Commit Graph

77 Commits

Author SHA1 Message Date
Evgeniy Stepanov 45be9e0d24 Add an experimental flag -fsanitize-memory-use-after-dtor.
This flag will enable detection of use-after-destructor (but before
memory deallocation) bugs. No actual functionality yet.

https://code.google.com/p/address-sanitizer/issues/detail?id=73

Patch by Naomi Musgrave.

llvm-svn: 241935
2015-07-10 20:07:16 +00:00
Peter Collingbourne 4bdceaa4de Driver: enable support for -fsanitize=cfi on Windows.
There are known issues, but the current implementation is good enough for
the check-cfi test suite.

Differential Revision: http://reviews.llvm.org/D11030

llvm-svn: 241728
2015-07-08 21:08:05 +00:00
Peter Collingbourne 581f438f4c Driver: add support for linking the UBSan runtime library on Windows.
On Windows the user may invoke the linker directly, so we might not have an
opportunity to add runtime library flags to the linker command line. Instead,
instruct the code generator to embed linker directive in the object file
that cause the required runtime libraries to be linked.

We might also want to do something similar for ASan, but it seems to have
its own special complexities which may make this infeasible.

Differential Revision: http://reviews.llvm.org/D10862

llvm-svn: 241225
2015-07-02 01:48:12 +00:00
Alexey Samsonov 9b87309a91 [CFI] Diagnose when we CFI in diagnostic mode is unavailable on a toolchain.
Summary:
Namely, we must have proper C++ABI support in UBSan runtime. We don't
have a good way to check for that, so just assume that C++ABI support is
there whenever -fsanitize=vptr is supported (i.e. only on handful of
platforms).

Exact diagnostic is also tricky. It's not "cfi" that is unsupported,
just the diagnostic mode. So, I suggest to report that
"-fno-sanitize-trap=cfi-foobar" is incompatible with a given target
toolchain.

Test Plan: regression test suite

Reviewers: pcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D10751

llvm-svn: 240716
2015-06-25 23:14:32 +00:00
Jay Foad e967dd0420 Teach Clang about the PPC64 memory sanitizer implementation.
Summary:
This is the Clang part of the PPC64 memory sanitizer implementation in
D10648.

Reviewers: kcc, eugenis, willschm, wschmidt, samsonov

Reviewed By: samsonov

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D10650

llvm-svn: 240628
2015-06-25 10:35:19 +00:00
Alexey Samsonov 1d4cff2cdc [UBSan] Allow to use -fsanitize=vptr only on Mac OS 10.9+
See https://llvm.org/bugs/show_bug.cgi?id=23539 for why this
is necessary.

llvm-svn: 240618
2015-06-25 00:58:02 +00:00
Alexey Samsonov 7f2a0d2c04 [Sanitizers] Provide better diagnostic for sanitizers unsupported for target triple.
Introduce ToolChain::getSupportedSanitizers() that would return the set
of sanitizers available on given toolchain. By default, these are
sanitizers which don't necessarily require runtime support and are
not toolchain- or architecture-dependent.

Sanitizers (ASan, DFSan, TSan, MSan etc.) which cannot function
without runtime library are marked as supported only on platforms
for which we actually build these runtimes.

This would allow more fine-grained checks in the future: for instance,
we have to restrict availability of -fsanitize=vptr to Mac OS 10.9+
(PR23539).

Update test cases accrodingly: add tests for certain unsupported
configurations, remove test cases for -fsanitize=vptr + PS4
integration, as we don't build the runtime for PS4 at the moment.

This change was first submitted as r239953 and reverted in r239958.
The problem was and still is in Darwin toolchains, which get the
knowledge about target platform too late after initializaition, while
now we require this information when ToolChain::getSanitizerArgs() is
called. r240170 works around this issue.

llvm-svn: 240179
2015-06-19 21:36:47 +00:00
Alexey Samsonov 907880edd9 [CFI] Require -flto instead of implying it.
Summary:
This is unfortunate, but would let us land http://reviews.llvm.org/D10467,
that makes ToolChains responsible for computing the set of sanitizers
they support.

