[llvm] 421215b - [SanitizerBinaryMetadata] Support ignore list
Marco Elver via llvm-commits
llvm-commits at lists.llvm.org
Fri Feb 10 01:26:20 PST 2023
Author: Marco Elver
Date: 2023-02-10T10:25:48+01:00
New Revision: 421215b919d037a912cd4fffa73242852da41fc0
URL: https://github.com/llvm/llvm-project/commit/421215b919d037a912cd4fffa73242852da41fc0
DIFF: https://github.com/llvm/llvm-project/commit/421215b919d037a912cd4fffa73242852da41fc0.diff
LOG: [SanitizerBinaryMetadata] Support ignore list
For large projects it will be required to opt out entire subdirectories.
In the absence of fine-grained control over the flags passed via the
build system, introduce -fexperimental-sanitize-metadata-ignorelist=.
The format is identical to other sanitizer ignore lists, and its effect
will be to simply not instrument either functions or entire modules
based on the rules in the ignore list file.
Reviewed By: dvyukov
Differential Revision: https://reviews.llvm.org/D143664
Added:
clang/test/CodeGen/sanitize-metadata-ignorelist.c
clang/test/Driver/fsanitize-metadata-ignorelist.c
Modified:
clang/include/clang/Basic/CodeGenOptions.h
clang/include/clang/Basic/DiagnosticDriverKinds.td
clang/include/clang/Driver/Options.td
clang/include/clang/Driver/SanitizerArgs.h
clang/lib/CodeGen/BackendUtil.cpp
clang/lib/Driver/SanitizerArgs.cpp
llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
Removed:
################################################################################
diff --git a/clang/include/clang/Basic/CodeGenOptions.h b/clang/include/clang/Basic/CodeGenOptions.h
index 4175fe3072ab8..04a516df1911e 100644
--- a/clang/include/clang/Basic/CodeGenOptions.h
+++ b/clang/include/clang/Basic/CodeGenOptions.h
@@ -417,6 +417,11 @@ class CodeGenOptions : public CodeGenOptionsBase {
/// coverage pass should actually not be instrumented.
std::vector<std::string> SanitizeCoverageIgnorelistFiles;
+ /// Path to ignorelist file specifying which objects
+ /// (files, functions) listed for instrumentation by sanitizer
+ /// binary metadata pass should not be instrumented.
+ std::vector<std::string> SanitizeMetadataIgnorelistFiles;
+
/// Name of the stack usage file (i.e., .su file) if user passes
/// -fstack-usage. If empty, it can be implied that -fstack-usage is not
/// passed on the command line.
diff --git a/clang/include/clang/Basic/DiagnosticDriverKinds.td b/clang/include/clang/Basic/DiagnosticDriverKinds.td
index 800819779890a..8d557846c6ff0 100644
--- a/clang/include/clang/Basic/DiagnosticDriverKinds.td
+++ b/clang/include/clang/Basic/DiagnosticDriverKinds.td
@@ -215,6 +215,8 @@ def err_drv_malformed_sanitizer_coverage_allowlist : Error<
"malformed sanitizer coverage allowlist: '%0'">;
def err_drv_malformed_sanitizer_coverage_ignorelist : Error<
"malformed sanitizer coverage ignorelist: '%0'">;
+def err_drv_malformed_sanitizer_metadata_ignorelist : Error<
+ "malformed sanitizer metadata ignorelist: '%0'">;
def err_drv_unsupported_static_ubsan_darwin : Error<
"static UndefinedBehaviorSanitizer runtime is not supported on darwin">;
def err_drv_duplicate_config : Error<
diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 9766a087eb6d9..96904518a51d7 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -1756,6 +1756,10 @@ def fexperimental_sanitize_metadata_EQ : CommaJoined<["-"], "fexperimental-sanit
