This is an archive of the discontinued LLVM Phabricator instance.

Differential D158614

[UBSan] Disable the function sanitizer on an execute-only target.
ClosedPublic

Authored by MaggieYi on Aug 23 2023, 6:49 AM.

Details

Reviewers
MaskRay
peter.smith
probinson
pgousseau
glandium
uabelho
simon_tatham
vitalybuka
Commits
rG9ef536a12ea6: [UBSan] Disable the function and kcfi sanitizers on an execute-only target.
Summary

PR for https://github.com/llvm/llvm-project/issues/64931.

Disable the function and kcfi sanitizers on an execute-only target.




An execute-only target disallows data access to code sections. -fsanitize=function and -fsanitize=kcfi instrument indirect function calls to load a type hash before the function label. This results in a non-execute access to the code section and a runtime error.






To solve the issue, -fsanitize=function should not be included in any check group (e.g. undefined) on an execute-only target. If a user passes -fsanitize=undefined, there is no error and no warning. However, if the user explicitly passes -fsanitize=function or -fsanitize=kcfi on an execute-only target, an error will be emitted.
Diff Detail
Event Timeline
MaggieYi created this revision.Aug 23 2023, 6:49 AM
Herald added a project: Restricted Project.  ·  View Herald TranscriptAug 23 2023, 6:49 AM
MaggieYi requested review of this revision.Aug 23 2023, 6:49 AM
Herald added a project: Restricted Project.  ·  View Herald TranscriptAug 23 2023, 6:49 AM
Herald added a subscriber: cfe-commits.  ·  View Herald Transcript
probinson added a comment.Aug 23 2023, 7:24 AM
The PS5 bits LGTM, but as I'm not familiar with the ARM aspects I won't give final approval.
peter.smith added a reviewer: simon_tatham.Aug 23 2023, 8:02 AM
simon_tatham added a comment.Aug 23 2023, 8:07 AM
I think this is also true of -fsanitize=kcfi, isn't it? That also works by writing a cookie just before the function entry point. If we're diagnosing incompatibilities with execute-only, then perhaps we should do it for both.
simon_tatham added inline comments.Aug 23 2023, 8:15 AM
clang/lib/Basic/Sanitizers.cpp


132–141
Why do we need to check both of -mexecute-only and the +execute-only target feature? It looks to me as if the code in Driver/ToolChains/Arch/ARM.cpp that handles -mexecute-only ends up setting the same target feature anyway. And it checks the supported architecture versions first.



Would it not be better to just check the target feature here, and avoid having a duplicated copy of the rest of this logic which needs to be kept in sync with the ARM driver?



Does something go wrong if you do it that way?
Harbormaster completed remote builds in B254332: Diff 552694.Aug 23 2023, 8:28 AM
MaskRay added inline comments.Aug 23 2023, 3:06 PM
clang/include/clang/Basic/DiagnosticCommonKinds.td


326 ↗(On Diff #552694)
We don't need this diagnostic as a common kind (we only use it in driver).



I think we can reuse err_drv_argument_not_allowed_with . Though for PS5 you will get ... allowed with '-mexecute-only' even if the user doesn't specify -mexecute-only, but I hope it is fine.


clang/lib/Basic/Sanitizers.cpp


132–141
I think we only need to check the +execute-only target feature and remove driver option -mexecute-only check.



if (Triple.isPS5())
  return true;
if (!Triple.isARM() && !Triple.isThumb())
  return false;
return features contains "+execute-only" ;


clang/lib/Driver/SanitizerArgs.cpp


407
I think it's clear not not to add the variable NotAllowedWithExecuteOnly.



Currently, I need to check the definition of NotAllowedWithExecuteOnly to understand that this comment does what it says. For now, just encoding Function here is clearer.


clang/lib/Frontend/CompilerInvocation.cpp


4405 ↗(On Diff #552694)
Remove.



We don't perform rigid error checking for cc1. If the user bypass the driver check with -Xclang -fsanitize=function, we don't provide more diagnostics.


clang/test/CodeGen/ubsan-function.c


2 ↗(On Diff #552694)
remove new tests. we only need test/Driver test.
MaggieYi updated this revision to Diff 553409.Aug 25 2023, 1:40 AM
MaggieYi edited the summary of this revision. (Show Details)
The changes include:



    

  1. Added an ARM::supportedExecuteOnly function to avoid the duplicated code.
    2. 

  2. Modified the isExecuteOnlyTarget function to only deal with the -mexecute-only option.
    3. 

  3. Added SanitizerKind::KCFI to the SanitizerMask of NotAllowedWithExecuteOnly.
    4. 

Herald added a project: Restricted Project.  ·  View Herald TranscriptAug 25 2023, 1:40 AM
Herald added subscribers: llvm-commits, hiraditya.  ·  View Herald Transcript
MaggieYi added a comment.Aug 25 2023, 2:06 AM
Thanks  @simon_tatham and @MaskRay for the quick code review.



