This is an archive of the discontinued LLVM Phabricator instance.

Differential D32199

[TySan] A Type Sanitizer (Clang)
AcceptedPublic

Authored by fhahn on Apr 18 2017, 4:15 PM.

Details

Reviewers
kcc
chandlerc
rjmccall
kubamracek
rsmith
hfinkel
CJ-Johnson
dberlin
Summary

This patch introduces the runtime components of a type sanitizer: a sanitizer for type-based aliasing violations.

C/C++ have type-based aliasing rules, and LLVM's optimizer can exploit these given TBAA metadata added by Clang. Roughly, a pointer of given type cannot be used to access an object of a different type (with, of course, certain exceptions). Unfortunately, there's a lot of code in the wild that violates these rules (e.g. for type punning), and such code often must be built with -fno-strict-aliasing. Performance is often sacrificed as a result. Part of the problem is the difficulty of finding TBAA violations. Hopefully, this sanitizer will help.

https://reviews.llvm.org/D32197 (Runtime)
https://reviews.llvm.org/D32198 (LLVM)

The Clang changes seems mostly formulaic, the one specific change being that when the TBAA sanitizer is enabled, TBAA is always generated, even at -O0.

Clang's TBAA representation currently has a problem representing unions, as demonstrated by the one XFAIL'd test in the runtime patch. We'll update the TBAA representation to fix this, and at the same time, update the sanitizer.

Diff Detail

Event Timeline

hfinkel created this revision.Apr 18 2017, 4:15 PM
Herald added subscribers: mcrosier, emaste. · View Herald TranscriptApr 18 2017, 4:15 PM
kubamracek added a reviewer: kubamracek.Apr 18 2017, 4:43 PM
hfinkel added a comment.Apr 19 2017, 5:58 AM

As a note: As follow-up work, we might want to extend Clang to add TBAA metadata to allocas and lifetime.start intrinsics so that the instrumentation pass can mark the types of memory upon declaration/construction instead of only upon first access.

pcc added a subscriber: pcc.Apr 19 2017, 10:05 AM
filcab added a subscriber: filcab.Apr 19 2017, 10:19 AM

Missing a sanitizer-ld.c test for freebsd.

include/clang/Basic/Attr.td
1849 ↗(On Diff #95654)

Shouldn't you be extending the no_sanitize attribute instead, as it says in the comment?

lib/CodeGen/CodeGenModule.cpp
130 ↗(On Diff #95654)

hasOneOf(SanitizerKind::Thread | SanitizerKind::TBAA)?

lib/CodeGen/CodeGenTBAA.cpp
96 ↗(On Diff #95654)

Interesting that TSan needs TBAA (per the comment in the chunk above), but is not in this condition.

hfinkel added a comment.Apr 19 2017, 2:55 PM
In D32199#730716, @filcab wrote:

Missing a sanitizer-ld.c test for freebsd.

Thanks for pointing this out. I'm going to remove the freebsd change for now. I suspect it works, but I've not tested it yet.

include/clang/Basic/Attr.td
1849 ↗(On Diff #95654)

Indeed. I think that happened also. I'll make sure the tests reflect that.

lib/CodeGen/CodeGenTBAA.cpp
96 ↗(On Diff #95654)

Yea, I didn't understand the TSan-needs-TBAA bit either (considering that it does not need it at -O0?).

hfinkel updated this revision to Diff 95829.Apr 19 2017, 2:58 PM
hfinkel added a comment.Apr 19 2017, 2:58 PM

Updated per review comments (use only no_sanitize("tbaa") instead of adding no_sanitize_tbaa and don't touch freebsd for now).

rsmith edited edge metadata.Apr 19 2017, 3:03 PM

I don't like calling this a "TBAA sanitizer". What we're sanitizing is the object model and effective type rules; it seems irrelevant which specific compiler analysis passes would result in your program misbehaving if you break the rules. I would also expect that we will extend this in future to assign types to storage even in cases where there is no store (for instance, we should be able to catch float f() { int n; return *(float*)&n; } despite there being no TBAA violation in the naive IR).

How about renaming this to something more like -fsanitize=type?

hfinkel added a comment.Apr 19 2017, 3:54 PM
In D32199#731144, @rsmith wrote:

...

I would also expect that we will extend this in future to assign types to storage even in cases where there is no store (for instance, we should be able to catch float f() { int n; return *(float*)&n; } despite there being no TBAA violation in the naive IR).

Yes. My thought was that we'd make Clang generate tbaa metadata on allocas and lifetime.start intrinsics (and globals) so that we can mark the memory types upon creation. Would that catch everything?

How about renaming this to something more like -fsanitize=type?

I'm fine with that. Do you like TypeSanitizer or TypeAccessSantizer or TypeAliasingSanitizer best?

One potential concern with calling it the type sanitizer is that we have an abbreviation overlap with the thread sanitizer.

hfinkel added a comment.Apr 19 2017, 3:59 PM
In D32199#731249, @hfinkel wrote:
In D32199#731144, @rsmith wrote:

...

I would also expect that we will extend this in future to assign types to storage even in cases where there is no store (for instance, we should be able to catch float f() { int n; return *(float*)&n; } despite there being no TBAA violation in the naive IR).

Yes. My thought was that we'd make Clang generate tbaa metadata on allocas and lifetime.start intrinsics (and globals) so that we can mark the memory types upon creation. Would that catch everything?

Also, we'd also want to do something similar for byval arguments. This may just be additional motivation to allow metadata on function arguments (there's an RFC on llvm-dev about this presently).

How about renaming this to something more like -fsanitize=type?

I'm fine with that. Do you like TypeSanitizer or TypeAccessSantizer or TypeAliasingSanitizer best?

One potential concern with calling it the type sanitizer is that we have an abbreviation overlap with the thread sanitizer.

rsmith added a comment.Apr 19 2017, 4:37 PM

! In D32199#731252, @hfinkel wrote:

How about renaming this to something more like -fsanitize=type?

I'm fine with that. Do you like TypeSanitizer or TypeAccessSantizer or TypeAliasingSanitizer best?

I think calling it a type aliasing sanitizer would somewhat conflate the details of the mechanism with the fundamentals of the check itself. For example:

variant<int, float> v;
int &n = v.get<int>;
v = 1.3f;
int m = n;

... is a lifetime bug, not an aliasing bug, but would be caught by this check just the same. I'd be tempted to suggest EffectiveTypeSanitizer, since we seem to be more-or-less directly implementing C's effective type rules, except that name isn't so good for the C++ case. And in the longer term we will probably want to provide an option to enforce the real C++ lifetime rules whereby a store with certain !tbaa metadata is not sufficient to change the type of storage.

One potential concern with calling it the type sanitizer is that we have an abbreviation overlap with the thread sanitizer.

Perhaps we could abbreviate it as "tysan"? *shrug*

hfinkel added a comment.Apr 19 2017, 5:04 PM
In D32199#731332, @rsmith wrote:

! In D32199#731252, @hfinkel wrote:

How about renaming this to something more like -fsanitize=type?

I'm fine with that. Do you like TypeSanitizer or TypeAccessSantizer or TypeAliasingSanitizer best?

I think calling it a type aliasing sanitizer would somewhat conflate the details of the mechanism with the fundamentals of the check itself. For example:

variant<int, float> v;
int &n = v.get<int>;
v = 1.3f;
int m = n;

... is a lifetime bug, not an aliasing bug, but would be caught by this check just the same.

Good point.

I'd be tempted to suggest EffectiveTypeSanitizer, since we seem to be more-or-less directly implementing C's effective type rules, except that name isn't so good for the C++ case. And in the longer term we will probably want to provide an option to enforce the real C++ lifetime rules whereby a store with certain !tbaa metadata is not sufficient to change the type of storage.

As I've currently implemented it, both reads and writes set the type of previously-unknown storage, and after that it says fixed (unless you memcpy to it, memset it, or its lifetime ends (the type gets reset on lifetime.start/end and for malloc/allocas/etc.). There's a flag to enable the "writes always set the type" rule, but that's not the default. Is this too strict?

One potential concern with calling it the type sanitizer is that we have an abbreviation overlap with the thread sanitizer.

Perhaps we could abbreviate it as "tysan"? *shrug*

SGTM.

rsmith added a comment.Apr 19 2017, 6:24 PM

As I've currently implemented it, both reads and writes set the type of previously-unknown storage, and after that it says fixed (unless you memcpy to it, memset it, or its lifetime ends (the type gets reset on lifetime.start/end and for malloc/allocas/etc.). There's a flag to enable the "writes always set the type" rule, but that's not the default. Is this too strict?

That seems like it will have at least three flavors of false positive:

  1. C's "effective type" rule allows writes to set the type pretty much unconditionally, unless the storage is for a variable with a declared type
  2. After a placement new in C++, you should be able to use the storage as a new type
  3. Storing directly to a member access on a union (ie, with the syntax x.a = b) in C++ permits using the storage as the new type

If we want to follow the relevant language rules by default, that would suggest that "writes always set the type" should be enabled by default in C and disabled by default in C++. That may not be the right decision for other reasons, though. In C++, writes through union members and new-expressions should probably (re)set the type (do you have intrinsics the frontend can use to do so?).

hfinkel added a comment.Apr 20 2017, 5:46 AM
In D32199#731472, @rsmith wrote:

As I've currently implemented it, both reads and writes set the type of previously-unknown storage, and after that it says fixed (unless you memcpy to it, memset it, or its lifetime ends (the type gets reset on lifetime.start/end and for malloc/allocas/etc.). There's a flag to enable the "writes always set the type" rule, but that's not the default. Is this too strict?

That seems like it will have at least three flavors of false positive:

  1. C's "effective type" rule allows writes to set the type pretty much unconditionally, unless the storage is for a variable with a declared type
  2. After a placement new in C++, you should be able to use the storage as a new type
  3. Storing directly to a member access on a union (ie, with the syntax x.a = b) in C++ permits using the storage as the new type

If we want to follow the relevant language rules by default, that would suggest that "writes always set the type" should be enabled by default in C and disabled by default in C++. That may not be the right decision for other reasons, though. In C++, writes through union members and new-expressions should probably (re)set the type

Fair enough. For now we'll default to write-sets-the-type as the default. We can always add 'sticky' types later to correspond to types set by declaration.

(do you have intrinsics the frontend can use to do so?).

