This is an archive of the discontinued LLVM Phabricator instance.

Differential D96572

[Clang][ASan] Introduce `-fsanitize-address-destructor-kind=` driver & frontend option.
ClosedPublic

Authored by delcypher on Feb 11 2021, 7:34 PM.

Details

Reviewers
arphaman
kubamracek
yln
aralisza
kcc
jansvoboda11
vitalybuka
Commits
rG5d64dd8e3c22: [Clang][ASan] Introduce `-fsanitize-address-destructor-kind=` driver & frontend…
Summary

The new -fsanitize-address-destructor-kind= option allows control over how module
destructors are emitted by ASan.

The new option is consumed by both the driver and the frontend and is propagated into
codegen options by the frontend.

Both the legacy and new pass manager code have been updated to consume the new option
from the codegen options.

It would be nice if the new utility functions (AsanDtorKindToString and
AsanDtorKindFromString) could live in LLVM instead of Clang so they could be
consumed by other language frontends. Unfortunately that doesn't work because
the clang driver doesn't link against the LLVM instrumentation library.

rdar://71609176

Diff Detail

Event Timeline

delcypher created this revision.Feb 11 2021, 7:34 PM
Herald added a reviewer: jansvoboda11. · View Herald TranscriptFeb 11 2021, 7:34 PM
Herald added subscribers: dexonsmith, dang. · View Herald Transcript
delcypher requested review of this revision.Feb 11 2021, 7:34 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 11 2021, 7:34 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
delcypher updated this revision to Diff 323213.Feb 11 2021, 7:36 PM

clang-format fix

delcypher added a parent revision: D96571: [ASan] Introduce a way set different ways of emitting module destructors..Feb 11 2021, 7:44 PM
delcypher added a child revision: D96573: [Clang][ASan] Teach Clang to not emit ASan module destructors when compiling with `-mkernel` or `-fapple-kext`..
Harbormaster completed remote builds in B88926: Diff 323213.Feb 12 2021, 12:54 AM
Harbormaster completed remote builds in B88925: Diff 323212.Feb 12 2021, 1:08 AM
vitalybuka added inline comments.Feb 12 2021, 1:50 AM
clang/include/clang/Driver/Options.td
1504

What is the difference between them and why it's need to be configured from outside?

delcypher added a comment.Feb 12 2021, 10:21 AM

Note this patch depends on https://reviews.llvm.org/D96571

delcypher added inline comments.Feb 12 2021, 10:30 AM
clang/include/clang/Driver/Options.td
1504

Good questions.

What is the difference between them

I'll add some documentation to explain this. But the two different modes are introduced by https://reviews.llvm.org/D96571. Basically the default ("global") emits ASan module destructor calls via llvm.global_dtors which was the previous behaviour. The other mode "none" simply causes no ASan module destructors to be emitted. I plan to introduce another mode in a future patch.

why it's need to be configured from outside?

At the bare minimum this option needs to be controllable by the driver so that we can do the next patch (https://reviews.llvm.org/D96573) where based on target details and other flags we set the ASan destructor kind. This means that the frontend needs to be able to consume to option too.

It is technically not necessary for this new option to be a driver option. However, I made it a driver option too to match the existing ASan clang frontend options which are also driver options (e.g. -fsanitize-address-use-odr-indicator).

delcypher updated this revision to Diff 323455.Feb 12 2021, 12:53 PM

Add documentation for -fsanitize-address-destructor-kind= option.

delcypher added inline comments.Feb 12 2021, 12:58 PM
clang/include/clang/Driver/Options.td
1504

@vitalybuka To expand on my answer a little more. -fsanitize-address-destructor-kind= is needed because we need to able to control how ASan's module are emitted and unfortunately the information required to make the decision on which kind to emit is not available at the level of LLVM IR. The information we need to be able to make the decision is only available in the Clang driver. This is why this patch wires everything up so that the driver can change how ASan module destructors are emitted.

vitalybuka added inline comments.Feb 12 2021, 1:09 PM
clang/include/clang/Driver/Options.td
1504

@vitalybuka To expand on my answer a little more. -fsanitize-address-destructor-kind= is needed because we need to able to control how ASan's module are emitted and unfortunately the information required to make the decision on which kind to emit is not available at the level of LLVM IR. The information we need to be able to make the decision is only available in the Clang driver. This is why this patch wires everything up so that the driver can change how ASan module destructors are emitted.

I didn't check all patches yet, but we have -fsanitize=kernel-address and I noticed that your patches mentioned kernel. Could be possible just use -fsanitize=kernel-address and let ASan decide how to handle dtors for this platform?

delcypher added a comment.Feb 12 2021, 3:56 PM

@jansvoboda11 I noticed that the Options.td file is making use of some fancy mixins that mean the option gets automatically marshalled by the frontend into the codegen options :). I tried this out using the patch to this patch and all my tests seem to pass. Should I be using these mixins (I don't know how stable they are because this looks like a new feature). Am I using them properly? It seems that the driver still has to parse the option manually (which is actually what I want) but the frontend automagically parses the option and modifies the right codegen option for me.

diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 57aa469ff211..0e8ea7debfca 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -1481,11 +1481,17 @@ defm sanitize_address_use_odr_indicator : BoolOption<"f", "sanitize-address-use-
             " reports in partially sanitized programs at the cost of an increase in binary size">,
   NegFlag<SetFalse, [], "Disable ODR indicator globals">>,
   Group<f_clang_Group>;
-def sanitize_address_destructor_kind_EQ : Joined<["-"], "fsanitize-address-destructor-kind=">,
-  MetaVarName<"<kind>">,
-  Flags<[CC1Option]>,
-  HelpText<"Set destructor type used in ASan instrumentation">,
-  Group<f_clang_Group>;
+def sanitize_address_destructor_kind_EQ
+    : Joined<["-"], "fsanitize-address-destructor-kind=">,
+      MetaVarName<"<kind>">,
+      Flags<[CC1Option]>,
+      HelpText<"Set destructor type used in ASan instrumentation">,
+      Group<f_clang_Group>,
+      Values<"none,global">,
+      NormalizedValuesScope<"llvm::AsanDtorKind">,
+      NormalizedValues<["None", "Global"]>,
+      MarshallingInfoString<CodeGenOpts<"SanitizeAddressDtorKind">, "Global">,
+      AutoNormalizeEnum;
 // Note: This flag was introduced when it was necessary to distinguish between
 //       ABI for correct codegen.  This is no longer needed, but the flag is
 //       not removed since targeting either ABI will behave the same.
diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp
index a6baf026a7e8..0a12705a9261 100644
--- a/clang/lib/Frontend/CompilerInvocation.cpp
+++ b/clang/lib/Frontend/CompilerInvocation.cpp
@@ -1511,19 +1511,6 @@ bool CompilerInvocation::ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args,
 
   Opts.EmitVersionIdentMetadata = Args.hasFlag(OPT_Qy, OPT_Qn, true);
 
-  if (LangOptsRef.Sanitize.has(SanitizerKind::Address)) {
-    if (Arg *A =
-            Args.getLastArg(options::OPT_sanitize_address_destructor_kind_EQ)) {
-      auto destructorKind = AsanDtorKindFromString(A->getValue());
-      if (destructorKind == llvm::AsanDtorKind::Invalid) {
-        Diags.Report(clang::diag::err_drv_unsupported_option_argument)
-            << A->getOption().getName() << A->getValue();
-      } else {
-        Opts.setSanitizeAddressDtorKind(destructorKind);
-      }
-    }
-  }
-
   return Success;
 }
 
diff --git a/clang/test/CodeGen/asan-destructor-kind.cpp b/clang/test/CodeGen/asan-destructor-kind.cpp
index 2bdb782db2b5..567482b72643 100644
--- a/clang/test/CodeGen/asan-destructor-kind.cpp
+++ b/clang/test/CodeGen/asan-destructor-kind.cpp
@@ -3,7 +3,7 @@
 // RUN:   -fsanitize-address-destructor-kind=bad_arg -emit-llvm -o - \
 // RUN:   -triple x86_64-apple-macosx10.15 %s 2>&1 | \
 // RUN:   FileCheck %s --check-prefixes=CHECK-BAD-ARG
-// CHECK-BAD-ARG: unsupported argument 'bad_arg' to option 'fsanitize-address-destructor-kind='
+// CHECK-BAD-ARG: invalid value 'bad_arg' in '-fsanitize-address-destructor-kind=bad_arg'
 
 // Default is global dtor
 // RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-apple-macosx10.15 \
delcypher added inline comments.Feb 12 2021, 4:09 PM
clang/include/clang/Driver/Options.td
1504

@vitalybuka Unfortunately using -fsanitize=kernel-address isn't a viable option. In a future patch I'll be adding another destructor kind where the decision to use it is also unfortunately not known at the LLVM IR level and is instead only known by Clang driver.

If you really don't want -fsanitize-address-destructor-kind= exposed as driver option (i.e. exposed to our users) we could make it a frontend (cc1) only option. However, that doesn't really seem to match the existing sanitizer frontend options which all seem to be driver options as well.

Harbormaster completed remote builds in B89056: Diff 323455.Feb 12 2021, 4:40 PM
jansvoboda11 added a comment.Feb 15 2021, 8:57 AM
In D96572#2561216, @delcypher wrote:

@jansvoboda11 I noticed that the Options.td file is making use of some fancy mixins that mean the option gets automatically marshalled by the frontend into the codegen options :). I tried this out using the patch to this patch and all my tests seem to pass. Should I be using these mixins (I don't know how stable they are because this looks like a new feature). Am I using them properly? It seems that the driver still has to parse the option manually (which is actually what I want) but the frontend automagically parses the option and modifies the right codegen option for me.

Hi, yes, this is a new feature. The option generation is not being enforced in any way yet, but the automatic marshalling should work. You can test it by running your clang -cc1 commands with the -round-trip-args flag (or clang with -Xclang -round-trip-args). With this option, the original cc1 command line is first parsed into a dummy CompilerInvocation, which is used to generate new command line. The new command line is what is then used to create the real CompilerInvocation.

As you've correctly discovered, this does not interact with the driver in any way.