When I work on this issue, I want to add an error for both clang and clang -cc1. 

-mexecute-only is an ARM-only compiler option. The clang Driver will convert -mexecute-only to -target-feature +execute-only in the clang cc1 command.

To pass the execute-only option, the clang command is: clang -target=armv6t2-eabi -mexecute-only …. The Arm clang cc1 command:

clang -cc1 -triple armv6t2-unknown-unknown-eabi -target-feature +execute-only….



If I move the change to the code in Driver/ToolChains/Arch/ARM.cpp, the error will only deal with the -mexecute-only option, but not handle the -target-feature +execute-only in the clang -cc1 command.



As @MaskRay commented that we don't perform rigid error checking for cc1. In this case, we could handle the error in the Driver/ToolChains/Arch/ARM.cpp. However, the target-specific predicate function (named isExecuteOnlyTarget) allows any other targets that support execute-only could get the effect by modifying just the isExecuteOnlyTarget function. Therefore, I have modified the isExecuteOnlyTarget function to only deal with the -mexecute-only option. I have also added a function (named ARM::supportedExecuteOnly) to avoid the duplicated code.
clang/include/clang/Basic/DiagnosticCommonKinds.td


326 ↗(On Diff #552694)
Since err_drv_argument_not_allowed_with is an ARM-only option, We cannot reuse it.


clang/lib/Driver/SanitizerArgs.cpp


407
NotAllowedWithExecuteOnly is modified to include the SanitizerKind::KCFI, therefore I keep it in the code.
Harbormaster completed remote builds in B254833: Diff 553409.Aug 25 2023, 3:06 AM
MaskRay added inline comments.Aug 25 2023, 10:21 AM
clang/include/clang/Basic/DiagnosticCommonKinds.td


326 ↗(On Diff #552694)
err_drv_argument_not_allowed_with is a generic diagnostic. My point is that we don't need an extra err_unsupported_opt_for_execute_only_target.


clang/lib/Basic/Sanitizers.cpp


125
The idiom is hasFlag(clang::driver::options::OPT_mexecute_only, clang::driver::options::OPT_mno_execute_only, false)


129
I don't think we need an extra llvm::ARM::supportedExecuteOnly check. We just return true when -mexecute-only is in effect.


clang/lib/Driver/SanitizerArgs.cpp


478
`-fsanitize=function => NotAllowedWithExecuteOnly



since we now handle kcfi as well.


481
omit braces


clang/test/Driver/fsanitize.c


977
Drop not %clang --target=armv6t2-eabi -mexecute-only -fsanitize=undefined -fsanitize=function. 

Testing just -fsanitize=function for the negative test is sufficient.


979
Drop -fsanitize=function -fsanitize=kcfi line. They already lead to an error.


980
--target=armv6t2-eabi -mexecute-only -fsanitize=undefined needs a custom check prefix that checks function is not enabled.


llvm/lib/TargetParser/ARMTargetParser.cpp


602 ↗(On Diff #553409)
We don't need to extract the function.
vitalybuka resigned from this revision.Aug 25 2023, 3:00 PM
MaggieYi updated this revision to Diff 554474.Aug 29 2023, 1:30 PM
MaggieYi marked 7 inline comments as done.
Thanks @MaskRay, I have updated the patch following your suggestions.
clang/include/clang/Basic/DiagnosticCommonKinds.td


326 ↗(On Diff #552694)
Sorry, I mean that -mexecute-only is the arm-only option Options.td#L4202.



