvm/Transforms/Instrumentation/GCOVProfiler.h" #include "llvm/Transforms/Instrumentation/GCOVProfiler.h"
#include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h" #include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/InstrProfiling.h" #include "llvm/Transforms/Instrumentation/InstrProfiling.h"
#include "llvm/Transforms/Instrumentation/MemProfiler.h" #include "llvm/Transforms/Instrumentation/MemProfiler.h"
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h" #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h"
#include "llvm/Transforms/Instrumentation/ThreadSanitizer.h" #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
#include "llvm/Transforms/ObjCARC.h" #include "llvm/Transforms/ObjCARC.h"
#include "llvm/Transforms/Scalar.h" #include "llvm/Transforms/Scalar.h"
#include "llvm/Transforms/Scalar/EarlyCSE.h" #include "llvm/Transforms/Scalar/EarlyCSE.h"
#include "llvm/Transforms/Scalar/GVN.h" #include "llvm/Transforms/Scalar/GVN.h"
#include "llvm/Transforms/Scalar/LowerMatrixIntrinsics.h" #include "llvm/Transforms/Scalar/LowerMatrixIntrinsics.h"
#include "llvm/Transforms/Utils.h" #include "llvm/Transforms/Utils.h"
#include "llvm/Transforms/Utils/CanonicalizeAliases.h" #include "llvm/Transforms/Utils/CanonicalizeAliases.h"
▲ Show 20 LinesShow All 129 Lines▼ Show 20 LinesgetSancovOptsFromCGOpts(const CodeGenOptions &CGOpts) {
Opts.InlineBoolFlag = CGOpts.SanitizeCoverageInlineBoolFlag; Opts.InlineBoolFlag = CGOpts.SanitizeCoverageInlineBoolFlag;
Opts.PCTable = CGOpts.SanitizeCoveragePCTable; Opts.PCTable = CGOpts.SanitizeCoveragePCTable;
Opts.StackDepth = CGOpts.SanitizeCoverageStackDepth; Opts.StackDepth = CGOpts.SanitizeCoverageStackDepth;
Opts.TraceLoads = CGOpts.SanitizeCoverageTraceLoads; Opts.TraceLoads = CGOpts.SanitizeCoverageTraceLoads;
Opts.TraceStores = CGOpts.SanitizeCoverageTraceStores; Opts.TraceStores = CGOpts.SanitizeCoverageTraceStores;
return Opts; return Opts;
} }
static SanitizerBinaryMetadataOptions
getSanitizerBinaryMetadataOptions(const CodeGenOptions &CGOpts) {
SanitizerBinaryMetadataOptions Opts;
Opts.Covered = CGOpts.SanitizeBinaryMetadataCovered;
Opts.Atomics = CGOpts.SanitizeBinaryMetadataAtomics;
return Opts;
}
// Check if ASan should use GC-friendly instrumentation for globals. // Check if ASan should use GC-friendly instrumentation for globals.
// First of all, there is no point if -fdata-sections is off (expect for MachO, // First of all, there is no point if -fdata-sections is off (expect for MachO,
// where this is not a factor). Also, on ELF this feature requires an assembler // where this is not a factor). Also, on ELF this feature requires an assembler
// extension that only works with -integrated-as at the moment. // extension that only works with -integrated-as at the moment.
static bool asanUseGlobalsGC(const Triple &T, const CodeGenOptions &CGOpts) { static bool asanUseGlobalsGC(const Triple &T, const CodeGenOptions &CGOpts) {
if (!CGOpts.SanitizeAddressGlobalsDeadStripping) if (!CGOpts.SanitizeAddressGlobalsDeadStripping)
return false; return false;
switch (T.getObjectFormat()) { switch (T.getObjectFormat()) {
▲ Show 20 LinesShow All 398 Lines▼ Show 20 Lines PB.registerOptimizerLastEPCallback([&](ModulePassManager &MPM,
OptimizationLevel Level) { OptimizationLevel Level) {
if (CodeGenOpts.hasSanitizeCoverage()) { if (CodeGenOpts.hasSanitizeCoverage()) {
auto SancovOpts = getSancovOptsFromCGOpts(CodeGenOpts); auto SancovOpts = getSancovOptsFromCGOpts(CodeGenOpts);
MPM.addPass(SanitizerCoveragePass( MPM.addPass(SanitizerCoveragePass(
SancovOpts, CodeGenOpts.SanitizeCoverageAllowlistFiles, SancovOpts, CodeGenOpts.SanitizeCoverageAllowlistFiles,
CodeGenOpts.SanitizeCoverageIgnorelistFiles)); CodeGenOpts.SanitizeCoverageIgnorelistFiles));
} }
if (CodeGenOpts.hasSanitizeBinaryMetadata()) {
