diff --git a/.github/workflows/code_sanitizers.yml b/.github/workflows/code_sanitizers.yml index 3438fe834..5e5556331 100644 --- a/.github/workflows/code_sanitizers.yml +++ b/.github/workflows/code_sanitizers.yml @@ -19,7 +19,7 @@ jobs: SANITIZER: ${{ matrix.SANITIZER }} TEST_USE_ROCKSDB: ${{ matrix.BACKEND == 'rocksdb' && '1' || '0' }} DEADLINE_SCALE_FACTOR: ${{ matrix.BACKEND == 'rocksdb' && '2' || '1' }} - ASAN_OPTIONS: log_exe_name=1:log_path=sanitizer_report + ASAN_OPTIONS: log_exe_name=1:log_path=sanitizer_report:suppressions=../asan_suppressions TSAN_OPTIONS: log_exe_name=1:log_path=sanitizer_report:suppressions=../tsan_suppressions UBSAN_OPTIONS: log_exe_name=1:log_path=sanitizer_report:print_stacktrace=1 if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository diff --git a/CMakeLists.txt b/CMakeLists.txt index 1d314a1d4..b211ccc43 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -146,9 +146,6 @@ if(${NANO_ASIO_HANDLER_TRACKING} GREATER 0) -DBOOST_ASIO_ENABLE_HANDLER_TRACKING) endif() -option(NANO_ASAN_INT "Enable ASan+UBSan+Integer overflow" OFF) -option(NANO_ASAN "Enable ASan+UBSan" OFF) -option(NANO_TSAN "Enable TSan" OFF) option(NANO_SIMD_OPTIMIZATIONS "Enable CPU-specific SIMD optimizations (SSE/AVX or NEON, e.g.)" OFF) option( @@ -216,52 +213,99 @@ endif() set(CMAKE_POSITION_INDEPENDENT_CODE ON) -set(USING_ASAN (NANO_ASAN OR RAIBLOCKS_ASAN)) -set(USING_ASAN_INT (NANO_ASAN_INT OR RAIBLOCKS_ASAN_INT)) -set(USING_TSAN (NANO_TSAN OR RAIBLOCKS_TSAN)) - find_package(Threads) +# Sanitizers +option(NANO_ASAN "Enable ASan" OFF) +if(NANO_ASAN) + if(MSVC) + message(FATAL_ERROR "ASan is not supported on MSVC") + endif() + + message(STATUS "Using Asan") + add_compile_options(-fsanitize=address) + add_link_options(-fsanitize=address) + + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + add_compile_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_asan") + add_link_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_asan") + endif() + + add_definitions(-DED25519_NO_INLINE_ASM) +endif() + +option(NANO_ASAN_INT "Enable ASan+Integer overflow" OFF) +if(NANO_ASAN_INT) + if(MSVC) + message(FATAL_ERROR "ASan+Integer overflow is not supported on MSVC") + endif() + + message(STATUS "Using ASan+Integer overflow") + add_compile_options(-fsanitize=address,integer) + add_link_options(-fsanitize=address,integer) + + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + add_compile_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_asan") + add_link_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_asan") + endif() + + add_definitions(-DED25519_NO_INLINE_ASM) +endif() + +option(NANO_UBSAN "Enable UBSan" OFF) +if(NANO_UBSAN) + if(MSVC) + message(FATAL_ERROR "UBSan is not supported on MSVC") + endif() + + message(STATUS "Using UBSan") + add_compile_options(-fsanitize=undefined) + add_link_options(-fsanitize=undefined) + + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + add_compile_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_ubsan") + add_link_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_ubsan") + endif() + + add_definitions(-DED25519_NO_INLINE_ASM) + add_definitions(-DROCKSDB_UBSAN_RUN) +endif() + +option(NANO_TSAN "Enable TSan" OFF) +if(NANO_TSAN) + if(MSVC) + message(FATAL_ERROR "TSan is not supported