As you suggested that we could use err_drv_argument_not_allowed_with by passing -fsanitize=function (not -mexecute-only) and the target triple. For example, "error: invalid argument '-fsanitize=function' not allowed with 'x86_64-sie-ps5'". I have removed err_unsupported_opt_for_execute_only_target.
Harbormaster completed remote builds in B255613: Diff 554474.Aug 29 2023, 5:44 PM
MaskRay accepted this revision.Aug 29 2023, 6:53 PM
Thanks!
clang/lib/Basic/Sanitizers.cpp


125
return Args.hasFlag(clang::driver::options::OPT_mexecute_only ...


clang/test/Driver/fsanitize.c


982
Delete this -NOT. %clang returning 0 implies that there is no error.
This revision is now accepted and ready to land.Aug 29 2023, 6:53 PM
MaggieYi updated this revision to Diff 554665.Aug 30 2023, 4:26 AM
MaggieYi marked 5 inline comments as done.
Thanks @MaskRay. The patch is updated.



Hi @simon_tatham, are you happy with the patch?



Thanks
simon_tatham accepted this revision.Aug 30 2023, 5:20 AM
Yes, this looks good to me too. Thanks!
Harbormaster completed remote builds in B255756: Diff 554665.Aug 30 2023, 7:04 AM
Closed by commit rG9ef536a12ea6: [UBSan] Disable the function and kcfi sanitizers on an execute-only target. (authored by MaggieYi).  ·  Explain WhyAug 30 2023, 9:20 AM
This revision was automatically updated to reflect the committed changes.
MaggieYi added a commit: rG9ef536a12ea6: [UBSan] Disable the function and kcfi sanitizers on an execute-only target..
MaskRay added inline comments.Aug 30 2023, 8:14 PM
clang/lib/Basic/Sanitizers.cpp


129
Sorry, I just noticed that this adds a circular (if we consider headers) dependency from clangBasic to clangDriver. I'm removing it.
MaskRay mentioned this in rGc7dce0283b5b: [Driver] Adjust -fsanitize=function & -mexecute-only interop after D158614.Aug 30 2023, 8:30 PM
MaggieYi added a comment.Aug 31 2023, 1:39 AM
Thanks @MaskRay.
Revision Contents
PathSize
clang/
include/
clang/
Basic/
9 lines
lib/
Basic/
1 line
13 lines
Driver/
22 lines
test/
CodeGenObjCXX/
3 lines
Driver/
14 lines
Diff 554751
clang/include/clang/Basic/Sanitizers.h
Show All 17 Lines
#include "llvm/ADT/StringRef.h"
#include "llvm/ADT/StringRef.h"

#include "llvm/Support/HashBuilder.h"
#include "llvm/Support/HashBuilder.h"

#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"

#include <cassert>
#include <cassert>

#include <cstdint>
#include <cstdint>




namespace llvm {
namespace llvm {

class hash_code;
class hash_code;

class Triple;

namespace opt {

class ArgList;

}
}

} // namespace llvm




namespace clang {
namespace clang {




class SanitizerMask {
class SanitizerMask {

  // NOTE: this class assumes kNumElem == 2 in most of the constexpr functions,
  // NOTE: this class assumes kNumElem == 2 in most of the constexpr functions,

  // in order to work within the C++11 constexpr function constraints. If you
  // in order to work within the C++11 constexpr function constraints. If you

  // change kNumElem, you'll need to update those member functions as well.
  // change kNumElem, you'll need to update those member functions as well.




▲ Show 20 LinesShow All 165 Lines▼ Show 20 Lines
llvm::AsanDtorKind AsanDtorKindFromString(StringRef kind);
llvm::AsanDtorKind AsanDtorKindFromString(StringRef kind);




StringRef AsanDetectStackUseAfterReturnModeToString(
StringRef AsanDetectStackUseAfterReturnModeToString(

    llvm::AsanDetectStackUseAfterReturnMode mode);
    llvm::AsanDetectStackUseAfterReturnMode mode);




llvm::AsanDetectStackUseAfterReturnMode
llvm::AsanDetectStackUseAfterReturnMode

AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr);
AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr);




/// Return true if an execute-only target disallows data access to code

/// sections.

bool isExecuteOnlyTarget(const llvm::Triple &Triple,

                         const llvm::opt::ArgList &Args);



} // namespace clang
} // namespace clang




#endif // LLVM_CLANG_BASIC_SANITIZERS_H
#endif // LLVM_CLANG_BASIC_SANITIZERS_H

clang/lib/Basic/CMakeLists.txt
set(LLVM_LINK_COMPONENTS
set(LLVM_LINK_COMPONENTS

  Option

  Support
  Support

  TargetParser
  TargetParser

  )
  )




find_first_existing_vc_file("${LLVM_MAIN_SRC_DIR}" llvm_vc)
find_first_existing_vc_file("${LLVM_MAIN_SRC_DIR}" llvm_vc)

find_first_existing_vc_file("${CLANG_SOURCE_DIR}" clang_vc)
find_first_existing_vc_file("${CLANG_SOURCE_DIR}" clang_vc)




