diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td index dcd2976a97f2..c2e30a16b8da 100644 --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -979,6 +979,9 @@ def fno_sanitize_EQ : CommaJoined<["-"], "fno-sanitize=">, Group, def fsanitize_blacklist : Joined<["-"], "fsanitize-blacklist=">, Group, HelpText<"Path to blacklist file for sanitizers">; +def fsanitize_system_blacklist : Joined<["-"], "fsanitize-system-blacklist=">, + HelpText<"Path to system blacklist file for sanitizers">, + Flags<[CC1Option]>; def fno_sanitize_blacklist : Flag<["-"], "fno-sanitize-blacklist">, Group, HelpText<"Don't use blacklist file for sanitizers">; diff --git a/clang/include/clang/Driver/SanitizerArgs.h b/clang/include/clang/Driver/SanitizerArgs.h index c37499e0f201..0aebf8cb225d 100644 --- a/clang/include/clang/Driver/SanitizerArgs.h +++ b/clang/include/clang/Driver/SanitizerArgs.h @@ -25,8 +25,8 @@ class SanitizerArgs { SanitizerSet RecoverableSanitizers; SanitizerSet TrapSanitizers; - std::vector BlacklistFiles; - std::vector ExtraDeps; + std::vector UserBlacklistFiles; + std::vector SystemBlacklistFiles; int CoverageFeatures = 0; int MsanTrackOrigins = 0; bool MsanUseAfterDtor = true; diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp index cc6c5e6ef438..8937197c253c 100644 --- a/clang/lib/Driver/SanitizerArgs.cpp +++ b/clang/lib/Driver/SanitizerArgs.cpp @@ -557,29 +557,35 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC, // Setup blacklist files. // Add default blacklist from resource directory. - addDefaultBlacklists(D, Kinds, BlacklistFiles); + addDefaultBlacklists(D, Kinds, SystemBlacklistFiles); // Parse -f(no-)sanitize-blacklist options. for (const auto *Arg : Args) { if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) { Arg->claim(); std::string BLPath = Arg->getValue(); if (llvm::sys::fs::exists(BLPath)) { - BlacklistFiles.push_back(BLPath); - ExtraDeps.push_back(BLPath); + UserBlacklistFiles.push_back(BLPath); } else { D.Diag(clang::diag::err_drv_no_such_file) << BLPath; } } else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) { Arg->claim(); - BlacklistFiles.clear(); - ExtraDeps.clear(); + UserBlacklistFiles.clear(); + SystemBlacklistFiles.clear(); } } // Validate blacklists format. { std::string BLError; std::unique_ptr SCL( - llvm::SpecialCaseList::create(BlacklistFiles, BLError)); + llvm::SpecialCaseList::create(UserBlacklistFiles, BLError)); + if (!SCL.get()) + D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError; + } + { + std::string BLError; + std::unique_ptr SCL( + llvm::SpecialCaseList::create(SystemBlacklistFiles, BLError)); if (!SCL.get()) D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError; } @@ -952,15 +958,15 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, CmdArgs.push_back( Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers))); - for (const auto &BLPath : BlacklistFiles) { + for (const auto &BLPath : UserBlacklistFiles) { SmallString<64> BlacklistOpt("-fsanitize-blacklist="); BlacklistOpt += BLPath; CmdArgs.push_back(Args.MakeArgString(BlacklistOpt)); } - for (const auto &Dep : ExtraDeps) { - SmallString<64> ExtraDepOpt("-fdepfile-entry="); - ExtraDepOpt += Dep; - CmdArgs.push_back(Args.MakeArgString(ExtraDepOpt)); + for (const auto &BLPath : SystemBlacklistFiles) { + SmallString<64> BlacklistOpt("-fsanitize-system-blacklist="); + BlacklistOpt += BLPath; + CmdArgs.push_back(Args.MakeArgString(BlacklistOpt)); } if (MsanTrackOrigins) diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp index 9bd7c5651185..26221a898185 100644 --- a/clang/lib/Frontend/CompilerInvocation.cpp +++ b/clang/lib/Frontend/CompilerInvocation.cpp @@ -1447,7 +1447,26 @@ static void ParseDependencyOutputArgs(DependencyOutputOptions &Opts, // Add sanitizer blacklists as extra dependencies. // They won't be discovered by the regular preprocessor, so // we let make / ninja to know about this implicit dependency. - Opts.ExtraDeps = Args.getAllArgValues(OPT_fdepfile_entry); + if (!Args.hasArg(OPT_fno_sanitize_blacklist)) { + for (const auto *A : Args.filtered(OPT_fsanitize_blacklist)) { + StringRef Val = A->getValue(); + if (Val.find('=') == StringRef::npos) + Opts.ExtraDeps.push_back(Val); + } + if (Opts.IncludeSystemHeaders) { + for (const auto *A : Args.filtered(OPT_fsanitize_system_blacklist)) { + StringRef Val = A->getValue(); + if (Val.find('=') == StringRef::npos) + Opts.ExtraDeps.push_back(Val); + } + } + } + + // Propagate the extra dependencies. + for (const