Unfortunately, Darwin ToolChains doesn't know about actual OS they
target until ToolChain::TranslateArgs() is called. In particular, it
means we won't be able to construct SanitizerArgs for these ToolChains
before that.

This change removes SanitizerArgs::needsLTO() method, so that now
ToolChain::IsUsingLTO(), which is called very early, doesn't need
SanitizerArgs to implement this method.

Docs and test cases are updated accordingly. See
https://llvm.org/bugs/show_bug.cgi?id=23539, which describes why we
start all these.

Test Plan: regression test suite

Reviewers: pcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D10560

llvm-svn: 240170
2015-06-19 19:57:46 +00:00
Alexander Potapenko b9b73ef906 [ASan] Initial support for Kernel AddressSanitizer
This patch adds initial support for the -fsanitize=kernel-address flag to Clang.
Right now it's quite restricted: only out-of-line instrumentation is supported, globals are not instrumented, some GCC kasan flags are not supported.
Using this patch I am able to build and boot the KASan tree with LLVMLinux patches from github.com/ramosian-glider/kasan/tree/kasan_llvmlinux.
To disable KASan instrumentation for a certain function attribute((no_sanitize("kernel-address"))) can be used.

llvm-svn: 240131
2015-06-19 12:19:07 +00:00
Peter Collingbourne 9881b78b53 Introduce -fsanitize-trap= flag.
This flag controls whether a given sanitizer traps upon detecting
an error. It currently only supports UBSan. The existing flag
-fsanitize-undefined-trap-on-error has been made an alias of
-fsanitize-trap=undefined.

This change also cleans up some awkward behavior around the combination
of -fsanitize-trap=undefined and -fsanitize=undefined. Previously we
would reject command lines containing the combination of these two flags,
as -fsanitize=vptr is not compatible with trapping. This required the
creation of -fsanitize=undefined-trap, which excluded -fsanitize=vptr
(and -fsanitize=function, but this seems like an oversight).

Now, -fsanitize=undefined is an alias for -fsanitize=undefined-trap,
and if -fsanitize-trap=undefined is specified, we treat -fsanitize=vptr
as an "unsupported" flag, which means that we error out if the flag is
specified explicitly, but implicitly disable it if the flag was implied
by -fsanitize=undefined.

Differential Revision: http://reviews.llvm.org/D10464

llvm-svn: 240105
2015-06-18 23:59:22 +00:00
Alexey Samsonov 9bc2ad5e6c Revert "[Sanitizers] Provide better diagnostic for sanitizers unsupported for target triple."
This reverts commit r239953, while I'm investigating assertion
failure from http://lab.llvm.org:8080/green/job/clang-stage1-cmake-RA-incremental_check/9994/

llvm-svn: 239958
2015-06-17 22:27:32 +00:00
Alexey Samsonov 9170efdc0d [Sanitizers] Provide better diagnostic for sanitizers unsupported for target triple.
Summary:
Introduce ToolChain::getSupportedSanitizers() that would return the set
of sanitizers available on given toolchain. By default, these are
sanitizers which don't necessarily require runtime support (i.e.
set from -fsanitize=undefined-trap).

Sanitizers (ASan, DFSan, TSan, MSan etc.) which cannot function
without runtime library are marked as supported only on platforms
for which we actually build these runtimes.

This would allow more fine-grained checks in the future: for instance,
we have to restrict availability of -fsanitize=vptr to Mac OS 10.9+
(PR23539)

Update test cases accrodingly: add tests for certain unsupported
configurations, remove test cases for -fsanitize=vptr + PS4
integration, as we don't build the runtime for PS4 at the moment.