# The VC revision include that we want to generate.
# The VC revision include that we want to generate.

▲ Show 20 LinesShow All 125 LinesShow Last 20 Lines
clang/lib/Basic/Sanitizers.cpp
//===- Sanitizers.cpp - C Language Family Language Options ----------------===//
//===- Sanitizers.cpp - C Language Family Language Options ----------------===//

//
//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.
// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//
//

//===----------------------------------------------------------------------===//
//===----------------------------------------------------------------------===//

//
//

//  This file defines the classes from Sanitizers.h
//  This file defines the classes from Sanitizers.h

//
//

//===----------------------------------------------------------------------===//
//===----------------------------------------------------------------------===//




#include "clang/Basic/Sanitizers.h"
#include "clang/Basic/Sanitizers.h"

#include "clang/Driver/Options.h"

#include "llvm/ADT/Hashing.h"
#include "llvm/ADT/Hashing.h"

#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/SmallVector.h"

#include "llvm/ADT/StringSwitch.h"
#include "llvm/ADT/StringSwitch.h"

#include "llvm/Option/ArgList.h"

#include "llvm/Support/MathExtras.h"
#include "llvm/Support/MathExtras.h"

#include "llvm/TargetParser/Triple.h"




using namespace clang;
using namespace clang;




// Once LLVM switches to C++17, the constexpr variables can be inline and we
// Once LLVM switches to C++17, the constexpr variables can be inline and we

// won't need this.
// won't need this.

#define SANITIZER(NAME, ID) constexpr SanitizerMask SanitizerKind::ID;
#define SANITIZER(NAME, ID) constexpr SanitizerMask SanitizerKind::ID;

#define SANITIZER_GROUP(NAME, ID, ALIAS)                                       \
#define SANITIZER_GROUP(NAME, ID, ALIAS)                                       \

  constexpr SanitizerMask SanitizerKind::ID;                                   \
  constexpr SanitizerMask SanitizerKind::ID;                                   \

▲ Show 20 LinesShow All 81 Lines▼ Show 20 Lines
AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr) {
AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr) {

  return llvm::StringSwitch<llvm::AsanDetectStackUseAfterReturnMode>(modeStr)
  return llvm::StringSwitch<llvm::AsanDetectStackUseAfterReturnMode>(modeStr)

      .Case("always", llvm::AsanDetectStackUseAfterReturnMode::Always)
      .Case("always", llvm::AsanDetectStackUseAfterReturnMode::Always)

      .Case("runtime", llvm::AsanDetectStackUseAfterReturnMode::Runtime)
      .Case("runtime", llvm::AsanDetectStackUseAfterReturnMode::Runtime)

      .Case("never", llvm::AsanDetectStackUseAfterReturnMode::Never)
      .Case("never", llvm::AsanDetectStackUseAfterReturnMode::Never)

      .Default(llvm::AsanDetectStackUseAfterReturnMode::Invalid);
      .Default(llvm::AsanDetectStackUseAfterReturnMode::Invalid);

}
}




bool isExecuteOnlyTarget(const llvm::Triple &Triple,

                         const llvm::opt::ArgList &Args) {

  if (Triple.isPS5())

    return true;



  // On Arm, the clang `-mexecute-only` option is used to generate the

  // execute-only output (no data access to code sections).

  return Args.hasFlag(clang::driver::options::OPT_mexecute_only,

MaskRayUnsubmitted
Done
ReplyInline Actions
The idiom is hasFlag(clang::driver::options::OPT_mexecute_only, clang::driver::options::OPT_mno_execute_only, false)
MaskRay: The idiom is `hasFlag(clang::driver::options::OPT_mexecute_only, clang::driver::options…
MaskRayUnsubmitted
Done
ReplyInline Actions
return Args.hasFlag(clang::driver::options::OPT_mexecute_only ...
MaskRay: `return Args.hasFlag(clang::driver::options::OPT_mexecute_only ...`
                      clang::driver::options::OPT_mno_execute_only, false);

}

} // namespace clang
} // namespace clang

simon_tathamUnsubmitted
Done
ReplyInline Actions
Why do we need to check both of -mexecute-only and the +execute-only target feature? It looks to me as if the code in Driver/ToolChains/Arch/ARM.cpp that handles -mexecute-only ends up setting the same target feature anyway. And it checks the supported architecture versions first.



