[UBSan] Implement src:*=sanitize for UBSan #140529
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Created using spr 1.3.6
llvmbot
added
clang
|
@llvm/pr-subscribers-clang Author: Qinkun Bao (qinkunbao) ChangesFull diff: https://github.com/llvm/llvm-project/pull/140529.diff 4 Files Affected:
diff --git a/clang/include/clang/Basic/SanitizerSpecialCaseList.h b/clang/include/clang/Basic/SanitizerSpecialCaseList.h
index d024b7dfc2e85..25d518e7128cf 100644
--- a/clang/include/clang/Basic/SanitizerSpecialCaseList.h
+++ b/clang/include/clang/Basic/SanitizerSpecialCaseList.h
@@ -43,13 +43,18 @@ class SanitizerSpecialCaseList : public llvm::SpecialCaseList {
bool inSection(SanitizerMask Mask, StringRef Prefix, StringRef Query,
StringRef Category = StringRef()) const;
+ // Query ignorelisted entries if any bit in Mask matches the entry's section.
+ // Return 0 if not found. If found, return the line number (starts with 1).
+ unsigned inSectionBlame(SanitizerMask Mask, StringRef Prefix, StringRef Query,
+ StringRef Category = StringRef()) const;
+
protected:
// Initialize SanitizerSections.
void createSanitizerSections();
struct SanitizerSection {
SanitizerSection(SanitizerMask SM, SectionEntries &E)
- : Mask(SM), Entries(E){};
+ : Mask(SM), Entries(E) {};
SanitizerMask Mask;
SectionEntries &Entries;
diff --git a/clang/lib/Basic/NoSanitizeList.cpp b/clang/lib/Basic/NoSanitizeList.cpp
index e7e63c1f419e6..811480f914ec5 100644
--- a/clang/lib/Basic/NoSanitizeList.cpp
+++ b/clang/lib/Basic/NoSanitizeList.cpp
@@ -44,6 +44,13 @@ bool NoSanitizeList::containsFunction(SanitizerMask Mask,
bool NoSanitizeList::containsFile(SanitizerMask Mask, StringRef FileName,
StringRef Category) const {
+ unsigned nosanline = SSCL->inSectionBlame(Mask, "src", FileName, Category);
+ unsigned sanline = SSCL->inSectionBlame(Mask, "src", FileName, "sanitize");
+ // If we have two cases such as `src:a.cpp=sanitize` and `src:a.cpp`, the
+ // current entry override the previous entry.
+ if (nosanline > 0 && sanline > 0) {
+ return nosanline > sanline;
+ }
return SSCL->inSection(Mask, "src", FileName, Category);
}
diff --git a/clang/lib/Basic/SanitizerSpecialCaseList.cpp b/clang/lib/Basic/SanitizerSpecialCaseList.cpp
index 2dbf04c6ede97..7da36f3801453 100644
--- a/clang/lib/Basic/SanitizerSpecialCaseList.cpp
+++ b/clang/lib/Basic/SanitizerSpecialCaseList.cpp
@@ -63,3 +63,19 @@ bool SanitizerSpecialCaseList::inSection(SanitizerMask Mask, StringRef Prefix,
return false;
}
+
+unsigned SanitizerSpecialCaseList::inSectionBlame(SanitizerMask Mask,
+ StringRef Prefix,
+ StringRef Query,
+ StringRef Category) const {
+ for (auto &S : SanitizerSections) {
+ if (S.Mask & Mask) {
+ unsigned lineNum =
+ SpecialCaseList::inSectionBlame(S.Entries, Prefix, Query, Category);
+ if (lineNum > 0) {
+ return lineNum;
+ }
+ }
+ }
+ return 0;
+}
diff --git a/clang/test/CodeGen/ubsan-src-ignorelist-category.test b/clang/test/CodeGen/ubsan-src-ignorelist-category.test
new file mode 100644
index 0000000000000..e0efd65df8652
--- /dev/null
+++ b/clang/test/CodeGen/ubsan-src-ignorelist-category.test
@@ -0,0 +1,37 @@
+// RUN: rm -rf %t
+// RUN: split-file %s %t
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test1.c -o - | FileCheck %s -check-prefix=CHECK-ALLOWLIST
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test2.c -o - | FileCheck %s -check-prefix=CHECK-IGNORELIST
