summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2015-06-06 04:04:23 +1000
committerteor <teor2345@gmail.com>2015-06-06 04:04:23 +1000
commitbc0a9843e5cd8ed407e79d7f7e7b5404210924c4 (patch)
treed81f9ab006aa5447709727160167189639cda00b /contrib
parent2f67a6e8c95aadadfc55b6245668471f7def72e6 (diff)
downloadtor-bc0a9843e5cd8ed407e79d7f7e7b5404210924c4.tar.gz
tor-bc0a9843e5cd8ed407e79d7f7e7b5404210924c4.zip
Add instructions for clang sanitizers, static analyzer, and coverity
Document use of coverity, clang static analyzer, and clang dynamic undefined behavior and address sanitizers in doc/HACKING. Add clang dynamic sanitizer blacklist in contrib/clang/sanitizer_blacklist.txt to exempt known undefined behavior. Include detailed usage instructions in this blacklist file. Patch by "teor".
Diffstat (limited to 'contrib')
-rw-r--r--contrib/clang/sanitize_blacklist.txt89
1 files changed, 89 insertions, 0 deletions
diff --git a/contrib/clang/sanitize_blacklist.txt b/contrib/clang/sanitize_blacklist.txt
new file mode 100644
index 0000000000..d4f6cf6298
--- /dev/null
+++ b/contrib/clang/sanitize_blacklist.txt
@@ -0,0 +1,89 @@
+# clang sanitizer special case list
+# syntax specified in http://clang.llvm.org/docs/SanitizerSpecialCaseList.html
+# for more info see http://clang.llvm.org/docs/AddressSanitizer.html
+
+# usage:
+# 1. configure tor build:
+# ./configure \
+# CC=clang \
+# CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \
+# LDFLAGS="-fsanitize=address" \
+# --disable-gcc-hardening
+# and any other flags required to build tor on your OS.
+#
+# 2. build tor:
+# make
+#
+# 3. test tor:
+# ASAN_OPTIONS=allow_user_segv_handler=1 make test
+# ASAN_OPTIONS=allow_user_segv_handler=1 make check
+# make test-network # requires chutney
+#
+# 4. the tor binary is now instrumented with clang sanitizers,
+# and can be run just like a standard tor binary
+
+# Compatibility:
+# This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer
+# and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing
+# on both x86_64 and i386 (using CC="clang -arch i386")
+# It has not been tested with ThreadSanitizer or MemorySanitizer
+# Success report and patches for other sanitizers or OSs are welcome
+
+# Configuration Flags:
+# -fno-sanitize-recover=all
+# causes clang to crash on undefined behavior, rather than printing
+# a warning and continuing (the AddressSanitizer always crashes)
+# -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline
+# make clang backtraces easier to read
+# --disable-gcc-hardening
+# disables warnings about the redefinition of _FORTIFY_SOURCE
+# (it conflicts with the sanitizers)
+
+# Turning the sanitizers off for particular functions:
+# (Unfortunately, exempting functions doesn't work for the blacklisted
+# functions below, and we can't turn the code off because it's essential)
+#
+# #if defined(__has_feature)
+# #if __has_feature(address_sanitizer)
+# /* tell clang AddressSanitizer not to instrument this function */
+# #define NOASAN __attribute__((no_sanitize_address))
+# #define _CLANG_ASAN_
+# #else
+# #define NOASAN
+# #endif
+# #else
+# #define NOASAN
+# #endif
+#
+# /* Telling AddressSanitizer to not instrument a function */
+# void func(void) NOASAN;
+#
+# /* Including or excluding sections of code */
+# #ifdef _CLANG_ASAN_
+# /* code that only runs under address sanitizer */
+# #else
+# /* code that doesn't run under address sanitizer */
+# #endif
+
+# Blacklist Entries:
+
+# we need to allow the tor bt handler to catch SIGSEGV
+# otherwise address sanitizer munges the expected output and the test fails
+# we can do this by setting an environmental variable
+# See https://code.google.com/p/address-sanitizer/wiki/Flags
+# ASAN_OPTIONS=allow_user_segv_handler=1
+
+# test-memwipe.c checks if a freed buffer was properly wiped
+fun:vmemeq
+fun:check_a_buffer
+
+# test_bt_cl.c stores to a NULL pointer to trigger a crash
+fun:crash
+
+# curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed
+# integers. Until #13538 is resolved, we can exempt the entire file from all
+# analysis under clang's undefined behavior sanitizer.
+# This may be overkill, but it works, and is easier than listing every
+# function in the file.
+# Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c
+src:src/ext/curve25519_donna/curve25519-donna.c