I had thought that we could just use a lifetime.end/start pair to mark the placement new, etc. However, it might be better to use some dedicated intrinsic for this purpose?

hfinkel added a comment.Apr 20 2017, 8:39 AM
In D32199#731472, @rsmith wrote:

As I've currently implemented it, both reads and writes set the type of previously-unknown storage, and after that it says fixed (unless you memcpy to it, memset it, or its lifetime ends (the type gets reset on lifetime.start/end and for malloc/allocas/etc.). There's a flag to enable the "writes always set the type" rule, but that's not the default. Is this too strict?

That seems like it will have at least three flavors of false positive:

  1. C's "effective type" rule allows writes to set the type pretty much unconditionally, unless the storage is for a variable with a declared type

To come back to this point: We don't really implement these rules now, and it is not clear that we will. The problem here is that, if we take the specification literally, then we can't use our current TBAA at all. The problem is that if we have:

write x, !tbaa "int"
read x, !tbaa "int"
write x, !tbaa "float"

TBAA will currently tell us that the "float" write aliases with neither the preceding read nor the preceding write. As a result, we might move the "float" write to before the read (which is wrong) or before the write (also wrong). It seems to me that following the effective-type rules strictly will require that we only emit TBAA for memory accesses we can prove are to declared variables (as these are the only ones whose types don't get changed just by writing to them). We could certainly do that (*), although it is going to make TBAA awfully limited. As @dberlin has asserted, GCC does not implement these rules either.

To be fair, there are inferences we might draw from TBAA on all access that are not incorrect. For example, if we have:

write x, !tbaa "int"
write y, !tbaa "float"
read x, !tbaa "int"

and we can indeed conclude that the write to y and the read from x don't alias (because the write happens before the read). This is because the effective type of y must be float after the write and so we know that the read from x must be accessing a different object. We can also conclude that the writes don't alias, but only because of the later read. The sad part is that if we use this information to reorder the read before the write to y (which we might do to eliminate the read), we now lose our ability to use TBAA to tell us anything.

Also, a strict reading of C's access rules seems to rule out the premise underlying our struct-path TBAA entirely. So long as I'm accessing a value using a struct that has some member, including recursively, with that type, then it's fine. The matching of the relative offsets is a sufficient, but not necessary, condition for well-defined access. C++ has essentially the same language (and, thus, potentially the same problem).

While I'd like the sanitizer to follow the rules, that's really useful only to the extent that the compilers follow the rules. If the compilers are making stronger assumptions, then I think that the sanitizer should also. OTOH, maybe we should change our TBAA representation/implementation to actually follow the rules, and then have a sanitizer that does the same.

(*) The best way I can think of to do this is to tag globals and allocas with tbaa according to their declared type, something similar for function arguments, and then in TBAA, instead of comparing the TBAA metadata of both operands directly, we call getUnderlyingObjects on the pointers, get the corresponding most-generic TBAA from the objects themselves, and then compare that TBAA to the TBAA from the other access.

  1. After a placement new in C++, you should be able to use the storage as a new type
  2. Storing directly to a member access on a union (ie, with the syntax x.a = b) in C++ permits using the storage as the new type

Yes, although for the sake of discussion, this is only true if a is a "non-class, non-array type, or of a class type with a trivial default constructor that is not
deleted, or an array of such types." That seems potentially useful.

If we want to follow the relevant language rules by default, that would suggest that "writes always set the type" should be enabled by default in C and disabled by default in C++. That may not be the right decision for other reasons, though. In C++, writes through union members and new-expressions should probably (re)set the type (do you have intrinsics the frontend can use to do so?).

Also, in C, memcpy gets to copy the type for a destination that does not have declared types. It looks like the same is true for C++ for trivially-copyable types. Is the first read/write sets the unknown type (i.e. memory from malloc/calloc/memset, etc.) correct for C++ also? I recall discussing something along these lines in Kona.

rjmccall edited edge metadata.Apr 20 2017, 11:02 AM

If you're going to try to enforce the declared type of memory, you'll also need something like the C effective type rule to handle char buffers in C++. As far as I can tell, it's not actually legal under the spec to cast an array of chars to an arbitrary type and access it that way — you have to do something to establish that there's an object of that type there first. If you memcpy'ed into that buffer from an object of the right type, that would be sufficient to create a new formal object of that type, but I don't see any way to sensibly apply that rule to e.g. the POSIX "read" function. It seems to me that you at least need to have a rule saying that it's okay to access a formal object of type char/char[] using an arbitrarily-typed l-value.

hfinkel added a comment.Apr 20 2017, 11:34 AM
In D32199#732382, @rjmccall wrote:

If you're going to try to enforce the declared type of memory, you'll also need something like the C effective type rule to handle char buffers in C++. As far as I can tell, it's not actually legal under the spec to cast an array of chars to an arbitrary type and access it that way — you have to do something to establish that there's an object of that type there first.
If you memcpy'ed into that buffer from an object of the right type, that would be sufficient to create a new formal object of that type, but I don't see any way to sensibly apply that rule to e.g. the POSIX "read" function. It seems to me that you at least need to have a rule saying that it's okay to access a formal object of type char/char[] using an arbitrarily-typed l-value.

I agree. That's exactly what the current implementation does (I get that for free from our TBAA setup). I get this for free from the TBAA scheme because the current checks are symmetric (just like the TBAA checks in the optimizer). I had wondered whether this symmetry was an over-approximation in some cases, but perhaps it is not.

rsmith added a comment.Apr 20 2017, 3:02 PM
In D32199#732189, @hfinkel wrote:
In D32199#731472, @rsmith wrote:
  1. C's "effective type" rule allows writes to set the type pretty much unconditionally, unless the storage is for a variable with a declared type

To come back to this point: We don't really implement these rules now, and it is not clear that we will. The problem here is that, if we take the specification literally, then we can't use our current TBAA at all. The problem is that if we have:

write x, !tbaa "int"
read x, !tbaa "int"
write x, !tbaa "float"

TBAA will currently tell us that the "float" write aliases with neither the preceding read nor the preceding write.

Right, C's TBAA rules do not (in general) permit a store to be reordered before a memory operation of a different type, they only allow loads to be moved before stores. (Put another way, they do not tell you that pointers point to distinct memory locations, just that a stored value cannot be observed by a load of a different type.) You get the more general "distinct memory locations" result only for objects of a declared type.

C++ is similar, except that (because object lifetimes do not currently begin magically due to a store) you /can/ reorder stores past a memory operation of a different type if you know no object's lifetime began in between. (But currently we do not record all lifetime events in IR, so we can't do that today. Also, we may be about to lose the property that you can statically determine a small number of places that might start an object lifetime.)

Also, a strict reading of C's access rules seems to rule out the premise underlying our struct-path TBAA entirely. So long as I'm accessing a value using a struct that has some member, including recursively, with that type, then it's fine. The matching of the relative offsets is a sufficient, but not necessary, condition for well-defined access. C++ has essentially the same language (and, thus, potentially the same problem).

I agree this rule is garbage, but it's not as permissive as I think you're suggesting. The rule says that you can use an lvalue of struct type to access memory of struct field type. In C this happens during struct assignment, for instance. It does *not* permit using an lvalue of struct field type to access unrelated fields of the same struct. So C appears to allow this nonsense:

char *p = malloc(8);
*(int*)p = 0;
*(int*)(p + 4) = 0;
struct S {int n; float f;} s = *(struct S*)p; // use lvalue of type `struct S` to access object of effective type `int`, to initialize a `float`

but not this nonsense:

float q = ((struct S*)p)->f; // ub, cannot use lvalue of type `float` to access object of effective type `int`

... which just means that we can't make much use of TBAA when emitting struct copies in C.

In C++, on the other hand, the rule is even more garbage, since there is no way to perform a memory access with a glvalue of class type. (The closest you get is that a defaulted union construction/assignment copies the object representation, but that's expressed in terms of copying a sequence of unsigned chars, and in any case those are member functions and so already require an object of the correct type to exist.) See wg21.link/cwg2051

While I'd like the sanitizer to follow the rules, that's really useful only to the extent that the compilers follow the rules. If the compilers are making stronger assumptions, then I think that the sanitizer should also.

I agree.

If we want to follow the relevant language rules by default, that would suggest that "writes always set the type" should be enabled by default in C and disabled by default in C++. That may not be the right decision for other reasons, though. In C++, writes through union members and new-expressions should probably (re)set the type (do you have intrinsics the frontend can use to do so?).

Also, in C, memcpy gets to copy the type for a destination that does not have declared types. It looks like the same is true for C++ for trivially-copyable types. Is the first read/write sets the unknown type (i.e. memory from malloc/calloc/memset, etc.) correct for C++ also?

As I recall, "store can create an object" is the broad direction that SG12 agreed on for the cases where you have a pointer into a raw storage buffer (that is, a char array), and we want the low-level storage allocation functions to give us such a buffer.

hfinkel added a comment.Apr 21 2017, 4:03 AM
In D32199#732737, @rsmith wrote:
In D32199#732189, @hfinkel wrote:
In D32199#731472, @rsmith wrote:
  1. C's "effective type" rule allows writes to set the type pretty much unconditionally, unless the storage is for a variable with a declared type

To come back to this point: We don't really implement these rules now, and it is not clear that we will. The problem here is that, if we take the specification literally, then we can't use our current TBAA at all. The problem is that if we have:

write x, !tbaa "int"
read x, !tbaa "int"
write x, !tbaa "float"

TBAA will currently tell us that the "float" write aliases with neither the preceding read nor the preceding write.

Right, C's TBAA rules do not (in general) permit a store to be reordered before a memory operation of a different type, they only allow loads to be moved before stores. (Put another way, they do not tell you that pointers point to distinct memory locations, just that a stored value cannot be observed by a load of a different type.) You get the more general "distinct memory locations" result only for objects of a declared type.

C++ is similar, except that (because object lifetimes do not currently begin magically due to a store) you /can/ reorder stores past a memory operation of a different type if you know no object's lifetime began in between. (But currently we do not record all lifetime events in IR, so we can't do that today. Also, we may be about to lose the property that you can statically determine a small number of places that might start an object lifetime.)

Also, a strict reading of C's access rules seems to rule out the premise underlying our struct-path TBAA entirely. So long as I'm accessing a value using a struct that has some member, including recursively, with that type, then it's fine. The matching of the relative offsets is a sufficient, but not necessary, condition for well-defined access. C++ has essentially the same language (and, thus, potentially the same problem).

