the available options are shown at startup of the instrumented program. See
@url{https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags}
for a list of supported options.
+The option can't be combined with @option{-fsanitize=thread}.
@item -fsanitize=kernel-address
@opindex fsanitize=kernel-address
environment variable; see
@url{https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags} for a list of
supported options.
+The option can't be combined with @option{-fsanitize=address}
+and/or @option{-fsanitize=leak}.
@item -fsanitize=leak
@opindex fsanitize=leak
Enable LeakSanitizer, a memory leak detector.
-This option only matters for linking of executables and if neither
-@option{-fsanitize=address} nor @option{-fsanitize=thread} is used. In that
-case the executable is linked against a library that overrides @code{malloc}
+This option only matters for linking of executables and
+the executable is linked against a library that overrides @code{malloc}
and other allocator functions. See
@uref{https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer} for more
details. The run-time behavior can be influenced using the
@env{LSAN_OPTIONS} environment variable.
+The option can't be combined with @option{-fsanitize=thread}.
@item -fsanitize=undefined
@opindex fsanitize=undefined
Currently this feature only works for @option{-fsanitize=undefined} (and its suboptions
except for @option{-fsanitize=unreachable} and @option{-fsanitize=return}),
@option{-fsanitize=float-cast-overflow}, @option{-fsanitize=float-divide-by-zero},
+@option{-fsanitize=bounds-strict},
@option{-fsanitize=kernel-address} and @option{-fsanitize=address}.
For these sanitizers error recovery is turned on by default, except @option{-fsanitize=address},
for which this feature is experimental.
Syntax without explicit @var{opts} parameter is deprecated. It is equivalent to
@smallexample
--fsanitize-recover=undefined,float-cast-overflow,float-divide-by-zero
+-fsanitize-recover=undefined,float-cast-overflow,float-divide-by-zero,bounds-strict
@end smallexample
@noindent
Similarly @option{-fno-sanitize-recover} is equivalent to
@smallexample
--fno-sanitize-recover=undefined,float-cast-overflow,float-divide-by-zero
+-fno-sanitize-recover=undefined,float-cast-overflow,float-divide-by-zero,bounds-strict
@end smallexample
@item -fsanitize-undefined-trap-on-error
/* Different instrumentation modes. */
enum sanitize_code {
/* AddressSanitizer. */
- SANITIZE_ADDRESS = 1 << 0,
- SANITIZE_USER_ADDRESS = 1 << 1,
- SANITIZE_KERNEL_ADDRESS = 1 << 2,
+ SANITIZE_ADDRESS = 1UL << 0,
+ SANITIZE_USER_ADDRESS = 1UL << 1,
+ SANITIZE_KERNEL_ADDRESS = 1UL << 2,
/* ThreadSanitizer. */
- SANITIZE_THREAD = 1 << 3,
+ SANITIZE_THREAD = 1UL << 3,
/* LeakSanitizer. */
- SANITIZE_LEAK = 1 << 4,
+ SANITIZE_LEAK = 1UL << 4,
/* UndefinedBehaviorSanitizer. */
- SANITIZE_SHIFT = 1 << 5,
- SANITIZE_DIVIDE = 1 << 6,
- SANITIZE_UNREACHABLE = 1 << 7,
- SANITIZE_VLA = 1 << 8,
- SANITIZE_NULL = 1 << 9,
- SANITIZE_RETURN = 1 << 10,
