[𝘀𝗽𝗿] changes introduced through rebase

Created using spr 1.3.8-beta.1

[skip ci]

Author: melver

clang/docs/AllocToken.rst

@@ -65,7 +65,7 @@ example:
     // Instrumented:
     ptr = __alloc_token_malloc(size, <token id>);
 
-In addition, it is typically recommended to configure the following:
+The following command-line options affect generated token IDs:
 
 * ``-falloc-token-max=<N>``
     Configures the maximum number of tokens. No max by default (tokens bounded

clang/docs/ReleaseNotes.rst

@@ -203,9 +203,10 @@ Non-comprehensive list of changes in this release
   Currently, the use of ``__builtin_dedup_pack`` is limited to template arguments and base
   specifiers, it also must be used within a template context.
 
-- Introduce support for allocation tokens to enable allocator-level heap
-  organization strategies. A feature to instrument all allocation functions
-  with a token ID can be enabled via the ``-fsanitize=alloc-token`` flag.
+- Introduce support for :doc:`allocation tokens <AllocToken>` to enable
+  allocator-level heap organization strategies. A feature to instrument all
+  allocation functions with a token ID can be enabled via the
+  ``-fsanitize=alloc-token`` flag.
 
 New Compiler Flags
 ------------------

clang/docs/UsersManual.rst

@@ -2155,13 +2155,11 @@ are listed below.
 
 .. option:: -f[no-]sanitize=check1,check2,...
 
-   Turn on runtime checks for various forms of undefined or suspicious
-   behavior.
+   Turn on runtime checks or mitigations for various forms of undefined or
+   suspicious behavior. These are disabled by default.
 
-   This option controls whether Clang adds runtime checks for various
-   forms of undefined or suspicious behavior, and is disabled by
-   default. If a check fails, a diagnostic message is produced at
-   runtime explaining the problem. The main checks are:
+   The following options enable runtime checks for various forms of undefined
+   or suspicious behavior:
 
    -  .. _opt_fsanitize_address:
 
@@ -2194,8 +2192,14 @@ are listed below.
       protection against stack-based memory corruption errors.
    -  ``-fsanitize=realtime``: :doc:`RealtimeSanitizer`,
       a real-time safety checker.
-   -  ``-fsanitize=alloc-token``: :doc:`AllocToken`,
-      allocation token instrumentation (requires compatible allocator).
+
+   The following options enable runtime mitigations for various forms of
+   undefined or suspicious behavior:
+
+   -  ``-fsanitize=alloc-token``: Enables :doc:`allocation tokens <AllocToken>`
+      for allocator-level heap organization strategies, such as for security
+      hardening. It passes type-derived token IDs to a compatible memory
+      allocator. Requires linking against a token-aware allocator.
 
    There are more fine-grained checks available: see
    the :ref:`list <ubsan-checks>` of specific kinds of

clang/include/clang/Basic/CodeGenOptions.h

@@ -447,7 +447,8 @@ class CodeGenOptions : public CodeGenOptionsBase {
 
   std::optional<double> AllowRuntimeCheckSkipHotCutoff;
 
-  /// Maximum number of allocation tokens (0 = no max).
+  /// Maximum number of allocation tokens (0 = no max), nullopt if none set (use
+  /// pass default).
   std::optional<uint64_t> AllocTokenMax;
 
   /// List of backend command-line options for -fembed-bitcode.

clang/include/clang/Driver/Options.td

@@ -2745,7 +2745,7 @@ defm sanitize_alloc_token_extended : BoolOption<"f", "sanitize-alloc-token-exten
 } // end -f[no-]sanitize* flags
 
 def falloc_token_max_EQ : Joined<["-"], "falloc-token-max=">,
-  Group<f_Group>, Visibility<[ClangOption, CC1Option, CLOption]>,
+  Group<f_Group>, Visibility<[ClangOption, CC1Option]>,
   MetaVarName<"<N>">,
   HelpText<"Limit to maximum N allocation tokens (0 = no max)">;
 

clang/include/clang/Driver/SanitizerArgs.h

@@ -13,7 +13,6 @@
 #include "llvm/Option/Arg.h"
 #include "llvm/Option/ArgList.h"
 #include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
-#include <optional>
 #include <string>
 #include <vector>
 

clang/lib/CodeGen/CGExpr.cpp

@@ -1279,8 +1279,10 @@ void CodeGenFunction::EmitAllocToken(llvm::CallBase *CB, QualType AllocType) {
   PrintingPolicy Policy(CGM.getContext().getLangOpts());
   Policy.SuppressTagKeyword = true;
   Policy.FullyQualifiedName = true;
-  std::string TypeName = AllocType.getCanonicalType().getAsString(Policy);
-  auto *TypeMDS = llvm::MDString::get(CGM.getLLVMContext(), TypeName);
+  SmallString<64> TypeName;
+  llvm::raw_svector_ostream TypeNameOS(TypeName);
+  AllocType.getCanonicalType().print(TypeNameOS, Policy);
+  auto *TypeMDS = llvm::MDString::get(CGM.getLLVMContext(), TypeNameOS.str());
 
   // Format: !{<type-name>}
   auto *MDN = llvm::MDNode::get(CGM.getLLVMContext(), {TypeMDS});

clang/lib/Driver/ToolChain.cpp

@@ -1621,7 +1621,8 @@ SanitizerMask ToolChain::getSupportedSanitizers() const {
       SanitizerKind::CFICastStrict | SanitizerKind::FloatDivideByZero |
       SanitizerKind::KCFI | SanitizerKind::UnsignedIntegerOverflow |
       SanitizerKind::UnsignedShiftBase | SanitizerKind::ImplicitConversion |
-      SanitizerKind::Nullability | SanitizerKind::LocalBounds;
+      SanitizerKind::Nullability | SanitizerKind::LocalBounds |
+      SanitizerKind::AllocToken;
   if (getTriple().getArch() == llvm::Triple::x86 ||
       getTriple().getArch() == llvm::Triple::x86_64 ||
       getTriple().getArch() == llvm::Triple::arm ||

clang/lib/Driver/ToolChains/BareMetal.cpp

@@ -726,7 +726,6 @@ SanitizerMask BareMetal::getSupportedSanitizers() const {
   Res |= SanitizerKind::SafeStack;
   Res |= SanitizerKind::Thread;
   Res |= SanitizerKind::Scudo;
-  Res |= SanitizerKind::AllocToken;
   if (IsX86_64 || IsAArch64 || IsRISCV64) {
     Res |= SanitizerKind::HWAddress;
     Res |= SanitizerKind::KernelHWAddress;

clang/lib/Driver/ToolChains/Linux.cpp

@@ -819,7 +819,6 @@ SanitizerMask Linux::getSupportedSanitizers() const {
   Res |= SanitizerKind::KernelAddress;
   Res |= SanitizerKind::Vptr;
   Res |= SanitizerKind::SafeStack;
-  Res |= SanitizerKind::AllocToken;
   if (IsX86_64 || IsMIPS64 || IsAArch64 || IsLoongArch64)
     Res |= SanitizerKind::DataFlow;
   if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsArmArch || IsPowerPC64 ||