auto *A : Args.filtered(OPT_fdepfile_entry)) { + Opts.ExtraDeps.push_back(A->getValue()); + } + // Only the -fmodule-file= form. for (const auto *A : Args.filtered(OPT_fmodule_file)) { StringRef Val = A->getValue(); diff --git a/clang/test/Driver/fsanitize-blacklist.c b/clang/test/Driver/fsanitize-blacklist.c index e08905c94eda..6878298e6752 100644 --- a/clang/test/Driver/fsanitize-blacklist.c +++ b/clang/test/Driver/fsanitize-blacklist.c @@ -16,22 +16,18 @@ // RUN: %clang -target aarch64-linux-gnu -fsanitize=hwaddress -fsanitize-blacklist=%t.good -fsanitize-blacklist=%t.second %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-BLACKLIST // CHECK-BLACKLIST: -fsanitize-blacklist={{.*}}.good" "-fsanitize-blacklist={{.*}}.second -// Now, check for -fdepfile-entry flags. -// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-blacklist=%t.good -fsanitize-blacklist=%t.second %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-BLACKLIST2 -// CHECK-BLACKLIST2: -fdepfile-entry={{.*}}.good" "-fdepfile-entry={{.*}}.second - // Check that the default blacklist is not added as an extra dependency. // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-BLACKLIST-ASAN --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= -// CHECK-DEFAULT-BLACKLIST-ASAN: -fsanitize-blacklist={{.*[^w]}}asan_blacklist.txt +// CHECK-DEFAULT-BLACKLIST-ASAN: -fsanitize-system-blacklist={{.*[^w]}}asan_blacklist.txt // RUN: %clang -target x86_64-linux-gnu -fsanitize=hwaddress -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-BLACKLIST-HWASAN --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= -// CHECK-DEFAULT-BLACKLIST-HWASAN: -fsanitize-blacklist={{.*}}hwasan_blacklist.txt +// CHECK-DEFAULT-BLACKLIST-HWASAN: -fsanitize-system-blacklist={{.*}}hwasan_blacklist.txt // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-UBSAN-BLACKLIST --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= // RUN: %clang -target x86_64-linux-gnu -fsanitize=nullability -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-UBSAN-BLACKLIST --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-UBSAN-BLACKLIST --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= // RUN: %clang -target x86_64-linux-gnu -fsanitize=alignment -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-UBSAN-BLACKLIST --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= // RUN: %clang -target %itanium_abi_triple -fsanitize=float-divide-by-zero -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-UBSAN-BLACKLIST --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= -// CHECK-DEFAULT-UBSAN-BLACKLIST: -fsanitize-blacklist={{.*}}ubsan_blacklist.txt +// CHECK-DEFAULT-UBSAN-BLACKLIST: -fsanitize-system-blacklist={{.*}}ubsan_blacklist.txt // Check that combining ubsan and another sanitizer results in both blacklists being used. // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined,address -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-UBSAN-BLACKLIST --check-prefix=CHECK-DEFAULT-ASAN-BLACKLIST --implicit-check-not=fdepfile-entry --implicit-check-not=-fsanitize-blacklist= diff --git a/clang/test/Frontend/dependency-gen.c b/clang/test/Frontend/dependency-gen.c index 963419cb1188..1db9b04c1d9f 100644 --- a/clang/test/Frontend/dependency-gen.c +++ b/clang/test/Frontend/dependency-gen.c @@ -27,3 +27,20 @@ #ifndef INCLUDE_FLAG_TEST #include #endif + +// RUN: echo "fun:foo" > %t.blacklist1 +// RUN: echo "fun:foo" > %t.blacklist2 +// RUN: %clang -MD -MF - %s -fsyntax-only -resource-dir=%S/Inputs/resource_dir_with_cfi_blacklist -fsanitize=cfi-vcall -flto -fvisibility=hidden -fsanitize-blacklist=%t.blacklist1 -fsanitize-blacklist=%t.blacklist2 -I ./ | FileCheck -check-prefix=TWO-BLACK-LISTS %s +// TWO-BLACK-LISTS: dependency-gen.o: +// TWO-BLACK-LISTS-DAG: blacklist1 +// TWO-BLACK-LISTS-DAG: blacklist2 +// TWO-BLACK-LISTS-DAG: x.h +// TWO-BLACK-LISTS-DAG: dependency-gen.c + +// RUN: %clang -MD -MF - %s -fsyntax-only -resource-dir=%S/Inputs/resource_dir_with_cfi_blacklist -fsanitize=cfi-vcall -flto -fvisibility=hidden -I ./ | FileCheck -check-prefix=USER-AND-SYS-DEPS %s +// USER-AND-SYS-DEPS: dependency-gen.o: +// USER-AND-SYS-DEPS-DAG: cfi_blacklist.txt + +// RUN: %clang -MMD -MF - %s -fsyntax-only -resource-dir=%S/Inputs/resource_dir_with_cfi_blacklist -fsanitize=cfi-vcall -flto -fvisibility=hidden -I ./ | FileCheck -check-prefix=ONLY-USER-DEPS %s +// ONLY-USER-DEPS: dependency-gen.o: +// NOT-ONLY-USER-DEPS: cfi_blacklist.txt \ No newline at end of file