MPM.addPass(SanitizerBinaryMetadataPass(
getSanitizerBinaryMetadataOptions(CodeGenOpts)));
}
auto MSanPass = [&](SanitizerMask Mask, bool CompileKernel) { auto MSanPass = [&](SanitizerMask Mask, bool CompileKernel) {
if (LangOpts.Sanitize.has(Mask)) { if (LangOpts.Sanitize.has(Mask)) {
int TrackOrigins = CodeGenOpts.SanitizeMemoryTrackOrigins; int TrackOrigins = CodeGenOpts.SanitizeMemoryTrackOrigins;
bool Recover = CodeGenOpts.SanitizeRecover.has(Mask); bool Recover = CodeGenOpts.SanitizeRecover.has(Mask);
MemorySanitizerOptions options(TrackOrigins, Recover, CompileKernel, MemorySanitizerOptions options(TrackOrigins, Recover, CompileKernel,
CodeGenOpts.SanitizeMemoryParamRetval); CodeGenOpts.SanitizeMemoryParamRetval);
MPM.addPass(MemorySanitizerPass(options)); MPM.addPass(MemorySanitizerPass(options));
▲ Show 20 LinesShow All 593 LinesShow Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 94 Lines▼ Show 20 Linesenum CoverageFeature {
CoverageInline8bitCounters = 1 << 12, CoverageInline8bitCounters = 1 << 12,
CoveragePCTable = 1 << 13, CoveragePCTable = 1 << 13,
CoverageStackDepth = 1 << 14, CoverageStackDepth = 1 << 14,
CoverageInlineBoolFlag = 1 << 15, CoverageInlineBoolFlag = 1 << 15,
CoverageTraceLoads = 1 << 16, CoverageTraceLoads = 1 << 16,
CoverageTraceStores = 1 << 17, CoverageTraceStores = 1 << 17,
}; };
enum BinaryMetadataFeature {
BinaryMetadataCovered = 1 << 0,
BinaryMetadataAtomics = 1 << 1,
};
/// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any /// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
/// invalid components. Returns a SanitizerMask. /// invalid components. Returns a SanitizerMask.
static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A, static SanitizerMask parseArgValues(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors); bool DiagnoseErrors);
/// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid /// Parse -f(no-)?sanitize-coverage= flag values, diagnosing any invalid
/// components. Returns OR of members of \c CoverageFeature enumeration. /// components. Returns OR of members of \c CoverageFeature enumeration.
static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A, static int parseCoverageFeatures(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors); bool DiagnoseErrors);
/// Parse -f(no-)?sanitize-metadata= flag values, diagnosing any invalid
/// components. Returns OR of members of \c BinaryMetadataFeature enumeration.
static int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors);
/// Produce an argument string from ArgList \p Args, which shows how it /// Produce an argument string from ArgList \p Args, which shows how it
/// provides some sanitizer kind from \p Mask. For example, the argument list /// provides some sanitizer kind from \p Mask. For example, the argument list
/// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt /// "-fsanitize=thread,vptr -fsanitize=address" with mask \c NeedsUbsanRt
/// would produce "-fsanitize=vptr". /// would produce "-fsanitize=vptr".
static std::string lastArgumentForMask(const Driver &D, static std::string lastArgumentForMask(const Driver &D,
const llvm::opt::ArgList &Args, const llvm::opt::ArgList &Args,
SanitizerMask Mask); SanitizerMask Mask);
▲ Show 20 LinesShow All 708 Lines▼ Show 20 Lines parseSpecialCaseListArg(
DiagnoseErrors); DiagnoseErrors);
parseSpecialCaseListArg( parseSpecialCaseListArg(
D, Args, CoverageIgnorelistFiles, D, Args, CoverageIgnorelistFiles,
options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(), options::OPT_fsanitize_coverage_ignorelist, OptSpecifier(),
clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist, clang::diag::err_drv_malformed_sanitizer_coverage_ignorelist,
DiagnoseErrors); DiagnoseErrors);
} }
// Parse -f(no-)?sanitize-metadata.
for (const auto *Arg :
MaskRayUnsubmitted
Done
ReplyInline Actions