I'll be sending an email to cfe-dev about this shortly. Your marshalling code seems correct to me. If something does not work, check out the patch with documentation D95790 and feel free to let me know.

vitalybuka resigned from this revision.Feb 17 2021, 2:11 PM

LGTM, but leaving for others

delcypher updated this revision to Diff 325872.Feb 23 2021, 12:16 PM

Rebase and fix merge conflict caused by f2f59d2a060788f17040ad924ee2d11da0e215c8

delcypher added a comment.Feb 23 2021, 12:24 PM
In D96572#2563707, @jansvoboda11 wrote:
In D96572#2561216, @delcypher wrote:

@jansvoboda11 I noticed that the Options.td file is making use of some fancy mixins that mean the option gets automatically marshalled by the frontend into the codegen options :). I tried this out using the patch to this patch and all my tests seem to pass. Should I be using these mixins (I don't know how stable they are because this looks like a new feature). Am I using them properly? It seems that the driver still has to parse the option manually (which is actually what I want) but the frontend automagically parses the option and modifies the right codegen option for me.

Hi, yes, this is a new feature. The option generation is not being enforced in any way yet, but the automatic marshalling should work. You can test it by running your clang -cc1 commands with the -round-trip-args flag (or clang with -Xclang -round-trip-args). With this option, the original cc1 command line is first parsed into a dummy CompilerInvocation, which is used to generate new command line. The new command line is what is then used to create the real CompilerInvocation.

As you've correctly discovered, this does not interact with the driver in any way.

I'll be sending an email to cfe-dev about this shortly. Your marshalling code seems correct to me. If something does not work, check out the patch with documentation D95790 and feel free to let me know.

@jansvoboda11 Thanks. If it's okay with you I'll make the change to use the new marshalling infrastructure in a separate patch (https://reviews.llvm.org/D97327) because I may need to back port this patch to an older LLVM branch.

delcypher added a comment.Feb 23 2021, 12:26 PM

@arphaman @jansvoboda11 ping.

delcypher marked 2 inline comments as done.Feb 23 2021, 12:27 PM
Harbormaster completed remote builds in B90462: Diff 325872.Feb 23 2021, 3:11 PM
jansvoboda11 added a comment.Feb 24 2021, 10:03 AM

@jansvoboda11 Thanks. If it's okay with you I'll make the change to use the new marshalling infrastructure in a separate patch (https://reviews.llvm.org/D97327) because I may need to back port this patch to an older LLVM branch.

That's fine by me.

jansvoboda11 accepted this revision.Feb 25 2021, 2:59 AM

LGTM

This revision is now accepted and ready to land.Feb 25 2021, 2:59 AM
arphaman accepted this revision.Feb 25 2021, 10:29 AM

Thanks, LGTM

This revision was landed with ongoing or failed builds.Feb 25 2021, 12:03 PM
Closed by commit rG5d64dd8e3c22: [Clang][ASan] Introduce `-fsanitize-address-destructor-kind=` driver & frontend… (authored by delcypher). · Explain Why
This revision was automatically updated to reflect the committed changes.
delcypher added a commit: rG5d64dd8e3c22: [Clang][ASan] Introduce `-fsanitize-address-destructor-kind=` driver & frontend….
cryptoad mentioned this in D97496: [Clang][ASan] Correct AsanDtorKindToString to return non-void in default case.Feb 25 2021, 1:31 PM
cryptoad mentioned this in rG41751b637317: [Clang][ASan] Correct AsanDtorKindToString to return non-void in default case.Feb 25 2021, 3:33 PM

Revision Contents

PathSize
clang/
docs/
11 lines
include/
clang/
Basic/
1 line
3 lines
5 lines
Driver/
5 lines
1 line
lib/
Basic/
19 lines
CodeGen/
9 lines
Driver/
17 lines
Frontend/
13 lines
test/
CodeGen/
49 lines
Driver/
20 lines

Diff 326467

clang/docs/ClangCommandLineReference.rst

Show First 20 LinesShow All 864 Lines▼ Show 20 Lines
.. option:: -fsanitize-address-use-after-scope, -fno-sanitize-address-use-after-scope .. option:: -fsanitize-address-use-after-scope, -fno-sanitize-address-use-after-scope
Enable use-after-scope detection in AddressSanitizer Enable use-after-scope detection in AddressSanitizer
.. option:: -fsanitize-address-use-odr-indicator, -fno-sanitize-address-use-odr-indicator .. option:: -fsanitize-address-use-odr-indicator, -fno-sanitize-address-use-odr-indicator
Enable ODR indicator globals to avoid false ODR violation reports in partially sanitized programs at the cost of an increase in binary size Enable ODR indicator globals to avoid false ODR violation reports in partially sanitized programs at the cost of an increase in binary size
.. option:: -fsanitize-address-destructor-kind=<arg>
Set the kind of module destructors emitted by AddressSanitizer instrumentation.
These destructors are emitted to unregister instrumented global variables when
code is unloaded (e.g. via `dlclose()`).
Valid options are:
* ``global`` - Emit module destructors that are called via a platform specific array (see `llvm.global_dtors`).
* ``none`` - Do not emit module destructors.
.. option:: -fsanitize-blacklist=<arg> .. option:: -fsanitize-blacklist=<arg>
Path to blacklist file for sanitizers Path to blacklist file for sanitizers
.. option:: -fsanitize-cfi-canonical-jump-tables, -fno-sanitize-cfi-canonical-jump-tables .. option:: -fsanitize-cfi-canonical-jump-tables, -fno-sanitize-cfi-canonical-jump-tables
Make the jump table addresses canonical in the symbol table Make the jump table addresses canonical in the symbol table
▲ Show 20 LinesShow All 2,910 LinesShow Last 20 Lines

