123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104 |
- # clang sanitizer special case list
- # syntax specified in https://clang.llvm.org/docs/SanitizerSpecialCaseList.html
- # for more info see https://clang.llvm.org/docs/AddressSanitizer.html
- #
- # Tor notes: This file is obsolete!
- #
- # It was necessary in order to apply the sanitizers to all of tor. But
- # we don't believe that's a good idea: some parts of tor need constant-time
- # behavior that is hard to guarantee with these sanitizers.
- #
- # If you need this behavior, then please consider --enable-expensive-hardening,
- # and report bugs as needed.
- #
- # usage:
- # 1. configure tor build:
- # ./configure \
- # CC=clang \
- # CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \
- # LDFLAGS="-fsanitize=address" \
- # --disable-gcc-hardening
- # and any other flags required to build tor on your OS.
- #
- # 2. build tor:
- # make
- #
- # 3. test tor:
- # ASAN_OPTIONS=allow_user_segv_handler=1 make test
- # ASAN_OPTIONS=allow_user_segv_handler=1 make check
- # make test-network # requires chutney
- #
- # 4. the tor binary is now instrumented with clang sanitizers,
- # and can be run just like a standard tor binary
- # Compatibility:
- # This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer
- # and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing
- # on both x86_64 and i386 (using CC="clang -arch i386")
- # It has not been tested with ThreadSanitizer or MemorySanitizer
- # Success report and patches for other sanitizers or OSs are welcome
- # ccache and make don't account for the sanitizer blacklist as a dependency
- # you might need to set CCACHE_DISABLE=1 and/or use make clean to workaround
- # Configuration Flags:
- # -fno-sanitize-recover=all
- # causes clang to crash on undefined behavior, rather than printing
- # a warning and continuing (the AddressSanitizer always crashes)
- # -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline
- # make clang backtraces easier to read
- # --disable-gcc-hardening
- # disables warnings about the redefinition of _FORTIFY_SOURCE
- # (it conflicts with the sanitizers)
- # Turning the sanitizers off for particular functions:
- # (Unfortunately, exempting functions doesn't work for the blacklisted
- # functions below, and we can't turn the code off because it's essential)
- #
- # #if defined(__has_feature)
- # #if __has_feature(address_sanitizer)
- # /* tell clang AddressSanitizer not to instrument this function */
- # #define NOASAN __attribute__((no_sanitize_address))
- # #define _CLANG_ASAN_
- # #else
- # #define NOASAN
- # #endif
- # #else
- # #define NOASAN
- # #endif
- #
- # /* Telling AddressSanitizer to not instrument a function */
- # void func(void) NOASAN;
- #
- # /* Including or excluding sections of code */
- # #ifdef _CLANG_ASAN_
- # /* code that only runs under address sanitizer */
- # #else
- # /* code that doesn't run under address sanitizer */
- # #endif
- # Blacklist Entries:
- # test-memwipe.c checks if a freed buffer was properly wiped
- fun:vmemeq
- fun:check_a_buffer
- # we need to allow the tor bt handler to catch SIGSEGV
- # otherwise address sanitizer munges the expected output and the test fails
- # we can do this by setting an environmental variable
- # See https://code.google.com/p/address-sanitizer/wiki/Flags
- # ASAN_OPTIONS=allow_user_segv_handler=1
- # test_bt_cl.c stores to a NULL pointer to trigger a crash
- fun:crash
- # curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed
- # integers. Until #13538 is resolved, we exempt functions that do left shifts.
- # Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c
- fun:freduce_coefficients
- fun:freduce_degree
- fun:s32_eq
- fun:fcontract
|