Use Args.getLastArg(...)

MaskRay: Use `Args.getLastArg(...)`
melverAuthorUnsubmitted
Done
ReplyInline Actions

This won't work if someone does:

-fsanitize-metadata=feature1 -fsanitize-metadata=feature2

(instead of '-fsanitize-metadata=feature1,feature2')

Added a test case.

melver: This won't work if someone does: -fsanitize-metadata=feature1 -fsanitize-metadata=feature2…
Args.filtered(options::OPT_fexperimental_sanitize_metadata_EQ,
options::OPT_fno_experimental_sanitize_metadata_EQ)) {
if (Arg->getOption().matches(
options::OPT_fexperimental_sanitize_metadata_EQ)) {
Arg->claim();
BinaryMetadataFeatures |=
parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
} else {
Arg->claim();
BinaryMetadataFeatures &=
~parseBinaryMetadataFeatures(D, Arg, DiagnoseErrors);
}
}
SharedRuntime = SharedRuntime =
Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan, Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() || TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
TC.getTriple().isOSDarwin()); TC.getTriple().isOSDarwin());
ImplicitCfiRuntime = TC.getTriple().isAndroid(); ImplicitCfiRuntime = TC.getTriple().isAndroid();
if (AllAddedKinds & SanitizerKind::Address) { if (AllAddedKinds & SanitizerKind::Address) {
▲ Show 20 LinesShow All 245 Lines▼ Show 20 Lines for (auto F : CoverageFlags) {
if (CoverageFeatures & F.first) if (CoverageFeatures & F.first)
CmdArgs.push_back(F.second); CmdArgs.push_back(F.second);
} }
addSpecialCaseListOpt( addSpecialCaseListOpt(
Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles); Args, CmdArgs, "-fsanitize-coverage-allowlist=", CoverageAllowlistFiles);
addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=", addSpecialCaseListOpt(Args, CmdArgs, "-fsanitize-coverage-ignorelist=",
CoverageIgnorelistFiles); CoverageIgnorelistFiles);
// Translate available BinaryMetadataFeatures to corresponding clang-cc1
// flags. Does not depend on any other sanitizers.
const std::pair<int, std::string> BinaryMetadataFlags[] = {
std::make_pair(BinaryMetadataCovered, "covered"),
std::make_pair(BinaryMetadataAtomics, "atomics")};
for (const auto &F : BinaryMetadataFlags) {
if (BinaryMetadataFeatures & F.first)
CmdArgs.push_back(
Args.MakeArgString("-fexperimental-sanitize-metadata=" + F.second));
}
if (TC.getTriple().isOSWindows() && needsUbsanRt()) { if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
// Instruct the code generator to embed linker directives in the object file // Instruct the code generator to embed linker directives in the object file
// that cause the required runtime libraries to be linked. // that cause the required runtime libraries to be linked.
CmdArgs.push_back( CmdArgs.push_back(
Args.MakeArgString("--dependent-lib=" + Args.MakeArgString("--dependent-lib=" +
TC.getCompilerRTBasename(Args, "ubsan_standalone"))); TC.getCompilerRTBasename(Args, "ubsan_standalone")));
if (types::isCXX(InputType)) if (types::isCXX(InputType))
CmdArgs.push_back(Args.MakeArgString( CmdArgs.push_back(Args.MakeArgString(
▲ Show 20 LinesShow All 230 Lines▼ Show 20 Lines for (int i = 0, n = A->getNumValues(); i != n; ++i) {
if (F == 0 && DiagnoseErrors) if (F == 0 && DiagnoseErrors)
D.Diag(clang::diag::err_drv_unsupported_option_argument) D.Diag(clang::diag::err_drv_unsupported_option_argument)
<< A->getOption().getName() << Value; << A->getOption().getName() << Value;
Features |= F; Features |= F;
} }
return Features; return Features;
} }
int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors) {
assert(
A->getOption().matches(options::OPT_fexperimental_sanitize_metadata_EQ) ||
A->getOption().matches(
options::OPT_fno_experimental_sanitize_metadata_EQ));
int Features = 0;
for (int i = 0, n = A->getNumValues(); i != n; ++i) {
const char *Value = A->getValue(i);
int F = llvm::StringSwitch<int>(Value)
.Case("covered", BinaryMetadataCovered)
.Case("atomics", BinaryMetadataAtomics)
.Case("all", ~0)
.Default(0);
if (F == 0 && DiagnoseErrors)
D.Diag(clang::diag::err_drv_unsupported_option_argument)
<< A->getOption().getName() << Value;
Features |= F;
}
return Features;
}
std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args, std::string lastArgumentForMask(const Driver &D, const llvm::opt::ArgList &Args,
SanitizerMask Mask) { SanitizerMask Mask) {
for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(), for (llvm::opt::ArgList::const_reverse_iterator I = Args.rbegin(),
E = Args.rend(); E = Args.rend();
I != E; ++I) { I != E; ++I) {
const auto *Arg = *I; const auto *Arg = *I;
if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) { if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
SanitizerMask AddKinds = SanitizerMask AddKinds =
Show All 30 Lines

clang/test/CodeGen/sanitize-metadata.c

  • This file was added.
// RUN: %clang_cc1 -O -fexperimental-sanitize-metadata=atomics -triple x86_64-gnu-linux -x c -S -emit-llvm %s -o - | FileCheck %s --check-prefixes=CHECK,ATOMICS
// RUN: %clang_cc1 -O -fexperimental-sanitize-metadata=atomics -triple aarch64-gnu-linux -x c -S -emit-llvm %s -o - | FileCheck %s --check-prefixes=CHECK,ATOMICS
int x, y;
void empty() {
// CHECK-NOT: define dso_local void @empty() {{.*}} !pcsections
}
int atomics() {
// ATOMICS-LABEL: define dso_local i32 @atomics()
// ATOMICS-SAME: !pcsections ![[ATOMICS_COVERED:[0-9]+]]
// ATOMICS-NEXT: entry:
// ATOMICS-NEXT: atomicrmw add {{.*}} !pcsections ![[ATOMIC_OP:[0-9]+]]
// ATOMICS-NOT: load {{.*}} !pcsections
__atomic_fetch_add(&x, 1, __ATOMIC_RELAXED);
return y;
}
// ATOMICS-LABEL: __sanitizer_metadata_atomics.module_ctor
// ATOMICS: call void @__sanitizer_metadata_atomics_add(i32 1, ptr @__start_sanmd_atomics, ptr @__stop_sanmd_atomics)
// ATOMICS-LABEL: __sanitizer_metadata_atomics.module_dtor
// ATOMICS: call void @__sanitizer_metadata_atomics_del(i32 1, ptr @__start_sanmd_atomics, ptr @__stop_sanmd_atomics)
// CHECK-LABEL: __sanitizer_metadata_covered.module_ctor
// CHECK: call void @__sanitizer_metadata_covered_add(i32 1, ptr @__start_sanmd_covered, ptr @__stop_sanmd_covered)
// CHECK-LABEL: __sanitizer_metadata_covered.module_dtor
// CHECK: call void @__sanitizer_metadata_covered_del(i32 1, ptr @__start_sanmd_covered, ptr @__stop_sanmd_covered)
// ATOMICS: ![[ATOMICS_COVERED]] = !{!"sanmd_covered", ![[ATOMICS_COVERED_AUX:[0-9]+]]}
// ATOMICS: ![[ATOMICS_COVERED_AUX]] = !{i32 1}
// ATOMICS: ![[ATOMIC_OP]] = !{!"sanmd_atomics"}

clang/test/Driver/fsanitize-metadata.c

  • This file was added.
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=all -fno-experimental-sanitize-metadata=all %s -### 2>&1 | FileCheck %s
// CHECK-NOT: -fexperimental-sanitize-metadata
MaskRayUnsubmitted
Done
ReplyInline Actions