I agree this rule is garbage, but it's not as permissive as I think you're suggesting. The rule says that you can use an lvalue of struct type to access memory of struct field type. In C this happens during struct assignment, for instance. It does *not* permit using an lvalue of struct field type to access unrelated fields of the same struct. So C appears to allow this nonsense:

char *p = malloc(8);
*(int*)p = 0;
*(int*)(p + 4) = 0;
struct S {int n; float f;} s = *(struct S*)p; // use lvalue of type `struct S` to access object of effective type `int`, to initialize a `float`

but not this nonsense:

float q = ((struct S*)p)->f; // ub, cannot use lvalue of type `float` to access object of effective type `int`

... which just means that we can't make much use of TBAA when emitting struct copies in C.

In C++, on the other hand, the rule is even more garbage, since there is no way to perform a memory access with a glvalue of class type. (The closest you get is that a defaulted union construction/assignment copies the object representation, but that's expressed in terms of copying a sequence of unsigned chars, and in any case those are member functions and so already require an object of the correct type to exist.) See wg21.link/cwg2051

Our struct-path TBAA does the following:

struct X { int a, b; };
X x { 50, 100 };
X *o = (X*) (((int*) &x) + 1);

int a_is_b = o->a; // This is UB (or so we say)?

Because we assume that the (type, offset) tuples are identified entities in the type-aliasing tree. Practically speaking, this certainly makes sense to me. However, I don't see anything in the language that actually forbids this behavior. In case it matters, because in the above case the type of the struct actually matches, we similarly forbid:

struct X { int a, b; };
struct Y { int a; float b; };
X x { 50, 100 };
Y *o = (X*) (((int*) &x) + 1);

int a_is_b = o->a; // This is UB (or so we say)?

as is this:

struct X { int a, b; };
struct Y { int a; float b; X h; /* in case this matters for the aggregate members thing */ };
X x { 50, 100 };
Y *o = (X*) (((int*) &x) + 1);

int a_is_b = o->a; // This is UB (or so we say)?

(although, as you say, this shouldn't matter in C++ because we don't have struct glvalues)

In any case, am I missing something?

While I'd like the sanitizer to follow the rules, that's really useful only to the extent that the compilers follow the rules. If the compilers are making stronger assumptions, then I think that the sanitizer should also.

I agree.

If we want to follow the relevant language rules by default, that would suggest that "writes always set the type" should be enabled by default in C and disabled by default in C++. That may not be the right decision for other reasons, though. In C++, writes through union members and new-expressions should probably (re)set the type (do you have intrinsics the frontend can use to do so?).

Also, in C, memcpy gets to copy the type for a destination that does not have declared types. It looks like the same is true for C++ for trivially-copyable types. Is the first read/write sets the unknown type (i.e. memory from malloc/calloc/memset, etc.) correct for C++ also?

As I recall, "store can create an object" is the broad direction that SG12 agreed on for the cases where you have a pointer into a raw storage buffer (that is, a char array), and we want the low-level storage allocation functions to give us such a buffer.

What about a read after a calloc (or memset)?

hfinkel updated this revision to Diff 96135.Apr 21 2017, 7:18 AM
hfinkel retitled this revision from [TBAASan] A TBAA Sanitizer (Clang) to [TySan] A Type Sanitizer (Clang).
hfinkel edited the summary of this revision. (Show Details)

Rename TBAASanitizer -> TypeSanitizer

hfinkel updated this revision to Diff 96264.Apr 21 2017, 5:16 PM

Output metadata to provide the types of globals (similar to how Clang marks globals for asan).

dberlin resigned from this revision.May 1 2017, 4:06 PM
xazax.hun added a subscriber: xazax.hun.May 15 2017, 12:58 AM
rjmccall added a comment.Aug 1 2017, 7:47 PM

Has this proposal run aground? I'm going back over some old patches that I've been CC'ed on and trying to make sure they're not blocking on my review.

hfinkel added a comment.Aug 3 2017, 9:43 AM
In D32199#828526, @rjmccall wrote:

Has this proposal run aground? I'm going back over some old patches that I've been CC'ed on and trying to make sure they're not blocking on my review.

I need to rebase these now that we've "fixed" the union metadata, but I believe that orthogonal to the changes here, and otherwise these should be ready to go. Could you please review this patch? Thanks in advance.

rjmccall added a comment.Aug 3 2017, 10:33 AM

Looks fine to me.

hfinkel updated this revision to Diff 111109.Aug 14 2017, 6:55 PM

Rebased.

rsmith accepted this revision.Oct 2 2017, 7:23 PM

This looks fine to me too, assuming the other parts get approved.

Once this is all working, please don't forget:

  • user documentation
  • release notes
This revision is now accepted and ready to land.Oct 2 2017, 7:23 PM
hfinkel updated this revision to Diff 117619.Oct 3 2017, 8:42 PM

Rebased.

Herald added a subscriber: kosarev. · View Herald TranscriptOct 3 2017, 8:42 PM
hfinkel updated this revision to Diff 119103.Oct 15 2017, 7:57 PM

Rebased.

laurent.rineau added a subscriber: laurent.rineau.Sep 17 2018, 9:30 AM
Herald added a subscriber: bollu. · View Herald TranscriptSep 17 2018, 9:30 AM
CJ-Johnson commandeered this revision.Jan 2 2020, 8:10 AM
CJ-Johnson added a reviewer: hfinkel.
CJ-Johnson added a subscriber: CJ-Johnson.

After discussing things with Hal, I'm going to take over these diffs and try to update them to the new pass manager :)

CJ-Johnson updated this revision to Diff 235944.Jan 2 2020, 1:56 PM

Rebase on head

CJ-Johnson updated this revision to Diff 235948.Jan 2 2020, 2:10 PM
CJ-Johnson edited the summary of this revision. (Show Details)

Fixing rebase

Herald added a project: Restricted Project. · View Herald TranscriptJan 2 2020, 2:10 PM
Harbormaster completed remote builds in B43198: Diff 235948.Jan 2 2020, 2:10 PM
danilaml added a subscriber: danilaml.Apr 18 2020, 6:11 PM
jgorbe added a subscriber: jgorbe.Jun 18 2020, 6:29 PM
Herald added a subscriber: aaron.ballman. · View Herald TranscriptJun 18 2020, 6:30 PM
CJ-Johnson added a comment.Jul 16 2020, 5:28 AM

Hello to everyone following along! My apologies for the lack of activity; I should have made a comment sooner.

Back in December/January I was exploring working on TySan (met with Hal and Richard, in addition to rebasing the diffs). After digging into the problem space, it became clear that it's not something I could prioritize over other works. Since that time, nothing has changed on my end, so I don't expect to continue working on this.

If anyone is interested in picking this up, I would be thrilled! - CJ

riccibruno added a subscriber: riccibruno.Jul 16 2020, 7:56 AM
aganea added a subscriber: aganea.Jun 3 2021, 2:25 PM
Herald added subscribers: ormris, jeroen.dobbelaere, dexonsmith. · View Herald TranscriptJun 3 2021, 2:25 PM
thesamesam added a subscriber: thesamesam.Sep 19 2021, 7:42 PM
Enna1 added a subscriber: Enna1.Oct 11 2021, 3:45 AM
russell.gallop added a subscriber: russell.gallop.Oct 26 2021, 5:00 AM
fhahn updated this revision to Diff 418961.Mar 29 2022, 12:49 PM
fhahn added a subscriber: fhahn.

I rebased the patch and added new pm support based on the latest version of D32198

Herald added a project: Restricted Project. · View Herald TranscriptMar 29 2022, 12:49 PM
Herald added a subscriber: MaskRay. · View Herald Transcript
Harbormaster completed remote builds in B156826: Diff 418961.Mar 30 2022, 9:31 AM
MaskRay added a comment.Jun 5 2022, 3:22 PM

Having the feature will be useful.

curl -L 'https://reviews.llvm.org/D32199?download=1' | patch -p1 doesn't apply cleanly. This needs a rebase.

clang/test/Driver/sanitizer-ld.c
271

Most -no-canonical-prefixes were cargo cult. I have removed them. The test needs a rebase.

Avoid legacy -target

280

{{.*}}libclang_rt.tysan{{[^.]*}}.a"

LLVM_ENABLE_PER_TARGET_RUNTIME_DIR=on builds use libclang_rt.tysan-x86_64.a (see D107799)

dexonsmith removed a subscriber: dexonsmith.Jun 6 2022, 4:47 AM
fhahn updated this revision to Diff 434471.Jun 6 2022, 7:37 AM

Rebase & address comments, thanks! Also update the code to link tysan runtime with static linking.

fhahn added a parent revision: D32198: [TySan] A Type Sanitizer (LLVM).Jun 6 2022, 7:39 AM
Harbormaster completed remote builds in B168050: Diff 434471.Jun 6 2022, 7:52 AM
fhahn updated this revision to Diff 435508.Jun 9 2022, 4:59 AM

Add TySan library when building on Darwin.

Harbormaster completed remote builds in B168798: Diff 435508.Jun 9 2022, 5:51 AM
fhahn updated this revision to Diff 440264.Jun 27 2022, 9:26 AM

rebased

Harbormaster completed remote builds in B172226: Diff 440264.Jun 27 2022, 10:58 AM
fhahn updated this revision to Diff 469270.Oct 20 2022, 10:09 AM

Rebase on top of current main.

Harbormaster completed remote builds in B193263: Diff 469270.Oct 20 2022, 11:16 AM
TDHolmes added a subscriber: TDHolmes.Oct 21 2022, 6:17 AM
Enna1 added a child revision: D137414: [TySan] Fix Type Sanitizer build on Linux.Nov 4 2022, 5:48 AM
Enna1 removed a child revision: D137414: [TySan] Fix Type Sanitizer build on Linux.Nov 4 2022, 6:01 AM
Enna1 added a child revision: D32197: [TySan] A Type Sanitizer (Runtime Library).
fhahn commandeered this revision.Nov 15 2022, 3:34 PM
fhahn added a reviewer: CJ-Johnson.

Commandeering after the recent updates to make review + follow-ups easier.

Matt added a subscriber: Matt.Dec 7 2022, 6:28 PM
albntomat0 added a subscriber: albntomat0.Mar 5 2023, 8:18 AM
Herald added a subscriber: StephenFan. · View Herald TranscriptMar 5 2023, 8:18 AM
fhahn updated this revision to Diff 502607.Mar 6 2023, 5:50 AM

Rebased

Harbormaster completed remote builds in B217552: Diff 502607.Mar 6 2023, 7:21 AM
fhahn updated this revision to Diff 526163.May 26 2023, 12:49 PM

Rebased

Harbormaster completed remote builds in B234939: Diff 526163.May 27 2023, 12:01 PM

Revision Contents

PathSize
clang/
include/
clang/
Basic/
1 line
3 lines
Driver/
1 line
lib/
CodeGen/
6 lines
3 lines
4 lines
2 lines
12 lines
6 lines
13 lines
44 lines
Driver/
15 lines
ToolChains/
5 lines
5 lines
2 lines
test/
CodeGen/
74 lines
Driver/
22 lines

Diff 526163

clang/include/clang/Basic/Features.def

Show First 20 LinesShow All 90 Lines▼ Show 20 Lines
FEATURE(cxx_rtti, LangOpts.RTTI &&LangOpts.RTTIData) FEATURE(cxx_rtti, LangOpts.RTTI &&LangOpts.RTTIData)
FEATURE(enumerator_attributes, true) FEATURE(enumerator_attributes, true)
FEATURE(nullability, true) FEATURE(nullability, true)
FEATURE(nullability_on_arrays, true) FEATURE(nullability_on_arrays, true)
FEATURE(nullability_nullable_result, true) FEATURE(nullability_nullable_result, true)
FEATURE(memory_sanitizer, FEATURE(memory_sanitizer,
LangOpts.Sanitize.hasOneOf(SanitizerKind::Memory | LangOpts.Sanitize.hasOneOf(SanitizerKind::Memory |
SanitizerKind::KernelMemory)) SanitizerKind::KernelMemory))
FEATURE(type_sanitizer, LangOpts.Sanitize.has(SanitizerKind::Type))
FEATURE(thread_sanitizer, LangOpts.Sanitize.has(SanitizerKind::Thread)) FEATURE(thread_sanitizer, LangOpts.Sanitize.has(SanitizerKind::Thread))
FEATURE(dataflow_sanitizer, LangOpts.Sanitize.has(SanitizerKind::DataFlow)) FEATURE(dataflow_sanitizer, LangOpts.Sanitize.has(SanitizerKind::DataFlow))
FEATURE(scudo, LangOpts.Sanitize.hasOneOf(SanitizerKind::Scudo)) FEATURE(scudo, LangOpts.Sanitize.hasOneOf(SanitizerKind::Scudo))
FEATURE(swiftasynccc, FEATURE(swiftasynccc,
PP.getTargetInfo().checkCallingConvention(CC_SwiftAsync) == PP.getTargetInfo().checkCallingConvention(CC_SwiftAsync) ==
clang::TargetInfo::CCCR_OK) clang::TargetInfo::CCCR_OK)
// Objective-C features // Objective-C features
FEATURE(objc_arr, LangOpts.ObjCAutoRefCount) // FIXME: REMOVE? FEATURE(objc_arr, LangOpts.ObjCAutoRefCount) // FIXME: REMOVE?
▲ Show 20 LinesShow All 176 LinesShow Last 20 Lines

clang/include/clang/Basic/Sanitizers.def

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines
SANITIZER("kernel-memory", KernelMemory) SANITIZER("kernel-memory", KernelMemory)
// libFuzzer // libFuzzer
SANITIZER("fuzzer", Fuzzer) SANITIZER("fuzzer", Fuzzer)
// libFuzzer-required instrumentation, no linking. // libFuzzer-required instrumentation, no linking.
SANITIZER("fuzzer-no-link", FuzzerNoLink) SANITIZER("fuzzer-no-link", FuzzerNoLink)
// TypeSanitizer
SANITIZER("type", Type)
// ThreadSanitizer // ThreadSanitizer
SANITIZER("thread", Thread) SANITIZER("thread", Thread)
// LeakSanitizer // LeakSanitizer
SANITIZER("leak", Leak) SANITIZER("leak", Leak)
// UndefinedBehaviorSanitizer // UndefinedBehaviorSanitizer
SANITIZER("alignment", Alignment) SANITIZER("alignment", Alignment)
▲ Show 20 LinesShow All 112 LinesShow Last 20 Lines

clang/include/clang/Driver/SanitizerArgs.h

Show First 20 LinesShow All 79 Lines▼ Show 20 Linespublic:
bool needsMemProfRt() const { return NeedsMemProfRt; } bool needsMemProfRt() const { return NeedsMemProfRt; }
bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); } bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); }
bool needsHwasanRt() const { bool needsHwasanRt() const {
return Sanitizers.has(SanitizerKind::HWAddress); return Sanitizers.has(SanitizerKind::HWAddress);
} }
bool needsHwasanAliasesRt() const { bool needsHwasanAliasesRt() const {
return needsHwasanRt() && HwasanUseAliases; return needsHwasanRt() && HwasanUseAliases;
} }
bool needsTysanRt() const { return Sanitizers.has(SanitizerKind::Type); }
bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); } bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); }
bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); } bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); }
bool needsFuzzer() const { return Sanitizers.has(SanitizerKind::Fuzzer); } bool needsFuzzer() const { return Sanitizers.has(SanitizerKind::Fuzzer); }
bool needsLsanRt() const { bool needsLsanRt() const {
return Sanitizers.has(SanitizerKind::Leak) && return Sanitizers.has(SanitizerKind::Leak) &&
!Sanitizers.has(SanitizerKind::Address) && !Sanitizers.has(SanitizerKind::Address) &&
!Sanitizers.has(SanitizerKind::HWAddress); !Sanitizers.has(SanitizerKind::HWAddress);
} }
▲ Show 20 LinesShow All 46 LinesShow Last 20 Lines

clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 66 Lines▼ Show 20 Lines
#include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h" #include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/InstrProfiling.h" #include "llvm/Transforms/Instrumentation/InstrProfiling.h"
#include "llvm/Transforms/Instrumentation/KCFI.h" #include "llvm/Transforms/Instrumentation/KCFI.h"
#include "llvm/Transforms/Instrumentation/MemProfiler.h" #include "llvm/Transforms/Instrumentation/MemProfiler.h"
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h" #include "llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h"
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h" #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/Transforms/Instrumentation/ThreadSanitizer.h" #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
#include "llvm/Transforms/Instrumentation/TypeSanitizer.h"
#include "llvm/Transforms/ObjCARC.h" #include "llvm/Transforms/ObjCARC.h"
#include "llvm/Transforms/Scalar/EarlyCSE.h" #include "llvm/Transforms/Scalar/EarlyCSE.h"
#include "llvm/Transforms/Scalar/GVN.h" #include "llvm/Transforms/Scalar/GVN.h"
#include "llvm/Transforms/Scalar/JumpThreading.h" #include "llvm/Transforms/Scalar/JumpThreading.h"
#include "llvm/Transforms/Utils/Debugify.h" #include "llvm/Transforms/Utils/Debugify.h"
#include "llvm/Transforms/Utils/EntryExitInstrumenter.h" #include "llvm/Transforms/Utils/EntryExitInstrumenter.h"
#include "llvm/Transforms/Utils/ModuleUtils.h" #include "llvm/Transforms/Utils/ModuleUtils.h"
#include <memory> #include <memory>
▲ Show 20 LinesShow All 612 Lines▼ Show 20 Lines auto SanitizersCallback = [&](ModulePassManager &MPM,
MSanPass(SanitizerKind::Memory, false); MSanPass(SanitizerKind::Memory, false);
MSanPass(SanitizerKind::KernelMemory, true); MSanPass(SanitizerKind::KernelMemory, true);
if (LangOpts.Sanitize.has(SanitizerKind::Thread)) { if (LangOpts.Sanitize.has(SanitizerKind::Thread)) {
MPM.addPass(ModuleThreadSanitizerPass()); MPM.addPass(ModuleThreadSanitizerPass());
MPM.addPass(createModuleToFunctionPassAdaptor(ThreadSanitizerPass())); MPM.addPass(createModuleToFunctionPassAdaptor(ThreadSanitizerPass()));
} }
if (LangOpts.Sanitize.has(SanitizerKind::Type)) {
MPM.addPass(ModuleTypeSanitizerPass());
MPM.addPass(createModuleToFunctionPassAdaptor(TypeSanitizerPass()));
}
auto ASanPass = [&](SanitizerMask Mask, bool CompileKernel) { auto ASanPass = [&](SanitizerMask Mask, bool CompileKernel) {
if (LangOpts.Sanitize.has(Mask)) { if (LangOpts.Sanitize.has(Mask)) {
bool UseGlobalGC = asanUseGlobalsGC(TargetTriple, CodeGenOpts); bool UseGlobalGC = asanUseGlobalsGC(TargetTriple, CodeGenOpts);
bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator; bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator;
llvm::AsanDtorKind DestructorKind = llvm::AsanDtorKind DestructorKind =
CodeGenOpts.getSanitizeAddressDtor(); CodeGenOpts.getSanitizeAddressDtor();
AddressSanitizerOptions Opts; AddressSanitizerOptions Opts;
Opts.CompileKernel = CompileKernel; Opts.CompileKernel = CompileKernel;
▲ Show 20 LinesShow All 611 LinesShow Last 20 Lines

clang/lib/CodeGen/CGDecl.cpp

Show First 20 LinesShow All 473 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitStaticVarDecl(const VarDecl &D,
// //
// FIXME: It is really dangerous to store this in the map; if anyone // FIXME: It is really dangerous to store this in the map; if anyone
// RAUW's the GV uses of this constant will be invalid. // RAUW's the GV uses of this constant will be invalid.
llvm::Constant *castedAddr = llvm::Constant *castedAddr =
llvm::ConstantExpr::getPointerBitCastOrAddrSpaceCast(var, expectedType); llvm::ConstantExpr::getPointerBitCastOrAddrSpaceCast(var, expectedType);
LocalDeclMap.find(&D)->second = Address(castedAddr, elemTy, alignment); LocalDeclMap.find(&D)->second = Address(castedAddr, elemTy, alignment);
CGM.setStaticLocalDeclAddress(&D, castedAddr); CGM.setStaticLocalDeclAddress(&D, castedAddr);
CGM.getSanitizerMetadata()->reportGlobal(var, D); CGM.getSanitizerMetadata()->reportGlobalToASan(var, D);
CGM.getSanitizerMetadata()->reportGlobalToTySan(var, D);
// Emit global variable debug descriptor for static vars. // Emit global variable debug descriptor for static vars.
CGDebugInfo *DI = getDebugInfo(); CGDebugInfo *DI = getDebugInfo();
if (DI && CGM.getCodeGenOpts().hasReducedDebugInfo()) { if (DI && CGM.getCodeGenOpts().hasReducedDebugInfo()) {
DI->setLocation(D.getLocation()); DI->setLocation(D.getLocation());
DI->EmitGlobalVariable(var, &D); DI->EmitGlobalVariable(var, &D);
} }
} }
▲ Show 20 LinesShow All 2,250 LinesShow Last 20 Lines

clang/lib/CodeGen/CGDeclCXX.cpp

Show First 20 LinesShow All 459 Lines▼ Show 20 Linesllvm::Function *CodeGenModule::CreateGlobalInitOrCleanUpFunction(
if (getLangOpts().Sanitize.has(SanitizerKind::KernelHWAddress) && if (getLangOpts().Sanitize.has(SanitizerKind::KernelHWAddress) &&
!isInNoSanitizeList(SanitizerKind::KernelHWAddress, Fn, Loc)) !isInNoSanitizeList(SanitizerKind::KernelHWAddress, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress); Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress);
if (getLangOpts().Sanitize.has(SanitizerKind::MemtagStack) && if (getLangOpts().Sanitize.has(SanitizerKind::MemtagStack) &&
!isInNoSanitizeList(SanitizerKind::MemtagStack, Fn, Loc)) !isInNoSanitizeList(SanitizerKind::MemtagStack, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeMemTag); Fn->addFnAttr(llvm::Attribute::SanitizeMemTag);
if (getLangOpts().Sanitize.has(SanitizerKind::Type) &&
!isInNoSanitizeList(SanitizerKind::Type, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeType);
if (getLangOpts().Sanitize.has(SanitizerKind::Thread) && if (getLangOpts().Sanitize.has(SanitizerKind::Thread) &&
!isInNoSanitizeList(SanitizerKind::Thread, Fn, Loc)) !isInNoSanitizeList(SanitizerKind::Thread, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeThread); Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (getLangOpts().Sanitize.has(SanitizerKind::Memory) && if (getLangOpts().Sanitize.has(SanitizerKind::Memory) &&
!isInNoSanitizeList(SanitizerKind::Memory, Fn, Loc)) !isInNoSanitizeList(SanitizerKind::Memory, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory); Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
▲ Show 20 LinesShow All 670 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 771 Lines▼ Show 20 Lines if (SanOpts.hasOneOf(SanitizerKind::Address | SanitizerKind::KernelAddress))
Fn->addFnAttr(llvm::Attribute::SanitizeAddress); Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
if (SanOpts.hasOneOf(SanitizerKind::HWAddress | if (SanOpts.hasOneOf(SanitizerKind::HWAddress |
SanitizerKind::KernelHWAddress)) SanitizerKind::KernelHWAddress))
Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress); Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress);
if (SanOpts.has(SanitizerKind::MemtagStack)) if (SanOpts.has(SanitizerKind::MemtagStack))
Fn->addFnAttr(llvm::Attribute::SanitizeMemTag); Fn->addFnAttr(llvm::Attribute::SanitizeMemTag);
if (SanOpts.has(SanitizerKind::Thread)) if (SanOpts.has(SanitizerKind::Thread))
Fn->addFnAttr(llvm::Attribute::SanitizeThread); Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (SanOpts.has(SanitizerKind::Type))
Fn->addFnAttr(llvm::Attribute::SanitizeType);
if (SanOpts.hasOneOf(SanitizerKind::Memory | SanitizerKind::KernelMemory)) if (SanOpts.hasOneOf(SanitizerKind::Memory | SanitizerKind::KernelMemory))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory); Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
} }
if (SanOpts.has(SanitizerKind::SafeStack)) if (SanOpts.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack); Fn->addFnAttr(llvm::Attribute::SafeStack);
if (SanOpts.has(SanitizerKind::ShadowCallStack)) if (SanOpts.has(SanitizerKind::ShadowCallStack))
Fn->addFnAttr(llvm::Attribute::ShadowCallStack); Fn->addFnAttr(llvm::Attribute::ShadowCallStack);
▲ Show 20 LinesShow All 2,115 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 160 Lines▼ Show 20 Lines if (LangOpts.OpenCL)
createOpenCLRuntime(); createOpenCLRuntime();
if (LangOpts.OpenMP) if (LangOpts.OpenMP)
createOpenMPRuntime(); createOpenMPRuntime();
if (LangOpts.CUDA) if (LangOpts.CUDA)
createCUDARuntime(); createCUDARuntime();
if (LangOpts.HLSL) if (LangOpts.HLSL)
createHLSLRuntime(); createHLSLRuntime();
// Enable TBAA unless it's suppressed. ThreadSanitizer needs TBAA even at O0. // Enable TBAA unless it's suppressed. TSan and TySan need TBAA even at O0.
if (LangOpts.Sanitize.has(SanitizerKind::Thread) || if (LangOpts.Sanitize.hasOneOf(SanitizerKind::Thread | SanitizerKind::Type) ||
(!CodeGenOpts.RelaxedAliasing && CodeGenOpts.OptimizationLevel > 0)) (!CodeGenOpts.RelaxedAliasing && CodeGenOpts.OptimizationLevel > 0))
TBAA.reset(new CodeGenTBAA(Context, TheModule, CodeGenOpts, getLangOpts(), TBAA.reset(new CodeGenTBAA(Context, TheModule, CodeGenOpts, getLangOpts(),
getCXXABI().getMangleContext())); getCXXABI().getMangleContext()));
// If debug info or coverage generation is enabled, create the CGDebugInfo // If debug info or coverage generation is enabled, create the CGDebugInfo
// object. // object.
if (CodeGenOpts.getDebugInfo() != llvm::codegenoptions::NoDebugInfo || if (CodeGenOpts.getDebugInfo() != llvm::codegenoptions::NoDebugInfo ||
CodeGenOpts.CoverageNotesFile.size() || CodeGenOpts.CoverageNotesFile.size() ||
▲ Show 20 LinesShow All 4,382 Lines▼ Show 20 Lines if (GV->isDeclaration()) {
// External HIP managed variables needed to be recorded for transformation // External HIP managed variables needed to be recorded for transformation
// in both device and host compilations. // in both device and host compilations.
if (getLangOpts().CUDA && D && D->hasAttr<HIPManagedAttr>() && if (getLangOpts().CUDA && D && D->hasAttr<HIPManagedAttr>() &&
D->hasExternalStorage()) D->hasExternalStorage())
getCUDARuntime().handleVarRegistration(D, *GV); getCUDARuntime().handleVarRegistration(D, *GV);
} }
if (D) if (D)
SanitizerMD->reportGlobal(GV, *D); SanitizerMD->reportGlobalToASan(GV, *D);
LangAS ExpectedAS = LangAS ExpectedAS =
D ? D->getType().getAddressSpace() D ? D->getType().getAddressSpace()
: (LangOpts.OpenCL ? LangAS::opencl_global : LangAS::Default); : (LangOpts.OpenCL ? LangAS::opencl_global : LangAS::Default);
assert(getContext().getTargetAddressSpace(ExpectedAS) == TargetAS); assert(getContext().getTargetAddressSpace(ExpectedAS) == TargetAS);
if (DAddrSpace != ExpectedAS) { if (DAddrSpace != ExpectedAS) {
return getTargetCodeGenInfo().performAddrSpaceCast( return getTargetCodeGenInfo().performAddrSpaceCast(
*this, GV, DAddrSpace, ExpectedAS, Ty->getPointerTo(TargetAS)); *this, GV, DAddrSpace, ExpectedAS, Ty->getPointerTo(TargetAS));
▲ Show 20 LinesShow All 521 Lines▼ Show 20 Lines#endif
} }
maybeSetTrivialComdat(*D, *GV); maybeSetTrivialComdat(*D, *GV);
// Emit the initializer function if necessary. // Emit the initializer function if necessary.
if (NeedsGlobalCtor || NeedsGlobalDtor) if (NeedsGlobalCtor || NeedsGlobalDtor)
EmitCXXGlobalVarDeclInitFunc(D, GV, NeedsGlobalCtor); EmitCXXGlobalVarDeclInitFunc(D, GV, NeedsGlobalCtor);
SanitizerMD->reportGlobal(GV, *D, NeedsGlobalCtor); SanitizerMD->reportGlobalToASan(GV, *D, NeedsGlobalCtor);
SanitizerMD->reportGlobalToTySan(GV, *D);
// Emit global variable debug information. // Emit global variable debug information.
if (CGDebugInfo *DI = getModuleDebugInfo()) if (CGDebugInfo *DI = getModuleDebugInfo())
if (getCodeGenOpts().hasReducedDebugInfo()) if (getCodeGenOpts().hasReducedDebugInfo())
DI->EmitGlobalVariable(GV, D); DI->EmitGlobalVariable(GV, D);
} }
void CodeGenModule::EmitExternalVarDeclaration(const VarDecl *D) { void CodeGenModule::EmitExternalVarDeclaration(const VarDecl *D) {
▲ Show 20 LinesShow All 865 Lines▼ Show 20 LinesCodeGenModule::GetAddrOfConstantStringFromLiteral(const StringLiteral *S,
CGDebugInfo *DI = getModuleDebugInfo(); CGDebugInfo *DI = getModuleDebugInfo();
if (DI && getCodeGenOpts().hasReducedDebugInfo()) if (DI && getCodeGenOpts().hasReducedDebugInfo())
DI->AddStringLiteralDebugInfo(GV, S); DI->AddStringLiteralDebugInfo(GV, S);
if (Entry) if (Entry)
*Entry = GV; *Entry = GV;
SanitizerMD->reportGlobal(GV, S->getStrTokenLoc(0), "<string literal>"); SanitizerMD->reportGlobalToASan(GV, S->getStrTokenLoc(0), "<string literal>");
// FIXME: Should we also report to the TySan?
return ConstantAddress(castStringLiteralToDefaultAddressSpace(*this, GV), return ConstantAddress(castStringLiteralToDefaultAddressSpace(*this, GV),
GV->getValueType(), Alignment); GV->getValueType(), Alignment);
} }
/// GetAddrOfConstantStringFromObjCEncode - Return a pointer to a constant /// GetAddrOfConstantStringFromObjCEncode - Return a pointer to a constant
/// array for the given ObjCEncodeExpr node. /// array for the given ObjCEncodeExpr node.
ConstantAddress ConstantAddress
▲ Show 20 LinesShow All 1,261 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenTBAA.cpp

