Home | History | Annotate | Line # | Download | only in docs 
      1      1.1  joerg ===========================
      2      1.1  joerg Sanitizer special case list
      3      1.1  joerg ===========================
      4      1.1  joerg 
      5      1.1  joerg .. contents::
      6      1.1  joerg    :local:
      7      1.1  joerg 
      8      1.1  joerg Introduction
      9      1.1  joerg ============
     10      1.1  joerg 
     11      1.1  joerg This document describes the way to disable or alter the behavior of
     12      1.1  joerg sanitizer tools for certain source-level entities by providing a special
     13      1.1  joerg file at compile-time.
     14      1.1  joerg 
     15      1.1  joerg Goal and usage
     16      1.1  joerg ==============
     17      1.1  joerg 
     18      1.1  joerg User of sanitizer tools, such as :doc:`AddressSanitizer`, :doc:`ThreadSanitizer`
     19      1.1  joerg or :doc:`MemorySanitizer` may want to disable or alter some checks for
     20      1.1  joerg certain source-level entities to:
     21      1.1  joerg 
     22      1.1  joerg * speedup hot function, which is known to be correct;
     23      1.1  joerg * ignore a function that does some low-level magic (e.g. walks through the
     24      1.1  joerg   thread stack, bypassing the frame boundaries);
     25      1.1  joerg * ignore a known problem.
     26      1.1  joerg 
     27      1.1  joerg To achieve this, user may create a file listing the entities they want to
     28      1.1  joerg ignore, and pass it to clang at compile-time using
     29  1.1.1.2  joerg ``-fsanitize-ignorelist`` flag. See :doc:`UsersManual` for details.
     30      1.1  joerg 
     31      1.1  joerg Example
     32      1.1  joerg =======
     33      1.1  joerg 
     34      1.1  joerg .. code-block:: bash
     35      1.1  joerg 
     36      1.1  joerg   $ cat foo.c
     37      1.1  joerg   #include <stdlib.h>
     38      1.1  joerg   void bad_foo() {
     39      1.1  joerg     int *a = (int*)malloc(40);
     40      1.1  joerg     a[10] = 1;
     41      1.1  joerg   }
     42      1.1  joerg   int main() { bad_foo(); }
     43  1.1.1.2  joerg   $ cat ignorelist.txt
     44      1.1  joerg   # Ignore reports from bad_foo function.
     45      1.1  joerg   fun:bad_foo
     46      1.1  joerg   $ clang -fsanitize=address foo.c ; ./a.out
     47      1.1  joerg   # AddressSanitizer prints an error report.
     48  1.1.1.2  joerg   $ clang -fsanitize=address -fsanitize-ignorelist=ignorelist.txt foo.c ; ./a.out
     49      1.1  joerg   # No error report here.
     50      1.1  joerg 
     51      1.1  joerg Format
     52      1.1  joerg ======
     53      1.1  joerg 
     54  1.1.1.2  joerg Ignorelists consist of entries, optionally grouped into sections. Empty lines
     55  1.1.1.2  joerg and lines starting with "#" are ignored.
     56      1.1  joerg 
     57      1.1  joerg Section names are regular expressions written in square brackets that denote
     58      1.1  joerg which sanitizer the following entries apply to. For example, ``[address]``
     59      1.1  joerg specifies AddressSanitizer while ``[cfi-vcall|cfi-icall]`` specifies Control
     60      1.1  joerg Flow Integrity virtual and indirect call checking. Entries without a section
     61      1.1  joerg will be placed under the ``[*]`` section applying to all enabled sanitizers.
     62      1.1  joerg 
     63      1.1  joerg Entries contain an entity type, followed by a colon and a regular expression,
     64      1.1  joerg specifying the names of the entities, optionally followed by an equals sign and
     65      1.1  joerg a tool-specific category, e.g. ``fun:*ExampleFunc=example_category``.  The
     66      1.1  joerg meaning of ``*`` in regular expression for entity names is different - it is
     67      1.1  joerg treated as in shell wildcarding. Two generic entity types are ``src`` and
     68      1.1  joerg ``fun``, which allow users to specify source files and functions, respectively.
     69      1.1  joerg Some sanitizer tools may introduce custom entity types and categories - refer to
     70      1.1  joerg tool-specific docs.
     71      1.1  joerg 
     72      1.1  joerg .. code-block:: bash
     73      1.1  joerg 
     74      1.1  joerg     # Lines starting with # are ignored.
     75      1.1  joerg     # Turn off checks for the source file (use absolute path or path relative
     76      1.1  joerg     # to the current working directory):
     77      1.1  joerg     src:/path/to/source/file.c
     78      1.1  joerg     # Turn off checks for a particular functions (use mangled names):
     79      1.1  joerg     fun:MyFooBar
     80      1.1  joerg     fun:_Z8MyFooBarv
     81      1.1  joerg     # Extended regular expressions are supported:
     82      1.1  joerg     fun:bad_(foo|bar)
     83      1.1  joerg     src:bad_source[1-9].c
     84      1.1  joerg     # Shell like usage of * is supported (* is treated as .*):
     85      1.1  joerg     src:bad/sources/*
     86      1.1  joerg     fun:*BadFunction*
     87      1.1  joerg     # Specific sanitizer tools may introduce categories.
     88      1.1  joerg     src:/special/path/*=special_sources
     89  1.1.1.2  joerg     # Sections can be used to limit ignorelist entries to specific sanitizers
     90      1.1  joerg     [address]
     91      1.1  joerg     fun:*BadASanFunc*
     92      1.1  joerg     # Section names are regular expressions
     93      1.1  joerg     [cfi-vcall|cfi-icall]
     94      1.1  joerg     fun:*BadCfiCall
     95      1.1  joerg     # Entries without sections are placed into [*] and apply to all sanitizers
     96