Would it not be better to just check the target feature here, and avoid having a duplicated copy of the rest of this logic which needs to be kept in sync with the ARM driver?



Does something go wrong if you do it that way?
simon_tatham: Why do we need to check //both// of `-mexecute-only` and the `+execute-only` target feature? It…
MaskRayUnsubmitted
Done
ReplyInline Actions
I think we only need to check the +execute-only target feature and remove driver option -mexecute-only check.



if (Triple.isPS5())
  return true;
if (!Triple.isARM() && !Triple.isThumb())
  return false;
return features contains "+execute-only" ;
MaskRay: I think we only need to check the `+execute-only` target feature and remove driver option `…
MaskRayUnsubmitted
Done
ReplyInline Actions
I don't think we need an extra llvm::ARM::supportedExecuteOnly check. We just return true when -mexecute-only is in effect.
MaskRay: I don't think we need an extra `llvm::ARM::supportedExecuteOnly` check. We just return true…
MaskRayUnsubmitted
Not Done
ReplyInline Actions
Sorry, I just noticed that this adds a circular (if we consider headers) dependency from clangBasic to clangDriver. I'm removing it.
MaskRay: Sorry, I just noticed that this adds a circular (if we consider headers) dependency from…
clang/lib/Driver/SanitizerArgs.cpp
Show All 31 Linesstatic const SanitizerMask NeedsUbsanRt =

    SanitizerKind::Undefined | SanitizerKind::Integer |
    SanitizerKind::Undefined | SanitizerKind::Integer |

    SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
    SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |

    SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
    SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |

    SanitizerKind::ObjCCast;
    SanitizerKind::ObjCCast;

static const SanitizerMask NeedsUbsanCxxRt =
static const SanitizerMask NeedsUbsanCxxRt =

    SanitizerKind::Vptr | SanitizerKind::CFI;
    SanitizerKind::Vptr | SanitizerKind::CFI;

static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;

static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr;
static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr;

static const SanitizerMask NotAllowedWithExecuteOnly =

    SanitizerKind::Function | SanitizerKind::KCFI;

static const SanitizerMask RequiresPIE =
static const SanitizerMask RequiresPIE =

    SanitizerKind::DataFlow | SanitizerKind::Scudo;
    SanitizerKind::DataFlow | SanitizerKind::Scudo;

static const SanitizerMask NeedsUnwindTables =
static const SanitizerMask NeedsUnwindTables =

    SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |
    SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |

    SanitizerKind::Memory | SanitizerKind::DataFlow;
    SanitizerKind::Memory | SanitizerKind::DataFlow;

static const SanitizerMask SupportsCoverage =
static const SanitizerMask SupportsCoverage =

    SanitizerKind::Address | SanitizerKind::HWAddress |
    SanitizerKind::Address | SanitizerKind::HWAddress |

    SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
    SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |

▲ Show 20 LinesShow All 342 Lines▼ Show 20 Lines    if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {

          if (DiagnoseErrors)
          if (DiagnoseErrors)

            D.Diag(diag::err_drv_argument_only_allowed_with)
            D.Diag(diag::err_drv_argument_only_allowed_with)

                << "-fsanitize=function"
                << "-fsanitize=function"

                << "-mcmodel=small";
                << "-mcmodel=small";

          Add &= ~SanitizerKind::Function;
          Add &= ~SanitizerKind::Function;

          DiagnosedKinds |= SanitizerKind::Function;
          DiagnosedKinds |= SanitizerKind::Function;

        }
        }

      }
      }

      // -fsanitize=function and -fsanitize=kcfi instrument indirect function

      // calls to load a type hash before the function label. Therefore, an

      // execute-only target doesn't support the function and kcfi sanitizers.

      const llvm::Triple &Triple = TC.getTriple();

      if (isExecuteOnlyTarget(Triple, Args)) {

        if (SanitizerMask KindsToDiagnose =

                Add & NotAllowedWithExecuteOnly & ~DiagnosedKinds) {

          if (DiagnoseErrors) {

MaskRayUnsubmitted
Done
ReplyInline Actions
I think it's clear not not to add the variable NotAllowedWithExecuteOnly.