Show First 20 LinesShow All 217 Lines▼ Show 20 Lines if (const auto *EIT = dyn_cast<BitIntType>(Ty)) {
return createScalarTypeNode(OutName, getChar(), Size); return createScalarTypeNode(OutName, getChar(), Size);
} }
// For now, handle any other kind of type conservatively. // For now, handle any other kind of type conservatively.
return getChar(); return getChar();
} }
llvm::MDNode *CodeGenTBAA::getTypeInfo(QualType QTy) { llvm::MDNode *CodeGenTBAA::getTypeInfo(QualType QTy) {
// At -O0 or relaxed aliasing, TBAA is not emitted for regular types. // At -O0 or relaxed aliasing, TBAA is not emitted for regular types (unless
if (CodeGenOpts.OptimizationLevel == 0 || CodeGenOpts.RelaxedAliasing) // we're running TypeSanitizer).
if (!Features.Sanitize.has(SanitizerKind::Type) &&
(CodeGenOpts.OptimizationLevel == 0 || CodeGenOpts.RelaxedAliasing))
return nullptr; return nullptr;
// If the type has the may_alias attribute (even on a typedef), it is // If the type has the may_alias attribute (even on a typedef), it is
// effectively in the general char alias class. // effectively in the general char alias class.
if (TypeHasMayAlias(QTy)) if (TypeHasMayAlias(QTy))
return getChar(); return getChar();
// We need this function to not fall back to returning the "omnipotent char" // We need this function to not fall back to returning the "omnipotent char"
▲ Show 20 LinesShow All 265 LinesShow Last 20 Lines

clang/lib/CodeGen/SanitizerMetadata.h

Show All 31 Lines
class SanitizerMetadata { class SanitizerMetadata {
SanitizerMetadata(const SanitizerMetadata &) = delete; SanitizerMetadata(const SanitizerMetadata &) = delete;
void operator=(const SanitizerMetadata &) = delete; void operator=(const SanitizerMetadata &) = delete;
CodeGenModule &CGM; CodeGenModule &CGM;
public: public:
SanitizerMetadata(CodeGenModule &CGM); SanitizerMetadata(CodeGenModule &CGM);
void reportGlobal(llvm::GlobalVariable *GV, const VarDecl &D, void reportGlobalToASan(llvm::GlobalVariable *GV, const VarDecl &D,
bool IsDynInit = false); bool IsDynInit = false);
void reportGlobal(llvm::GlobalVariable *GV, SourceLocation Loc, void reportGlobalToASan(llvm::GlobalVariable *GV, SourceLocation Loc,
StringRef Name, QualType Ty = {}, StringRef Name, QualType Ty = {},
SanitizerMask NoSanitizeAttrMask = {}, SanitizerMask NoSanitizeAttrMask = {},
bool IsDynInit = false); bool IsDynInit = false);
void reportGlobalToTySan(llvm::GlobalVariable *GV, const VarDecl &D);
void disableSanitizerForGlobal(llvm::GlobalVariable *GV); void disableSanitizerForGlobal(llvm::GlobalVariable *GV);
}; };
} // end namespace CodeGen } // end namespace CodeGen
} // end namespace clang } // end namespace clang
#endif #endif

clang/lib/CodeGen/SanitizerMetadata.cpp

Show All 28 Lines
SanitizerMask expandKernelSanitizerMasks(SanitizerMask Mask) { SanitizerMask expandKernelSanitizerMasks(SanitizerMask Mask) {
if (Mask & (SanitizerKind::Address | SanitizerKind::KernelAddress)) if (Mask & (SanitizerKind::Address | SanitizerKind::KernelAddress))
Mask |= SanitizerKind::Address | SanitizerKind::KernelAddress; Mask |= SanitizerKind::Address | SanitizerKind::KernelAddress;
// Note: KHWASan doesn't support globals. // Note: KHWASan doesn't support globals.
return Mask; return Mask;
} }
void SanitizerMetadata::reportGlobal(llvm::GlobalVariable *GV, void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
SourceLocation Loc, StringRef Name, SourceLocation Loc, StringRef Name,
QualType Ty, QualType Ty,
SanitizerMask NoSanitizeAttrMask, SanitizerMask NoSanitizeAttrMask,
bool IsDynInit) { bool IsDynInit) {
SanitizerSet FsanitizeArgument = CGM.getLangOpts().Sanitize; SanitizerSet FsanitizeArgument = CGM.getLangOpts().Sanitize;
if (!isAsanHwasanOrMemTag(FsanitizeArgument)) if (!isAsanHwasanOrMemTag(FsanitizeArgument))
return; return;
FsanitizeArgument.Mask = expandKernelSanitizerMasks(FsanitizeArgument.Mask); FsanitizeArgument.Mask = expandKernelSanitizerMasks(FsanitizeArgument.Mask);
NoSanitizeAttrMask = expandKernelSanitizerMasks(NoSanitizeAttrMask); NoSanitizeAttrMask = expandKernelSanitizerMasks(NoSanitizeAttrMask);
SanitizerSet NoSanitizeAttrSet = {NoSanitizeAttrMask & SanitizerSet NoSanitizeAttrSet = {NoSanitizeAttrMask &
FsanitizeArgument.Mask}; FsanitizeArgument.Mask};
Show All 20 Lines Meta.IsDynInit = IsDynInit && !Meta.NoAddress &&
FsanitizeArgument.has(SanitizerKind::Address) && FsanitizeArgument.has(SanitizerKind::Address) &&
!CGM.isInNoSanitizeList(SanitizerKind::Address | !CGM.isInNoSanitizeList(SanitizerKind::Address |
SanitizerKind::KernelAddress, SanitizerKind::KernelAddress,
GV, Loc, Ty, "init"); GV, Loc, Ty, "init");
GV->setSanitizerMetadata(Meta); GV->setSanitizerMetadata(Meta);
} }
void SanitizerMetadata::reportGlobal(llvm::GlobalVariable *GV, const VarDecl &D, void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
bool IsDynInit) { const VarDecl &D, bool IsDynInit) {
if (!isAsanHwasanOrMemTag(CGM.getLangOpts().Sanitize)) if (!isAsanHwasanOrMemTag(CGM.getLangOpts().Sanitize))
return; return;
std::string QualName; std::string QualName;
llvm::raw_string_ostream OS(QualName); llvm::raw_string_ostream OS(QualName);
D.printQualifiedName(OS); D.printQualifiedName(OS);
auto getNoSanitizeMask = [](const VarDecl &D) { auto getNoSanitizeMask = [](const VarDecl &D) {
if (D.hasAttr<DisableSanitizerInstrumentationAttr>()) if (D.hasAttr<DisableSanitizerInstrumentationAttr>())
return SanitizerKind::All; return SanitizerKind::All;
SanitizerMask NoSanitizeMask; SanitizerMask NoSanitizeMask;
for (auto *Attr : D.specific_attrs<NoSanitizeAttr>()) for (auto *Attr : D.specific_attrs<NoSanitizeAttr>())
NoSanitizeMask |= Attr->getMask(); NoSanitizeMask |= Attr->getMask();
return NoSanitizeMask; return NoSanitizeMask;
}; };
reportGlobal(GV, D.getLocation(), OS.str(), D.getType(), getNoSanitizeMask(D), reportGlobalToASan(GV, D.getLocation(), OS.str(), D.getType(),
IsDynInit); getNoSanitizeMask(D), IsDynInit);
}
void SanitizerMetadata::reportGlobalToTySan(llvm::GlobalVariable *GV,
const VarDecl &D) {
if (!CGM.getLangOpts().Sanitize.has(SanitizerKind::Type))
return;
for (auto Attr : D.specific_attrs<NoSanitizeAttr>())
if (Attr->getMask() & SanitizerKind::Type)
return;
QualType QTy = D.getType();
llvm::MDNode *TBAAInfo = CGM.getTBAATypeInfo(QTy);
if (!TBAAInfo || TBAAInfo == CGM.getTBAATypeInfo(CGM.getContext().CharTy))
return;
llvm::Metadata *GlobalMetadata[] = {llvm::ConstantAsMetadata::get(GV),
TBAAInfo};
llvm::MDNode *ThisGlobal =
llvm::MDNode::get(CGM.getLLVMContext(), GlobalMetadata);
llvm::NamedMDNode *TysanGlobals =
CGM.getModule().getOrInsertNamedMetadata("llvm.tysan.globals");
TysanGlobals->addOperand(ThisGlobal);
} }
void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) { void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {
reportGlobal(GV, SourceLocation(), "", QualType(), SanitizerKind::All); reportGlobalToASan(GV, SourceLocation(), "", QualType(), SanitizerKind::All);
} }