Test Plan: regression test suite

Reviewers: pcc

Subscribers: cfe-commits, filcab, eugenis, thakis, kubabrecka, emaste, rsmith

Differential Revision: http://reviews.llvm.org/D10467

llvm-svn: 239953
2015-06-17 22:07:28 +00:00
Peter Collingbourne c4122c17b4 Protection against stack-based memory corruption errors using SafeStack: Clang command line option and function attribute
This patch adds the -fsanitize=safe-stack command line argument for clang,
which enables the Safe Stack protection (see http://reviews.llvm.org/D6094
for the detailed description of the Safe Stack).

This patch is our implementation of the safe stack on top of Clang. The
patches make the following changes:

- Add -fsanitize=safe-stack and -fno-sanitize=safe-stack options to clang
  to control safe stack usage (the safe stack is disabled by default).

- Add __attribute__((no_sanitize("safe-stack"))) attribute to clang that can be
  used to disable the safe stack for individual functions even when enabled
  globally.

Original patch by Volodymyr Kuznetsov and others at the Dependable Systems
Lab at EPFL; updates and upstreaming by myself.

Differential Revision: http://reviews.llvm.org/D6095

llvm-svn: 239762
2015-06-15 21:08:13 +00:00
Alexey Samsonov de0aff3e91 [Driver] Improve unused-argument diagnostic for extra sanitizer features.
Don't print unused-argument warning for sanitizer-specific feature flag
if this sanitizer was eanbled, and later disabled in the command line.
For example, now:
  clang -fsanitize=address -fsanitize-coverage=bb -fno-sanitize=address a.cc
doesn't print warning, but
  clang -fsanitize-coverage=bb
does. Same holds for -fsanitize-address-field-padding= and
-fsanitize-memory-track-origins= flags.

Fixes PR23604.

llvm-svn: 237870
2015-05-21 01:07:52 +00:00
Alexey Samsonov 3f3b3abe2b [SanitizerCoverage] Give clang-cc1 the power to precisly specify needed sanitizier coverage mode.
Summary:
The next step is to add user-friendly control over these options
to driver via -fsanitize-coverage= option.

Test Plan: regression test suite

Reviewers: kcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D9545

llvm-svn: 236756
2015-05-07 18:31:29 +00:00
Alexey Samsonov d60832eade Allow UBSan+MSan and UBSan+TSan combinations (Clang part).
Embed UBSan runtime into TSan and MSan runtimes in the same as we do
in ASan. Extend UBSan test suite to also run tests for these
combinations.

llvm-svn: 235953
2015-04-28 00:56:36 +00:00
Peter Collingbourne 1a7488afaa Implement CFI type checks for non-virtual calls.
This uses the same class metadata currently used for virtual call and
cast checks.

The new flag is -fsanitize=cfi-nvcall. For consistency, the -fsanitize=cfi-vptr
flag has been renamed -fsanitize=cfi-vcall.

Differential Revision: http://reviews.llvm.org/D8756

llvm-svn: 233874
2015-04-02 00:23:30 +00:00
Timur Iskhodzhanov 3082d0e984 Make -fsanitize-coverage flag a core option so it's available via the clang-cl driver too
Reviewed at http://reviews.llvm.org/D8663

llvm-svn: 233384
2015-03-27 16:32:10 +00:00
Alexey Samsonov ecf380ef3b [UBSan] Don't allow to use UBSan with anything except for ASan.
We are not able to make a reliable solution for using UBSan together
with other sanitizers with runtime support (and sanitizer_common).
Instead, we want to follow the path used for LSan: have a "standalone"
UBSan tool, and plug-in UBSan that would be explicitly embedded into
specific sanitizers (in short term, it will be only ASan).

llvm-svn: 232829
2015-03-20 18:45:06 +00:00
Kostya Serebryany 6fe5fcbcbc Allow -fsanitize-coverage with -fsanitize=dataflow
Summary: Allow -fsanitize-coverage with -fsanitize=dataflow

Test Plan: check-clang

Reviewers: pcc

Reviewed By: pcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D8476

llvm-svn: 232787
2015-03-20 00:06:52 +00:00
Peter Collingbourne d2926c91d5 Implement bad cast checks using control flow integrity information.
This scheme checks that pointer and lvalue casts are made to an object of
the correct dynamic type; that is, the dynamic type of the object must be
a derived class of the pointee type of the cast. The checks are currently
only introduced where the class being casted to is a polymorphic class.

