include/clang/Basic/Sanitizers.def


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

//===--- Sanitizers.def - Runtime sanitizer options -------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file defines the options for specifying which runtime sanitizers to
// enable. Users of this file must define the SANITIZER macro to make use of
// this information. Users of this file can also define the SANITIZER_GROUP
// macro to get information on options which refer to sets of sanitizers.
//
//===----------------------------------------------------------------------===//

#ifndef SANITIZER
#error "Define SANITIZER prior to including this file!"
#endif

// SANITIZER(NAME, ID)

// The first value is the name of the sanitizer as a string. The sanitizer can
// be enabled by specifying -fsanitize=NAME.

// The second value is an identifier which can be used to refer to the
// sanitizer.


// SANITIZER_GROUP(NAME, ID, ALIAS)

// The first two values have the same semantics as the corresponding SANITIZER
// values. The third value is an expression ORing together the IDs of individual
// sanitizers in this group.

#ifndef SANITIZER_GROUP
#define SANITIZER_GROUP(NAME, ID, ALIAS)
#endif


// AddressSanitizer
SANITIZER("address", Address)

// Requires AddressSanitizer
SANITIZER("pointer-compare", PointerCompare)

// Requires AddressSanitizer
SANITIZER("pointer-subtract", PointerSubtract)

// Kernel AddressSanitizer (KASan)
SANITIZER("kernel-address", KernelAddress)

// Hardware-assisted AddressSanitizer
SANITIZER("hwaddress", HWAddress)

// Kernel Hardware-assisted AddressSanitizer (KHWASan)
SANITIZER("kernel-hwaddress", KernelHWAddress)

// MemorySanitizer
SANITIZER("memory", Memory)

// Kernel MemorySanitizer (KMSAN)
SANITIZER("kernel-memory", KernelMemory)

// libFuzzer
SANITIZER("fuzzer", Fuzzer)

// libFuzzer-required instrumentation, no linking.
SANITIZER("fuzzer-no-link", FuzzerNoLink)

// ThreadSanitizer
SANITIZER("thread", Thread)

// LeakSanitizer
SANITIZER("leak", Leak)

// UndefinedBehaviorSanitizer
SANITIZER("alignment", Alignment)
SANITIZER("array-bounds", ArrayBounds)
SANITIZER("bool", Bool)
SANITIZER("builtin", Builtin)
SANITIZER("enum", Enum)
SANITIZER("float-cast-overflow", FloatCastOverflow)
SANITIZER("float-divide-by-zero", FloatDivideByZero)
SANITIZER("function", Function)
SANITIZER("integer-divide-by-zero", IntegerDivideByZero)
SANITIZER("nonnull-attribute", NonnullAttribute)
SANITIZER("null", Null)
SANITIZER("nullability-arg", NullabilityArg)
SANITIZER("nullability-assign", NullabilityAssign)
SANITIZER("nullability-return", NullabilityReturn)
SANITIZER_GROUP("nullability", Nullability,
                NullabilityArg | NullabilityAssign | NullabilityReturn)
SANITIZER("object-size", ObjectSize)
SANITIZER("pointer-overflow", PointerOverflow)
SANITIZER("return", Return)
SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute)
SANITIZER("shift-base", ShiftBase)
SANITIZER("shift-exponent", ShiftExponent)
SANITIZER_GROUP("shift", Shift, ShiftBase | ShiftExponent)
SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
SANITIZER("unreachable", Unreachable)
SANITIZER("vla-bound", VLABound)
SANITIZER("vptr", Vptr)

// IntegerSanitizer
SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)

// DataFlowSanitizer
SANITIZER("dataflow", DataFlow)

// Control Flow Integrity
SANITIZER("cfi-cast-strict", CFICastStrict)
SANITIZER("cfi-derived-cast", CFIDerivedCast)
SANITIZER("cfi-icall", CFIICall)
SANITIZER("cfi-mfcall", CFIMFCall)
SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast)
SANITIZER("cfi-nvcall", CFINVCall)
SANITIZER("cfi-vcall", CFIVCall)
SANITIZER_GROUP("cfi", CFI,
                CFIDerivedCast | CFIICall | CFIMFCall | CFIUnrelatedCast |
                    CFINVCall | CFIVCall)

// Safe Stack
SANITIZER("safe-stack", SafeStack)

// Shadow Call Stack
SANITIZER("shadow-call-stack", ShadowCallStack)

// -fsanitize=undefined includes all the sanitizers which have low overhead, no
// ABI or address space layout implications, and only catch undefined behavior.
SANITIZER_GROUP("undefined", Undefined,
                Alignment | Bool | Builtin | ArrayBounds | Enum |
                    FloatCastOverflow | FloatDivideByZero |
                    IntegerDivideByZero | NonnullAttribute | Null | ObjectSize |
                    PointerOverflow | Return | ReturnsNonnullAttribute | Shift |
                    SignedIntegerOverflow | Unreachable | VLABound | Function |
                    Vptr)

// -fsanitize=undefined-trap is an alias for -fsanitize=undefined.
SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined)

// ImplicitConversionSanitizer
SANITIZER("implicit-unsigned-integer-truncation",
          ImplicitUnsignedIntegerTruncation)
SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation)
SANITIZER_GROUP("implicit-integer-truncation", ImplicitIntegerTruncation,
                ImplicitUnsignedIntegerTruncation |
                    ImplicitSignedIntegerTruncation)

SANITIZER("implicit-integer-sign-change", ImplicitIntegerSignChange)

SANITIZER_GROUP("implicit-integer-arithmetic-value-change",
                ImplicitIntegerArithmeticValueChange,
                ImplicitIntegerSignChange | ImplicitSignedIntegerTruncation)

// FIXME:
//SANITIZER_GROUP("implicit-integer-conversion", ImplicitIntegerConversion,
//                ImplicitIntegerArithmeticValueChange |
//                    ImplicitUnsignedIntegerTruncation)
//SANITIZER_GROUP("implicit-conversion", ImplicitConversion,
//                ImplicitIntegerConversion)

SANITIZER_GROUP("implicit-conversion", ImplicitConversion,
                ImplicitIntegerArithmeticValueChange |
                    ImplicitUnsignedIntegerTruncation)

SANITIZER_GROUP("integer", Integer,
                ImplicitConversion | IntegerDivideByZero | Shift |
                    SignedIntegerOverflow | UnsignedIntegerOverflow)

SANITIZER("local-bounds", LocalBounds)
SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds)

// Scudo hardened allocator
SANITIZER("scudo", Scudo)

// Magic group, containing all sanitizers. For example, "-fno-sanitize=all"
// can be used to disable all the sanitizers.
SANITIZER_GROUP("all", All, ~SanitizerMask())

#undef SANITIZER
#undef SANITIZER_GROUP