``-fsanitize=address``:
:doc:`AddressSanitizer`, a memory error
detector.
- - ``-fsanitize=init-order``: Make AddressSanitizer check for
- dynamic initialization order problems. Implied by ``-fsanitize=address``.
- - ``-fsanitize=address-full``: AddressSanitizer with all the
- experimental features listed below.
- ``-fsanitize=integer``: Enables checks for undefined or
suspicious integer behavior.
- .. _opt_fsanitize_thread:
- ``-fno-sanitize-blacklist``: don't use blacklist file, if it was
specified earlier in the command line.
- Experimental features of AddressSanitizer (not ready for widespread
- use, require explicit ``-fsanitize=address``):
-
- - ``-fsanitize=use-after-return``: Check for use-after-return
- errors (accessing local variable after the function exit).
- - ``-fsanitize=use-after-scope``: Check for use-after-scope errors
- (accesing local variable after it went out of scope).
-
Extra features of MemorySanitizer (require explicit
``-fsanitize=memory``):
// AddressSanitizer
SANITIZER("address", Address)
-// More features of AddressSanitizer that should be turned on explicitly.
-SANITIZER("init-order", InitOrder)
-SANITIZER("use-after-return", UseAfterReturn)
-SANITIZER("use-after-scope", UseAfterScope)
-
-SANITIZER_GROUP("address-full", AddressFull,
- Address | InitOrder | UseAfterReturn | UseAfterScope)
// MemorySanitizer
SANITIZER("memory", Memory)
const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder);
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
- const LangOptions &LangOpts = BuilderWrapper.getLangOpts();
- PM.add(createAddressSanitizerFunctionPass(LangOpts.Sanitize.InitOrder,
- LangOpts.Sanitize.UseAfterReturn,
- LangOpts.Sanitize.UseAfterScope));
- PM.add(createAddressSanitizerModulePass(
- LangOpts.Sanitize.InitOrder,
- CGOpts.SanitizerBlacklistFile));
+ PM.add(createAddressSanitizerFunctionPass());
+ PM.add(createAddressSanitizerModulePass(CGOpts.SanitizerBlacklistFile));
}
static void addMemorySanitizerPass(const PassManagerBuilder &Builder,
/// Should we use the LLVM lifetime intrinsics for the given local variable?
static bool shouldUseLifetimeMarkers(CodeGenFunction &CGF, const VarDecl &D,
unsigned Size) {
- // Always emit lifetime markers in -fsanitize=use-after-scope mode.
- if (CGF.getLangOpts().Sanitize.UseAfterScope)
- return true;
// For now, only in optimized builds.
if (CGF.CGM.getCodeGenOpts().OptimizationLevel == 0)
return false;
// -f(-no)sanitize=leak should change whether leak detection is enabled by
// default in ASan?
- // If -fsanitize contains extra features of ASan, it should also
- // explicitly contain -fsanitize=address (probably, turned off later in the
- // command line).
- if ((Kind & AddressFull) != 0 && (AllAdd & Address) == 0)
- D.Diag(diag::warn_drv_unused_sanitizer)
- << lastArgumentForKind(D, Args, AddressFull)
- << "-fsanitize=address";
-
// Parse -f(no-)sanitize-blacklist options.
if (Arg *BLArg = Args.getLastArg(options::OPT_fsanitize_blacklist,
options::OPT_fno_sanitize_blacklist)) {
#define SANITIZER_GROUP(NAME, ID, ALIAS) .Case(NAME, ID##Group)
#include "clang/Basic/Sanitizers.def"
.Default(SanitizeKind());
- // Assume -fsanitize=address implies -fsanitize=init-order,use-after-return.
- // FIXME: This should be either specified in Sanitizers.def, or go away when
- // we get rid of "-fsanitize=init-order,use-after-return" flags at all.
- if (ParsedKind & Address)
- ParsedKind |= InitOrder | UseAfterReturn;
return ParsedKind;
}
-// RUN: %clang_cc1 -fsanitize=address,init-order -emit-llvm -o - %s | FileCheck %s
+// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - %s | FileCheck %s
// Test blacklist functionality.