Differential Revision: http://reviews.llvm.org/D8312

llvm-svn: 232241
2015-03-14 02:42:25 +00:00
Alexey Samsonov ce2e77c771 Add deprecation notice for -f(no-)sanitize-recover flags.
These flags should be replaced with corresponding
-f(no-)sanitize-recover=<list> flags.

llvm-svn: 231983
2015-03-11 23:34:25 +00:00
Alexey Samsonov 21d2dda3d2 [UBSan] Split -fsanitize=shift into -fsanitize=shift-base and -fsanitize=shift-exponent.
This is a recommit of r231150, reverted in r231409. Turns out
that -fsanitize=shift-base check implementation only works if the
shift exponent is valid, otherwise it contains undefined behavior
itself.

Make sure we check that exponent is valid before we proceed to
check the base. Make sure that we actually report invalid values
of base or exponent if -fsanitize=shift-base or
-fsanitize=shift-exponent is specified, respectively.

llvm-svn: 231711
2015-03-09 21:50:19 +00:00
Alexey Samsonov 48a9db034a Revert "[UBSan] Split -fsanitize=shift into -fsanitize=shift-base and -fsanitize=shift-exponent."
It's not that easy. If we're only checking -fsanitize=shift-base we
still need to verify that exponent has sane value, otherwise
UBSan-inserted checks for base will contain undefined behavior
themselves.

llvm-svn: 231409
2015-03-05 21:57:35 +00:00
Alexey Samsonov 783b8174ad [UBSan] Split -fsanitize=shift into -fsanitize=shift-base and -fsanitize=shift-exponent.
-fsanitize=shift is now a group that includes both these checks, so
exisiting users should not be affected.

This change introduces two new UBSan kinds that sanitize only left-hand
side and right-hand side of shift operation. In practice, invalid
exponent value (negative or too large) tends to cause more portability
problems, including inconsistencies between different compilers, crashes
and inadequeate results on non-x86 architectures etc. That is,
-fsanitize=shift-exponent failures should generally be addressed first.

As a bonus, this change simplifies CodeGen implementation for emitting left
shift (separate checks for base and exponent are now merged by the
existing generic logic in EmitCheck()), and LLVM IR for these checks
(the number of basic blocks is reduced).

llvm-svn: 231150
2015-03-03 22:15:35 +00:00
Evgeniy Stepanov 6e09bca0ef [msan] Change track-origins default mode from 1 to 2.
Change -fsanitize-memory-track-origins to be equivalent to
-fsanitize-memory-track-origins=2.

Track-origins=2 provides a lot more detailed reports at the cost of
some additional slowdown (ranging from none to, sometimes, 3x; ~3% average on
SPEC2006).

llvm-svn: 230644
2015-02-26 15:59:30 +00:00
Peter Collingbourne a4ccff3281 Implement Control Flow Integrity for virtual calls.
This patch introduces the -fsanitize=cfi-vptr flag, which enables a control
flow integrity scheme that checks that virtual calls take place using a vptr of
the correct dynamic type. More details in the new docs/ControlFlowIntegrity.rst
file.

It also introduces the -fsanitize=cfi flag, which is currently a synonym for
-fsanitize=cfi-vptr, but will eventually cover all CFI checks implemented
in Clang.