on MSVC") + endif() + + message(STATUS "Using TSan") + add_compile_options(-fsanitize=thread) + add_link_options(-fsanitize=thread) + + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + add_compile_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_tsan") + add_link_options( + "-fsanitize-ignorelist=${PROJECT_SOURCE_DIR}/sanitize_ignorelist_tsan") + endif() + + add_definitions(-DED25519_NO_INLINE_ASM) +endif() + +if(NANO_WARN_TO_ERR) + add_compile_options(-Werror -Wno-deprecated-declarations) +endif() + if(WIN32) find_library(PSAPI Psapi) add_definitions(-D_WIN32_WINNT=0x0600 -DWINVER=0x0600 -DMINIUPNP_STATICLIB -D_CRT_SECURE_NO_WARNINGS -DNOGDI /EHsc) - - if(${USING_TSAN} - OR ${USING_ASAN} - OR ${USING_ASAN_INT}) - message(WARNING "Cannot use TSAN or ASAN on Windows, sanitizers ignored") - endif() - else() - if(NANO_WARN_TO_ERR) - add_compile_options(-Werror -Wno-deprecated-declarations) - endif() - - if((${USING_TSAN} AND ${USING_ASAN}) OR (${USING_TSAN} AND ${USING_ASAN_INT})) - message(WARNING "Cannot use TSAN/ASAN together, defaulting to ASAN") - endif() - - if(${USING_ASAN} OR ${USING_ASAN_INT}) - if(${USING_ASAN_INT}) - message(STATUS "Using ASAN+UBSAN+Integer overflow") - add_compile_options(-fsanitize=address,undefined,integer) - else() - message(STATUS "Using ASAN+UBSAN") - add_compile_options(-fsanitize=address,undefined) - endif() - add_definitions(-DED25519_NO_INLINE_ASM) - add_definitions(-DROCKSDB_UBSAN_RUN) - elseif(${USING_TSAN}) - message(STATUS "Using TSAN") - add_compile_options(-fsanitize=thread) - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - add_compile_options( - "-fsanitize-blacklist=${PROJECT_SOURCE_DIR}/tsan_clang_blacklist") - endif() - add_definitions(-DED25519_NO_INLINE_ASM) - endif() - if(NANO_FUZZER_TEST) add_compile_options(-fsanitize=fuzzer-no-link -fno-omit-frame-pointer) add_definitions(-DNANO_FUZZER_TEST) @@ -323,20 +367,6 @@ else() set(PLATFORM_LINK_FLAGS "-static-libgcc -static-libstdc++") endif() - if(${USING_ASAN_INT}) - set(PLATFORM_LINK_FLAGS - "${PLATFORM_LINK_FLAGS} -fsanitize=address,undefined,integer") - elseif(${USING_ASAN}) - set(PLATFORM_LINK_FLAGS - "${PLATFORM_LINK_FLAGS} -fsanitize=address,undefined") - elseif(${USING_TSAN}) - set(PLATFORM_LINK_FLAGS "${PLATFORM_LINK_FLAGS} -fsanitize=thread") - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - set(PLATFORM_LINK_FLAGS - "${PLATFORM_LINK_FLAGS} -fsanitize-blacklist=${PROJECT_SOURCE_DIR}/tsan_clang_blacklist" - ) - endif() - endif() if(NANO_FUZZER_TEST) set(PLATFORM_LINK_FLAGS "${PLATFORM_LINK_FLAGS} -fsanitize=fuzzer-no-link") endif() diff --git a/asan_suppressions b/asan_suppressions new file mode 100644 index 000000000..e69de29bb diff --git a/sanitize_ignorelist b/sanitize_ignorelist new file mode 100644 index 000000000..88c388537 --- /dev/null +++ b/sanitize_ignorelist @@ -0,0 +1,4 @@ +src:*crypto/ed25519* +src:*crypto/blake2* + +src:*submodules/lmdb* \ No newline at end of file diff --git a/sanitize_ignorelist_asan b/sanitize_ignorelist_asan new file mode 100644 index 000000000..e69de29bb diff --git a/sanitize_ignorelist_tsan b/sanitize_ignorelist_tsan new file mode 100644 index 000000000..e69de29bb diff --git a/sanitize_ignorelist_ubsan b/sanitize_ignorelist_ubsan new file mode 100644 index 000000000..e69de29bb