|
@@ -5,48 +5,48 @@
|
|
|
# Node ID 81c22c501c2a9f18a33398a97cc7c43144349223
|
|
|
# Parent a049e86626d465013bb409180fee85d9c7154aa7
|
|
|
Fix the attribute names in the comments in the sanitizer blacklists to the final adopted names. No bug, r=sparky
|
|
|
-
|
|
|
-diff --git a/build/sanitizers/ubsan_signed_overflow_blacklist.txt b/build/sanitizers/ubsan_signed_overflow_blacklist.txt
|
|
|
---- a/build/sanitizers/ubsan_signed_overflow_blacklist.txt
|
|
|
-+++ b/build/sanitizers/ubsan_signed_overflow_blacklist.txt
|
|
|
-@@ -3,17 +3,17 @@
|
|
|
- # -fsanitize=signed-integer-overflow. C/C++ say signed integer overflow is
|
|
|
- # undefined behavior, so instances of this need to be fixed. But not all code
|
|
|
- # has been properly written to not overflow, and overflow-checking can have
|
|
|
- # significant compile time and runtime costs, so we will sometimes disable
|
|
|
- # signed overflow checking.
|
|
|
- #
|
|
|
- # The rules in this file are applied at compile time; changes to this list
|
|
|
- # usually require a full rebuild to apply. If you can modify the source in
|
|
|
--# question to exempt individual functions using MOZ_NO_SANITIZE_SINT_OVERFLOW,
|
|
|
-+# question to exempt specific functions using MOZ_NO_SANITIZE_SIGNED_OVERFLOW,
|
|
|
- # do that instead.
|
|
|
- #
|
|
|
- # The extensive number of entries below is for two reasons.
|
|
|
- #
|
|
|
- # First, compiler instrumentation for signed integer overflows has a cost, at
|
|
|
- # compile time and at runtime. In performance-critical code proven to have no
|
|
|
- # signed overflow, it makes sense to turn off overflow detection to avoid both
|
|
|
- # costs. (Indeed, -fsanitize=signed-integer-overflow is unusably slow without
|
|
|
-diff --git a/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt b/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt
|
|
|
---- a/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt
|
|
|
-+++ b/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt
|
|
|
-@@ -2,17 +2,17 @@
|
|
|
- # frequent *un*signed integer overflows in our codebase, found by the use of
|
|
|
- # -fsanitize=unsigned-integer-overflow. Such overflows are not necessarily
|
|
|
- # bugs -- unsigned integer overflow has well-defined semantics in C/C++. But
|
|
|
- # overflow may still be *unexpected* and incorrectly handled, so we try to
|
|
|
- # annotate those places where unsigned overflow is correct and desired.
|
|
|
- #
|
|
|
- # The rules in this file are applied at compile time; changes to this list
|
|
|
- # usually require a full rebuild to apply. If you can modify the source in
|
|
|
--# question to exempt individual functions using MOZ_NO_SANITIZE_UINT_OVERFLOW,
|
|
|
-+# question to exempt specific functions using MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW,
|
|
|
- # do that instead.
|
|
|
- #
|
|
|
- # The extensive number of entries below is for two reasons.
|
|
|
- #
|
|
|
- # First, compiler instrumentation for unsigned integer overflows has a cost, at
|
|
|
- # compile time and at runtime. In places where code expects and depends upon
|
|
|
- # overflow behavior -- and especially in performance-critical code -- it makes
|
|
|
- # sense to turn off overflow detection to avoid both costs. (Indeed,
|
|
|
+
|
|
|
+diff --git a/build/sanitizers/ubsan_signed_overflow_blacklist.txt b/build/sanitizers/ubsan_signed_overflow_blacklist.txt
|
|
|
+--- a/build/sanitizers/ubsan_signed_overflow_blacklist.txt
|
|
|
++++ b/build/sanitizers/ubsan_signed_overflow_blacklist.txt
|
|
|
+@@ -3,17 +3,17 @@
|
|
|
+ # -fsanitize=signed-integer-overflow. C/C++ say signed integer overflow is
|
|
|
+ # undefined behavior, so instances of this need to be fixed. But not all code
|
|
|
+ # has been properly written to not overflow, and overflow-checking can have
|
|
|
+ # significant compile time and runtime costs, so we will sometimes disable
|
|
|
+ # signed overflow checking.
|
|
|
+ #
|
|
|
+ # The rules in this file are applied at compile time; changes to this list
|
|
|
+ # usually require a full rebuild to apply. If you can modify the source in
|
|
|
+-# question to exempt individual functions using MOZ_NO_SANITIZE_SINT_OVERFLOW,
|
|
|
++# question to exempt specific functions using MOZ_NO_SANITIZE_SIGNED_OVERFLOW,
|
|
|
+ # do that instead.
|
|
|
+ #
|
|
|
+ # The extensive number of entries below is for two reasons.
|
|
|
+ #
|
|
|
+ # First, compiler instrumentation for signed integer overflows has a cost, at
|
|
|
+ # compile time and at runtime. In performance-critical code proven to have no
|
|
|
+ # signed overflow, it makes sense to turn off overflow detection to avoid both
|
|
|
+ # costs. (Indeed, -fsanitize=signed-integer-overflow is unusably slow without
|
|
|
+diff --git a/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt b/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt
|
|
|
+--- a/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt
|
|
|
++++ b/build/sanitizers/ubsan_unsigned_overflow_blacklist.txt
|
|
|
+@@ -2,17 +2,17 @@
|
|
|
+ # frequent *un*signed integer overflows in our codebase, found by the use of
|
|
|
+ # -fsanitize=unsigned-integer-overflow. Such overflows are not necessarily
|
|
|
+ # bugs -- unsigned integer overflow has well-defined semantics in C/C++. But
|
|
|
+ # overflow may still be *unexpected* and incorrectly handled, so we try to
|
|
|
+ # annotate those places where unsigned overflow is correct and desired.
|
|
|
+ #
|
|
|
+ # The rules in this file are applied at compile time; changes to this list
|
|
|
+ # usually require a full rebuild to apply. If you can modify the source in
|
|
|
+-# question to exempt individual functions using MOZ_NO_SANITIZE_UINT_OVERFLOW,
|
|
|
++# question to exempt specific functions using MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW,
|
|
|
+ # do that instead.
|
|
|
+ #
|
|
|
+ # The extensive number of entries below is for two reasons.
|
|
|
+ #
|
|
|
+ # First, compiler instrumentation for unsigned integer overflows has a cost, at
|
|
|
+ # compile time and at runtime. In places where code expects and depends upon
|
|
|
+ # overflow behavior -- and especially in performance-critical code -- it makes
|
|
|
+ # sense to turn off overflow detection to avoid both costs. (Indeed,
|