clang/include/clang/Basic/CodeGenOptions.h

Show All 14 Lines
#include "clang/Basic/DebugInfoOptions.h" #include "clang/Basic/DebugInfoOptions.h"
#include "clang/Basic/Sanitizers.h" #include "clang/Basic/Sanitizers.h"
#include "clang/Basic/XRayInstr.h" #include "clang/Basic/XRayInstr.h"
#include "llvm/ADT/FloatingPointMode.h" #include "llvm/ADT/FloatingPointMode.h"
#include "llvm/Support/CodeGen.h" #include "llvm/Support/CodeGen.h"
#include "llvm/Support/Regex.h" #include "llvm/Support/Regex.h"
#include "llvm/Target/TargetOptions.h" #include "llvm/Target/TargetOptions.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
#include <map> #include <map>
#include <memory> #include <memory>
#include <string> #include <string>
#include <vector> #include <vector>
namespace clang { namespace clang {
/// Bitfields of CodeGenOptions, split out from CodeGenOptions to ensure /// Bitfields of CodeGenOptions, split out from CodeGenOptions to ensure
▲ Show 20 LinesShow All 437 LinesShow Last 20 Lines

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 208 Lines▼ Show 20 Lines
CODEGENOPT(SanitizeAddressPoisonCustomArrayCookie, 1, CODEGENOPT(SanitizeAddressPoisonCustomArrayCookie, 1,
0) ///< Enable poisoning operator new[] which is not a replaceable 0) ///< Enable poisoning operator new[] which is not a replaceable
///< global allocation function in AddressSanitizer ///< global allocation function in AddressSanitizer
CODEGENOPT(SanitizeAddressGlobalsDeadStripping, 1, 0) ///< Enable linker dead stripping CODEGENOPT(SanitizeAddressGlobalsDeadStripping, 1, 0) ///< Enable linker dead stripping
///< of globals in AddressSanitizer ///< of globals in AddressSanitizer
CODEGENOPT(SanitizeAddressUseOdrIndicator, 1, 0) ///< Enable ODR indicator globals CODEGENOPT(SanitizeAddressUseOdrIndicator, 1, 0) ///< Enable ODR indicator globals
CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in
///< MemorySanitizer ///< MemorySanitizer
ENUM_CODEGENOPT(SanitizeAddressDtorKind, llvm::AsanDtorKind, 2,
llvm::AsanDtorKind::Global) ///< Set how ASan global
///< destructors are emitted.
CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection
///< in MemorySanitizer ///< in MemorySanitizer
CODEGENOPT(SanitizeCfiCrossDso, 1, 0) ///< Enable cross-dso support in CFI. CODEGENOPT(SanitizeCfiCrossDso, 1, 0) ///< Enable cross-dso support in CFI.
CODEGENOPT(SanitizeMinimalRuntime, 1, 0) ///< Use "_minimal" sanitizer runtime for CODEGENOPT(SanitizeMinimalRuntime, 1, 0) ///< Use "_minimal" sanitizer runtime for
///< diagnostics. ///< diagnostics.
CODEGENOPT(SanitizeCfiICallGeneralizePointers, 1, 0) ///< Generalize pointer types in CODEGENOPT(SanitizeCfiICallGeneralizePointers, 1, 0) ///< Generalize pointer types in
///< CFI icall function signatures ///< CFI icall function signatures
CODEGENOPT(SanitizeCfiCanonicalJumpTables, 1, 0) ///< Make jump table symbols canonical CODEGENOPT(SanitizeCfiCanonicalJumpTables, 1, 0) ///< Make jump table symbols canonical
▲ Show 20 LinesShow All 198 LinesShow Last 20 Lines

clang/include/clang/Basic/Sanitizers.h

Show All 11 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_BASIC_SANITIZERS_H #ifndef LLVM_CLANG_BASIC_SANITIZERS_H
#define LLVM_CLANG_BASIC_SANITIZERS_H #define LLVM_CLANG_BASIC_SANITIZERS_H
#include "clang/Basic/LLVM.h" #include "clang/Basic/LLVM.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/Support/MathExtras.h" #include "llvm/Support/MathExtras.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
#include <cassert> #include <cassert>
#include <cstdint> #include <cstdint>
namespace llvm { namespace llvm {
class hash_code; class hash_code;
} }
namespace clang { namespace clang {
▲ Show 20 LinesShow All 160 Lines▼ Show 20 Lines
/// Return the sanitizers which do not affect preprocessing. /// Return the sanitizers which do not affect preprocessing.
inline SanitizerMask getPPTransparentSanitizers() { inline SanitizerMask getPPTransparentSanitizers() {
return SanitizerKind::CFI | SanitizerKind::Integer | return SanitizerKind::CFI | SanitizerKind::Integer |
SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
SanitizerKind::Undefined | SanitizerKind::FloatDivideByZero; SanitizerKind::Undefined | SanitizerKind::FloatDivideByZero;
} }
StringRef AsanDtorKindToString(llvm::AsanDtorKind kind);
llvm::AsanDtorKind AsanDtorKindFromString(StringRef kind);
} // namespace clang } // namespace clang
#endif // LLVM_CLANG_BASIC_SANITIZERS_H #endif // LLVM_CLANG_BASIC_SANITIZERS_H

