diff options
author | Peter Collingbourne <peter@pcc.me.uk> | 2015-06-18 23:59:22 +0000 |
---|---|---|
committer | Peter Collingbourne <peter@pcc.me.uk> | 2015-06-18 23:59:22 +0000 |
commit | e530af8e1dfbc974db9d727cc782f2bbf79bf744 (patch) | |
tree | 7325b9253f6ea0bef1fc0840f62ba4ec99c27625 /docs | |
parent | f5013f013edc47d0a2a11d300536721cc1c060b6 (diff) | |
download | clang-e530af8e1dfbc974db9d727cc782f2bbf79bf744.tar.gz |
Introduce -fsanitize-trap= flag.
This flag controls whether a given sanitizer traps upon detecting
an error. It currently only supports UBSan. The existing flag
-fsanitize-undefined-trap-on-error has been made an alias of
-fsanitize-trap=undefined.
This change also cleans up some awkward behavior around the combination
of -fsanitize-trap=undefined and -fsanitize=undefined. Previously we
would reject command lines containing the combination of these two flags,
as -fsanitize=vptr is not compatible with trapping. This required the
creation of -fsanitize=undefined-trap, which excluded -fsanitize=vptr
(and -fsanitize=function, but this seems like an oversight).
Now, -fsanitize=undefined is an alias for -fsanitize=undefined-trap,
and if -fsanitize-trap=undefined is specified, we treat -fsanitize=vptr
as an "unsupported" flag, which means that we error out if the flag is
specified explicitly, but implicitly disable it if the flag was implied
by -fsanitize=undefined.
Differential Revision: http://reviews.llvm.org/D10464
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@240105 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'docs')
-rw-r--r-- | docs/UsersManual.rst | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/docs/UsersManual.rst b/docs/UsersManual.rst index fdc52f8fb1..ccf15e9f52 100644 --- a/docs/UsersManual.rst +++ b/docs/UsersManual.rst @@ -970,12 +970,9 @@ are listed below. includes all of the checks listed below other than ``unsigned-integer-overflow``. - - ``-fsanitize=undefined-trap``: This includes all sanitizers - included by ``-fsanitize=undefined``, except those that require - runtime support. This group of sanitizers is intended to be - used in conjunction with the ``-fsanitize-undefined-trap-on-error`` - flag. This includes all of the checks listed below other than - ``unsigned-integer-overflow`` and ``vptr``. + - ``-fsanitize=undefined-trap``: This is a deprecated alias for + ``-fsanitize=undefined``. + - ``-fsanitize=dataflow``: :doc:`DataFlowSanitizer`, a general data flow analysis. - ``-fsanitize=cfi``: :doc:`control flow integrity <ControlFlowIntegrity>` @@ -1069,15 +1066,6 @@ are listed below. through. This mode may use extra memory in programs that copy uninitialized memory a lot. - Extra features of UndefinedBehaviorSanitizer: - - - ``-fsanitize-undefined-trap-on-error``: Causes traps to be emitted - rather than calls to runtime libraries when a problem is detected. - This option is intended for use in cases where the sanitizer runtime - cannot be used (for instance, when building libc or a kernel module). - This is only compatible with the sanitizers in the ``undefined-trap`` - group. - The ``-fsanitize=`` argument must also be provided when linking, in order to link to the appropriate runtime library. When using ``-fsanitize=vptr`` (or a group that includes it, such as @@ -1101,11 +1089,39 @@ are listed below. sanitizers (e.g. :doc:`AddressSanitizer`) may not support recovery, and always crash the program after the issue is detected. + Note that the ``-fsanitize-trap`` flag has precedence over this flag. + This means that if a check has been configured to trap elsewhere on the + command line, or if the check traps by default, this flag will not have + any effect unless that sanitizer's trapping behavior is disabled with + ``-fno-sanitize-trap``. + + For example, if a command line contains the flags ``-fsanitize=undefined + -fsanitize-trap=undefined``, the flag ``-fsanitize-recover=alignment`` + will have no effect on its own; it will need to be accompanied by + ``-fno-sanitize-trap=alignment``. + +**-f[no-]sanitize-trap=check1,check2,...** + + Controls which checks enabled by the ``-fsanitize=`` flag trap. This + option is intended for use in cases where the sanitizer runtime cannot + be used (for instance, when building libc or a kernel module), or where + the binary size increase caused by the sanitizer runtime is a concern. + + This flag is only compatible with ``local-bounds``, + ``unsigned-integer-overflow`` and sanitizers in the ``undefined`` + group other than ``vptr``. If this flag is supplied together with + ``-fsanitize=undefined``, the ``vptr`` sanitizer will be implicitly + disabled. + **-f[no-]sanitize-coverage=[type,features,...]** Enable simple code coverage in addition to certain sanitizers. See :doc:`SanitizerCoverage` for more details. +.. option:: -fsanitize-undefined-trap-on-error + + Deprecated alias for ``-fsanitize-trap=undefined``. + .. option:: -fno-assume-sane-operator-new Don't assume that the C++'s new operator is sane. |