clang/lib/Driver/SanitizerArgs.cpp

Show All 34 Linesstatic const SanitizerMask NeedsUbsanRt =
SanitizerKind::ObjCCast; SanitizerKind::ObjCCast;
static const SanitizerMask NeedsUbsanCxxRt = static const SanitizerMask NeedsUbsanCxxRt =
SanitizerKind::Vptr | SanitizerKind::CFI; SanitizerKind::Vptr | SanitizerKind::CFI;
static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr; static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr; static const SanitizerMask NotAllowedWithMinimalRuntime = SanitizerKind::Vptr;
static const SanitizerMask RequiresPIE = static const SanitizerMask RequiresPIE =
SanitizerKind::DataFlow | SanitizerKind::Scudo; SanitizerKind::DataFlow | SanitizerKind::Scudo;
static const SanitizerMask NeedsUnwindTables = static const SanitizerMask NeedsUnwindTables =
SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread | SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Type |
SanitizerKind::Memory | SanitizerKind::DataFlow; SanitizerKind::Thread | SanitizerKind::Memory | SanitizerKind::DataFlow;
static const SanitizerMask SupportsCoverage = static const SanitizerMask SupportsCoverage =
SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Address | SanitizerKind::HWAddress |
SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress | SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap | SanitizerKind::Type | SanitizerKind::MemtagStack |
SanitizerKind::MemtagGlobals | SanitizerKind::Memory | SanitizerKind::MemtagHeap | SanitizerKind::MemtagGlobals |
SanitizerKind::KernelMemory | SanitizerKind::Leak | SanitizerKind::Memory | SanitizerKind::KernelMemory | SanitizerKind::Leak |
SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds | SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
SanitizerKind::DataFlow | SanitizerKind::Fuzzer | SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero | SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack | SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI; SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI;
static const SanitizerMask RecoverableByDefault = static const SanitizerMask RecoverableByDefault =
SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Undefined | SanitizerKind::Integer |
▲ Show 20 LinesShow All 102 Lines▼ Show 20 Linesstatic void addDefaultIgnorelists(const Driver &D, SanitizerMask Kinds,
struct Ignorelist { struct Ignorelist {
const char *File; const char *File;
SanitizerMask Mask; SanitizerMask Mask;
} Ignorelists[] = {{"asan_ignorelist.txt", SanitizerKind::Address}, } Ignorelists[] = {{"asan_ignorelist.txt", SanitizerKind::Address},
{"hwasan_ignorelist.txt", SanitizerKind::HWAddress}, {"hwasan_ignorelist.txt", SanitizerKind::HWAddress},
{"memtag_ignorelist.txt", SanitizerKind::MemTag}, {"memtag_ignorelist.txt", SanitizerKind::MemTag},
{"msan_ignorelist.txt", SanitizerKind::Memory}, {"msan_ignorelist.txt", SanitizerKind::Memory},
{"tsan_ignorelist.txt", SanitizerKind::Thread}, {"tsan_ignorelist.txt", SanitizerKind::Thread},
{"tysan_blacklist.txt", SanitizerKind::Type},
{"dfsan_abilist.txt", SanitizerKind::DataFlow}, {"dfsan_abilist.txt", SanitizerKind::DataFlow},
{"cfi_ignorelist.txt", SanitizerKind::CFI}, {"cfi_ignorelist.txt", SanitizerKind::CFI},
{"ubsan_ignorelist.txt", {"ubsan_ignorelist.txt",
SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Undefined | SanitizerKind::Integer |
SanitizerKind::Nullability | SanitizerKind::Nullability |
SanitizerKind::FloatDivideByZero}}; SanitizerKind::FloatDivideByZero}};
for (auto BL : Ignorelists) { for (auto BL : Ignorelists) {
▲ Show 20 LinesShow All 302 Lines▼ Show 20 Lines if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
SanitizerMask Remove = parseArgValues(D, Arg, DiagnoseErrors); SanitizerMask Remove = parseArgValues(D, Arg, DiagnoseErrors);
AllRemove |= expandSanitizerGroups(Remove); AllRemove |= expandSanitizerGroups(Remove);
} }
} }
std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
std::make_pair(SanitizerKind::Address, std::make_pair(SanitizerKind::Address,
SanitizerKind::Thread | SanitizerKind::Memory), SanitizerKind::Thread | SanitizerKind::Memory),
std::make_pair(SanitizerKind::Type,
SanitizerKind::Address | SanitizerKind::KernelAddress |
SanitizerKind::Memory | SanitizerKind::Leak |
SanitizerKind::Thread | SanitizerKind::KernelAddress),
std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory), std::make_pair(SanitizerKind::Thread, SanitizerKind::Memory),
std::make_pair(SanitizerKind::Leak, std::make_pair(SanitizerKind::Leak,
SanitizerKind::Thread | SanitizerKind::Memory), SanitizerKind::Thread | SanitizerKind::Memory),
std::make_pair(SanitizerKind::KernelAddress, std::make_pair(SanitizerKind::KernelAddress,
SanitizerKind::Address | SanitizerKind::Leak | SanitizerKind::Address | SanitizerKind::Leak |
SanitizerKind::Thread | SanitizerKind::Memory), SanitizerKind::Thread | SanitizerKind::Memory),
std::make_pair(SanitizerKind::HWAddress, std::make_pair(SanitizerKind::HWAddress,
SanitizerKind::Address | SanitizerKind::Thread | SanitizerKind::Address | SanitizerKind::Thread |
▲ Show 20 LinesShow All 992 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/CommonArgs.cpp

Show First 20 LinesShow All 1,076 Lines▼ Show 20 Lines if (SanArgs.needsUbsanRt() && SanArgs.linkRuntimes()) {
if (SanArgs.requiresMinimalRuntime()) if (SanArgs.requiresMinimalRuntime())
SharedRuntimes.push_back("ubsan_minimal"); SharedRuntimes.push_back("ubsan_minimal");
else else
SharedRuntimes.push_back("ubsan_standalone"); SharedRuntimes.push_back("ubsan_standalone");
} }
if (SanArgs.needsScudoRt() && SanArgs.linkRuntimes()) { if (SanArgs.needsScudoRt() && SanArgs.linkRuntimes()) {
SharedRuntimes.push_back("scudo_standalone"); SharedRuntimes.push_back("scudo_standalone");
} }
if (SanArgs.needsTysanRt())
StaticRuntimes.push_back("tysan");
if (SanArgs.needsTsanRt() && SanArgs.linkRuntimes()) if (SanArgs.needsTsanRt() && SanArgs.linkRuntimes())
SharedRuntimes.push_back("tsan"); SharedRuntimes.push_back("tsan");
if (SanArgs.needsHwasanRt() && SanArgs.linkRuntimes()) { if (SanArgs.needsHwasanRt() && SanArgs.linkRuntimes()) {
if (SanArgs.needsHwasanAliasesRt()) if (SanArgs.needsHwasanAliasesRt())
SharedRuntimes.push_back("hwasan_aliases"); SharedRuntimes.push_back("hwasan_aliases");
else else
SharedRuntimes.push_back("hwasan"); SharedRuntimes.push_back("hwasan");
if (!Args.hasArg(options::OPT_shared)) if (!Args.hasArg(options::OPT_shared))
▲ Show 20 LinesShow All 52 Lines▼ Show 20 Lines if (SanArgs.linkCXXRuntimes())
StaticRuntimes.push_back("msan_cxx"); StaticRuntimes.push_back("msan_cxx");
} }
if (!SanArgs.needsSharedRt() && SanArgs.needsTsanRt() && if (!SanArgs.needsSharedRt() && SanArgs.needsTsanRt() &&
SanArgs.linkRuntimes()) { SanArgs.linkRuntimes()) {
StaticRuntimes.push_back("tsan"); StaticRuntimes.push_back("tsan");
if (SanArgs.linkCXXRuntimes()) if (SanArgs.linkCXXRuntimes())
StaticRuntimes.push_back("tsan_cxx"); StaticRuntimes.push_back("tsan_cxx");
} }
if (!SanArgs.needsSharedRt() && SanArgs.needsTysanRt() &&
SanArgs.linkRuntimes())
StaticRuntimes.push_back("tysan");
if (!SanArgs.needsSharedRt() && SanArgs.needsUbsanRt() && SanArgs.linkRuntimes()) { if (!SanArgs.needsSharedRt() && SanArgs.needsUbsanRt() && SanArgs.linkRuntimes()) {
if (SanArgs.requiresMinimalRuntime()) { if (SanArgs.requiresMinimalRuntime()) {
StaticRuntimes.push_back("ubsan_minimal"); StaticRuntimes.push_back("ubsan_minimal");
} else { } else {
StaticRuntimes.push_back("ubsan_standalone"); StaticRuntimes.push_back("ubsan_standalone");
if (SanArgs.linkCXXRuntimes()) if (SanArgs.linkCXXRuntimes())
StaticRuntimes.push_back("ubsan_standalone_cxx"); StaticRuntimes.push_back("ubsan_standalone_cxx");
} }
▲ Show 20 LinesShow All 1,282 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/Darwin.cpp

Show First 20 LinesShow All 1,463 Lines▼ Show 20 Lines if (Sanitize.needsUbsanRt()) {
Args, CmdArgs, Args, CmdArgs,
Sanitize.requiresMinimalRuntime() ? "ubsan_minimal" : "ubsan"); Sanitize.requiresMinimalRuntime() ? "ubsan_minimal" : "ubsan");
} }
if (Sanitize.needsTsanRt()) { if (Sanitize.needsTsanRt()) {
assert(Sanitize.needsSharedRt() && assert(Sanitize.needsSharedRt() &&
"Static sanitizer runtimes not supported"); "Static sanitizer runtimes not supported");
AddLinkSanitizerLibArgs(Args, CmdArgs, "tsan"); AddLinkSanitizerLibArgs(Args, CmdArgs, "tsan");
} }
if (Sanitize.needsTysanRt())
AddLinkSanitizerLibArgs(Args, CmdArgs, "tysan");
if (Sanitize.needsFuzzer() && !Args.hasArg(options::OPT_dynamiclib)) { if (Sanitize.needsFuzzer() && !Args.hasArg(options::OPT_dynamiclib)) {
AddLinkSanitizerLibArgs(Args, CmdArgs, "fuzzer", /*shared=*/false); AddLinkSanitizerLibArgs(Args, CmdArgs, "fuzzer", /*shared=*/false);
// Libfuzzer is written in C++ and requires libcxx. // Libfuzzer is written in C++ and requires libcxx.
AddCXXStdlibLibArgs(Args, CmdArgs); AddCXXStdlibLibArgs(Args, CmdArgs);
} }
if (Sanitize.needsStatsRt()) { if (Sanitize.needsStatsRt()) {
AddLinkRuntimeLib(Args, CmdArgs, "stats_client", RLO_AlwaysLink); AddLinkRuntimeLib(Args, CmdArgs, "stats_client", RLO_AlwaysLink);
▲ Show 20 LinesShow All 1,800 Lines▼ Show 20 Lines if (!(isTargetMacOSBased() && isMacosxVersionLT(10, 9)) &&
!(isTargetIPhoneOS() && isIPhoneOSVersionLT(5, 0))) !(isTargetIPhoneOS() && isIPhoneOSVersionLT(5, 0)))
Res |= SanitizerKind::Vptr; Res |= SanitizerKind::Vptr;
if ((IsX86_64 || IsAArch64) && if ((IsX86_64 || IsAArch64) &&
(isTargetMacOSBased() || isTargetIOSSimulator() || (isTargetMacOSBased() || isTargetIOSSimulator() ||
isTargetTvOSSimulator() || isTargetWatchOSSimulator())) { isTargetTvOSSimulator() || isTargetWatchOSSimulator())) {
Res |= SanitizerKind::Thread; Res |= SanitizerKind::Thread;
} }
if ((IsX86_64 || IsAArch64) && isTargetMacOSBased()) {
Res |= SanitizerKind::Type;
}
return Res; return Res;
} }
void Darwin::printVerboseInfo(raw_ostream &OS) const { void Darwin::printVerboseInfo(raw_ostream &OS) const {
CudaInstallation.print(OS); CudaInstallation.print(OS);
RocmInstallation.print(OS); RocmInstallation.print(OS);
} }