def fno_experimental_sanitize_metadata_EQ : CommaJoined<["-"], "fno-experimental-sanitize-metadata=">,
Group<f_Group>, Flags<[CoreOption]>,
HelpText<"Disable emitting metadata for binary analysis sanitizers">;
+def fexperimental_sanitize_metadata_ignorelist_EQ : Joined<["-"], "fexperimental-sanitize-metadata-ignorelist=">,
+ Group<f_Group>, Flags<[CoreOption]>,
+ HelpText<"Disable sanitizer metadata for modules and functions that match the provided special case list">,
+ MarshallingInfoStringVector<CodeGenOpts<"SanitizeMetadataIgnorelistFiles">>;
def fsanitize_memory_track_origins_EQ : Joined<["-"], "fsanitize-memory-track-origins=">,
Group<f_clang_Group>,
HelpText<"Enable origins tracking in MemorySanitizer">,
diff --git a/clang/include/clang/Driver/SanitizerArgs.h b/clang/include/clang/Driver/SanitizerArgs.h
index abc5271b0a811..61b7c7f809ae4 100644
--- a/clang/include/clang/Driver/SanitizerArgs.h
+++ b/clang/include/clang/Driver/SanitizerArgs.h
@@ -30,6 +30,7 @@ class SanitizerArgs {
std::vector<std::string> SystemIgnorelistFiles;
std::vector<std::string> CoverageAllowlistFiles;
std::vector<std::string> CoverageIgnorelistFiles;
+ std::vector<std::string> BinaryMetadataIgnorelistFiles;
int CoverageFeatures = 0;
int BinaryMetadataFeatures = 0;
int MsanTrackOrigins = 0;
diff --git a/clang/lib/CodeGen/BackendUtil.cpp b/clang/lib/CodeGen/BackendUtil.cpp
index f38d2347c9723..b03d326dd0654 100644
--- a/clang/lib/CodeGen/BackendUtil.cpp
+++ b/clang/lib/CodeGen/BackendUtil.cpp
@@ -665,7 +665,8 @@ static void addSanitizers(const Triple &TargetTriple,
if (CodeGenOpts.hasSanitizeBinaryMetadata()) {
MPM.addPass(SanitizerBinaryMetadataPass(
- getSanitizerBinaryMetadataOptions(CodeGenOpts)));
+ getSanitizerBinaryMetadataOptions(CodeGenOpts),
+ CodeGenOpts.SanitizeMetadataIgnorelistFiles));
}
auto MSanPass = [&](SanitizerMask Mask, bool CompileKernel) {
diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp
index 800d1e63e56cc..7f7ad238c89f4 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -864,6 +864,16 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC,
}
}
+ // Parse -fsanitize-metadata-ignorelist option if enabled.
+ if (BinaryMetadataFeatures) {
+ parseSpecialCaseListArg(
+ D, Args, BinaryMetadataIgnorelistFiles,
+ options::OPT_fexperimental_sanitize_metadata_ignorelist_EQ,
+ OptSpecifier(), // Cannot clear ignore list, only append.
+ clang::diag::err_drv_malformed_sanitizer_metadata_ignorelist,
+ DiagnoseErrors);
+ }
+
SharedRuntime =
Args.hasFlag(options::OPT_shared_libsan, options::OPT_static_libsan,
TC.getTriple().isAndroid() || TC.getTriple().isOSFuchsia() ||
@@ -1141,6 +1151,9 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
CmdArgs.push_back(
Args.MakeArgString("-fexperimental-sanitize-metadata=" + F.second));
}
+ addSpecialCaseListOpt(Args, CmdArgs,
+ "-fexperimental-sanitize-metadata-ignorelist=",
+ BinaryMetadataIgnorelistFiles);
if (TC.getTriple().isOSWindows() && needsUbsanRt()) {
// Instruct the code generator to embed linker directives in the object file
diff --git a/clang/test/CodeGen/sanitize-metadata-ignorelist.c b/clang/test/CodeGen/sanitize-metadata-ignorelist.c
new file mode 100644
index 0000000000000..9cc9215a9e439
--- /dev/null
+++ b/clang/test/CodeGen/sanitize-metadata-ignorelist.c
@@ -0,0 +1,55 @@