// RUN: echo "global-init-src:%s" > %t-file.blacklist
// RUN: echo "global-init-type:struct.PODWithCtorAndDtor" > %t-type.blacklist
-// RUN: %clang_cc1 -fsanitize=address,init-order -fsanitize-blacklist=%t-file.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST
-// RUN: %clang_cc1 -fsanitize=address,init-order -fsanitize-blacklist=%t-type.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST
+// RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=%t-file.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST
+// RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=%t-type.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST
// REQUIRES: shell
struct PODStruct {
+++ /dev/null
-// RUN: %clang_cc1 -S -emit-llvm -o - -fsanitize=address,use-after-scope %s \
-// RUN: | FileCheck %s -check-prefix=USE-AFTER-SCOPE
-// RUN: %clang_cc1 -S -emit-llvm -o - -fsanitize=address %s \
-// RUN: | FileCheck %s -check-prefix=ADDRESS-ONLY
-
-extern int bar(char *A, int n);
-
-// ADDRESS-ONLY-NOT: @llvm.lifetime.start
-int foo (int n) {
- if (n) {
- // USE-AFTER-SCOPE: @llvm.lifetime.start(i64 10, i8* {{.*}})
- char A[10];
- return bar(A, 1);
- // USE-AFTER-SCOPE: @llvm.lifetime.end(i64 10, i8* {{.*}})
- } else {
- // USE-AFTER-SCOPE: @llvm.lifetime.start(i64 20, i8* {{.*}})
- char A[20];
- return bar(A, 2);
- // USE-AFTER-SCOPE: @llvm.lifetime.end(i64 20, i8* {{.*}})
- }
-}
-
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|object-size|array-bounds),?){12}"}}
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL
-// CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}}
-
-// RUN: %clang -target x86_64-linux-gnu -fno-sanitize=init-order,use-after-return -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-IMPLIED-INIT-ORDER-UAR
-// CHECK-ASAN-IMPLIED-INIT-ORDER-UAR: "-fsanitize={{((address|init-order|use-after-return),?){3}"}}
-
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fno-sanitize=init-order %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-NO-IMPLIED-INIT-ORDER
-// CHECK-ASAN-NO-IMPLIED-INIT-ORDER-NOT: init-order
-
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fno-sanitize=use-after-return %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-NO-IMPLIED-UAR
-// CHECK-ASAN-NO-IMPLIED-UAR-NOT: use-after-return
-
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF
// CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,memory -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL-SANM
// CHECK-SANL-SANM: '-fsanitize=leak' not allowed with '-fsanitize=memory'
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=init-order %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ONLY-EXTRA-ASAN
-// CHECK-ONLY-EXTRA-ASAN: '-fsanitize=init-order' is ignored in absence of '-fsanitize=address'
-
-// RUN: %clang -target x86_64-linux-gnu -Wno-unused-sanitize-argument -fsanitize=init-order %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-WNO-UNUSED-SANITIZE-ARGUMENT
-// CHECK-WNO-UNUSED-SANITIZE-ARGUMENT-NOT: '-fsanitize=init-order' is ignored in absence of '-fsanitize=address'
-
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=address,init-order -fno-sanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NOWARN-ONLY-EXTRA-ASAN
-// CHECK-NOWARN-ONLY-EXTRA-ASAN-NOT: is ignored in absence of '-fsanitize=address'
-
// RUN: %clang -target x86_64-linux-gnu -fsanitize-memory-track-origins -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ONLY-TRACK-ORIGINS
// CHECK-ONLY-TRACK-ORIGINS: warning: argument unused during compilation: '-fsanitize-memory-track-origins'
// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-blacklist-extra.cc\
// RUN: %p/Helpers/initialization-blacklist-extra2.cc \
-// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt \
-// RUN: -fsanitize=init-order -o %t
+// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-blacklist-extra.cc\
// RUN: %p/Helpers/initialization-blacklist-extra2.cc \
-// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt \
-// RUN: -fsanitize=init-order -o %t
+// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-blacklist-extra.cc\
// RUN: %p/Helpers/initialization-blacklist-extra2.cc \
-// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt \
-// RUN: -fsanitize=init-order -o %t
+// RUN: -fsanitize-blacklist=%p/Helpers/initialization-blacklist.txt -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
// Function is defined in another TU.
// constructor implies that it was initialized during constant initialization,
// not dynamic initialization).
-// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-constexpr-extra.cc\
-// RUN: --std=c++11 -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
-// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-constexpr-extra.cc\
-// RUN: --std=c++11 -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
-// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-constexpr-extra.cc\
-// RUN: --std=c++11 -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
-// RUN: %clangxx_asan -O3 %s %p/Helpers/initialization-constexpr-extra.cc\
-// RUN: --std=c++11 -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O3 %s %p/Helpers/initialization-constexpr-extra.cc --std=c++11 -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
class Integer {
// A collection of various initializers which shouldn't trip up initialization
// order checking. If successful, this will just return 0.
-// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-nobug-extra.cc -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O0 %s %p/Helpers/initialization-nobug-extra.cc -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
-// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-nobug-extra.cc -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O1 %s %p/Helpers/initialization-nobug-extra.cc -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
-// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-nobug-extra.cc -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O2 %s %p/Helpers/initialization-nobug-extra.cc -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
-// RUN: %clangxx_asan -O3 %s %p/Helpers/initialization-nobug-extra.cc -fsanitize=init-order -o %t
+// RUN: %clangxx_asan -O3 %s %p/Helpers/initialization-nobug-extra.cc -o %t
// RUN: env ASAN_OPTIONS=check_initialization_order=true %run %t 2>&1
// Simple access:
// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && \
// RUN: not %run %t 2>&1 | FileCheck %s
+// XFAIL: *
#include <stdio.h>
struct IntHolder {
// llvm.lifetime intrinsics at -O0.
//
// RUN: %clangxx_asan -O2 -fsanitize=use-after-scope %s -o %t && not %run %t 2>&1 | FileCheck %s
+// XFAIL: *
int *arr;
// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && %run %t
+// XFAIL: *
#include <stdio.h>
// RUN: %clangxx_asan -O0 -fsanitize=use-after-scope %s -o %t && \
// RUN: not %run %t 2>&1 | FileCheck %s
// RUN: env ASAN_OPTIONS="detect_stack_use_after_return=1" not %run %t 2>&1 | FileCheck %s
+// XFAIL: *
int main() {
int *p = 0;
GCOVOptions::getDefault());
// Insert AddressSanitizer (address sanity checking) instrumentation
-FunctionPass *createAddressSanitizerFunctionPass(
- bool CheckInitOrder = true, bool CheckUseAfterReturn = false,
- bool CheckLifetime = false);
-ModulePass *createAddressSanitizerModulePass(
- bool CheckInitOrder = true, StringRef BlacklistFile = StringRef());
+FunctionPass *createAddressSanitizerFunctionPass();
+ModulePass *
+createAddressSanitizerModulePass(StringRef BlacklistFile = StringRef());
// Insert MemorySanitizer instrumentation (detection of uninitialized reads)
FunctionPass *createMemorySanitizerPass(int TrackOrigins = 0);
// This flag may need to be replaced with -f[no]asan-stack.
static cl::opt<bool> ClStack("asan-stack",
cl::desc("Handle stack memory"), cl::Hidden, cl::init(true));
-// This flag may need to be replaced with -f[no]asan-use-after-return.
static cl::opt<bool> ClUseAfterReturn("asan-use-after-return",
- cl::desc("Check return-after-free"), cl::Hidden, cl::init(false));
+ cl::desc("Check return-after-free"), cl::Hidden, cl::init(true));
// This flag may need to be replaced with -f[no]asan-globals.
static cl::opt<bool> ClGlobals("asan-globals",
cl::desc("Handle global objects"), cl::Hidden, cl::init(true));
"are more than this number of blocks."),
cl::Hidden, cl::init(1500));
static cl::opt<bool> ClInitializers("asan-initialization-order",
- cl::desc("Handle C++ initializer order"), cl::Hidden, cl::init(false));
+ cl::desc("Handle C++ initializer order"), cl::Hidden, cl::init(true));
static cl::opt<bool> ClInvalidPointerPairs("asan-detect-invalid-pointer-pair",
cl::desc("Instrument <, <=, >, >=, - with pointer operands"),
cl::Hidden, cl::init(false));
/// AddressSanitizer: instrument the code in module to find memory bugs.
struct AddressSanitizer : public FunctionPass {
- AddressSanitizer(bool CheckInitOrder = true,
- bool CheckUseAfterReturn = false,
- bool CheckLifetime = false)
- : FunctionPass(ID),
- CheckInitOrder(CheckInitOrder || ClInitializers),
- CheckUseAfterReturn(CheckUseAfterReturn || ClUseAfterReturn),
- CheckLifetime(CheckLifetime || ClCheckLifetime) {}
+ AddressSanitizer() : FunctionPass(ID) {}
const char *getPassName() const override {
return "AddressSanitizerFunctionPass";
}
bool InjectCoverage(Function &F, const ArrayRef<BasicBlock*> AllBlocks);
void InjectCoverageAtBlock(Function &F, BasicBlock &BB);
- bool CheckInitOrder;
- bool CheckUseAfterReturn;
- bool CheckLifetime;
-
LLVMContext *C;
const DataLayout *DL;
int LongSize;
class AddressSanitizerModule : public ModulePass {
public:
- AddressSanitizerModule(bool CheckInitOrder = true,
- StringRef BlacklistFile = StringRef())
- : ModulePass(ID),
- CheckInitOrder(CheckInitOrder || ClInitializers),
- BlacklistFile(BlacklistFile.empty() ? ClBlacklistFile
- : BlacklistFile) {}
+ AddressSanitizerModule(StringRef BlacklistFile = StringRef())
+ : ModulePass(ID), BlacklistFile(BlacklistFile.empty() ? ClBlacklistFile
+ : BlacklistFile) {}
bool runOnModule(Module &M) override;
static char ID; // Pass identification, replacement for typeid
const char *getPassName() const override {
return RedzoneSizeForScale(Mapping.Scale);
}
- bool CheckInitOrder;
SmallString<64> BlacklistFile;
std::unique_ptr<SpecialCaseList> BL;
/// \brief Collect lifetime intrinsic calls to check for use-after-scope
/// errors.