clang/lib/Driver/ToolChains/Linux.cpp

Show First 20 LinesShow All 789 Lines▼ Show 20 LinesSanitizerMask Linux::getSupportedSanitizers() const {
if (IsX86_64 || IsMIPS64 || IsAArch64) if (IsX86_64 || IsMIPS64 || IsAArch64)
Res |= SanitizerKind::DataFlow; Res |= SanitizerKind::DataFlow;
if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsArmArch || IsPowerPC64 || if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsArmArch || IsPowerPC64 ||
IsRISCV64 || IsSystemZ || IsHexagon || IsLoongArch64) IsRISCV64 || IsSystemZ || IsHexagon || IsLoongArch64)
Res |= SanitizerKind::Leak; Res |= SanitizerKind::Leak;
if (IsX86_64 || IsMIPS64 || IsAArch64 || IsPowerPC64 || IsSystemZ || if (IsX86_64 || IsMIPS64 || IsAArch64 || IsPowerPC64 || IsSystemZ ||
IsLoongArch64) IsLoongArch64)
Res |= SanitizerKind::Thread; Res |= SanitizerKind::Thread;
if (IsX86_64 || IsAArch64)
Res |= SanitizerKind::Type;
if (IsX86_64 || IsSystemZ) if (IsX86_64 || IsSystemZ)
Res |= SanitizerKind::KernelMemory; Res |= SanitizerKind::KernelMemory;
if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsMIPS || IsArmArch || if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsMIPS || IsArmArch ||
IsPowerPC64 || IsHexagon || IsLoongArch64 || IsRISCV64) IsPowerPC64 || IsHexagon || IsLoongArch64 || IsRISCV64)
Res |= SanitizerKind::Scudo; Res |= SanitizerKind::Scudo;
if (IsX86_64 || IsAArch64 || IsRISCV64) { if (IsX86_64 || IsAArch64 || IsRISCV64) {
Res |= SanitizerKind::HWAddress; Res |= SanitizerKind::HWAddress;
} }
▲ Show 20 LinesShow All 48 LinesShow Last 20 Lines

clang/test/CodeGen/sanitize-type-attr.cpp

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-linux-gnu -emit-llvm -o - %s | FileCheck -check-prefix=WITHOUT %s
// RUN: %clang_cc1 -triple x86_64-linux-gnu -emit-llvm -o - %s -fsanitize=type | FileCheck -check-prefix=TYSAN %s
// RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t
// RUN: %clang_cc1 -triple x86_64-linux-gnu -emit-llvm -o - %s -fsanitize=type -fsanitize-blacklist=%t | FileCheck -check-prefix=BL %s
// The sanitize_type attribute should be attached to functions
// when TypeSanitizer is enabled, unless no_sanitize("type") attribute
// is present.
// WITHOUT: NoTYSAN1{{.*}}) [[NOATTR:#[0-9]+]]
// BL: NoTYSAN1{{.*}}) [[NOATTR:#[0-9]+]]
// TYSAN: NoTYSAN1{{.*}}) [[NOATTR:#[0-9]+]]
__attribute__((no_sanitize("type"))) int NoTYSAN1(int *a) { return *a; }
// WITHOUT: NoTYSAN2{{.*}}) [[NOATTR]]
// BL: NoTYSAN2{{.*}}) [[NOATTR]]
// TYSAN: NoTYSAN2{{.*}}) [[NOATTR]]
__attribute__((no_sanitize("type"))) int NoTYSAN2(int *a);
int NoTYSAN2(int *a) { return *a; }
// WITHOUT: NoTYSAN3{{.*}}) [[NOATTR:#[0-9]+]]
// BL: NoTYSAN3{{.*}}) [[NOATTR:#[0-9]+]]
// TYSAN: NoTYSAN3{{.*}}) [[NOATTR:#[0-9]+]]
__attribute__((no_sanitize("type"))) int NoTYSAN3(int *a) { return *a; }
// WITHOUT: TYSANOk{{.*}}) [[NOATTR]]
// BL: TYSANOk{{.*}}) [[NOATTR]]
// TYSAN: TYSANOk{{.*}}) [[WITH:#[0-9]+]]
int TYSANOk(int *a) { return *a; }
// WITHOUT: TemplateTYSANOk{{.*}}) [[NOATTR]]
// BL: TemplateTYSANOk{{.*}}) [[NOATTR]]
// TYSAN: TemplateTYSANOk{{.*}}) [[WITH]]
template <int i>
int TemplateTYSANOk() { return i; }
// WITHOUT: TemplateNoTYSAN{{.*}}) [[NOATTR]]
// BL: TemplateNoTYSAN{{.*}}) [[NOATTR]]
// TYSAN: TemplateNoTYSAN{{.*}}) [[NOATTR]]
template <int i>
__attribute__((no_sanitize("type"))) int TemplateNoTYSAN() { return i; }
int force_instance = TemplateTYSANOk<42>() + TemplateNoTYSAN<42>();
// Check that __cxx_global_var_init* get the sanitize_type attribute.
int global1 = 0;
int global2 = *(int *)((char *)&global1 + 1);
// WITHOUT: @__cxx_global_var_init{{.*}}[[NOATTR:#[0-9]+]]
// BL: @__cxx_global_var_init{{.*}}[[NOATTR:#[0-9]+]]
// TYSAN: @__cxx_global_var_init{{.*}}[[WITH:#[0-9]+]]
// Make sure that we don't add globals to the list for which we don't have a
// specific type description.
// FIXME: We now have a type description for this type and a global is added. Should it?
struct SX {
int a, b;
};
SX sx;
// WITHOUT: attributes [[NOATTR]] = { noinline nounwind{{.*}} }
// BL: attributes [[NOATTR]] = { noinline nounwind{{.*}} }
// TYSAN: attributes [[NOATTR]] = { mustprogress noinline nounwind{{.*}} }
// TYSAN: attributes [[WITH]] = { noinline nounwind sanitize_type{{.*}} }
// TYSAN-DAG: !llvm.tysan.globals = !{[[G1MD:![0-9]+]], [[G2MD:![0-9]+]], [[G3MD:![0-9]+]], [[SXMD:![0-9]+]]}
// TYSAN-DAG: [[G1MD]] = !{ptr @force_instance, [[INTMD:![0-9]+]]}
// TYSAN-DAG: [[INTMD]] = !{!"int",
// TYSAN-DAG: [[G2MD]] = !{ptr @global1, [[INTMD]]}
// TYSAN-DAG: [[G3MD]] = !{ptr @global2, [[INTMD]]}
// TYSAN-DAG: [[SXMD]] = !{ptr @sx, [[SXTYMD:![0-9]+]]}
// TYSAN-DAG: [[SXTYMD]] = !{!"_ZTS2SX", [[INTMD]], i64 0, !1, i64 4}
// TYSAN-DAG: Simple C++ TBAA

clang/test/Driver/sanitizer-ld.c

Show First 20 LinesShow All 262 Lines▼ Show 20 Lines
// RUN: --target=sparcel-myriad-rtems-elf -fuse-ld=ld -fsanitize=address \ // RUN: --target=sparcel-myriad-rtems-elf -fuse-ld=ld -fsanitize=address \
// RUN: --sysroot=%S/Inputs/basic_myriad_tree \ // RUN: --sysroot=%S/Inputs/basic_myriad_tree \
// RUN: | FileCheck --check-prefix=CHECK-ASAN-MYRIAD %s // RUN: | FileCheck --check-prefix=CHECK-ASAN-MYRIAD %s
// //
// CHECK-ASAN-MYRIAD: "{{(.*[^.0-9A-Z_a-z])?}}ld{{(.exe)?}}" // CHECK-ASAN-MYRIAD: "{{(.*[^.0-9A-Z_a-z])?}}ld{{(.exe)?}}"
// CHECK-ASAN-MYRIAD-NOT: "-lc" // CHECK-ASAN-MYRIAD-NOT: "-lc"
// CHECK-ASAN-MYRIAD: libclang_rt.asan-sparcel.a" // CHECK-ASAN-MYRIAD: libclang_rt.asan-sparcel.a"
// RUN: %clangxx %s -### -o %t.o 2>&1 \
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Most -no-canonical-prefixes were cargo cult. I have removed them. The test needs a rebase.

Avoid legacy -target

MaskRay: Most `-no-canonical-prefixes` were cargo cult. I have removed them. The test needs a rebase.
// RUN: --target=x86_64-unknown-linux -fuse-ld=ld -stdlib=platform -lstdc++ \
// RUN: -fsanitize=type \
// RUN: -resource-dir=%S/Inputs/resource_dir \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-TYSAN-LINUX-CXX %s
//
// CHECK-TYSAN-LINUX-CXX: "{{(.*[^-.0-9A-Z_a-z])?}}ld{{(.exe)?}}"
// CHECK-TYSAN-LINUX-CXX-NOT: stdc++
// CHECK-TYSAN-LINUX-CXX: "--whole-archive" "{{.*}}libclang_rt.tysan{{[^.]*}}.a" "--no-whole-archive"
MaskRayUnsubmitted
Not Done
ReplyInline Actions

{{.*}}libclang_rt.tysan{{[^.]*}}.a"

LLVM_ENABLE_PER_TARGET_RUNTIME_DIR=on builds use libclang_rt.tysan-x86_64.a (see D107799)

MaskRay: `{{.*}}libclang_rt.tysan{{[^.]*}}.a"` LLVM_ENABLE_PER_TARGET_RUNTIME_DIR=on builds use…
// CHECK-TYSAN-LINUX-CXX: stdc++
// RUN: %clangxx -fsanitize=type -### %s 2>&1 \
// RUN: -mmacosx-version-min=10.6 \
// RUN: --target=x86_64-apple-darwin13.4.0 -fuse-ld=ld -stdlib=platform \
// RUN: -resource-dir=%S/Inputs/resource_dir \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-TYSAN-DARWIN-CXX %s
// CHECK-TYSAN-DARWIN-CXX: "{{.*}}ld{{(.exe)?}}"
// CHECK-TYSAN-DARWIN-CXX: libclang_rt.tysan_osx_dynamic.dylib
// CHECK-TYSAN-DARWIN-CXX-NOT: -lc++abi
// RUN: %clangxx -### %s 2>&1 \ // RUN: %clangxx -### %s 2>&1 \
// RUN: --target=x86_64-unknown-linux -fuse-ld=ld -stdlib=platform -lstdc++ \ // RUN: --target=x86_64-unknown-linux -fuse-ld=ld -stdlib=platform -lstdc++ \
// RUN: -fsanitize=thread \ // RUN: -fsanitize=thread \
// RUN: -resource-dir=%S/Inputs/resource_dir \ // RUN: -resource-dir=%S/Inputs/resource_dir \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \ // RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-TSAN-LINUX-CXX %s // RUN: | FileCheck --check-prefix=CHECK-TSAN-LINUX-CXX %s
// //
// CHECK-TSAN-LINUX-CXX: "{{(.*[^-.0-9A-Z_a-z])?}}ld{{(.exe)?}}" // CHECK-TSAN-LINUX-CXX: "{{(.*[^-.0-9A-Z_a-z])?}}ld{{(.exe)?}}"
▲ Show 20 LinesShow All 776 LinesShow Last 20 Lines