From 5a97994a1bf0aec9fda23387e95103767d551c36 Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Fri, 30 Apr 2021 19:00:09 +0000 Subject: SERVER-56962 Use .denylist suffix for etc/ sanitizer files --- SConstruct | 70 ++++++++++++++++++++++++++--------------------------- etc/asan.blacklist | 0 etc/asan.denylist | 0 etc/tsan.blacklist | 4 --- etc/tsan.denylist | 4 +++ etc/ubsan.blacklist | 34 -------------------------- etc/ubsan.denylist | 34 ++++++++++++++++++++++++++ 7 files changed, 73 insertions(+), 73 deletions(-) delete mode 100644 etc/asan.blacklist create mode 100644 etc/asan.denylist delete mode 100644 etc/tsan.blacklist create mode 100644 etc/tsan.denylist delete mode 100644 etc/ubsan.blacklist create mode 100644 etc/ubsan.denylist diff --git a/SConstruct b/SConstruct index 41507b16786..3582c4b068c 100644 --- a/SConstruct +++ b/SConstruct @@ -3539,50 +3539,50 @@ def doConfigure(myenv): myenv.ConfError('Failed to enable -fsanitize-coverage with flag: {0}', sanitize_coverage_option ) - blackfiles_map = { - "address" : myenv.File("#etc/asan.blacklist"), - "thread" : myenv.File("#etc/tsan.blacklist"), - "undefined" : myenv.File("#etc/ubsan.blacklist"), + denyfiles_map = { + "address" : myenv.File("#etc/asan.denylist"), + "thread" : myenv.File("#etc/tsan.denylist"), + "undefined" : myenv.File("#etc/ubsan.denylist"), } - # Select those unique black files that are associated with the + # Select those unique deny files that are associated with the # currently enabled sanitizers, but filter out those that are # zero length. - blackfiles = {v for (k, v) in blackfiles_map.items() if k in sanitizer_list} - blackfiles = [f for f in blackfiles if os.stat(f.path).st_size != 0] - - # Filter out any blacklist options that the toolchain doesn't support. - supportedBlackfiles = [] - blackfilesTestEnv = myenv.Clone() - for blackfile in blackfiles: - if AddToCCFLAGSIfSupported(blackfilesTestEnv, f"-fsanitize-blacklist={blackfile}"): - supportedBlackfiles.append(blackfile) - blackfilesTestEnv = None - supportedBlackfiles = sorted(supportedBlackfiles) - - # If we ended up with any blackfiles after the above filters, + denyfiles = {v for (k, v) in denyfiles_map.items() if k in sanitizer_list} + denyfiles = [f for f in denyfiles if os.stat(f.path).st_size != 0] + + # Filter out any denylist options that the toolchain doesn't support. + supportedDenyfiles = [] + denyfilesTestEnv = myenv.Clone() + for denyfile in denyfiles: + if AddToCCFLAGSIfSupported(denyfilesTestEnv, f"-fsanitize-blacklist={denyfile}"): + supportedDenyfiles.append(denyfile) + denyfilesTestEnv = None + supportedDenyfiles = sorted(supportedDenyfiles) + + # If we ended up with any denyfiles after the above filters, # then expand them into compiler flag arguments, and use a # generator to return at command line expansion time so that # we can change the signature if the file contents change. - if supportedBlackfiles: + if supportedDenyfiles: # Unconditionally using the full path can affect SCons cached builds, so we only do # this in cases where we know it's going to matter. if 'ICECC' in env and env['ICECC']: # Make these files available to remote icecream builds if requested. # These paths *must* be absolute to match the paths in the remote # toolchain archive. - blacklist_options=[ - f"-fsanitize-blacklist={blackfile.get_abspath()}" - for blackfile in supportedBlackfiles + denylist_options=[ + f"-fsanitize-blacklist={denyfile.get_abspath()}" + for denyfile in supportedDenyfiles ] - # If a sanitizer is in use with a blacklist file, we have to ensure they get + # If a sanitizer is in use with a denylist file, we have to ensure they get # added to the toolchain package that gets sent to the remote hosts so they # can be found by the remote compiler. - env.Append(ICECC_CREATE_ENV_ADDFILES=supportedBlackfiles) + env.Append(ICECC_CREATE_ENV_ADDFILES=supportedDenyfiles) else: - blacklist_options=[ - f"-fsanitize-blacklist={blackfile.path}" - for blackfile in supportedBlackfiles + denylist_options=[ + f"-fsanitize-blacklist={denyfile.path}" + for denyfile in supportedDenyfiles ] if 'CCACHE' in env and env['CCACHE']: @@ -3590,22 +3590,22 @@ def doConfigure(myenv): # -fsanitize-blacklist at all or only support one instance of it. This will # work on any version of ccache because the point is only to ensure that the # resulting hash for any compiled object is guaranteed to take into account - # the effect of any sanitizer blacklist files used as part of the build. + # the effect of any sanitizer denylist files used as part of the build. # TODO: This will no longer be required when the following