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,494 Lines▼ Show 20 Linesdef fsanitize_address_globals_dead_stripping : Flag<["-"], "fsanitize-address-globals-dead-stripping">,
Group<f_clang_Group>, HelpText<"Enable linker dead stripping of globals in AddressSanitizer">, Group<f_clang_Group>, HelpText<"Enable linker dead stripping of globals in AddressSanitizer">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeAddressGlobalsDeadStripping">, "false">; MarshallingInfoFlag<CodeGenOpts<"SanitizeAddressGlobalsDeadStripping">, "false">;
defm sanitize_address_use_odr_indicator : BoolOption<"f", "sanitize-address-use-odr-indicator", defm sanitize_address_use_odr_indicator : BoolOption<"f", "sanitize-address-use-odr-indicator",
CodeGenOpts<"SanitizeAddressUseOdrIndicator">, DefaultFalse, CodeGenOpts<"SanitizeAddressUseOdrIndicator">, DefaultFalse,
PosFlag<SetTrue, [], "Enable ODR indicator globals to avoid false ODR violation" PosFlag<SetTrue, [], "Enable ODR indicator globals to avoid false ODR violation"
" reports in partially sanitized programs at the cost of an increase in binary size">, " reports in partially sanitized programs at the cost of an increase in binary size">,
NegFlag<SetFalse, [], "Disable ODR indicator globals">>, NegFlag<SetFalse, [], "Disable ODR indicator globals">>,
Group<f_clang_Group>; Group<f_clang_Group>;
def sanitize_address_destructor_kind_EQ : Joined<["-"], "fsanitize-address-destructor-kind=">,
MetaVarName<"<kind>">,
vitalybukaUnsubmitted
Done
ReplyInline Actions

What is the difference between them and why it's need to be configured from outside?

vitalybuka: What is the difference between them and why it's need to be configured from outside?
delcypherAuthorUnsubmitted
Done
ReplyInline Actions

Good questions.

What is the difference between them

I'll add some documentation to explain this. But the two different modes are introduced by https://reviews.llvm.org/D96571. Basically the default ("global") emits ASan module destructor calls via llvm.global_dtors which was the previous behaviour. The other mode "none" simply causes no ASan module destructors to be emitted. I plan to introduce another mode in a future patch.

why it's need to be configured from outside?

At the bare minimum this option needs to be controllable by the driver so that we can do the next patch (https://reviews.llvm.org/D96573) where based on target details and other flags we set the ASan destructor kind. This means that the frontend needs to be able to consume to option too.

It is technically not necessary for this new option to be a driver option. However, I made it a driver option too to match the existing ASan clang frontend options which are also driver options (e.g. -fsanitize-address-use-odr-indicator).

delcypher: Good questions. > What is the difference between them I'll add some documentation to explain…
delcypherAuthorUnsubmitted
Done
ReplyInline Actions

@vitalybuka To expand on my answer a little more. -fsanitize-address-destructor-kind= is needed because we need to able to control how ASan's module are emitted and unfortunately the information required to make the decision on which kind to emit is not available at the level of LLVM IR. The information we need to be able to make the decision is only available in the Clang driver. This is why this patch wires everything up so that the driver can change how ASan module destructors are emitted.

delcypher: @vitalybuka To expand on my answer a little more. `-fsanitize-address-destructor-kind=` is…
vitalybukaUnsubmitted
Done
ReplyInline Actions

@vitalybuka To expand on my answer a little more. -fsanitize-address-destructor-kind= is needed because we need to able to control how ASan's module are emitted and unfortunately the information required to make the decision on which kind to emit is not available at the level of LLVM IR. The information we need to be able to make the decision is only available in the Clang driver. This is why this patch wires everything up so that the driver can change how ASan module destructors are emitted.

I didn't check all patches yet, but we have -fsanitize=kernel-address and I noticed that your patches mentioned kernel. Could be possible just use -fsanitize=kernel-address and let ASan decide how to handle dtors for this platform?

vitalybuka: > @vitalybuka To expand on my answer a little more. `-fsanitize-address-destructor-kind=` is…
delcypherAuthorUnsubmitted
Done
ReplyInline Actions

@vitalybuka Unfortunately using -fsanitize=kernel-address isn't a viable option. In a future patch I'll be adding another destructor kind where the decision to use it is also unfortunately not known at the LLVM IR level and is instead only known by Clang driver.

If you really don't want -fsanitize-address-destructor-kind= exposed as driver option (i.e. exposed to our users) we could make it a frontend (cc1) only option. However, that doesn't really seem to match the existing sanitizer frontend options which all seem to be driver options as well.

