reference, declarationdefinition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced

    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120
  121
  122
  123
  124
  125
  126
  127
  128
  129
  130
  131
  132
  133
  134
  135
  136
  137
  138
  139
  140
  141
  142
  143
  144
  145
  146
  147
  148
  149
  150
  151
  152
  153
  154
  155
  156
  157
  158
  159
  160
  161
  162
  163
  164
  165
  166
  167
  168
  169
  170
  171
  172
  173
  174
  175
  176
  177
  178
  179
  180
  181
  182
  183
  184
  185

//===--- Sanitizers.def - Runtime sanitizer options -------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file defines the options for specifying which runtime sanitizers to
// enable. Users of this file must define the SANITIZER macro to make use of
// this information. Users of this file can also define the SANITIZER_GROUP
// macro to get information on options which refer to sets of sanitizers.
//
//===----------------------------------------------------------------------===//

#ifndef SANITIZER
#error "Define SANITIZER prior to including this file!"
#endif

// SANITIZER(NAME, ID)

// The first value is the name of the sanitizer as a string. The sanitizer can
// be enabled by specifying -fsanitize=NAME.

// The second value is an identifier which can be used to refer to the
// sanitizer.


// SANITIZER_GROUP(NAME, ID, ALIAS)

// The first two values have the same semantics as the corresponding SANITIZER
// values. The third value is an expression ORing together the IDs of individual
// sanitizers in this group.

#ifndef SANITIZER_GROUP
#define SANITIZER_GROUP(NAME, ID, ALIAS)
#endif


// AddressSanitizer
SANITIZER("address", Address)

// Requires AddressSanitizer
SANITIZER("pointer-compare", PointerCompare)

// Requires AddressSanitizer
SANITIZER("pointer-subtract", PointerSubtract)

// Kernel AddressSanitizer (KASan)
SANITIZER("kernel-address", KernelAddress)

// Hardware-assisted AddressSanitizer
SANITIZER("hwaddress", HWAddress)

// Kernel Hardware-assisted AddressSanitizer (KHWASan)
SANITIZER("kernel-hwaddress", KernelHWAddress)

// A variant of AddressSanitizer using AArch64 MTE extension.
SANITIZER("memtag", MemTag)

// MemorySanitizer
SANITIZER("memory", Memory)

// Kernel MemorySanitizer (KMSAN)
SANITIZER("kernel-memory", KernelMemory)

// libFuzzer
SANITIZER("fuzzer", Fuzzer)

// libFuzzer-required instrumentation, no linking.
SANITIZER("fuzzer-no-link", FuzzerNoLink)

// ThreadSanitizer
SANITIZER("thread", Thread)

// LeakSanitizer
SANITIZER("leak", Leak)

// UndefinedBehaviorSanitizer
SANITIZER("alignment", Alignment)
SANITIZER("array-bounds", ArrayBounds)
SANITIZER("bool", Bool)
SANITIZER("builtin", Builtin)
SANITIZER("enum", Enum)
SANITIZER("float-cast-overflow", FloatCastOverflow)
SANITIZER("float-divide-by-zero", FloatDivideByZero)
SANITIZER("function", Function)
SANITIZER("integer-divide-by-zero", IntegerDivideByZero)
SANITIZER("nonnull-attribute", NonnullAttribute)
SANITIZER("null", Null)
SANITIZER("nullability-arg", NullabilityArg)
SANITIZER("nullability-assign", NullabilityAssign)
SANITIZER("nullability-return", NullabilityReturn)
SANITIZER_GROUP("nullability", Nullability,
                NullabilityArg | NullabilityAssign | NullabilityReturn)
SANITIZER("object-size", ObjectSize)
SANITIZER("pointer-overflow", PointerOverflow)
SANITIZER("return", Return)
SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute)
SANITIZER("shift-base", ShiftBase)
SANITIZER("shift-exponent", ShiftExponent)
SANITIZER_GROUP("shift", Shift, ShiftBase | ShiftExponent)
SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
SANITIZER("unreachable", Unreachable)
SANITIZER("vla-bound", VLABound)
SANITIZER("vptr", Vptr)

// IntegerSanitizer
SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)

// DataFlowSanitizer
SANITIZER("dataflow", DataFlow)

// Control Flow Integrity
SANITIZER("cfi-cast-strict", CFICastStrict)
SANITIZER("cfi-derived-cast", CFIDerivedCast)
SANITIZER("cfi-icall", CFIICall)
SANITIZER("cfi-mfcall", CFIMFCall)
SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast)
SANITIZER("cfi-nvcall", CFINVCall)
SANITIZER("cfi-vcall", CFIVCall)
SANITIZER_GROUP("cfi", CFI,
                CFIDerivedCast | CFIICall | CFIMFCall | CFIUnrelatedCast |
                    CFINVCall | CFIVCall)

// Safe Stack
SANITIZER("safe-stack", SafeStack)

// Shadow Call Stack
SANITIZER("shadow-call-stack", ShadowCallStack)

// -fsanitize=undefined includes all the sanitizers which have low overhead, no
// ABI or address space layout implications, and only catch undefined behavior.
SANITIZER_GROUP("undefined", Undefined,
                Alignment | Bool | Builtin | ArrayBounds | Enum |
                    FloatCastOverflow |
                    IntegerDivideByZero | NonnullAttribute | Null | ObjectSize |
                    PointerOverflow | Return | ReturnsNonnullAttribute | Shift |
                    SignedIntegerOverflow | Unreachable | VLABound | Function |
                    Vptr)

// -fsanitize=undefined-trap is an alias for -fsanitize=undefined.
SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined)

// ImplicitConversionSanitizer
SANITIZER("implicit-unsigned-integer-truncation",
          ImplicitUnsignedIntegerTruncation)
SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation)
SANITIZER_GROUP("implicit-integer-truncation", ImplicitIntegerTruncation,
                ImplicitUnsignedIntegerTruncation |
                    ImplicitSignedIntegerTruncation)

SANITIZER("implicit-integer-sign-change", ImplicitIntegerSignChange)

SANITIZER_GROUP("implicit-integer-arithmetic-value-change",
                ImplicitIntegerArithmeticValueChange,
                ImplicitIntegerSignChange | ImplicitSignedIntegerTruncation)

// FIXME:
//SANITIZER_GROUP("implicit-integer-conversion", ImplicitIntegerConversion,
//                ImplicitIntegerArithmeticValueChange |
//                    ImplicitUnsignedIntegerTruncation)
//SANITIZER_GROUP("implicit-conversion", ImplicitConversion,
//                ImplicitIntegerConversion)

SANITIZER_GROUP("implicit-conversion", ImplicitConversion,
                ImplicitIntegerArithmeticValueChange |
                    ImplicitUnsignedIntegerTruncation)

SANITIZER_GROUP("integer", Integer,
                ImplicitConversion | IntegerDivideByZero | Shift |
                    SignedIntegerOverflow | UnsignedIntegerOverflow)

SANITIZER("local-bounds", LocalBounds)
SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds)

// Scudo hardened allocator
SANITIZER("scudo", Scudo)

// Magic group, containing all sanitizers. For example, "-fno-sanitize=all"
// can be used to disable all the sanitizers.
SANITIZER_GROUP("all", All, ~SanitizerMask())

#undef SANITIZER
#undef SANITIZER_GROUP