sanitize_blacklist.txt (3725B)
1 # clang sanitizer special case list 2 # syntax specified in https://clang.llvm.org/docs/SanitizerSpecialCaseList.html 3 # for more info see https://clang.llvm.org/docs/AddressSanitizer.html 4 5 # 6 # Tor notes: This file is obsolete! 7 # 8 # It was necessary in order to apply the sanitizers to all of tor. But 9 # we don't believe that's a good idea: some parts of tor need constant-time 10 # behavior that is hard to guarantee with these sanitizers. 11 # 12 # If you need this behavior, then please consider --enable-expensive-hardening, 13 # and report bugs as needed. 14 # 15 16 # usage: 17 # 1. configure tor build: 18 # ./configure \ 19 # CC=clang \ 20 # CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \ 21 # LDFLAGS="-fsanitize=address" \ 22 # --disable-gcc-hardening 23 # and any other flags required to build tor on your OS. 24 # 25 # 2. build tor: 26 # make 27 # 28 # 3. test tor: 29 # ASAN_OPTIONS=allow_user_segv_handler=1 make test 30 # ASAN_OPTIONS=allow_user_segv_handler=1 make check 31 # make test-network # requires chutney 32 # 33 # 4. the tor binary is now instrumented with clang sanitizers, 34 # and can be run just like a standard tor binary 35 36 # Compatibility: 37 # This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer 38 # and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing 39 # on both x86_64 and i386 (using CC="clang -arch i386") 40 # It has not been tested with ThreadSanitizer or MemorySanitizer 41 # Success report and patches for other sanitizers or OSs are welcome 42 43 # ccache and make don't account for the sanitizer blacklist as a dependency 44 # you might need to set CCACHE_DISABLE=1 and/or use make clean to workaround 45 46 # Configuration Flags: 47 # -fno-sanitize-recover=all 48 # causes clang to crash on undefined behavior, rather than printing 49 # a warning and continuing (the AddressSanitizer always crashes) 50 # -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline 51 # make clang backtraces easier to read 52 # --disable-gcc-hardening 53 # disables warnings about the redefinition of _FORTIFY_SOURCE 54 # (it conflicts with the sanitizers) 55 56 # Turning the sanitizers off for particular functions: 57 # (Unfortunately, exempting functions doesn't work for the blacklisted 58 # functions below, and we can't turn the code off because it's essential) 59 # 60 # #if defined(__has_feature) 61 # #if __has_feature(address_sanitizer) 62 # /* tell clang AddressSanitizer not to instrument this function */ 63 # #define NOASAN __attribute__((no_sanitize_address)) 64 # #define _CLANG_ASAN_ 65 # #else 66 # #define NOASAN 67 # #endif 68 # #else 69 # #define NOASAN 70 # #endif 71 # 72 # /* Telling AddressSanitizer to not instrument a function */ 73 # void func(void) NOASAN; 74 # 75 # /* Including or excluding sections of code */ 76 # #ifdef _CLANG_ASAN_ 77 # /* code that only runs under address sanitizer */ 78 # #else 79 # /* code that doesn't run under address sanitizer */ 80 # #endif 81 82 # Blacklist Entries: 83 84 # test-memwipe.c checks if a freed buffer was properly wiped 85 fun:vmemeq 86 fun:check_a_buffer 87 88 # we need to allow the tor bt handler to catch SIGSEGV 89 # otherwise address sanitizer munges the expected output and the test fails 90 # we can do this by setting an environmental variable 91 # See https://code.google.com/p/address-sanitizer/wiki/Flags 92 # ASAN_OPTIONS=allow_user_segv_handler=1 93 94 # test_bt_cl.c stores to a NULL pointer to trigger a crash 95 fun:crash 96 97 # curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed 98 # integers. Until #13538 is resolved, we exempt functions that do left shifts. 99 # Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c 100 fun:freduce_coefficients 101 fun:freduce_degree 102 fun:s32_eq 103 fun:fcontract