[PATCH] D66712: [Driver] Enable ShadowCallStack, not SafeStack, by default on AArch64 Fuchsia
Roland McGrath via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sat Aug 24 23:12:09 PDT 2019
mcgrathr created this revision.
Herald added subscribers: cfe-commits, cryptoad, kristof.beyls, javed.absar.
Herald added a project: clang.
On AArch64, Fuchsia fully supports both SafeStack and ShadowCallStack ABIs.
The latter is now preferred and will be the default. It's possible to
enable both simultaneously, but ShadowCallStack is believed to have most
of the practical benefit of SafeStack with less cost.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D66712
Files:
clang/lib/Driver/ToolChains/Fuchsia.cpp
clang/test/Driver/fuchsia.c
Index: clang/test/Driver/fuchsia.c
===================================================================
--- clang/test/Driver/fuchsia.c
+++ clang/test/Driver/fuchsia.c
@@ -13,7 +13,8 @@
// CHECK: "-resource-dir" "[[RESOURCE_DIR:[^"]+]]"
// CHECK: "-isysroot" "[[SYSROOT:[^"]+]]"
// CHECK: "-internal-externc-isystem" "[[SYSROOT]]{{/|\\\\}}include"
-// CHECK: "-fsanitize=safe-stack"
+// CHECK-AARCH64: "-fsanitize=shadow-call-stack"
+// CHECK-X86_64: "-fsanitize=safe-stack"
// CHECK: "-stack-protector" "2"
// CHECK: "-fno-common"
// CHECK: {{.*}}ld.lld{{.*}}" "-z" "rodynamic" "-z" "separate-code"
@@ -102,7 +103,7 @@
// RUN: -fuse-ld=lld \
// RUN: | FileCheck %s -check-prefix=CHECK-ASAN-AARCH64
// CHECK-ASAN-AARCH64: "-resource-dir" "[[RESOURCE_DIR:[^"]+]]"
-// CHECK-ASAN-AARCH64: "-fsanitize=address"
+// CHECK-ASAN-AARCH64: "-fsanitize=address,shadow-call-stack"
// CHECK-ASAN-AARCH64: "-fsanitize-address-globals-dead-stripping"
// CHECK-ASAN-AARCH64: "-dynamic-linker" "asan/ld.so.1"
// CHECK-ASAN-AARCH64: "[[RESOURCE_DIR]]{{/|\\\\}}lib{{/|\\\\}}aarch64-fuchsia{{/|\\\\}}libclang_rt.asan.so"
@@ -134,7 +135,7 @@
// RUN: -fuse-ld=lld \
// RUN: | FileCheck %s -check-prefix=CHECK-FUZZER-AARCH64
// CHECK-FUZZER-AARCH64: "-resource-dir" "[[RESOURCE_DIR:[^"]+]]"
-// CHECK-FUZZER-AARCH64: "-fsanitize=fuzzer,fuzzer-no-link,safe-stack"
+// CHECK-FUZZER-AARCH64: "-fsanitize=fuzzer,fuzzer-no-link,shadow-call-stack"
// CHECK-FUZZER-AARCH64: "[[RESOURCE_DIR]]{{/|\\\\}}lib{{/|\\\\}}aarch64-fuchsia{{/|\\\\}}libclang_rt.fuzzer.a"
// RUN: %clang %s -### --target=x86_64-fuchsia \
@@ -153,7 +154,7 @@
// RUN: -fuse-ld=lld \
// RUN: | FileCheck %s -check-prefix=CHECK-SCUDO-AARCH64
// CHECK-SCUDO-AARCH64: "-resource-dir" "[[RESOURCE_DIR:[^"]+]]"
-// CHECK-SCUDO-AARCH64: "-fsanitize=safe-stack,scudo"
+// CHECK-SCUDO-AARCH64: "-fsanitize=shadow-call-stack,scudo"
// CHECK-SCUDO-AARCH64: "-pie"
// CHECK-SCUDO-AARCH64: "[[RESOURCE_DIR]]{{/|\\\\}}lib{{/|\\\\}}aarch64-fuchsia{{/|\\\\}}libclang_rt.scudo.so"
Index: clang/lib/Driver/ToolChains/Fuchsia.cpp
===================================================================
--- clang/lib/Driver/ToolChains/Fuchsia.cpp
+++ clang/lib/Driver/ToolChains/Fuchsia.cpp
@@ -343,5 +343,10 @@
}
SanitizerMask Fuchsia::getDefaultSanitizers() const {
- return SanitizerKind::SafeStack;
+ SanitizerMask Res;
+ if (getTriple().getArch() == llvm::Triple::aarch64)
+ Res |= SanitizerKind::ShadowCallStack;
+ else
+ Res |= SanitizerKind::SafeStack;
+ return Res;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D66712.217034.patch
Type: text/x-patch
Size: 2560 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190825/3de8aab2/attachment.bin>
More information about the cfe-commits
mailing list