[clang] [sanitizer][CFI] Add support to build CFI with sanitize-coverage (PR #131296)

Maxim Zhukov via cfe-commits cfe-commits at lists.llvm.org
Fri Mar 14 04:59:02 PDT 2025 

https://github.com/Mephistophiles updated https://github.com/llvm/llvm-project/pull/131296

>From d9d8e52c91a8c8132d3f5384838bea0bc51a64e3 Mon Sep 17 00:00:00 2001
From: Maxim Zhukov <mussitantesmortem at gmail.com>
Date: Fri, 14 Mar 2025 12:12:25 +0300
Subject: [PATCH 1/2] [sanitizer][CFI] Add support to build CFI with
 sanitize-coverage

Added ability to build together with -fsanitize=cfi and
-fsanitize-coverage=trace-cmp at the same time.
---
 clang/lib/Driver/SanitizerArgs.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp
index 6e75001585c61..3c7cd562a14e3 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -54,7 +54,8 @@ static const SanitizerMask SupportsCoverage =
     SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
     SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
     SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI |
-    SanitizerKind::NumericalStability | SanitizerKind::Vptr;
+    SanitizerKind::NumericalStability | SanitizerKind::Vptr |
+    SanitizerKind::CFI;
 static const SanitizerMask RecoverableByDefault =
     SanitizerKind::Undefined | SanitizerKind::Integer |
     SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |

>From 08aaff7d4005639fa0bd1dbca9ec89ee80062052 Mon Sep 17 00:00:00 2001
From: Maxim Zhukov <mussitantesmortem at gmail.com>
Date: Fri, 14 Mar 2025 12:12:25 +0300
Subject: [PATCH 2/2] [sanitizer][CFI] Add support to build CFI with
 sanitize-coverage

Added ability to build together with -fsanitize=cfi and
-fsanitize-coverage=trace-cmp at the same time.
---
 clang/test/CodeGen/sanitize-coverage.c | 11 +++++++++++
 clang/test/Driver/fsanitize-coverage.c |  1 +
 2 files changed, 12 insertions(+)

diff --git a/clang/test/CodeGen/sanitize-coverage.c b/clang/test/CodeGen/sanitize-coverage.c
index cb1ed939d4a93..90892fc0dae06 100644
--- a/clang/test/CodeGen/sanitize-coverage.c
+++ b/clang/test/CodeGen/sanitize-coverage.c
@@ -5,6 +5,7 @@
 // RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S -fsanitize=thread     -fsanitize-coverage=trace-pc,trace-cmp -o - | FileCheck %s --check-prefixes=CHECK,TSAN
 // RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S -fsanitize=undefined  -fsanitize-coverage=trace-pc,trace-cmp -o - | FileCheck %s --check-prefixes=CHECK,UBSAN
 // RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S -fsanitize=kcfi       -fsanitize-coverage=trace-pc,trace-cmp -o - | FileCheck %s --check-prefixes=CHECK,KCFI
+// RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S -fsanitize=cfi        -fsanitize-coverage=trace-pc,trace-cmp -flto -fvisibility=default -fno-sanitize-trap=cfi -fno-sanitize-ignorelist -resource-dir=/dev/null -o - | FileCheck %s --check-prefixes=CHECK,CFI
 
 int x[10];
 extern void (*f)(void);
@@ -21,6 +22,7 @@ void foo(int n) {
   if (n)
     x[n] = 42;
   // KCFI-DAG: call void %[[#]]() [ "kcfi"(i32 {{.*}}) ]
+  // CFI-DAG: call void @__ubsan_handle_cfi_check_fail_abort
   f();
 }
 
@@ -47,6 +49,7 @@ __attribute__((no_sanitize("coverage"))) void test_no_sanitize_coverage(int n) {
   if (n)
     x[n] = 42;
   // KCFI-DAG: call void %[[#]]() [ "kcfi"(i32 {{.*}}) ]
+  // CFI-DAG: call void @__ubsan_handle_cfi_check_fail_abort
   f();
 }
 
@@ -94,6 +97,14 @@ void test_no_sanitize_kcfi(void) {
   f();
 }
 
+// CHECK-LABEL: define dso_local void @test_no_sanitize_cfi(
+__attribute__((no_sanitize("cfi", "coverage")))
+void test_no_sanitize_cfi(void) {
+  // CHECK-NOT: call void @__sanitizer_cov_trace
+  // CFI-NOT: call void @__ubsan_handle_cfi_check_fail_abort
+  f();
+}
+
 // CHECK-LABEL: define dso_local void @test_no_sanitize_always_inline(
 __attribute__((no_sanitize("coverage")))
 void test_no_sanitize_always_inline(int n) {
diff --git a/clang/test/Driver/fsanitize-coverage.c b/clang/test/Driver/fsanitize-coverage.c
index c2de897f80eeb..dc4c39396d45c 100644
--- a/clang/test/Driver/fsanitize-coverage.c
+++ b/clang/test/Driver/fsanitize-coverage.c
@@ -17,6 +17,7 @@
 // RUN: %clang --target=x86_64-linux-gnu -fsanitize=dataflow -fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=x86_64-linux-gnu -fsanitize=thread -fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=x86_64-linux-gnu -fsanitize=kcfi -fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
+// RUN: %clang --target=x86_64-linux-gnu -fsanitize=cfi -fsanitize-coverage=func,trace-pc -flto -fvisibility=default -fno-sanitize-ignorelist -resource-dir=/dev/null %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=%itanium_abi_triple -fsanitize=float-divide-by-zero -fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=x86_64-linux-gnu                     -fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // CHECK-SANITIZE-COVERAGE-FUNC: fsanitize-coverage-type=1

More information about the cfe-commits mailing list