Currently, I need to check the definition of NotAllowedWithExecuteOnly to understand that this comment does what it says. For now, just encoding Function here is clearer.
MaskRay: I think it's clear not not to add the variable `NotAllowedWithExecuteOnly`.

Currently, I need…
MaggieYiAuthorUnsubmitted
Done
ReplyInline Actions
NotAllowedWithExecuteOnly is modified to include the SanitizerKind::KCFI, therefore I keep it in the code.
MaggieYi: `NotAllowedWithExecuteOnly` is modified to include the `SanitizerKind::KCFI`, therefore I keep…
            std::string Desc = describeSanitizeArg(Arg, KindsToDiagnose);

            D.Diag(diag::err_drv_argument_not_allowed_with)

                << Desc << Triple.str();

          }

          DiagnosedKinds |= KindsToDiagnose;

        }

        Add &= ~NotAllowedWithExecuteOnly;

      }




      // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.
      // FIXME: Make CFI on member function calls compatible with cross-DSO CFI.

      // There are currently two problems:
      // There are currently two problems:

      // - Virtual function call checks need to pass a pointer to the function
      // - Virtual function call checks need to pass a pointer to the function

      //   address to llvm.type.test and a pointer to the address point to the
      //   address to llvm.type.test and a pointer to the address point to the

      //   diagnostic function. Currently we pass the same pointer to both
      //   diagnostic function. Currently we pass the same pointer to both

      //   places.
      //   places.

      // - Non-virtual function call checks may need to check multiple type
      // - Non-virtual function call checks may need to check multiple type

▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines    if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {

      // Group expansion may have enabled a sanitizer which is disabled later.
      // Group expansion may have enabled a sanitizer which is disabled later.

      Add &= ~AllRemove;
      Add &= ~AllRemove;

      // Silently discard any unsupported sanitizers implicitly enabled through
      // Silently discard any unsupported sanitizers implicitly enabled through

      // group expansion.
      // group expansion.

      Add &= ~InvalidTrappingKinds;
      Add &= ~InvalidTrappingKinds;

      if (MinimalRuntime) {
      if (MinimalRuntime) {

        Add &= ~NotAllowedWithMinimalRuntime;
        Add &= ~NotAllowedWithMinimalRuntime;

      }
      }

      // NotAllowedWithExecuteOnly is silently discarded on an execute-only

MaskRayUnsubmitted
Done
ReplyInline Actions
`-fsanitize=function => NotAllowedWithExecuteOnly



since we now handle kcfi as well.
MaskRay: `-fsanitize=function => NotAllowedWithExecuteOnly

since we now handle kcfi as well.
      // target if implicitly enabled through group expansion.

      if (isExecuteOnlyTarget(Triple, Args))

        Add &= ~NotAllowedWithExecuteOnly;

MaskRayUnsubmitted
Done
ReplyInline Actions
omit braces
MaskRay: omit braces
      if (CfiCrossDso)
      if (CfiCrossDso)

        Add &= ~SanitizerKind::CFIMFCall;
        Add &= ~SanitizerKind::CFIMFCall;

      Add &= Supported;
      Add &= Supported;




      if (Add & SanitizerKind::Fuzzer)
      if (Add & SanitizerKind::Fuzzer)

        Add |= SanitizerKind::FuzzerNoLink;
        Add |= SanitizerKind::FuzzerNoLink;




      // Enable coverage if the fuzzing flag is set.
      // Enable coverage if the fuzzing flag is set.

▲ Show 20 LinesShow All 1,016 LinesShow Last 20 Lines
clang/test/CodeGenObjCXX/crash-function-type.mm
// Mark test as unsupported on PS5 due to PS5 doesn't support function sanitizer.

// UNSUPPORTED: target=x86_64-sie-ps5



// RUN: %clang_cc1 -fblocks -fsanitize=function -emit-llvm %s -o %t
// RUN: %clang_cc1 -fblocks -fsanitize=function -emit-llvm %s -o %t




void g(void (^)());
void g(void (^)());

void f() {
void f() {

  __block int a = 0;
  __block int a = 0;

  g(^() {
  g(^() {

    a++;
    a++;

  });
  });

}
}

clang/test/Driver/fsanitize.c
Show First 20 LinesShow All 960 Lines▼ Show 20 Lines
// RUN: %clang -fsanitize=float-divide-by-zero -fsanitize-minimal-runtime %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-DIVBYZERO,CHECK-DIVBYZERO-MINIMAL
// RUN: %clang -fsanitize=float-divide-by-zero -fsanitize-minimal-runtime %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-DIVBYZERO,CHECK-DIVBYZERO-MINIMAL

