commit 925d3f6705a52b41478282cd2bb764f3318aabc4 Author: Zack Weinberg zackw@cmu.edu Date: Wed Feb 29 16:51:03 2012 -0800
Enforce no addition of new global variables. --- Makefile.am | 14 +++++++++ src/audit-globals.sh | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 0 deletions(-)
diff --git a/Makefile.am b/Makefile.am index d81d072..280f32a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -80,6 +80,7 @@ noinst_HEADERS = \ src/test/unittest.h
dist_noinst_SCRIPTS = \ + src/audit-globals.sh \ src/genmodtable.sh \ src/test/genunitgrps.sh
@@ -94,11 +95,16 @@ CLEANFILES = protolist.cc steglist.cc unitgrplist.cc \
GMOD = $(SHELL) $(srcdir)/src/genmodtable.sh GUNIT = $(SHELL) $(srcdir)/src/test/genunitgrps.sh +AGLOB = $(SHELL) $(srcdir)/src/audit-globals.sh
AM_V_gs = $(AM_V_gs_$(V)) AM_V_gs_ = $(AM_V_gs_$(AM_DEFAULT_VERBOSITY)) AM_V_gs_0 = @echo " GEN " $(patsubst stamp-%,%.cc,$@);
+AM_V_ag = $(AM_V_ag_$(V)) +AM_V_ag_ = $(AM_V_ag_$(AM_DEFAULT_VERBOSITY)) +AM_V_ag_0 = @echo " AGLOB "; + protolist.cc: stamp-protolist ; stamp-protolist: $(PROTOCOLS) Makefile src/genmodtable.sh $(AM_V_gs) $(GMOD) protolist.cc $(filter %.cc, $^) @@ -114,6 +120,14 @@ stamp-unitgrplist: $(UTGROUPS) Makefile src/test/genunitgrps.sh $(AM_V_gs) $(GUNIT) unitgrplist.cc $(filter %.cc, $^) $(AM_V_at) touch stamp-unitgrplist
+stamp-audit-globals: src/audit-globals.sh Makefile \ + $(libstegotorus_a_OBJECTS) $(stegotorus_OBJECTS) + $(AM_V_ag) $(AGLOB) $(libstegotorus_a_OBJECTS) $(stegotorus_OBJECTS) + $(AM_V_at) touch stamp-audit-globals + +# prevent stegotorus from being linked if s-a-g fails +EXTRA_stegotorus_DEPENDENCIES = stamp-audit-globals + # Testing check-local: @echo --- Unit tests --- diff --git a/src/audit-globals.sh b/src/audit-globals.sh new file mode 100644 index 0000000..cc2387b --- /dev/null +++ b/src/audit-globals.sh @@ -0,0 +1,74 @@ +#! /bin/sh + +# Due to the multi-listener architecture of stegotorus, nearly all +# global variables are bugs. This program enforces a white-list of +# global variables (in stegotorus itself) that are known to be okay. +# It's called from the Makefile with all of stegotorus's object files +# on the command line. It produces no output, and exits successfully, +# if no new globals have appeared; otherwise it prints error messages +# and exits unsuccessfully. + +status=0 +symbols=$(nm -o "$@" | +c++filt | +sed ' + # Tidy up the list and remove all symbols we do not care about. + / [DBdb] /!d + + s/^src/// + s/.o: / / + s/.obj: / / + s/ [0-9a-fA-F][0-9a-fA-F]* [DBdb] / / + + # This is the whitelist, in the form of a bunch of sed "d" commands. + # It cares about both the names and the object files that define + # them. The above commands have stripped any leading src/ and/or + # .o or .obj extension. + + # These are genuinely OK. + /^connections circuits$/d + /^connections connections$/d + /^connections closing_all_connections$/d + /^connections last_ckt_serial$/d + /^connections last_conn_serial$/d + /^connections shutting_down$/d + /^main allow_kq$/d + /^main the_event_base$/d + /^main handle_signal_cb(int, short, void*)::got_sigint$/d + /^network listeners$/d + /^rng rng$/d + /^util log_dest$/d + /^util log_min_sev$/d + /^util the_evdns_base$/d + + # These are grandfathered; they need to be removed. + /^steg/b64cookies std::__ioinit$/d + /^steg/b64decode std::__ioinit$/d + /^steg/b64encode std::__ioinit$/d + /^steg/embed embed_init$/d + /^steg/embed embed_num_traces$/d + /^steg/embed embed_traces$/d + /^steg/http has_peer_name$/d + /^steg/http peername$/d + /^steg/http std::__ioinit$/d + /^steg/payloads _payload_count$/d + /^steg/payloads initTypePayload$/d + /^steg/payloads max_HTML_capacity$/d + /^steg/payloads max_JS_capacity$/d + /^steg/payloads max_PDF_capacity$/d + /^steg/payloads typePayload$/d + /^steg/payloads typePayloadCap$/d + /^steg/payloads typePayloadCount$/d +') + +if [ -n "$symbols" ]; then + status=1 + echo '*** New global variables introduced:' + set fnord $symbols + shift + while [ $# -gt 0 ]; do + printf ' %s.o\t%s\n' "$1" "$2" + shift 2 + done +fi +exit $status