=========================== Sanitizer special case list =========================== .. contents:: :local: Introduction ============ This document describes the way to disable or alter the behavior of sanitizer tools for certain source-level entities by providing a special file at compile-time. Goal and usage ============== User of sanitizer tools, such as :doc:`AddressSanitizer`, :doc:`ThreadSanitizer` or :doc:`MemorySanitizer` may want to disable or alter some checks for certain source-level entities to: * speedup hot function, which is known to be correct; * ignore a function that does some low-level magic (e.g. walks through the thread stack, bypassing the frame boundaries); * ignore a known problem. To achieve this, user may create a file listing the entities they want to ignore, and pass it to clang at compile-time using ``-fsanitize-blacklist`` flag. See :doc:`UsersManual` for details. Example ======= .. code-block:: bash $ cat foo.c #include void bad_foo() { int *a = (int*)malloc(40); a[10] = 1; } int main() { bad_foo(); } $ cat blacklist.txt # Ignore reports from bad_foo function. fun:bad_foo $ clang -fsanitize=address foo.c ; ./a.out # AddressSanitizer prints an error report. $ clang -fsanitize=address -fsanitize-blacklist=blacklist.txt foo.c ; ./a.out # No error report here. Format ====== Blacklists consist of entries, optionally grouped into sections. Empty lines and lines starting with "#" are ignored. Section names are regular expressions written in square brackets that denote which sanitizer the following entries apply to. For example, ``[address]`` specifies AddressSanitizer while ``[cfi-vcall|cfi-icall]`` specifies Control Flow Integrity virtual and indirect call checking. Entries without a section will be placed under the ``[*]`` section applying to all enabled sanitizers. Entries contain an entity type, followed by a colon and a regular expression, specifying the names of the entities, optionally followed by an equals sign and a tool-specific category, e.g. ``fun:*ExampleFunc=example_category``. The meaning of ``*`` in regular expression for entity names is different - it is treated as in shell wildcarding. Two generic entity types are ``src`` and ``fun``, which allow users to specify source files and functions, respectively. Some sanitizer tools may introduce custom entity types and categories - refer to tool-specific docs. .. code-block:: bash # Lines starting with # are ignored. # Turn off checks for the source file (use absolute path or path relative # to the current working directory): src:/path/to/source/file.c # Turn off checks for a particular functions (use mangled names): fun:MyFooBar fun:_Z8MyFooBarv # Extended regular expressions are supported: fun:bad_(foo|bar) src:bad_source[1-9].c # Shell like usage of * is supported (* is treated as .*): src:bad/sources/* fun:*BadFunction* # Specific sanitizer tools may introduce categories. src:/special/path/*=special_sources # Sections can be used to limit blacklist entries to specific sanitizers [address] fun:*BadASanFunc* # Section names are regular expressions [cfi-vcall|cfi-icall] fun:*BadCfiCall # Entries without sections are placed into [*] and apply to all sanitizers