+// RUN: %clang -O -fexperimental-sanitize-metadata=all -target x86_64-gnu-linux -x c -S -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALLOW
+// RUN: echo "fun:foo" > %t.fun
+// RUN: %clang -O -fexperimental-sanitize-metadata=all -fexperimental-sanitize-metadata-ignorelist=%t.fun -target x86_64-gnu-linux -x c -S -emit-llvm %s -o - | FileCheck %s --check-prefixes=FUN
+// RUN: echo "src:%s" > %t.src
+// RUN: %clang -O -fexperimental-sanitize-metadata=all -fexperimental-sanitize-metadata-ignorelist=%t.src -target x86_64-gnu-linux -x c -S -emit-llvm %s -o - | FileCheck %s --check-prefixes=SRC
+
+int y;
+
+// ALLOW-LABEL: define {{[^@]+}}@foo
+// ALLOW-SAME: () local_unnamed_addr #[[ATTR0:[0-9]+]] !pcsections !5 {
+// ALLOW-NEXT: entry:
+// ALLOW-NEXT: [[TMP0:%.*]] = atomicrmw add ptr @y, i32 1 monotonic, align 4, !pcsections !7
+// ALLOW-NEXT: ret void
+//
+// FUN-LABEL: define {{[^@]+}}@foo
+// FUN-SAME: () local_unnamed_addr #[[ATTR0:[0-9]+]] {
+// FUN-NEXT: entry:
+// FUN-NEXT: [[TMP0:%.*]] = atomicrmw add ptr @y, i32 1 monotonic, align 4
+// FUN-NEXT: ret void
+//
+// SRC-LABEL: define {{[^@]+}}@foo
+// SRC-SAME: () local_unnamed_addr #[[ATTR0:[0-9]+]] {
+// SRC-NEXT: entry:
+// SRC-NEXT: [[TMP0:%.*]] = atomicrmw add ptr @y, i32 1 monotonic, align 4
+// SRC-NEXT: ret void
+//
+void foo() {
+ __atomic_fetch_add(&y, 1, __ATOMIC_RELAXED);
+}
+
+// ALLOW-LABEL: define {{[^@]+}}@bar
+// ALLOW-SAME: () local_unnamed_addr #[[ATTR0]] !pcsections !5 {
+// ALLOW-NEXT: entry:
+// ALLOW-NEXT: [[TMP0:%.*]] = atomicrmw add ptr @y, i32 2 monotonic, align 4, !pcsections !7
+// ALLOW-NEXT: ret void
+//
+// FUN-LABEL: define {{[^@]+}}@bar
+// FUN-SAME: () local_unnamed_addr #[[ATTR0]] !pcsections !5 {
+// FUN-NEXT: entry:
+// FUN-NEXT: [[TMP0:%.*]] = atomicrmw add ptr @y, i32 2 monotonic, align 4, !pcsections !7
+// FUN-NEXT: ret void
+//
+// SRC-LABEL: define {{[^@]+}}@bar
+// SRC-SAME: () local_unnamed_addr #[[ATTR0]] {
+// SRC-NEXT: entry:
+// SRC-NEXT: [[TMP0:%.*]] = atomicrmw add ptr @y, i32 2 monotonic, align 4
+// SRC-NEXT: ret void
+//
+void bar() {
+ __atomic_fetch_add(&y, 2, __ATOMIC_RELAXED);
+}
+
+// ALLOW: __sanitizer_metadata_covered.module_ctor
+// FUN: __sanitizer_metadata_covered.module_ctor
+// SRC-NOT: __sanitizer_metadata_covered.module_ctor
diff --git a/clang/test/Driver/fsanitize-metadata-ignorelist.c b/clang/test/Driver/fsanitize-metadata-ignorelist.c
new file mode 100644
index 0000000000000..65a45ccb1404f
--- /dev/null
+++ b/clang/test/Driver/fsanitize-metadata-ignorelist.c
@@ -0,0 +1,14 @@
+// Verify Driver passes on -fsanitize-metadata-ignorelist.
+
+// RUN: echo "fun:foo" > %t.1
+// RUN: echo "fun:bar" > %t.2
+
+// RUN: %clang -target x86_64-linux-gnu -fexperimental-sanitize-metadata=all -fexperimental-sanitize-metadata-ignorelist=%t.1 -fexperimental-sanitize-metadata-ignorelist=%t.2 %s -### 2>&1 | FileCheck %s
+// RUN: %clang -target aarch64-linux-gnu -fexperimental-sanitize-metadata=atomics -fexperimental-sanitize-metadata-ignorelist=%t.1 -fexperimental-sanitize-metadata-ignorelist=%t.2 %s -### 2>&1 | FileCheck %s
+// CHECK: "-fexperimental-sanitize-metadata-ignorelist={{.*}}.1" "-fexperimental-sanitize-metadata-ignorelist={{.*}}.2"
+
+// Verify -fsanitize-metadata-ignorelist flag not passed if there is no -fsanitize-metadata flag.
