[PATCH] Implement diagnostic mode for -fsanitize=cfi*, -fsanitize=cfi-diag.

Peter Collingbourne peter at pcc.me.uk
Tue Jun 9 14:38:05 PDT 2015

My rationale for making the CFI flags work differently than the UBSan flags was that the default trapping behaviors of the sanitizers ought to be different. Because the primary purpose of the `-fsanitize=cfi*` flags is to enable a security hardening mechanism, they should trap by default. UBSan's primary purpose is to catch and report issues during development, so it makes sense for it to diagnose by default.

`-fsanitize-recover=` doesn't do exactly what we want for CFI, either. UBSan with recovery disabled still emits diagnostics, and if we wanted CFI to have the same behaviour it would introduce a dependency on RTTI and a runtime library, both things we would like to avoid in CFI in order to reduce binary size overhead.

I agree with you that it does seem weird for `cfi-diag` to look like a sanitizer. It does seem that something like `-fsanitize-trap=` (with appropriate defaults for the various sanitizers) may be the best option.



More information about the cfe-commits mailing list