This RUN line is redundant. For other opt-in features, we don't check that the cc1 command line doesn't have an option.

MaskRay: This RUN line is redundant. For other opt-in features, we don't check that the cc1 command line…
melverAuthorUnsubmitted
Done
ReplyInline Actions

I've made the negative-presence test more useful by checking -fno- option works.

melver: I've made the negative-presence test more useful by checking -fno- option works.
MaskRayUnsubmitted
Done
ReplyInline Actions

-fno-experimental-sanitize-metadata= works on bitmasks. You can change this run line to remove one bit instead of all.

MaskRay: -fno-experimental-sanitize-metadata= works on bitmasks. You can change this run line to remove…
melverAuthorUnsubmitted
Done
ReplyInline Actions

Added more tests to check removing one bit after =all, but left this in place for the extra coverage.

melver: Added more tests to check removing one bit after =all, but left this in place for the extra…
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=bad_arg %s -### 2>&1 | FileCheck -check-prefix=CHECK-INVALID %s
// CHECK-INVALID: error: unsupported argument 'bad_arg' to option '-fexperimental-sanitize-metadata='
MaskRayUnsubmitted
Done
ReplyInline Actions

-target is legacy. Use --target=. If a feature isn't Linux specific, use --target=x86_64.

MaskRay: `-target ` is legacy. Use `--target=`. If a feature isn't Linux specific, use `--target=x86_64`.
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=covered %s -### 2>&1 | FileCheck -check-prefix=CHECK-COVERED %s
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=atomics -fno-experimental-sanitize-metadata=atomics -fexperimental-sanitize-metadata=covered %s -### 2>&1 | FileCheck -check-prefix=CHECK-COVERED %s
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=all -fno-experimental-sanitize-metadata=atomics %s -### 2>&1 | FileCheck -check-prefix=CHECK-COVERED %s
// CHECK-COVERED: "-fexperimental-sanitize-metadata=covered"
// CHECK-COVERED-NOT: "-fexperimental-sanitize-metadata=atomics"
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=atomics %s -### 2>&1 | FileCheck -check-prefix=CHECK-ATOMICS %s
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=covered -fno-experimental-sanitize-metadata=covered -fexperimental-sanitize-metadata=atomics %s -### 2>&1 | FileCheck -check-prefix=CHECK-ATOMICS %s
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=all -fno-experimental-sanitize-metadata=covered %s -### 2>&1 | FileCheck -check-prefix=CHECK-ATOMICS %s
// CHECK-ATOMICS: "-fexperimental-sanitize-metadata=atomics"
// CHECK-ATOMICS-NOT: "-fexperimental-sanitize-metadata=covered"
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=covered,atomics %s -### 2>&1 | FileCheck -check-prefix=CHECK-ALL %s
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=covered -fexperimental-sanitize-metadata=atomics %s -### 2>&1 | FileCheck -check-prefix=CHECK-ALL %s
// RUN: %clang --target=x86_64-linux-gnu -fexperimental-sanitize-metadata=all %s -### 2>&1 | FileCheck -check-prefix=CHECK-ALL %s
// CHECK-ALL: "-fexperimental-sanitize-metadata=covered"
// CHECK-ALL: "-fexperimental-sanitize-metadata=atomics"
vitalybukaUnsubmitted
Done
ReplyInline Actions

If possible, don't split long RUN: line
it's much easier to see a difference between different invocations

clang format is configured to ignore line length in tests nowadays anyway

vitalybuka: If possible, don't split long RUN: line it's much easier to see a difference between different…