Differential Revision: http://reviews.llvm.org/D7424

llvm-svn: 230055
2015-02-20 20:30:56 +00:00
Filipe Cabecinhas ec5d0e6423 Improve our handling of rtti/sanitize=vptr/sanitize=undefined
This patch removes the huge blob of code that is dealing with
rtti/exceptions/sanitizers and replaces it with:

A ToolChain function which, for a given set of Args, figures out if rtti
should be:
  - enabled
  - disabled implicitly
  - disabled explicitly

A change in the way SanitizerArgs figures out what sanitizers to enable
(or if it should error out, or warn);

And a check for exceptions/rtti interaction inside addExceptionArgs.

The RTTIMode algorithm is:
  - If -mkernel, -fapple-kext, or -fno-rtti are passed, rtti was disabled explicitly;
  - If -frtti was passed or we're not targetting the PS4, rtti is enabled;
  - If -fexceptions or -fcxx-exceptions was passed and we're targetting
    the PS4, rtti was enabled implicitly;
  - If we're targetting the PS4, rtti is disabled implicitly;
  - Otherwise, rtti is enabled;

Since the only flag needed to pass to -cc1 is -fno-rtti if we want to
disable it, there's no problem in saying rtti is enabled if we're
compiling C code, so we don't look at the input file type.

addExceptionArgs now looks at the RTTIMode and warns that rtti is being
enabled implicitly if targetting the PS4 and exceptions are on. It also
errors out if, targetting the PS4, -fno-rtti was passed, and exceptions
were turned on.

SanitizerArgs now errors out if rtti was disabled explicitly and the vptr
sanitizer was enabled implicitly, but just turns off vptr if rtti is
disabled but -fsanitize=undefined was passed.

Also fixed tests, removed duplicate name from addExceptionArgs comment,
and added one or two surrounding lines when running clang-format.
This changes test/Driver/fsanitize.c to make it not expect a warning when
passed -fsanitize=undefined -fno-rtti, but expect vptr to not be on.

Removed all users and definition of SanitizerArgs::sanitizesVptr().

Reviewers: samsonov

Subscribers: llvm-commits, samsonov, rsmith

Differential Revision: http://reviews.llvm.org/D7525

llvm-svn: 229801
2015-02-19 01:04:49 +00:00
Sergey Matveev 2ba8778157 Append -fno-assume-sane-operator-new in ASan builds.
This should help LSan detect leaks where operator new would otherwise be
optimized out.

llvm-svn: 229498
2015-02-17 15:09:33 +00:00
Alexey Samsonov 8845952b54 Reimplement -fsanitize-recover family of flags.
Introduce the following -fsanitize-recover flags:
  - -fsanitize-recover=<list>: Enable recovery for selected checks or
      group of checks. It is forbidden to explicitly list unrecoverable
      sanitizers here (that is, "address", "unreachable", "return").
  - -fno-sanitize-recover=<list>: Disable recovery for selected checks or
     group of checks.
  - -f(no-)?sanitize-recover is now a synonym for
    -f(no-)?sanitize-recover=undefined,integer and will soon be deprecated.

These flags are parsed left to right, and mask of "recoverable"
sanitizer is updated accordingly, much like what we do for -fsanitize= flags.
-fsanitize= and -fsanitize-recover= flag families are independent.

CodeGen change: If there is a single UBSan handler function, responsible
for implementing multiple checks, which have different recoverable setting,
then we emit two handler calls instead of one:
the first one for the set of "unrecoverable" checks, another one - for
set of "recoverable" checks. If all checks implemented by a handler have the
same recoverability setting, then the generated code will be the same.

llvm-svn: 225719
2015-01-12 22:39:12 +00:00
Kostya Serebryany 2d88f3d623 Allow -fsanitize-coverage=N with ubsan, clang part
Summary:
Allow -fsanitize-coverage=N with ubsan, clang part.
This simply allows the flag combination.
The LLVM will work out of the box, the compile-rt part
will follow as a separate patch.

