[clang] 2b7daaf - [sanitizer][CFI] Add support to build CFI with sanitize-coverage (#131296)

Wed, 02 Apr 2025 06:06:10 -0700 

Author: Maxim Zhukov
Date: 2025-04-02T16:05:44+03:00
New Revision: 2b7daaf9678181959982b219db0af106f4ef8e3e

URL: 
https://github.com/llvm/llvm-project/commit/2b7daaf9678181959982b219db0af106f4ef8e3e
DIFF: 
https://github.com/llvm/llvm-project/commit/2b7daaf9678181959982b219db0af106f4ef8e3e.diff

LOG: [sanitizer][CFI] Add support to build CFI with sanitize-coverage (#131296)

Added ability to build together with -fsanitize=cfi and
-fsanitize-coverage=trace-cmp at the same time.

Added: 
    

Modified: 
    clang/lib/Driver/SanitizerArgs.cpp
    clang/test/CodeGen/sanitize-coverage.c
    clang/test/Driver/fsanitize-coverage.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/Driver/SanitizerArgs.cpp 
b/clang/lib/Driver/SanitizerArgs.cpp
index 6e75001585c61..3c7cd562a14e3 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -54,7 +54,8 @@ static const SanitizerMask SupportsCoverage =
     SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
     SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
     SanitizerKind::Thread | SanitizerKind::ObjCCast | SanitizerKind::KCFI |
-    SanitizerKind::NumericalStability | SanitizerKind::Vptr;
+    SanitizerKind::NumericalStability | SanitizerKind::Vptr |
+    SanitizerKind::CFI;
 static const SanitizerMask RecoverableByDefault =
     SanitizerKind::Undefined | SanitizerKind::Integer |
     SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |

diff  --git a/clang/test/CodeGen/sanitize-coverage.c 
b/clang/test/CodeGen/sanitize-coverage.c
index cb1ed939d4a93..90892fc0dae06 100644
--- a/clang/test/CodeGen/sanitize-coverage.c
+++ b/clang/test/CodeGen/sanitize-coverage.c
@@ -5,6 +5,7 @@
 // RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S 
-fsanitize=thread     -fsanitize-coverage=trace-pc,trace-cmp -o - | FileCheck 
%s --check-prefixes=CHECK,TSAN
 // RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S 
-fsanitize=undefined  -fsanitize-coverage=trace-pc,trace-cmp -o - | FileCheck 
%s --check-prefixes=CHECK,UBSAN
 // RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S 
-fsanitize=kcfi       -fsanitize-coverage=trace-pc,trace-cmp -o - | FileCheck 
%s --check-prefixes=CHECK,KCFI
+// RUN: %clang %s -target x86_64-unknown-linux-gnu -emit-llvm -S 
-fsanitize=cfi        -fsanitize-coverage=trace-pc,trace-cmp -flto 
-fvisibility=default -fno-sanitize-trap=cfi -fno-sanitize-ignorelist 
-resource-dir=/dev/null -o - | FileCheck %s --check-prefixes=CHECK,CFI
 
 int x[10];
 extern void (*f)(void);
@@ -21,6 +22,7 @@ void foo(int n) {
   if (n)
     x[n] = 42;
   // KCFI-DAG: call void %[[#]]() [ "kcfi"(i32 {{.*}}) ]
+  // CFI-DAG: call void @__ubsan_handle_cfi_check_fail_abort
   f();
 }
 
@@ -47,6 +49,7 @@ __attribute__((no_sanitize("coverage"))) void 
test_no_sanitize_coverage(int n) {
   if (n)
     x[n] = 42;
   // KCFI-DAG: call void %[[#]]() [ "kcfi"(i32 {{.*}}) ]
+  // CFI-DAG: call void @__ubsan_handle_cfi_check_fail_abort
   f();
 }
 
@@ -94,6 +97,14 @@ void test_no_sanitize_kcfi(void) {
   f();
 }
 
+// CHECK-LABEL: define dso_local void @test_no_sanitize_cfi(
+__attribute__((no_sanitize("cfi", "coverage")))
+void test_no_sanitize_cfi(void) {
+  // CHECK-NOT: call void @__sanitizer_cov_trace
+  // CFI-NOT: call void @__ubsan_handle_cfi_check_fail_abort
+  f();
+}
+
 // CHECK-LABEL: define dso_local void @test_no_sanitize_always_inline(
 __attribute__((no_sanitize("coverage")))
 void test_no_sanitize_always_inline(int n) {

diff  --git a/clang/test/Driver/fsanitize-coverage.c 
b/clang/test/Driver/fsanitize-coverage.c
index c2de897f80eeb..dc4c39396d45c 100644
--- a/clang/test/Driver/fsanitize-coverage.c
+++ b/clang/test/Driver/fsanitize-coverage.c
@@ -17,6 +17,7 @@
 // RUN: %clang --target=x86_64-linux-gnu -fsanitize=dataflow 
-fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s 
--check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=x86_64-linux-gnu -fsanitize=thread 
-fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s 
--check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=x86_64-linux-gnu -fsanitize=kcfi 
-fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s 
--check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
+// RUN: %clang --target=x86_64-linux-gnu -fsanitize=cfi 
-fsanitize-coverage=func,trace-pc -flto -fvisibility=default 
-fno-sanitize-ignorelist -resource-dir=/dev/null %s -### 2>&1 | FileCheck %s 
--check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=%itanium_abi_triple -fsanitize=float-divide-by-zero 
-fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s 
--check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // RUN: %clang --target=x86_64-linux-gnu                     
-fsanitize-coverage=func,trace-pc %s -### 2>&1 | FileCheck %s 
--check-prefix=CHECK-SANITIZE-COVERAGE-FUNC
 // CHECK-SANITIZE-COVERAGE-FUNC: fsanitize-coverage-type=1


        
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to