delcypher: @vitalybuka Unfortunately using `-fsanitize=kernel-address` isn't a viable option. In a future…
Flags<[CC1Option]>,
HelpText<"Set destructor type used in ASan instrumentation">,
Group<f_clang_Group>;
// Note: This flag was introduced when it was necessary to distinguish between // Note: This flag was introduced when it was necessary to distinguish between
// ABI for correct codegen. This is no longer needed, but the flag is // ABI for correct codegen. This is no longer needed, but the flag is
// not removed since targeting either ABI will behave the same. // not removed since targeting either ABI will behave the same.
// This way we cause no disturbance to existing scripts & code, and if we // This way we cause no disturbance to existing scripts & code, and if we
// want to use this flag in the future we will cause no disturbance then // want to use this flag in the future we will cause no disturbance then
// either. // either.
def fsanitize_hwaddress_abi_EQ def fsanitize_hwaddress_abi_EQ
: Joined<["-"], "fsanitize-hwaddress-abi=">, : Joined<["-"], "fsanitize-hwaddress-abi=">,
▲ Show 20 LinesShow All 4,513 LinesShow Last 20 Lines

clang/include/clang/Driver/SanitizerArgs.h

Show All 37 Linesclass SanitizerArgs {
int AsanFieldPadding = 0; int AsanFieldPadding = 0;
bool SharedRuntime = false; bool SharedRuntime = false;
bool AsanUseAfterScope = true; bool AsanUseAfterScope = true;
bool AsanPoisonCustomArrayCookie = false; bool AsanPoisonCustomArrayCookie = false;
bool AsanGlobalsDeadStripping = false; bool AsanGlobalsDeadStripping = false;
bool AsanUseOdrIndicator = false; bool AsanUseOdrIndicator = false;
bool AsanInvalidPointerCmp = false; bool AsanInvalidPointerCmp = false;
bool AsanInvalidPointerSub = false; bool AsanInvalidPointerSub = false;
llvm::AsanDtorKind AsanDtorKind = llvm::AsanDtorKind::Invalid;
std::string HwasanAbi; std::string HwasanAbi;
bool LinkRuntimes = true; bool LinkRuntimes = true;
bool LinkCXXRuntimes = false; bool LinkCXXRuntimes = false;
bool NeedPIE = false; bool NeedPIE = false;
bool SafeStackRuntime = false; bool SafeStackRuntime = false;
bool Stats = false; bool Stats = false;
bool TsanMemoryAccess = true; bool TsanMemoryAccess = true;
bool TsanFuncEntryExit = true; bool TsanFuncEntryExit = true;
▲ Show 20 LinesShow All 50 LinesShow Last 20 Lines

clang/lib/Basic/Sanitizers.cpp

Show First 20 LinesShow All 54 Lines▼ Show 20 Lines
llvm::hash_code SanitizerMask::hash_value() const { llvm::hash_code SanitizerMask::hash_value() const {
return llvm::hash_combine_range(&maskLoToHigh[0], &maskLoToHigh[kNumElem]); return llvm::hash_combine_range(&maskLoToHigh[0], &maskLoToHigh[kNumElem]);
} }
namespace clang { namespace clang {
llvm::hash_code hash_value(const clang::SanitizerMask &Arg) { llvm::hash_code hash_value(const clang::SanitizerMask &Arg) {
return Arg.hash_value(); return Arg.hash_value();
} }
StringRef AsanDtorKindToString(llvm::AsanDtorKind kind) {
switch (kind) {
case llvm::AsanDtorKind::None:
return "none";
case llvm::AsanDtorKind::Global:
return "global";
case llvm::AsanDtorKind::Invalid:
return "invalid";
}
}
llvm::AsanDtorKind AsanDtorKindFromString(StringRef kindStr) {
return llvm::StringSwitch<llvm::AsanDtorKind>(kindStr)
.Case("none", llvm::AsanDtorKind::None)
.Case("global", llvm::AsanDtorKind::Global)
.Default(llvm::AsanDtorKind::Invalid);
}
} // namespace clang } // namespace clang

clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 281 Lines▼ Show 20 Linesstatic void addAddressSanitizerPasses(const PassManagerBuilder &Builder,
const PassManagerBuilderWrapper &BuilderWrapper = const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder); static_cast<const PassManagerBuilderWrapper&>(Builder);
const Triple &T = BuilderWrapper.getTargetTriple(); const Triple &T = BuilderWrapper.getTargetTriple();
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts(); const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
bool Recover = CGOpts.SanitizeRecover.has(SanitizerKind::Address); bool Recover = CGOpts.SanitizeRecover.has(SanitizerKind::Address);
bool UseAfterScope = CGOpts.SanitizeAddressUseAfterScope; bool UseAfterScope = CGOpts.SanitizeAddressUseAfterScope;
bool UseOdrIndicator = CGOpts.SanitizeAddressUseOdrIndicator; bool UseOdrIndicator = CGOpts.SanitizeAddressUseOdrIndicator;
bool UseGlobalsGC = asanUseGlobalsGC(T, CGOpts); bool UseGlobalsGC = asanUseGlobalsGC(T, CGOpts);
llvm::AsanDtorKind DestructorKind = CGOpts.getSanitizeAddressDtorKind();
PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/ false, Recover, PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/ false, Recover,
UseAfterScope)); UseAfterScope));
PM.add(createModuleAddressSanitizerLegacyPassPass( PM.add(createModuleAddressSanitizerLegacyPassPass(
/*CompileKernel*/ false, Recover, UseGlobalsGC, UseOdrIndicator)); /*CompileKernel*/ false, Recover, UseGlobalsGC, UseOdrIndicator,
DestructorKind));
} }
static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder, static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
PM.add(createAddressSanitizerFunctionPass( PM.add(createAddressSanitizerFunctionPass(
/*CompileKernel*/ true, /*Recover*/ true, /*UseAfterScope*/ false)); /*CompileKernel*/ true, /*Recover*/ true, /*UseAfterScope*/ false));
PM.add(createModuleAddressSanitizerLegacyPassPass( PM.add(createModuleAddressSanitizerLegacyPassPass(
/*CompileKernel*/ true, /*Recover*/ true, /*UseGlobalsGC*/ true, /*CompileKernel*/ true, /*Recover*/ true, /*UseGlobalsGC*/ true,
▲ Show 20 LinesShow All 804 Lines▼ Show 20 Lines PB.registerOptimizerLastEPCallback([&](ModulePassManager &MPM,
} }
auto ASanPass = [&](SanitizerMask Mask, bool CompileKernel) { auto ASanPass = [&](SanitizerMask Mask, bool CompileKernel) {
if (LangOpts.Sanitize.has(Mask)) { if (LangOpts.Sanitize.has(Mask)) {
bool Recover = CodeGenOpts.SanitizeRecover.has(Mask); bool Recover = CodeGenOpts.SanitizeRecover.has(Mask);
bool UseAfterScope = CodeGenOpts.SanitizeAddressUseAfterScope; bool UseAfterScope = CodeGenOpts.SanitizeAddressUseAfterScope;
bool ModuleUseAfterScope = asanUseGlobalsGC(TargetTriple, CodeGenOpts); bool ModuleUseAfterScope = asanUseGlobalsGC(TargetTriple, CodeGenOpts);
bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator; bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator;
llvm::AsanDtorKind DestructorKind =
CodeGenOpts.getSanitizeAddressDtorKind();
MPM.addPass(RequireAnalysisPass<ASanGlobalsMetadataAnalysis, Module>()); MPM.addPass(RequireAnalysisPass<ASanGlobalsMetadataAnalysis, Module>());
MPM.addPass(ModuleAddressSanitizerPass( MPM.addPass(ModuleAddressSanitizerPass(
CompileKernel, Recover, ModuleUseAfterScope, UseOdrIndicator)); CompileKernel, Recover, ModuleUseAfterScope, UseOdrIndicator,
DestructorKind));
MPM.addPass(createModuleToFunctionPassAdaptor( MPM.addPass(createModuleToFunctionPassAdaptor(
AddressSanitizerPass(CompileKernel, Recover, UseAfterScope))); AddressSanitizerPass(CompileKernel, Recover, UseAfterScope)));
} }
}; };
ASanPass(SanitizerKind::Address, false); ASanPass(SanitizerKind::Address, false);
ASanPass(SanitizerKind::KernelAddress, true); ASanPass(SanitizerKind::KernelAddress, true);
auto HWASanPass = [&](SanitizerMask Mask, bool CompileKernel) { auto HWASanPass = [&](SanitizerMask Mask, bool CompileKernel) {
▲ Show 20 LinesShow All 507 LinesShow Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 819 Lines▼ Show 20 Lines if (AllAddedKinds & SanitizerKind::Address) {
if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) { if (AllAddedKinds & SanitizerKind::PointerCompare & ~AllRemove) {
AsanInvalidPointerCmp = true; AsanInvalidPointerCmp = true;
} }
if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) { if (AllAddedKinds & SanitizerKind::PointerSubtract & ~AllRemove) {
AsanInvalidPointerSub = true; AsanInvalidPointerSub = true;
} }
if (const auto *Arg =
Args.getLastArg(options::OPT_sanitize_address_destructor_kind_EQ)) {
auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue());
if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid) {
TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
<< Arg->getOption().getName() << Arg->getValue();
}
AsanDtorKind = parsedAsanDtorKind;
}
} else { } else {
AsanUseAfterScope = false; AsanUseAfterScope = false;
// -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address. // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
SanitizerMask DetectInvalidPointerPairs = SanitizerMask DetectInvalidPointerPairs =
SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract; SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) { if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) {
TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with) TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
<< lastArgumentForMask(D, Args, << lastArgumentForMask(D, Args,
▲ Show 20 LinesShow All 238 Lines▼ Show 20 Lines if (AsanInvalidPointerCmp) {
CmdArgs.push_back("-asan-detect-invalid-pointer-cmp"); CmdArgs.push_back("-asan-detect-invalid-pointer-cmp");
} }
if (AsanInvalidPointerSub) { if (AsanInvalidPointerSub) {
CmdArgs.push_back("-mllvm"); CmdArgs.push_back("-mllvm");
CmdArgs.push_back("-asan-detect-invalid-pointer-sub"); CmdArgs.push_back("-asan-detect-invalid-pointer-sub");
} }
// Only pass the option to the frontend if the user requested,
// otherwise the frontend will just use the codegen default.
if (AsanDtorKind != llvm::AsanDtorKind::Invalid) {
CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-destructor-kind=" +
AsanDtorKindToString(AsanDtorKind)));
}
if (!HwasanAbi.empty()) { if (!HwasanAbi.empty()) {
CmdArgs.push_back("-default-function-attr"); CmdArgs.push_back("-default-function-attr");
CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi)); CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));
} }
if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) { if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) {
CmdArgs.push_back("-target-feature"); CmdArgs.push_back("-target-feature");
CmdArgs.push_back("+tagged-globals"); CmdArgs.push_back("+tagged-globals");
▲ Show 20 LinesShow All 141 LinesShow Last 20 Lines