void visitIntrinsicInst(IntrinsicInst &II) {
- if (!ASan.CheckLifetime) return;
+ if (!ClCheckLifetime) return;
Intrinsic::ID ID = II.getIntrinsicID();
if (ID != Intrinsic::lifetime_start &&
ID != Intrinsic::lifetime_end)
INITIALIZE_PASS(AddressSanitizer, "asan",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs.",
false, false)
-FunctionPass *llvm::createAddressSanitizerFunctionPass(
- bool CheckInitOrder, bool CheckUseAfterReturn, bool CheckLifetime) {
- return new AddressSanitizer(CheckInitOrder, CheckUseAfterReturn,
- CheckLifetime);
+FunctionPass *llvm::createAddressSanitizerFunctionPass() {
+ return new AddressSanitizer();
}
char AddressSanitizerModule::ID = 0;
INITIALIZE_PASS(AddressSanitizerModule, "asan-module",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs."
"ModulePass", false, false)
-ModulePass *llvm::createAddressSanitizerModulePass(
- bool CheckInitOrder, StringRef BlacklistFile) {
- return new AddressSanitizerModule(CheckInitOrder, BlacklistFile);
+ModulePass *llvm::createAddressSanitizerModulePass(StringRef BlacklistFile) {
+ return new AddressSanitizerModule(BlacklistFile);
}
static size_t TypeSizeToSizeIndex(uint32_t TypeSize) {
if (GlobalVariable *G = dyn_cast<GlobalVariable>(Addr)) {
// If initialization order checking is disabled, a simple access to a
// dynamically initialized global is always valid.
- if (!CheckInitOrder || GlobalIsLinkerInitialized(G)) {
+ if (!ClInitializers || GlobalIsLinkerInitialized(G)) {
NumOptimizedAccessesToGlobalVar++;
return;
}
NULL);
// Populate the first and last globals declared in this TU.
- if (CheckInitOrder && GlobalHasDynamicInitializer)
+ if (ClInitializers && GlobalHasDynamicInitializer)
HasDynamicallyInitializedGlobals = true;
DEBUG(dbgs() << "NEW GLOBAL: " << *NewGlobal << "\n");
ConstantArray::get(ArrayOfGlobalStructTy, Initializers), "");
// Create calls for poisoning before initializers run and unpoisoning after.
- if (CheckInitOrder && HasDynamicallyInitializedGlobals)
+ if (HasDynamicallyInitializedGlobals)
createInitializerPoisonCalls(M, ModuleName);
IRB.CreateCall2(AsanRegisterGlobals,
IRB.CreatePointerCast(AllGlobals, IntptrTy),
DEBUG(dbgs() << L.DescriptionString << " --- " << L.FrameSize << "\n");
uint64_t LocalStackSize = L.FrameSize;
bool DoStackMalloc =
- ASan.CheckUseAfterReturn && LocalStackSize <= kMaxStackMallocSize;
+ ClUseAfterReturn && LocalStackSize <= kMaxStackMallocSize;
Type *ByteArrayTy = ArrayType::get(IRB.getInt8Ty(), LocalStackSize);
AllocaInst *MyAlloca =
-; RUN: opt < %s -asan -asan-module -S | FileCheck %s
+; RUN: opt < %s -asan -asan-module -asan-use-after-return=0 -S | FileCheck %s
; Checks that llvm.dbg.declare instructions are updated
; accordingly as we merge allocas.
; Test hanlding of llvm.lifetime intrinsics.
-; RUN: opt < %s -asan -asan-module -asan-check-lifetime -S | FileCheck %s
+; RUN: opt < %s -asan -asan-module -asan-check-lifetime -asan-use-after-return=0 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
; RUN: opt < %s -asan -asan-module -asan-use-after-return -S | FileCheck --check-prefix=CHECK-UAR %s
-; RUN: opt < %s -asan -asan-module -S | FileCheck --check-prefix=CHECK-PLAIN %s
+; RUN: opt < %s -asan -asan-module -asan-use-after-return=0 -S | FileCheck --check-prefix=CHECK-PLAIN %s
target datalayout = "e-i64:64-f80:128-s:64-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"