// CHECK-DIVBYZERO-MINIMAL: "-fsanitize-minimal-runtime"
// CHECK-DIVBYZERO-MINIMAL: "-fsanitize-minimal-runtime"




// RUN: %clang -fsanitize=undefined,float-divide-by-zero %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DIVBYZERO-UBSAN
// RUN: %clang -fsanitize=undefined,float-divide-by-zero %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DIVBYZERO-UBSAN

// CHECK-DIVBYZERO-UBSAN: "-fsanitize={{.*}},float-divide-by-zero,{{.*}}"
// CHECK-DIVBYZERO-UBSAN: "-fsanitize={{.*}},float-divide-by-zero,{{.*}}"




// RUN: not %clang --target=x86_64-linux-gnu -fsanitize=undefined,function -mcmodel=large %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-FUNCTION-CODE-MODEL
// RUN: not %clang --target=x86_64-linux-gnu -fsanitize=undefined,function -mcmodel=large %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-FUNCTION-CODE-MODEL

// CHECK-UBSAN-FUNCTION-CODE-MODEL: error: invalid argument '-fsanitize=function' only allowed with '-mcmodel=small'
// CHECK-UBSAN-FUNCTION-CODE-MODEL: error: invalid argument '-fsanitize=function' only allowed with '-mcmodel=small'



// RUN: not %clang --target=x86_64-sie-ps5 -fsanitize=function %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-FUNCTION

// RUN: not %clang --target=x86_64-sie-ps5 -fsanitize=undefined -fsanitize=function %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-FUNCTION

// RUN: not %clang --target=x86_64-sie-ps5 -fsanitize=kcfi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-KCFI

// RUN: not %clang --target=x86_64-sie-ps5 -fsanitize=function -fsanitize=kcfi %s -### 2>&1 | FileCheck %s  --check-prefix=CHECK-UBSAN-KCFI --check-prefix=CHECK-UBSAN-FUNCTION

// RUN: %clang --target=x86_64-sie-ps5 -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-UNDEFINED



// RUN: not %clang --target=armv6t2-eabi -mexecute-only -fsanitize=function %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-FUNCTION

// RUN: not %clang --target=armv6t2-eabi -mexecute-only -fsanitize=kcfi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-KCFI

MaskRayUnsubmitted
Done
ReplyInline Actions
Drop not %clang --target=armv6t2-eabi -mexecute-only -fsanitize=undefined -fsanitize=function. 

Testing just -fsanitize=function for the negative test is sufficient.
MaskRay: Drop `not %clang --target=armv6t2-eabi -mexecute-only -fsanitize=undefined -fsanitize=function`.
// RUN: %clang --target=armv6t2-eabi -mexecute-only -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UBSAN-UNDEFINED



MaskRayUnsubmitted
Done
ReplyInline Actions
Drop -fsanitize=function -fsanitize=kcfi line. They already lead to an error.
MaskRay: Drop `-fsanitize=function -fsanitize=kcfi` line. They already lead to an error.
// CHECK-UBSAN-KCFI-DAG: error: invalid argument '-fsanitize=kcfi' not allowed with {{('x86_64-sie-ps5'|'armv6t2-unknown-unknown-eabi')}}

MaskRayUnsubmitted
Done
ReplyInline Actions
--target=armv6t2-eabi -mexecute-only -fsanitize=undefined needs a custom check prefix that checks function is not enabled.
MaskRay: `--target=armv6t2-eabi -mexecute-only -fsanitize=undefined` needs a custom check prefix that…
// CHECK-UBSAN-FUNCTION-DAG: error: invalid argument '-fsanitize=function' not allowed with {{('x86_64-sie-ps5'|'armv6t2-unknown-unknown-eabi')}}

// CHECK-UBSAN-UNDEFINED: "-fsanitize={{((alignment|array-bounds|bool|builtin|enum|float-cast-overflow|integer-divide-by-zero|nonnull-attribute|null|pointer-overflow|return|returns-nonnull-attribute|shift-base|shift-exponent|signed-integer-overflow|unreachable|vla-bound),?){17}"}}

MaskRayUnsubmitted
Done
ReplyInline Actions
Delete this -NOT. %clang returning 0 implies that there is no error.
MaskRay: Delete this `-NOT`. `%clang` returning 0 implies that there is no error.