Skip to content

[sanitizer] "src:*=sanitize" does not work for UBSan #139128

New issue
New issue
Open
Feature
Open
[sanitizer] "src:*=sanitize" does not work for UBSan#139128
Feature
Assignees
qinkunbao
Labels
compiler-rt:ubsanUndefined behavior sanitizer
@qinkunbao

Description

@qinkunbao
qinkunbao
opened on May 8, 2025

According to the UBSan doc, UBSan's =sanitize category enables an allowlist approach to instrumentation files/types. Instead of the default behavior of instrumenting all files, users can selectively enable instrumentation for specific files while disabling it for all others. This provides a fine-grained control over which parts of the code are instrumented by UBSan.

However, it looks like the current implementation only support the type:*=sanitize. Consider the following example.

$ tree .
.
├── allowlist.txt
├── lib1
│   └── foo.c
├── lib2
│   └── bar.c
└── main.c

3 directories, 4 files

$ cat main.c
extern void foo();
extern void bar();
int main() {
  foo();
  bar();
  return 0;
}

$ cat ./lib1/foo.c
#include <stdio.h>

void foo() {
  int k = 0x7fffffff;
  int r = k + 10;
  printf("call from foo: %d\n", r);
}

$ cat ./lib2/bar.c
#include <stdio.h>

void bar() {
  int k = 0x7fffffff;
  int r = k + 1;
  printf("call from bar: %d\n", r);
}

Build the example with -fsanitize=undefined.

$ clang -fsanitize=undefined  main.c ./lib1/foo.c ./lib2/bar.c -o san
$ ./san
lib1/foo.c:5:13: runtime error: signed integer overflow: 2147483647 + 10 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib1/foo.c:5:13
call from foo: -2147483639
lib2/bar.c:5:13: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib2/bar.c:5:13
call from bar: -2147483648
Hello world

Build the example with -fsanitize=undefined -fsanitize-ignorelist=allowlist.txt.

$ cat allowlist.txt
src:*
src:lib2/*=sanitize

$ clang -fsanitize=undefined -fsanitize-ignorelist=allowlist.txt main.c ./lib1/foo.c ./lib2/bar.c -o san_allowlist
$ ./san_allowlist
call from foo: -2147483639
call from bar: -2147483648 
Hello world

Given lib2/bar.c is in the allowlist, I expect the integer overflow bug inside bar should be caught by UBSan.

After searching the existing LLVM repo, I don't find any tests that cover the case src:*=sanitize. Maybe it is a feature that has not been implemented.

Metadata

Metadata

Assignees

Labels

compiler-rt:ubsanUndefined behavior sanitizer

Type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions