Vedant Kumar via Phabricator <revi...@reviews.llvm.org> writes:
> vsk created this revision.
>
> This is motivated by the thread:
> [cfe-dev] Disabling ubsan's object size check at -O0
>
> I think the driver is the best place to disable a sanitizer check at
> particular optimization levels. Doing so in the frontend is messy, and
> makes it really hard to test IR generation for the check. Making the
> change in CodeGen has the same issues.
>
>
> https://reviews.llvm.org/D34563
>
> Files:
> lib/Driver/SanitizerArgs.cpp
> test/Driver/fsanitize-object-size.c
> test/Driver/fsanitize.c
>
> Index: test/Driver/fsanitize.c
> ===================================================================
> --- test/Driver/fsanitize.c
> +++ test/Driver/fsanitize.c
> @@ -3,27 +3,27 @@
> // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined
> -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-UNDEFINED-TRAP
> // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap
> -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-UNDEFINED-TRAP
> // RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error
> -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-UNDEFINED-TRAP
> -// CHECK-UNDEFINED-TRAP:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute|function),?){19}"}}
> -// CHECK-UNDEFINED-TRAP:
> "-fsanitize-trap=alignment,array-bounds,bool,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,signed-integer-overflow,unreachable,vla-bound"
> -// CHECK-UNDEFINED-TRAP2:
> "-fsanitize-trap=alignment,array-bounds,bool,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,unreachable,vla-bound"
> +// CHECK-UNDEFINED-TRAP:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute|function),?){18}"}}
> +// CHECK-UNDEFINED-TRAP:
> "-fsanitize-trap=alignment,array-bounds,bool,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,signed-integer-overflow,unreachable,vla-bound"
> +// CHECK-UNDEFINED-TRAP2:
> "-fsanitize-trap=alignment,array-bounds,bool,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,pointer-overflow,return,returns-nonnull-attribute,shift-base,shift-exponent,unreachable,vla-bound"
>
> // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 |
> FileCheck %s --check-prefix=CHECK-UNDEFINED
> -// CHECK-UNDEFINED:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|vptr|object-size|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){20}"}}
> +// CHECK-UNDEFINED:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|vptr|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){19}"}}
>
> // RUN: %clang -target x86_64-apple-darwin10 -fsanitize=undefined %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN
> -// CHECK-UNDEFINED-DARWIN:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}}
> +// CHECK-UNDEFINED-DARWIN:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){17}"}}
>
> // RUN: %clang -target i386-unknown-openbsd -fsanitize=undefined %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-OPENBSD
> -// CHECK-UNDEFINED-OPENBSD:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}}
> +// CHECK-UNDEFINED-OPENBSD:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){17}"}}
>
> // RUN: %clang -target i386-pc-win32 -fsanitize=undefined %s -### 2>&1 |
> FileCheck %s --check-prefix=CHECK-UNDEFINED-WIN
> --check-prefix=CHECK-UNDEFINED-WIN32
> // RUN: %clang -target i386-pc-win32 -fsanitize=undefined -x c++ %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-WIN
> --check-prefix=CHECK-UNDEFINED-WIN32 --check-prefix=CHECK-UNDEFINED-WIN-CXX
> // RUN: %clang -target x86_64-pc-win32 -fsanitize=undefined %s -### 2>&1 |
> FileCheck %s --check-prefix=CHECK-UNDEFINED-WIN
> --check-prefix=CHECK-UNDEFINED-WIN64
> // RUN: %clang -target x86_64-pc-win32 -fsanitize=undefined -x c++ %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-WIN
> --check-prefix=CHECK-UNDEFINED-WIN64 --check-prefix=CHECK-UNDEFINED-WIN-CXX
> // CHECK-UNDEFINED-WIN32:
> "--dependent-lib={{[^"]*}}ubsan_standalone-i386.lib"
> // CHECK-UNDEFINED-WIN64:
> "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib"
> // CHECK-UNDEFINED-WIN-CXX:
> "--dependent-lib={{[^"]*}}ubsan_standalone_cxx{{[^"]*}}.lib"
> -// CHECK-UNDEFINED-WIN-SAME:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}}
> +// CHECK-UNDEFINED-WIN-SAME:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){17}"}}
>
> // RUN: %clang -target i386-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 |
> FileCheck %s --check-prefix=CHECK-COVERAGE-WIN32
> // CHECK-COVERAGE-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone-i386.lib"
> @@ -43,7 +43,7 @@
> // CHECK-FNO-SANITIZE-ALL: "-fsanitize=thread"
>
> // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined
> -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
> -// CHECK-PARTIAL-UNDEFINED:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|object-size|pointer-overflow|array-bounds|returns-nonnull-attribute|nonnull-attribute),?){16}"}}
> +// CHECK-PARTIAL-UNDEFINED:
> "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|array-bounds|returns-nonnull-attribute|nonnull-attribute),?){15}"}}
>
> // RUN: %clang -target x86_64-linux-gnu -fsanitize=shift
> -fno-sanitize=shift-base %s -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-FSANITIZE-SHIFT-PARTIAL
> // CHECK-FSANITIZE-SHIFT-PARTIAL: "-fsanitize=shift-exponent"
> @@ -217,11 +217,11 @@
> // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined
> -fno-sanitize-recover=undefined -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-NO-RECOVER-UBSAN
> // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined
> -fno-sanitize-recover=all -fsanitize-recover=thread -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-NO-RECOVER-UBSAN
> // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined
> -fsanitize-recover=all -fno-sanitize-recover=undefined -### 2>&1 | FileCheck
> %s --check-prefix=CHECK-NO-RECOVER-UBSAN
> -// CHECK-RECOVER-UBSAN:
> "-fsanitize-recover={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|vla-bound|alignment|null|vptr|object-size|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}}
> +// CHECK-RECOVER-UBSAN:
> "-fsanitize-recover={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift-base|shift-exponent|vla-bound|alignment|null|vptr|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){17}"}}
> // CHECK-NO-RECOVER-UBSAN-NOT: sanitize-recover
>
> // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined
> -fno-sanitize-recover=all -fsanitize-recover=object-size,shift-base -### 2>&1
> | FileCheck %s --check-prefix=CHECK-PARTIAL-RECOVER
> -// CHECK-PARTIAL-RECOVER:
> "-fsanitize-recover={{((object-size|shift-base),?){2}"}}
> +// CHECK-PARTIAL-RECOVER: "-fsanitize-recover={{((shift-base),?){1}"}}
>
> // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=address
> -fsanitize-recover=all -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-RECOVER-ASAN
> // CHECK-RECOVER-ASAN: "-fsanitize-recover=address"
> Index: test/Driver/fsanitize-object-size.c
> ===================================================================
> --- /dev/null
> +++ test/Driver/fsanitize-object-size.c
> @@ -0,0 +1,25 @@
> +// Check that the object size check is disabled at -O0.
> +//
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size %s -### 2>&1
> | FileCheck %s --check-prefix=CHECK-NO-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size %s -O0 -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-NO-OSIZE
This isn't great - the user explicitly opted in to object-size but they
don't get it. We should either diagnose this and behave as is, or just
enable the sanitizer even though it's not effective for forwards
compatibility.
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=null,object-size %s -###
> 2>&1 | FileCheck %s --check-prefixes=CHECK-NO-OSIZE
> +
> +// Check that the object size check is enabled at other optimization levels.
> +//
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -O1 %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -O2 %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -O3 %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -O4 %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -Ofast %s
> -### 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -Os %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -Oz %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=object-size -Og %s -###
> 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +
> +// Use of trap mode shouldn't affect the object size check.
> +//
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined
> -fsanitize-trap=undefined -O1 %s -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -O1 %s
> -### 2>&1 | FileCheck %s --check-prefix=CHECK-HAS-OSIZE
> +// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap
> -fsanitize-undefined-trap-on-error -O1 %s -### 2>&1 | FileCheck %s
> --check-prefix=CHECK-HAS-OSIZE
> +
> +// CHECK-HAS-OSIZE: -fsanitize={{[^ ]*}}object-size
> +// CHECK-NO-OSIZE-NOT: -fsanitize={{[^ ]*}}object-size
> Index: lib/Driver/SanitizerArgs.cpp
> ===================================================================
> --- lib/Driver/SanitizerArgs.cpp
> +++ lib/Driver/SanitizerArgs.cpp
> @@ -208,6 +208,11 @@
> SanitizerMask TrappingKinds = parseSanitizeTrapArgs(D, Args);
> SanitizerMask InvalidTrappingKinds = TrappingKinds & NotAllowedWithTrap;
>
> + // The object-size sanitizer should not be enabled at -O0.
> + Arg *OptLevel = Args.getLastArg(options::OPT_O_Group);
> + if (!OptLevel || OptLevel->getOption().matches(options::OPT_O0))
> + AllRemove |= SanitizerKind::ObjectSize;
> +
> for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
> I != E; ++I) {
> const auto *Arg = *I;
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