clang/lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 1,931 Lines▼ Show 20 Lines parseSanitizerKinds("-fsanitize-recover=",
Args.getAllArgValues(OPT_fsanitize_recover_EQ), Diags, Args.getAllArgValues(OPT_fsanitize_recover_EQ), Diags,
Opts.SanitizeRecover); Opts.SanitizeRecover);
parseSanitizerKinds("-fsanitize-trap=", parseSanitizerKinds("-fsanitize-trap=",
Args.getAllArgValues(OPT_fsanitize_trap_EQ), Diags, Args.getAllArgValues(OPT_fsanitize_trap_EQ), Diags,
Opts.SanitizeTrap); Opts.SanitizeTrap);
Opts.EmitVersionIdentMetadata = Args.hasFlag(OPT_Qy, OPT_Qn, true); Opts.EmitVersionIdentMetadata = Args.hasFlag(OPT_Qy, OPT_Qn, true);
if (LangOptsRef.Sanitize.has(SanitizerKind::Address)) {
if (Arg *A =
Args.getLastArg(options::OPT_sanitize_address_destructor_kind_EQ)) {
auto destructorKind = AsanDtorKindFromString(A->getValue());
if (destructorKind == llvm::AsanDtorKind::Invalid) {
Diags.Report(clang::diag::err_drv_unsupported_option_argument)
<< A->getOption().getName() << A->getValue();
} else {
Opts.setSanitizeAddressDtorKind(destructorKind);
}
}
}
if (Args.hasArg(options::OPT_ffinite_loops)) if (Args.hasArg(options::OPT_ffinite_loops))
Opts.FiniteLoops = CodeGenOptions::FiniteLoopsKind::Always; Opts.FiniteLoops = CodeGenOptions::FiniteLoopsKind::Always;
else if (Args.hasArg(options::OPT_fno_finite_loops)) else if (Args.hasArg(options::OPT_fno_finite_loops))
Opts.FiniteLoops = CodeGenOptions::FiniteLoopsKind::Never; Opts.FiniteLoops = CodeGenOptions::FiniteLoopsKind::Never;
return Success && Diags.getNumErrors() == NumErrorsBefore; return Success && Diags.getNumErrors() == NumErrorsBefore;
} }
▲ Show 20 LinesShow All 2,618 LinesShow Last 20 Lines

clang/test/CodeGen/asan-destructor-kind.cpp

  • This file was added.
// Frontend rejects invalid option
// RUN: not %clang_cc1 -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=bad_arg -emit-llvm -o - \
// RUN: -triple x86_64-apple-macosx10.15 %s 2>&1 | \
// RUN: FileCheck %s --check-prefixes=CHECK-BAD-ARG
// CHECK-BAD-ARG: unsupported argument 'bad_arg' to option 'fsanitize-address-destructor-kind='
// Default is global dtor
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-apple-macosx10.15 \
// RUN: -fno-legacy-pass-manager %s \
// RUN: | FileCheck %s --check-prefixes=CHECK-GLOBAL-DTOR
//
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-apple-macosx10.15 \
// RUN: -flegacy-pass-manager %s \
// RUN: | FileCheck %s --check-prefixes=CHECK-GLOBAL-DTOR
// Explictly ask for global dtor
// RUN: %clang_cc1 -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=global -emit-llvm -o - \
// RUN: -triple x86_64-apple-macosx10.15 -fno-legacy-pass-manager %s | \
// RUN: FileCheck %s --check-prefixes=CHECK-GLOBAL-DTOR
//
// RUN: %clang_cc1 -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=global -emit-llvm -o - \
// RUN: -triple x86_64-apple-macosx10.15 -flegacy-pass-manager %s | \
// RUN: FileCheck %s --check-prefixes=CHECK-GLOBAL-DTOR
// CHECK-GLOBAL-DTOR: llvm.global_dtor{{.+}}asan.module_dtor
// CHECK-GLOBAL-DTOR: define internal void @asan.module_dtor
// Explictly ask for no dtors
// RUN: %clang_cc1 -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=none -emit-llvm -o - \
// RUN: -triple x86_64-apple-macosx10.15 -fno-legacy-pass-manager %s | \
// RUN: FileCheck %s --check-prefixes=CHECK-NONE-DTOR
//
// RUN: %clang_cc1 -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=none -emit-llvm -o - \
// RUN: -triple x86_64-apple-macosx10.15 -flegacy-pass-manager %s | \
// RUN: FileCheck %s --check-prefixes=CHECK-NONE-DTOR
int global;
int main() {
return global;
}
// CHECK-NONE-DTOR-NOT: llvm.global_dtor{{.+}}asan.module_dtor
// CHECK-NONE-DTOR-NOT: define internal void @asan.module_dtor

clang/test/Driver/fsanitize-address-destructor-kind.c

  • This file was added.
// Option should not be passed to the frontend by default.
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address %s \
// RUN: -### 2>&1 | \
// RUN: FileCheck %s
// CHECK-NOT: -fsanitize-address-destructor-kind
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=none %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-NONE-ARG %s
// CHECK-NONE-ARG: "-fsanitize-address-destructor-kind=none"
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=global %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-GLOBAL-ARG %s
// CHECK-GLOBAL-ARG: "-fsanitize-address-destructor-kind=global"
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-destructor-kind=bad_arg %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-INVALID-ARG %s
// CHECK-INVALID-ARG: error: unsupported argument 'bad_arg' to option 'fsanitize-address-destructor-kind='