Test Plan: check-clang

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D6849

llvm-svn: 225229
2015-01-06 01:02:48 +00:00
Alexey Samsonov abd5bead3f Allow to disable all sanitizers with "-fno-sanitize=all" option.
Summary:
This patch adds "all" sanitizer group. A shortcut "-fno-sanitize=all"
can be used to disable all sanitizers for a given source file.

"-fsanitize=all" option makes no sense, and will produce an error.

This group can also be useful when we add "-fsanitize-recover=<list>"
options (patch in http://reviews.llvm.org/D6302), as it would allow
to conveniently enable/disable recovery for all specified sanitizers.

Test Plan: regression test suite

Reviewers: kcc, rsmith

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D6733

llvm-svn: 224596
2014-12-19 18:41:43 +00:00
Kostya Serebryany 78df9d03fa [sanitizer] allow -fsanitize-coverage=N w/ -fsanitize=leak, clang part
llvm-svn: 224462
2014-12-17 21:46:33 +00:00
Kostya Serebryany bed8da2e3b [msan] allow -fsanitize-coverage=N together with -fsanitize=memory, clang part
llvm-svn: 223311
2014-12-03 23:27:45 +00:00
Dmitry Vyukov 45bac8d4e8 Fix test after r222526.
llvm-svn: 222530
2014-11-21 12:48:43 +00:00
Alexey Samsonov 1e715a66d7 [Sanitizer] Parse and produce all sanitizer-relevant arguments in SanitizerArgs.
In particular, make SanitizerArgs responsible for parsing
and passing down to frontend -fsanitize-recover and
-fsanitize-undefined-trap-on-error flags.

Simplify parsing -f(no-)sanitize= flags parsing: get rid of
too complex filterUnsupportedKinds function.

No functionality change.

llvm-svn: 222105
2014-11-16 20:53:53 +00:00
Kostya Serebryany 75b4f9e1e6 Introduce -fsanitize-coverage=N flag
Summary:
This change makes the asan-coverge (formerly -mllvm -asan-coverge)
accessible via a clang flag.
Companion patch to LLVM is http://reviews.llvm.org/D6152

Test Plan: regression tests, chromium

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D6153

llvm-svn: 221719
2014-11-11 22:15:07 +00:00
Ehsan Akhgari e0db196556 clang-cl: Diagnose the usage of ASAN with a debug runtime library
Summary:
AddressSanitizer currently doesn't support this configuration, and binaries
built with it will just get into an infinite loop during startup.

Test Plan: Includes an automated test.

Reviewers: samsonov

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D5764

llvm-svn: 219744
2014-10-14 23:15:44 +00:00
Kostya Serebryany aed71a89bc Add experimental clang/driver flag -fsanitize-address-field-padding=N
Summary:
This change adds an experimental flag -fsanitize-address-field-padding=N (0, 1, 2)
to clang and driver. With this flag ASAN will be able to detect some cases of
intra-object-overflow bugs,
see https://code.google.com/p/address-sanitizer/wiki/IntraObjectOverflow

There is no actual functionality here yet, just the flag parsing.
The functionality is being reviewed at http://reviews.llvm.org/D5687

Test Plan: Build and run SPEC, LLVM Bootstrap, Chrome with this flag.

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D5676

llvm-svn: 219417
2014-10-09 17:53:04 +00:00
Alexey Samsonov 8e1162c71d Implement nonnull-attribute sanitizer
Summary:
This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with __attribute__((nonnull))
are actually nonnull in runtime.

To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.

Test Plan: regression test suite

Reviewers: rsmith

Reviewed By: rsmith

Subscribers: cfe-commits, rnk

Differential Revision: http://reviews.llvm.org/D5082

llvm-svn: 217389
2014-09-08 17:22:45 +00:00
Alexey Samsonov de443c5002 [UBSan] Add returns-nonnull sanitizer.
Summary:
This patch adds a runtime check verifying that functions
annotated with "returns_nonnull" attribute do in fact return nonnull pointers.
It is based on suggestion by Jakub Jelinek:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html.

