sanitize_blacklist.txt 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. # clang sanitizer special case list
  2. # syntax specified in https://clang.llvm.org/docs/SanitizerSpecialCaseList.html
  3. # for more info see https://clang.llvm.org/docs/AddressSanitizer.html
  4. #
  5. # Tor notes: This file is obsolete!
  6. #
  7. # It was necessary in order to apply the sanitizers to all of tor. But
  8. # we don't believe that's a good idea: some parts of tor need constant-time
  9. # behavior that is hard to guarantee with these sanitizers.
  10. #
  11. # If you need this behavior, then please consider --enable-expensive-hardening,
  12. # and report bugs as needed.
  13. #
  14. # usage:
  15. # 1. configure tor build:
  16. # ./configure \
  17. # CC=clang \
  18. # CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \
  19. # LDFLAGS="-fsanitize=address" \
  20. # --disable-gcc-hardening
  21. # and any other flags required to build tor on your OS.
  22. #
  23. # 2. build tor:
  24. # make
  25. #
  26. # 3. test tor:
  27. # ASAN_OPTIONS=allow_user_segv_handler=1 make test
  28. # ASAN_OPTIONS=allow_user_segv_handler=1 make check
  29. # make test-network # requires chutney
  30. #
  31. # 4. the tor binary is now instrumented with clang sanitizers,
  32. # and can be run just like a standard tor binary
  33. # Compatibility:
  34. # This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer
  35. # and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing
  36. # on both x86_64 and i386 (using CC="clang -arch i386")
  37. # It has not been tested with ThreadSanitizer or MemorySanitizer
  38. # Success report and patches for other sanitizers or OSs are welcome
  39. # ccache and make don't account for the sanitizer blacklist as a dependency
  40. # you might need to set CCACHE_DISABLE=1 and/or use make clean to workaround
  41. # Configuration Flags:
  42. # -fno-sanitize-recover=all
  43. # causes clang to crash on undefined behavior, rather than printing
  44. # a warning and continuing (the AddressSanitizer always crashes)
  45. # -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline
  46. # make clang backtraces easier to read
  47. # --disable-gcc-hardening
  48. # disables warnings about the redefinition of _FORTIFY_SOURCE
  49. # (it conflicts with the sanitizers)
  50. # Turning the sanitizers off for particular functions:
  51. # (Unfortunately, exempting functions doesn't work for the blacklisted
  52. # functions below, and we can't turn the code off because it's essential)
  53. #
  54. # #if defined(__has_feature)
  55. # #if __has_feature(address_sanitizer)
  56. # /* tell clang AddressSanitizer not to instrument this function */
  57. # #define NOASAN __attribute__((no_sanitize_address))
  58. # #define _CLANG_ASAN_
  59. # #else
  60. # #define NOASAN
  61. # #endif
  62. # #else
  63. # #define NOASAN
  64. # #endif
  65. #
  66. # /* Telling AddressSanitizer to not instrument a function */
  67. # void func(void) NOASAN;
  68. #
  69. # /* Including or excluding sections of code */
  70. # #ifdef _CLANG_ASAN_
  71. # /* code that only runs under address sanitizer */
  72. # #else
  73. # /* code that doesn't run under address sanitizer */
  74. # #endif
  75. # Blacklist Entries:
  76. # test-memwipe.c checks if a freed buffer was properly wiped
  77. fun:vmemeq
  78. fun:check_a_buffer
  79. # we need to allow the tor bt handler to catch SIGSEGV
  80. # otherwise address sanitizer munges the expected output and the test fails
  81. # we can do this by setting an environmental variable
  82. # See https://code.google.com/p/address-sanitizer/wiki/Flags
  83. # ASAN_OPTIONS=allow_user_segv_handler=1
  84. # test_bt_cl.c stores to a NULL pointer to trigger a crash
  85. fun:crash
  86. # curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed
  87. # integers. Until #13538 is resolved, we exempt functions that do left shifts.
  88. # Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c
  89. fun:freduce_coefficients
  90. fun:freduce_degree
  91. fun:s32_eq
  92. fun:fcontract