[clang] Implement src:*=sanitize for UBSan (PR #139772)

Tue, 13 May 2025 11:05:50 -0700 

https://github.com/qinkunbao created 
https://github.com/llvm/llvm-project/pull/139772

It is a draft implementation for "src:*=sanitize". It should be applied to all 
sanitizers.

Any srcs assigned to the sanitize category will have their sanitizer 
instrumentation remained ignored by "src:".  For example,

```
src:*
src:*/test1.c=sanitize
```

`test1.c` will still have the UBSan instrumented.

However
```
type:int
src:*/test1.c=sanitize
```
`test1.c` does not have the int type check. 



>From 508f81a2bc09017a70897d1d29ed65627e6fe77d Mon Sep 17 00:00:00 2001
From: Qinkun Bao <qin...@google.com>
Date: Tue, 13 May 2025 17:16:53 +0000
Subject: [PATCH] Implement src:*=sanitize for UBSan

---
 clang/lib/Basic/NoSanitizeList.cpp            |  3 ++-
 .../ubsan-src-ignorelist-category.test        | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 clang/test/CodeGen/ubsan-src-ignorelist-category.test

diff --git a/clang/lib/Basic/NoSanitizeList.cpp 
b/clang/lib/Basic/NoSanitizeList.cpp
index e7e63c1f419e6..c4db5a5a211d2 100644
--- a/clang/lib/Basic/NoSanitizeList.cpp
+++ b/clang/lib/Basic/NoSanitizeList.cpp
@@ -44,7 +44,8 @@ bool NoSanitizeList::containsFunction(SanitizerMask Mask,
 
 bool NoSanitizeList::containsFile(SanitizerMask Mask, StringRef FileName,
                                   StringRef Category) const {
-  return SSCL->inSection(Mask, "src", FileName, Category);
+  bool allowList = SSCL->inSection(Mask, "src", FileName, "sanitize");
+  return SSCL->inSection(Mask, "src", FileName, Category) && !allowList;
 }
 
 bool NoSanitizeList::containsMainFile(SanitizerMask Mask, StringRef FileName,
diff --git a/clang/test/CodeGen/ubsan-src-ignorelist-category.test 
b/clang/test/CodeGen/ubsan-src-ignorelist-category.test
new file mode 100644
index 0000000000000..5242c10bdeec7
--- /dev/null
+++ b/clang/test/CodeGen/ubsan-src-ignorelist-category.test
@@ -0,0 +1,23 @@
+// RUN: rm -rf %t
+// RUN: split-file %s %t
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow 
-fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test1.c -o - | FileCheck 
%s -check-prefix=CHECK-ALLOWLIST
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow 
-fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test2.c -o - | FileCheck 
%s -check-prefix=CHECK-IGNORELIST
+
+
+// Verify ubsan only emits checks for files in the allowlist
+
+//--- src.ignorelist
+src:*
+src:*/test1.c=sanitize
+
+//--- test1.c
+int add1(int a, int b) {
+// CHECK-ALLOWLIST: llvm.sadd.with.overflow.i32
+    return a+b;
+}
+
+//--- test2.c
+int add2(int a, int b) {
+// CHECK-IGNORELIST-NOT: llvm.sadd.with.overflow.i32
+    return a+b;
+}

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to