Test Plan: regression test suite

Reviewers: rsmith

Reviewed By: rsmith

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D4849

llvm-svn: 215485
2014-08-13 00:26:40 +00:00
Alexey Samsonov e595e1ade0 Remove top-level Clang -fsanitize= flags for optional ASan features.
Init-order and use-after-return modes can currently be enabled
by runtime flags. use-after-scope mode is not really working at the
moment.

The only problem I see is that users won't be able to disable extra
instrumentation for init-order and use-after-scope by a top-level Clang flag.
But this instrumentation was implicitly enabled for quite a while and
we didn't hear from users hurt by it.

llvm-svn: 210924
2014-06-13 17:53:44 +00:00
Alexey Samsonov e1237993c7 Kill deprecated -fbounds-checking flag
llvm-svn: 204436
2014-03-21 07:15:47 +00:00
Evgeniy Stepanov 2bfcaabdec [msan] -fsanitize-memory-track-origins=[level] flag and docs.
This change turns -fsanitize-memory-track-origins into
-fsanitize-memory-track-origins=[level] flag (keeping the old one for
compatibility). Possible levels are 0 (off), 1 (default) and 2 (incredibly
detailed). See docs (part of this patch) for more info.

llvm-svn: 204346
2014-03-20 14:58:36 +00:00
Alexey Samsonov cb3f812b6b Kill -faddress-sanitizer, -fthread-sanitizer and -fcatch-undefined-behavior flags.
These flags are deprecated since at least Clang 3.3. Users should instead
use -fsanitize= with appropriate values.

llvm-svn: 204330
2014-03-20 10:48:29 +00:00
Alexey Bataev 40e7522ebd Turn on PIC by default on Android (http://llvm-reviews.chandlerc.com/D2603)
llvm-svn: 200290
2014-01-28 06:30:35 +00:00
Evgeniy Stepanov d04b861e69 [asan] Remove -fsanitize-address-zero-base-shadow command line
flag from clang, and disable zero-base shadow support on all platforms
where it is not the default behavior.

- It is completely unused, as far as we know.
- It is ABI-incompatible with non-zero-base shadow, which means all
objects in a process must be built with the same setting. Failing to
do so results in a segmentation fault at runtime.
- It introduces a backward dependency of compiler-rt on user code,
which is uncommon and complicates testing.

This is the Clang part of a larger change.

llvm-svn: 199372
2014-01-16 10:19:31 +00:00
Peter Collingbourne 3270164f39 SanitizerArgs: add ability to filter/diagnose unsupported sanitizers.
The thread, memory, dataflow and function sanitizers are now diagnosed if
enabled explicitly on an unsupported platform.  Unsupported sanitizers which
are enabled implicitly (as part of a larger group) are silently disabled.  As a
side effect, this makes SanitizerArgs parsing toolchain-dependent (and thus
essentially reverts r188058), and moves SanitizerArgs ownership to ToolChain.

Differential Revision: http://llvm-reviews.chandlerc.com/D1990

llvm-svn: 193875
2013-11-01 18:16:25 +00:00
Richard Smith 6b53e224eb Split -fsanitize=bounds to -fsanitize=array-bounds (for the frontend-inserted
check using the ubsan runtime) and -fsanitize=local-bounds (for the middle-end
check which inserts traps).

Remove -fsanitize=local-bounds from -fsanitize=undefined. It does not produce
useful diagnostics and has false positives (PR17635), and is not a good
compromise position between UBSan's checks and ASan's checks.

Map -fbounds-checking to -fsanitize=local-bounds to restore Clang's historical
behavior for that flag.

llvm-svn: 193205
2013-10-22 22:51:04 +00:00
Peter Collingbourne b453cd64a7 Implement function type checker for the undefined behavior sanitizer.
This uses function prefix data to store function type information at the
function pointer.

Differential Revision: http://llvm-reviews.chandlerc.com/D1338

llvm-svn: 193058
2013-10-20 21:29:19 +00:00