+// RUN: %clang -target x86_64-linux-gnu -fexperimental-sanitize-metadata-ignorelist=%t.1 -fexperimental-sanitize-metadata-ignorelist=%t.2 %s -### 2>&1 | FileCheck %s --check-prefix=NOSANMD
+// RUN: %clang -target aarch64-linux-gnu -fexperimental-sanitize-metadata-ignorelist=%t.1 -fexperimental-sanitize-metadata-ignorelist=%t.2 %s -### 2>&1 | FileCheck %s --check-prefix=NOSANMD
+// NOSANMD: warning: argument unused during compilation: '-fexperimental-sanitize-metadata-ignorelist
+// NOSANMD-NOT: "-fexperimental-sanitize-metadata-ignorelist
diff --git a/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h b/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
index 6887dd46d624b..800a1d583f801 100644
--- a/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
+++ b/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
@@ -12,6 +12,7 @@
#ifndef LLVM_TRANSFORMS_INSTRUMENTATION_SANITIZERBINARYMETADATA_H
#define LLVM_TRANSFORMS_INSTRUMENTATION_SANITIZERBINARYMETADATA_H
+#include "llvm/ADT/ArrayRef.h"
#include "llvm/IR/Function.h"
#include "llvm/IR/Module.h"
#include "llvm/IR/PassManager.h"
@@ -50,12 +51,14 @@ class SanitizerBinaryMetadataPass
: public PassInfoMixin<SanitizerBinaryMetadataPass> {
public:
explicit SanitizerBinaryMetadataPass(
- SanitizerBinaryMetadataOptions Opts = {});
+ SanitizerBinaryMetadataOptions Opts = {},
+ ArrayRef<std::string> IgnorelistFiles = {});
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM);
static bool isRequired() { return true; }
private:
const SanitizerBinaryMetadataOptions Options;
+ const ArrayRef<std::string> IgnorelistFiles;
};
} // namespace llvm
diff --git a/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp b/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
index 876d7340f1f3c..563d3e4039a9b 100644
--- a/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
+++ b/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
@@ -38,13 +38,16 @@
#include "llvm/Support/Allocator.h"
#include "llvm/Support/CommandLine.h"
#include "llvm/Support/Debug.h"
+#include "llvm/Support/SpecialCaseList.h"
#include "llvm/Support/StringSaver.h"
+#include "llvm/Support/VirtualFileSystem.h"
#include "llvm/TargetParser/Triple.h"
#include "llvm/Transforms/Instrumentation.h"
#include "llvm/Transforms/Utils/ModuleUtils.h"
#include <array>
#include <cstdint>
+#include <memory>
using namespace llvm;
@@ -121,9 +124,11 @@ transformOptionsFromCl(SanitizerBinaryMetadataOptions &&Opts) {
class SanitizerBinaryMetadata {
public:
- SanitizerBinaryMetadata(Module &M, SanitizerBinaryMetadataOptions Opts)
+ SanitizerBinaryMetadata(Module &M, SanitizerBinaryMetadataOptions Opts,
+ std::unique_ptr<SpecialCaseList> Ignorelist)
: Mod(M), Options(transformOptionsFromCl(std::move(Opts))),
- TargetTriple(M.getTargetTriple()), IRB(M.getContext()) {
+ Ignorelist(std::move(Ignorelist)), TargetTriple(M.getTargetTriple()),
+ IRB(M.getContext()) {
// FIXME: Make it work with other formats.
assert(TargetTriple.isOSBinFormatELF() && "ELF only");
}
@@ -168,6 +173,7 @@ class SanitizerBinaryMetadata {
Module &Mod;
const SanitizerBinaryMetadataOptions Options;
+ std::unique_ptr<SpecialCaseList> Ignorelist;
const Triple TargetTriple;
IRBuilder<> IRB;
BumpPtrAllocator Alloc;
@@ -243,6 +249,8 @@ void SanitizerBinaryMetadata::runOn(Function &F, MetadataInfoSet &MIS) {
return;
if (F.hasFnAttribute(Attribute::DisableSanitizerInstrumentation))
return;
+ if (Ignorelist && Ignorelist->inSection("metadata", "fun", F.getName()))
+ return;
// Don't touch available_externally functions, their actual body is elsewhere.
if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
return;
@@ -455,12 +463,20 @@ Twine SanitizerBinaryMetadata::getSectionEnd(StringRef SectionSuffix) {
} // namespace
SanitizerBinaryMetadataPass::SanitizerBinaryMetadataPass(
- SanitizerBinaryMetadataOptions Opts)
- : Options(std::move(Opts)) {}
+ SanitizerBinaryMetadataOptions Opts, ArrayRef<std::string> IgnorelistFiles)
+ : Options(std::move(Opts)), IgnorelistFiles(std::move(IgnorelistFiles)) {}
PreservedAnalyses
SanitizerBinaryMetadataPass::run(Module &M, AnalysisManager<Module> &AM) {
- SanitizerBinaryMetadata Pass(M, Options);
+ std::unique_ptr<SpecialCaseList> Ignorelist;
+ if (!IgnorelistFiles.empty()) {
+ Ignorelist = SpecialCaseList::createOrDie(IgnorelistFiles,
+ *vfs::getRealFileSystem());
+ if (Ignorelist->inSection("metadata", "src", M.getSourceFileName()))
+ return PreservedAnalyses::all();
+ }
+
+ SanitizerBinaryMetadata Pass(M, Options, std::move(Ignorelist));
if (Pass.run())
return PreservedAnalyses::none();
return PreservedAnalyses::all();
More information about the llvm-commits
mailing list