pull requests/ # issues have been merged and deployed. # https://github.com/ccache/ccache/pull/258 # https://github.com/ccache/ccache/issues/318 - env.Append(CCACHE_EXTRAFILES=supportedBlackfiles) + env.Append(CCACHE_EXTRAFILES=supportedDenyfiles) - def SanitizerBlacklistGenerator(source, target, env, for_signature): + def SanitizerDenylistGenerator(source, target, env, for_signature): if for_signature: - return [f.get_csig() for f in supportedBlackfiles] - return blacklist_options + return [f.get_csig() for f in supportedDenyfiles] + return denylist_options myenv.AppendUnique( - SANITIZER_BLACKLIST_GENERATOR=SanitizerBlacklistGenerator, - CCFLAGS="${SANITIZER_BLACKLIST_GENERATOR}", - LINKFLAGS="${SANITIZER_BLACKLIST_GENERATOR}", + SANITIZER_DENYLIST_GENERATOR=SanitizerDenylistGenerator, + CCFLAGS="${SANITIZER_DENYLIST_GENERATOR}", + LINKFLAGS="${SANITIZER_DENYLIST_GENERATOR}", ) symbolizer_option = "" diff --git a/etc/asan.blacklist b/etc/asan.blacklist deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/etc/asan.denylist b/etc/asan.denylist new file mode 100644 index 00000000000..e69de29bb2d diff --git a/etc/tsan.blacklist b/etc/tsan.blacklist deleted file mode 100644 index 7cdefe5e595..00000000000 --- a/etc/tsan.blacklist +++ /dev/null @@ -1,4 +0,0 @@ -# WT is known to use a non-standard thread model that is incompatible with TSAN -# and causes false positives. -src:src/third_party/wiredtiger/* - diff --git a/etc/tsan.denylist b/etc/tsan.denylist new file mode 100644 index 00000000000..7cdefe5e595 --- /dev/null +++ b/etc/tsan.denylist @@ -0,0 +1,4 @@ +# WT is known to use a non-standard thread model that is incompatible with TSAN +# and causes false positives. +src:src/third_party/wiredtiger/* + diff --git a/etc/ubsan.blacklist b/etc/ubsan.blacklist deleted file mode 100644 index 9504035bc27..00000000000 --- a/etc/ubsan.blacklist +++ /dev/null @@ -1,34 +0,0 @@ -# Don't UBSAN most of third_party, but do ubsan WT -src:src/third_party/IntelRDFPMathLib20U1/* -src:src/third_party/asio-*/* -src:src/third_party/boost-*/* -src:src/third_party/gperftools-*/* -src:src/third_party/icu4c-*/* -src:src/third_party/libstemmer_c/* -src:src/third_party/mozjs-*/* -src:src/third_party/murmurhash3/* -src:src/third_party/pcre-*/* -src:src/third_party/s2/* -src:src/third_party/snappy-*/* -src:src/third_party/tz/* -src:src/third_party/unicode-*/* -src:src/third_party/yaml-cpp-*/* -src:src/third_party/zlib-*/* - -# See SERVER-29505. -src:src/third_party/timelib-*/* - -# Blacklisting these functions due to a bug in libstdc++: -# http://stackoverflow.com/questions/30122500/is-this-code-really-undefined-as-clang-seems-to-indicate -fun:_ZStaNRSt13_Ios_FmtflagsS_ -fun:_ZStanSt13_Ios_FmtflagsS_ - -# Blacklisting these functions due to a bug in libstdc++: -# Maybe https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734 or similar -fun:_ZNSt8_Rb_tree*_M_get_insert_hint_unique_posESt23* -fun:_ZNSt8_Rb_tree*_M_insert_I* -# Maybe https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63345 or similar -fun:_ZNSt8_Rb_tree*_M_insert_nodeE* - -# See https://bugzilla.mozilla.org/show_bug.cgi?id=744965 -fun:_ZN7mozilla*NumberEqualsInt32* diff --git a/etc/ubsan.denylist b/etc/ubsan.denylist new file mode 100644 index 00000000000..fb4451599ec --- /dev/null +++ b/etc/ubsan.denylist @@ -0,0 +1,34 @@ +# Don't UBSAN most of third_party, but do ubsan WT +src:src/third_party/IntelRDFPMathLib20U1/* +src:src/third_party/asio-*/* +src:src/third_party/boost-*/* +src:src/third_party/gperftools-*/* +src:src/third_party/icu4c-*/* +src:src/third_party/libstemmer_c/* +src:src/third_party/mozjs-*/* +src:src/third_party/murmurhash3/* +src:src/third_party/pcre-*/* +src:src/third_party/s2/* +src:src/third_party/snappy-*/* +src:src/third_party/tz/* +src:src/third_party/unicode-*/* +src:src/third_party/yaml-cpp-*/* +src:src/third_party/zlib-*/* + +# See SERVER-29505. +src:src/third_party/timelib-*/* + +# Denylisting these functions due to a bug in libstdc++: +# http://stackoverflow.com/questions/30122500/is-this-code-really-undefined-as-clang-seems-to-indicate +fun:_ZStaNRSt13_Ios_FmtflagsS_ +fun:_ZStanSt13_Ios_FmtflagsS_ + +# Denylisting these functions due to a bug in libstdc++: +# Maybe https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734 or similar +fun:_ZNSt8_Rb_tree*_M_get_insert_hint_unique_posESt23* +fun:_ZNSt8_Rb_tree*_M_insert_I* +# Maybe https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63345 or similar +fun:_ZNSt8_Rb_tree*_M_insert_nodeE* + +# See https://bugzilla.mozilla.org/show_bug.cgi?id=744965 +fun:_ZN7mozilla*NumberEqualsInt32* -- cgit v1.2.1