[clang] Implement src:*=sanitize for UBSan (PR #139772)
Qinkun Bao via cfe-commits
cfe-commits at lists.llvm.org
Tue May 13 11:05:43 PDT 2025
https://github.com/qinkunbao created https://github.com/llvm/llvm-project/pull/139772
It is a draft implementation for "src:*=sanitize". It should be applied to all sanitizers.
Any srcs assigned to the sanitize category will have their sanitizer instrumentation remained ignored by "src:". For example,
```
src:*
src:*/test1.c=sanitize
```
`test1.c` will still have the UBSan instrumented.
However
```
type:int
src:*/test1.c=sanitize
```
`test1.c` does not have the int type check.
>From 508f81a2bc09017a70897d1d29ed65627e6fe77d Mon Sep 17 00:00:00 2001
From: Qinkun Bao <qinkun at google.com>
Date: Tue, 13 May 2025 17:16:53 +0000
Subject: [PATCH] Implement src:*=sanitize for UBSan
---
clang/lib/Basic/NoSanitizeList.cpp | 3 ++-
.../ubsan-src-ignorelist-category.test | 23 +++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 clang/test/CodeGen/ubsan-src-ignorelist-category.test
diff --git a/clang/lib/Basic/NoSanitizeList.cpp b/clang/lib/Basic/NoSanitizeList.cpp
index e7e63c1f419e6..c4db5a5a211d2 100644
--- a/clang/lib/Basic/NoSanitizeList.cpp
+++ b/clang/lib/Basic/NoSanitizeList.cpp
@@ -44,7 +44,8 @@ bool NoSanitizeList::containsFunction(SanitizerMask Mask,
bool NoSanitizeList::containsFile(SanitizerMask Mask, StringRef FileName,
StringRef Category) const {
- return SSCL->inSection(Mask, "src", FileName, Category);
+ bool allowList = SSCL->inSection(Mask, "src", FileName, "sanitize");
+ return SSCL->inSection(Mask, "src", FileName, Category) && !allowList;
}
bool NoSanitizeList::containsMainFile(SanitizerMask Mask, StringRef FileName,
diff --git a/clang/test/CodeGen/ubsan-src-ignorelist-category.test b/clang/test/CodeGen/ubsan-src-ignorelist-category.test
new file mode 100644
index 0000000000000..5242c10bdeec7
--- /dev/null
+++ b/clang/test/CodeGen/ubsan-src-ignorelist-category.test
@@ -0,0 +1,23 @@
+// RUN: rm -rf %t
+// RUN: split-file %s %t
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test1.c -o - | FileCheck %s -check-prefix=CHECK-ALLOWLIST
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test2.c -o - | FileCheck %s -check-prefix=CHECK-IGNORELIST
+
+
+// Verify ubsan only emits checks for files in the allowlist
+
+//--- src.ignorelist
+src:*
+src:*/test1.c=sanitize
+
+//--- test1.c
+int add1(int a, int b) {
+// CHECK-ALLOWLIST: llvm.sadd.with.overflow.i32
+ return a+b;
+}
+
+//--- test2.c
+int add2(int a, int b) {
+// CHECK-IGNORELIST-NOT: llvm.sadd.with.overflow.i32
+ return a+b;
+}
More information about the cfe-commits
mailing list