- SANITIZE_SI_OVERFLOW = 1 << 11,
- SANITIZE_BOOL = 1 << 12,
- SANITIZE_ENUM = 1 << 13,
- SANITIZE_FLOAT_DIVIDE = 1 << 14,
- SANITIZE_FLOAT_CAST = 1 << 15,
+ SANITIZE_SHIFT = 1UL << 5,
+ SANITIZE_DIVIDE = 1UL << 6,
+ SANITIZE_UNREACHABLE = 1UL << 7,
+ SANITIZE_VLA = 1UL << 8,
+ SANITIZE_NULL = 1UL << 9,
+ SANITIZE_RETURN = 1UL << 10,
+ SANITIZE_SI_OVERFLOW = 1UL << 11,
+ SANITIZE_BOOL = 1UL << 12,
+ SANITIZE_ENUM = 1UL << 13,
+ SANITIZE_FLOAT_DIVIDE = 1UL << 14,
+ SANITIZE_FLOAT_CAST = 1UL << 15,
SANITIZE_BOUNDS = 1UL << 16,
SANITIZE_ALIGNMENT = 1UL << 17,
SANITIZE_NONNULL_ATTRIBUTE = 1UL << 18,
opts->x_debug_generate_pub_sections = 2;
/* Userspace and kernel ASan conflict with each other. */
-
if ((opts->x_flag_sanitize & SANITIZE_USER_ADDRESS)
&& (opts->x_flag_sanitize & SANITIZE_KERNEL_ADDRESS))
error_at (loc,
"-fsanitize=kernel-address");
/* And with TSan. */
-
if ((opts->x_flag_sanitize & SANITIZE_ADDRESS)
&& (opts->x_flag_sanitize & SANITIZE_THREAD))
error_at (loc,
"-fsanitize=address and -fsanitize=kernel-address "
"are incompatible with -fsanitize=thread");
- /* Error recovery is not allowed for LSan and TSan. */
-
- if (opts->x_flag_sanitize_recover & SANITIZE_THREAD)
- error_at (loc, "-fsanitize-recover=thread is not supported");
+ if ((opts->x_flag_sanitize & SANITIZE_LEAK)
+ && (opts->x_flag_sanitize & SANITIZE_THREAD))
+ error_at (loc,
+ "-fsanitize=leak is incompatible with -fsanitize=thread");
- if (opts->x_flag_sanitize_recover & SANITIZE_LEAK)
- error_at (loc, "-fsanitize-recover=leak is not supported");
+ /* Check error recovery for -fsanitize-recover option. */
+ for (int i = 0; sanitizer_opts[i].name != NULL; ++i)
+ if ((opts->x_flag_sanitize_recover & sanitizer_opts[i].flag)
+ && !sanitizer_opts[i].can_recover)
+ error_at (loc, "-fsanitize-recover=%s is not supported",
+ sanitizer_opts[i].name);
/* When instrumenting the pointers, we don't want to remove
the null pointer checks. */
/* -f{,no-}sanitize{,-recover}= suboptions. */
const struct sanitizer_opts_s sanitizer_opts[] =
{
-#define SANITIZER_OPT(name, flags) { #name, flags, sizeof #name - 1 }
- SANITIZER_OPT (address, SANITIZE_ADDRESS | SANITIZE_USER_ADDRESS),
- SANITIZER_OPT (kernel-address, SANITIZE_ADDRESS | SANITIZE_KERNEL_ADDRESS),
- SANITIZER_OPT (thread, SANITIZE_THREAD),
- SANITIZER_OPT (leak, SANITIZE_LEAK),
- SANITIZER_OPT (shift, SANITIZE_SHIFT),
- SANITIZER_OPT (integer-divide-by-zero, SANITIZE_DIVIDE),
- SANITIZER_OPT (undefined, SANITIZE_UNDEFINED),
- SANITIZER_OPT (unreachable, SANITIZE_UNREACHABLE),
- SANITIZER_OPT (vla-bound, SANITIZE_VLA),
- SANITIZER_OPT (return, SANITIZE_RETURN),
- SANITIZER_OPT (null, SANITIZE_NULL),
- SANITIZER_OPT (signed-integer-overflow, SANITIZE_SI_OVERFLOW),
- SANITIZER_OPT (bool, SANITIZE_BOOL),
- SANITIZER_OPT (enum, SANITIZE_ENUM),
- SANITIZER_OPT (float-divide-by-zero, SANITIZE_FLOAT_DIVIDE),
- SANITIZER_OPT (float-cast-overflow, SANITIZE_FLOAT_CAST),
- SANITIZER_OPT (bounds, SANITIZE_BOUNDS),
