[PATCH] D32043: [Driver] Load all necessary default sanitizer blacklists

Vedant Kumar via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Apr 13 13:48:22 PDT 2017 

vsk created this revision.

This patch removes a limitation which causes us to load at most one
default sanitizer blacklist when multiple sanitizers are enabled. E.g if
asan + cfi are enabled, and default blacklists for both sanitizers are
present, we would only load one of the blacklists.

The new behavior would be to load all available default blacklists for
enabled sanitizers.


https://reviews.llvm.org/D32043

Files:
  lib/Driver/SanitizerArgs.cpp
  test/Driver/Inputs/resource_dir/cfi_blacklist.txt
  test/Driver/fsanitize-blacklist.c


Index: test/Driver/fsanitize-blacklist.c
===================================================================
--- test/Driver/fsanitize-blacklist.c
+++ test/Driver/fsanitize-blacklist.c
@@ -20,9 +20,20 @@
 // CHECK-BLACKLIST2: -fdepfile-entry={{.*}}.good" "-fdepfile-entry={{.*}}.second
 
 // Check that the default blacklist is not added as an extra dependency.
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-BLACKLIST --implicit-check-not=fdepfile-entry
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -resource-dir=%S/Inputs/resource_dir %s -### &> %t.cc1_asan
+// RUN: FileCheck %s --check-prefix=CHECK-DEFAULT-BLACKLIST --implicit-check-not=fdepfile-entry -input-file %t.cc1_asan
 // CHECK-DEFAULT-BLACKLIST: -fsanitize-blacklist={{.*}}asan_blacklist.txt
 
+// Check that default blacklists are not added unless the matching sanitizer is
+// enabled, even if the blacklist exists.
+// RUN: FileCheck %s --implicit-check-not=cfi_blacklist.txt -input-file %t.cc1_asan
+
+// Check that we can add multiple default blacklists if the matching sanitizers
+// are enabled.
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=address,cfi -flto -fvisibility=hidden -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=MULTIPLE-DEFAULT-BLACKLISTS
+// MULTIPLE-DEFAULT-BLACKLISTS-DAG: -fsanitize-blacklist={{.*}}asan_blacklist.txt
+// MULTIPLE-DEFAULT-BLACKLISTS-DAG: -fsanitize-blacklist={{.*}}cfi_blacklist.txt
+
 // Ignore -fsanitize-blacklist flag if there is no -fsanitize flag.
 // RUN: %clang -target x86_64-linux-gnu -fsanitize-blacklist=%t.good %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-SANITIZE --check-prefix=DELIMITERS
 // CHECK-NO-SANITIZE-NOT: -fsanitize-blacklist
Index: lib/Driver/SanitizerArgs.cpp
===================================================================
--- lib/Driver/SanitizerArgs.cpp
+++ lib/Driver/SanitizerArgs.cpp
@@ -85,27 +85,24 @@
 /// Sanitizers set.
 static std::string toString(const clang::SanitizerSet &Sanitizers);
 
-static bool getDefaultBlacklist(const Driver &D, SanitizerMask Kinds,
-                                std::string &BLPath) {
-  const char *BlacklistFile = nullptr;
-  if (Kinds & Address)
-    BlacklistFile = "asan_blacklist.txt";
-  else if (Kinds & Memory)
-    BlacklistFile = "msan_blacklist.txt";
-  else if (Kinds & Thread)
-    BlacklistFile = "tsan_blacklist.txt";
-  else if (Kinds & DataFlow)
-    BlacklistFile = "dfsan_abilist.txt";
-  else if (Kinds & CFI)
-    BlacklistFile = "cfi_blacklist.txt";
-
-  if (BlacklistFile) {
+/// Add default blacklists from the resource directory.
+static void findDefaultBlacklists(const Driver &D, SanitizerMask Kinds,
+                                  std::vector<std::string> &BlacklistFiles) {
+  const std::pair<SanitizerMask, const char *> DefaultBlacklists[] = {
+      {Address, "asan_blacklist.txt"},
+      {Memory, "msan_blacklist.txt"},
+      {Thread, "tsan_blacklist.txt"},
+      {DataFlow, "dfsan_abilist.txt"},
+      {CFI, "cfi_blacklist.txt"}};
+  for (const auto &BL : DefaultBlacklists) {
+    if (!(Kinds & BL.first))
+      continue;
+
     clang::SmallString<64> Path(D.ResourceDir);
-    llvm::sys::path::append(Path, BlacklistFile);
-    BLPath = Path.str();
-    return true;
+    llvm::sys::path::append(Path, BL.second);
+    if (llvm::sys::fs::exists(Path))
+      BlacklistFiles.push_back(Path.str());
   }
-  return false;
 }
 
 /// Sets group bits for every group that has at least one representative already
@@ -382,12 +379,8 @@
   TrappingKinds &= Kinds;
 
   // Setup blacklist files.
-  // Add default blacklist from resource directory.
-  {
-    std::string BLPath;
-    if (getDefaultBlacklist(D, Kinds, BLPath) && llvm::sys::fs::exists(BLPath))
-      BlacklistFiles.push_back(BLPath);
-  }
+  findDefaultBlacklists(D, Kinds, BlacklistFiles);
+
   // Parse -f(no-)sanitize-blacklist options.
   for (const auto *Arg : Args) {
     if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) {


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D32043.95199.patch
Type: text/x-patch
Size: 4099 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170413/89480e64/attachment-0001.bin>

More information about the cfe-commits mailing list