Skip to content

Commit 99dfb74

Browse files
qinkunbaoqinkunbao
committed
Implement src:*=sanitize for UBSan
1 parent 831592d commit 99dfb74

File tree

2 files changed

+35
-1
lines changed

2 files changed

+35
-1
lines changed

clang/lib/Basic/NoSanitizeList.cpp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,8 @@ bool NoSanitizeList::containsFunction(SanitizerMask Mask,
4444

4545
bool NoSanitizeList::containsFile(SanitizerMask Mask, StringRef FileName,
4646
StringRef Category) const {
47-
return SSCL->inSection(Mask, "src", FileName, Category);
47+
bool allowList = SSCL->inSection(Mask, "src", FileName, "sanitize");
48+
return SSCL->inSection(Mask, "src", FileName, Category) && !allowList;
4849
}
4950

5051
bool NoSanitizeList::containsMainFile(SanitizerMask Mask, StringRef FileName,

clang/test/CodeGen/ubsan-src-ignorelist-category.test

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
// RUN: rm -rf %t
2+
// RUN: split-file %s %t
3+
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test1.c -o - | FileCheck %s -check-prefix=CHECK-ALLOWLIST
4+
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist -emit-llvm %t/test2.c -o - | FileCheck %s -check-prefix=CHECK-IGNORELIST
5+
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict -emit-llvm %t/test1.c -o - | FileCheck %s -check-prefix=CHECK-ALLOWLIST
6+
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=signed-integer-overflow -fsanitize-ignorelist=%t/src.ignorelist.contradict -emit-llvm %t/test2.c -o - | FileCheck %s -check-prefix=CHECK-IGNORELIST
7+
8+
9+
// Verify ubsan only emits checks for files in the allowlist
10+
11+
//--- src.ignorelist
12+
src:*
13+
src:*/test1.c=sanitize
14+
15+
// If the same src appears within or across ignorelists with different categories the sanitize category takes precedence – regardless of order.
16+
//--- src.ignorelist.contradict
17+
src:*
18+
src:*/test1.c=sanitize
19+
src:*/test1.c
20+
21+
//--- test1.c
22+
int add1(int a, int b) {
23+
// CHECK-ALLOWLIST: llvm.sadd.with.overflow.i32
24+
return a+b;
25+
}
26+
27+
//--- test2.c
28+
int add2(int a, int b) {
29+
// CHECK-IGNORELIST-NOT: llvm.sadd.with.overflow.i32
30+
return a+b;
31+
}
32+
33+

0 commit comments

Comments
 (0)