- SANITIZER_OPT (bounds-strict, SANITIZE_BOUNDS | SANITIZE_BOUNDS_STRICT),
- SANITIZER_OPT (alignment, SANITIZE_ALIGNMENT),
- SANITIZER_OPT (nonnull-attribute, SANITIZE_NONNULL_ATTRIBUTE),
- SANITIZER_OPT (returns-nonnull-attribute, SANITIZE_RETURNS_NONNULL_ATTRIBUTE),
- SANITIZER_OPT (object-size, SANITIZE_OBJECT_SIZE),
- SANITIZER_OPT (vptr, SANITIZE_VPTR),
- SANITIZER_OPT (all, ~0U),
+#define SANITIZER_OPT(name, flags, recover) \
+ { #name, flags, sizeof #name - 1, recover }
+ SANITIZER_OPT (address, SANITIZE_ADDRESS | SANITIZE_USER_ADDRESS, true),
+ SANITIZER_OPT (kernel-address, SANITIZE_ADDRESS | SANITIZE_KERNEL_ADDRESS,
+ true),
+ SANITIZER_OPT (thread, SANITIZE_THREAD, false),
+ SANITIZER_OPT (leak, SANITIZE_LEAK, false),
+ SANITIZER_OPT (shift, SANITIZE_SHIFT, true),
+ SANITIZER_OPT (integer-divide-by-zero, SANITIZE_DIVIDE, true),
+ SANITIZER_OPT (undefined, SANITIZE_UNDEFINED, true),
+ SANITIZER_OPT (unreachable, SANITIZE_UNREACHABLE, false),
+ SANITIZER_OPT (vla-bound, SANITIZE_VLA, true),
+ SANITIZER_OPT (return, SANITIZE_RETURN, false),
+ SANITIZER_OPT (null, SANITIZE_NULL, true),
+ SANITIZER_OPT (signed-integer-overflow, SANITIZE_SI_OVERFLOW, true),
+ SANITIZER_OPT (bool, SANITIZE_BOOL, true),
+ SANITIZER_OPT (enum, SANITIZE_ENUM, true),
+ SANITIZER_OPT (float-divide-by-zero, SANITIZE_FLOAT_DIVIDE, true),
+ SANITIZER_OPT (float-cast-overflow, SANITIZE_FLOAT_CAST, true),
+ SANITIZER_OPT (bounds, SANITIZE_BOUNDS, true),
+ SANITIZER_OPT (bounds-strict, SANITIZE_BOUNDS | SANITIZE_BOUNDS_STRICT, true),
+ SANITIZER_OPT (alignment, SANITIZE_ALIGNMENT, true),
+ SANITIZER_OPT (nonnull-attribute, SANITIZE_NONNULL_ATTRIBUTE, true),
+ SANITIZER_OPT (returns-nonnull-attribute, SANITIZE_RETURNS_NONNULL_ATTRIBUTE,
+ true),
+ SANITIZER_OPT (object-size, SANITIZE_OBJECT_SIZE, true),
+ SANITIZER_OPT (vptr, SANITIZE_VPTR, true),
+ SANITIZER_OPT (all, ~0U, true),
#undef SANITIZER_OPT
- { NULL, 0U, 0UL }
+ { NULL, 0U, 0UL, false }
};
/* Parse comma separated sanitizer suboptions from P for option SCODE,
error_at (loc, "-fsanitize=all option is not valid");
}
else
- flags |= ~(SANITIZE_USER_ADDRESS | SANITIZE_THREAD
- | SANITIZE_LEAK);
+ flags |= ~(SANITIZE_THREAD | SANITIZE_LEAK
+ | SANITIZE_UNREACHABLE | SANITIZE_RETURN);
}
else if (value)
- flags |= sanitizer_opts[i].flag;
+ {
+ /* Do not enable -fsanitize-recover=unreachable and
+ -fsanitize-recover=return if -fsanitize-recover=undefined
+ is selected. */
+ if (sanitizer_opts[i].flag == SANITIZE_UNDEFINED)
+ flags |= (SANITIZE_UNDEFINED
+ & ~(SANITIZE_UNREACHABLE | SANITIZE_RETURN));
+ else
+ flags |= sanitizer_opts[i].flag;
+ }
else
flags &= ~sanitizer_opts[i].flag;
found = true;
case OPT_fsanitize_recover:
if (value)
opts->x_flag_sanitize_recover
- |= SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT;
+ |= (SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT)
+ & ~(SANITIZE_UNREACHABLE | SANITIZE_RETURN);
else
opts->x_flag_sanitize_recover
&= ~(SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT);
projects / gcc.git / commitdiff