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict1 -emit-llvm %t/test1.c -o - | FileCheck %s -check-prefix=CHECK-ALLOWLISTOVERIDE1
+// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict2 -emit-llvm %t/test1.c -o - | FileCheck %s -check-prefix=CHECK-ALLOWLISTOVERIDE2
+
+
+// Verify ubsan only emits checks for files in the allowlist
+
+//--- src.ignorelist
+src:*
+src:*/test1.c=sanitize
+
+//--- src.ignorelist.contradict1
+src:*
+src:*/test1.c=sanitize
+src:*/test1.c
+
+//--- src.ignorelist.contradict2
+src:*
+src:*/test1.c
+src:*/test1.c=sanitize
+
+//--- test1.c
+int add1(int a, int b) {
+// CHECK-ALLOWLIST: llvm.sadd.with.overflow.i32
+// CHECK-ALLOWLISTOVERIDE1-NOT: llvm.sadd.with.overflow.i32
+// CHECK-ALLOWLISTOVERIDE2: llvm.sadd.with.overflow.i32
+ return a+b;
+}
+
+//--- test2.c
+int add2(int a, int b) {
+// CHECK-IGNORELIST-NOT: llvm.sadd.with.overflow.i32
+ return a+b;
+}
|
Created using spr 1.3.6
|
✅ With the latest revision this PR passed the C/C++ code formatter. |
Created using spr 1.3.6
qinkunbao
changed the title
thurstond
reviewed
May 19, 2025
Created using spr 1.3.6
Created using spr 1.3.6 [skip ci]
vitalybuka
changed the base branch from
main
to
users/qinkunbao/spr/demo-test-for-httpsgithubcomllvmllvm-projectpull140529
vitalybuka
changed the base branch from
users/qinkunbao/spr/demo-test-for-httpsgithubcomllvmllvm-projectpull140529
to
main
Created using spr 1.3.6 [skip ci]
vitalybuka
changed the base branch from
main
to
users/qinkunbao/spr/demo-test-for-httpsgithubcomllvmllvm-projectpull140529
vitalybuka
reviewed
May 19, 2025
vitalybuka
pushed a commit
that referenced
this pull request
May 19, 2025
Base automatically changed from
users/qinkunbao/spr/demo-test-for-httpsgithubcomllvmllvm-projectpull140529
to
main
May 19, 2025 22:22
vitalybuka
reviewed
May 19, 2025
| @@ -44,6 +44,12 @@ bool NoSanitizeList::containsFunction(SanitizerMask Mask, | |||
|
|
|||
| bool NoSanitizeList::containsFile(SanitizerMask Mask, StringRef FileName, | |||
| StringRef Category) const { | |||
| unsigned NoSanLine = SSCL->inSectionBlame(Mask, "src", FileName, Category); | |||
There was a problem hiding this comment.
inSectionBlame returns a single int, but
SSCL can be created from multiple ignore list files, you can repeat -fsanitize-ignorelist=
I think you need to create a separate patch to change inSectionBlame,
to return pair<uint, uint> or new struct {uint fileIdx, uint lineNo}.
Note, there is llvm-project/llvm/unittests/Support/SpecialCaseListTest.cpp, you can test it there.
vitalybuka
reviewed
May 19, 2025
| // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test2.c -o - | FileCheck %s --check-prefixes=CHECK2 | ||
|
|
||
| // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict1 -emit-llvm %t/test1.c -o - | FileCheck %s --check-prefixes=CHECK1,IGNORE | ||
| // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict1 -emit-llvm %t/test2.c -o - | FileCheck %s --check-prefixes=CHECK2 | ||
|
|
||
| // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict2 -emit-llvm %t/test1.c -o - | FileCheck %s --check-prefixes=CHECK1,IGNORE | ||
| // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict2 -emit-llvm %t/test1.c -o - | FileCheck %s --check-prefixes=CHECK1,SANITIZE |
There was a problem hiding this comment.
Please in separate PR extend this test for:
- category - seems like your fix has no issues with that, but it would be nice to have test coverage
- multiple files (or maybe llvm-project/llvm/unittests/Support/SpecialCaseListTest.cpp will be enough)
|
llvm-project/clang/docs/SanitizerSpecialCaseList.rst needs to be updated And nice to mention in llvm-project/clang/docs/ReleaseNotes.rst |
vitalybuka
added a commit
that referenced
this pull request
May 19, 2025
vitalybuka
added a commit
that referenced
this pull request
May 19, 2025
vitalybuka
reviewed
May 19, 2025
|
Note: Use to download my updates |
|
Also I don't mind we fix multifile and sections in followup patches. But this one needs at least documentation update. |
Created using spr 1.3.6
Created using spr 1.3.6
Created using spr 1.3.6
|
The PR is ready for review. Update:
TODO:
|
vitalybuka
reviewed
May 20, 2025
vitalybuka
reviewed
May 20, 2025
Created using spr 1.3.6
vitalybuka
reviewed
May 21, 2025
| @@ -103,6 +101,22 @@ supported sanitizers. | |||
| char c = toobig; // also not instrumented | |||
| } | |||
|
|
|||
| Conflicting entries are resolved by the latest entry, which takes precedence. | |||
There was a problem hiding this comment.
If multiple entries match the source, than the latest entry takes the precedence.
vitalybuka
reviewed
May 21, 2025
| @@ -58,7 +58,7 @@ Usage with UndefinedBehaviorSanitizer | |||
| ability to adjust instrumentation based on type. | |||
|
|
|||
| By default, supported sanitizers will have their instrumentation disabled for | |||
| types specified within an ignorelist. | |||
| entris specified within an ignorelist. | |||
vitalybuka
reviewed
May 21, 2025
| ``sanitize`` category will have their sanitizer instrumentation remain. If the | ||
| same type appears within or across ignorelists with different categories the | ||
| ``sanitize`` category takes precedence -- regardless of order. | ||
| The ``=sanitize`` category is also supported. Any entries assigned to the |
There was a problem hiding this comment.
"Any entries assigned to the..." -> "Match by entry =sanitize category enables sanitizer instrumentation, even if it was ignored by entries before."
vitalybuka
reviewed
May 21, 2025
| @@ -63,6 +63,11 @@ Error SpecialCaseList::Matcher::insert(StringRef Pattern, unsigned LineNumber, | |||
| .moveInto(Pair.first)) | |||
| return Err; | |||
| Pair.second = LineNumber; | |||
| } else { | |||
There was a problem hiding this comment.
Please move llvm/lib/Support/SpecialCaseList.cpp and llvm/unittests/Support/SpecialCaseListTest.cpp into a separate patch
There was a problem hiding this comment.
Also we need a patch to Matcher::Globs -> vector
As I see we don't use Map property, but it will mess up the order.
There was a problem hiding this comment.
And "Pair.second = LineNumber;" is not a solution:
More generic case it will solve #140855 (please review and merge)
We need to walk Globs/Regex in reverse order.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background: #139128
It is a draft implementation for "src:*=sanitize". It should be applied to all sanitizers.
Any srcs assigned to the sanitize category will have their sanitizer instrumentation remained ignored by "src:". For example,
test1.ccwill still have the UBSan instrumented.Conflicting entries are resolved by the latest entry, which takes precedence.
test.ccdoes not have the UBSan check (In this case,src:*/mylib/test.ccoverridessrc:*/mylib/*=sanitizefortest.cc).test1.cchas the UBSan instrumented (In this case,src:*/mylib/*=sanitizeoverridessrc:*/mylib/test.cc).Documents update will be in a new PR.