This extension emits the guard cf table without inserting the
instrumentation. Currently that's what clang-cl does with /guard:cf
anyway, but this allows a user to request that explicitly.
Differential Revision: https://reviews.llvm.org/D50513
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@339420
91177308-0d34-0410-b5e6-
96231b3b80d8
def _SLASH_Fo : CLCompileJoined<"Fo">,
HelpText<"Set output object file, or directory (ends in / or \\) (with /c)">,
MetaVarName<"<file or directory>">;
-def _SLASH_Guard : CLJoined<"guard:">,
- HelpText<"Enable Control Flow Guard with /guard:cf">;
+def _SLASH_guard : CLJoined<"guard:">,
+ HelpText<"Enable Control Flow Guard with /guard:cf, or only the table with /guard:cf,nochecks">;
def _SLASH_GX : CLFlag<"GX">,
HelpText<"Enable exception handling">;
def _SLASH_GX_ : CLFlag<"GX-">,
}
if (CodeGenOpts.ControlFlowGuard) {
// We want function ID tables for Control Flow Guard.
- getModule().addModuleFlag(llvm::Module::Warning, "cfguard", 1);
+ getModule().addModuleFlag(llvm::Module::Warning, "cfguardtable", 1);
}
if (CodeGenOpts.OptimizationLevel > 0 && CodeGenOpts.StrictVTablePointers) {
// We don't support LTO with 2 with different StrictVTablePointers
CmdArgs.push_back("msvc");
}
- if (Args.hasArg(options::OPT__SLASH_Guard) &&
- Args.getLastArgValue(options::OPT__SLASH_Guard).equals_lower("cf"))
- CmdArgs.push_back("-cfguard");
+ if (Arg *A = Args.getLastArg(options::OPT__SLASH_guard)) {
+ SmallVector<StringRef, 1> SplitArgs;
+ StringRef(A->getValue()).split(SplitArgs, ",");
+ bool Instrument = false;
+ bool NoChecks = false;
+ for (StringRef Arg : SplitArgs) {
+ if (Arg.equals_lower("cf"))
+ Instrument = true;
+ else if (Arg.equals_lower("cf-"))
+ Instrument = false;
+ else if (Arg.equals_lower("nochecks"))
+ NoChecks = true;
+ else if (Arg.equals_lower("nochecks-"))
+ NoChecks = false;
+ else
+ D.Diag(diag::err_drv_invalid_value) << A->getSpelling() << Arg;
+ }
+ // Currently there's no support emitting CFG instrumentation; the flag only
+ // emits the table of address-taken functions.
+ if (Instrument || NoChecks)
+ CmdArgs.push_back("-cfguard");
+ }
}
visualstudio::Compiler *Clang::getCLFallback() const {
--- /dev/null
+// RUN: %clang_cc1 -cfguard -emit-llvm %s -o - | FileCheck %s
+
+void f() {}
+
+// Check that the cfguardtable metadata flag gets set on the module.
+// CHECK: !"cfguardtable", i32 1}
// RUN: /Gr \
// RUN: /GS \
// RUN: /GT \
-// RUN: /guard:cf \
-// RUN: /guard:cf- \
// RUN: /GX \
// RUN: /Gv \
// RUN: /Gz \
// RUN: %clang_cl -### -Fe%t.exe -entry:main -flto -- %s 2>&1 | FileCheck -check-prefix=LTO-WITHOUT-LLD %s
// LTO-WITHOUT-LLD: LTO requires -fuse-ld=lld
+// RUN: %clang_cl -### -- %s 2>&1 | FileCheck -check-prefix=NOCFGUARD %s
+// RUN: %clang_cl /guard:cf- -### -- %s 2>&1 | FileCheck -check-prefix=NOCFGUARD %s
+// NOCFGUARD-NOT: -guardcf
+
+// RUN: %clang_cl /guard:cf -### -- %s 2>&1 | FileCheck -check-prefix=CFGUARD %s
+// RUN: %clang_cl /guard:cf,nochecks -### -- %s 2>&1 | FileCheck -check-prefix=CFGUARD %s
+// RUN: %clang_cl /guard:nochecks -### -- %s 2>&1 | FileCheck -check-prefix=CFGUARD %s
+// CFGUARD: -cfguard
+
+// RUN: %clang_cl /guard:foo -### -- %s 2>&1 | FileCheck -check-prefix=CFGUARDINVALID %s
+// CFGUARDINVALID: invalid value 'foo' in '/guard:'
+
// Accept "core" clang options.
// (/Zs is for syntax-only, -Werror makes it fail hard on unknown options)
// RUN: %clang_cl \
projects / clang / commitdiff