garble/runtime_strip.go

// Copyright (c) 2020, The Garble Authors.
// See LICENSE for licensing information.

package main

import (
	"go/ast"
	"go/token"
	"strings"

	ah "mvdan.cc/garble/internal/asthelper"
)

// stripRuntime removes unnecessary code from the runtime,
// such as panic and fatal error printing, and code that
// prints trace/debug info of the runtime.
func stripRuntime(filename string, file *ast.File) {
	stripPrints := func(node ast.Node) bool {
		call, ok := node.(*ast.CallExpr)
		if !ok {
			return true
		}
		id, ok := call.Fun.(*ast.Ident)
		if !ok {
			return true
		}

		switch id.Name {
		case "print", "println":
			id.Name = "hidePrint"
			return false
		default:
			return true
		}
	}

	for _, decl := range file.Decls {
		switch x := decl.(type) {
		case *ast.FuncDecl:
			switch filename {
			case "error.go":
				// only used in panics
				switch x.Name.Name {
				case "printany", "printanycustomtype":
					x.Body.List = nil
				}
			case "mgcscavenge.go":
				// used in tracing the scavenger
				if x.Name.Name == "printScavTrace" {
					x.Body.List = nil
					break
				}
			case "mprof.go":
				// remove all functions that print debug/tracing info
				// of the runtime
				if strings.HasPrefix(x.Name.Name, "trace") {
					x.Body.List = nil
				}
			case "panic.go":
				// used for printing panics
				switch x.Name.Name {
				case "preprintpanics", "printpanics":
					x.Body.List = nil
				}
			case "print.go":
				// only used in tracebacks
				if x.Name.Name == "hexdumpWords" {
					x.Body.List = nil
					break
				}
			case "proc.go":
				// used in tracing the scheduler
				if x.Name.Name == "schedtrace" {
					x.Body.List = nil
					break
				}
			case "runtime1.go":
				usesEnv := func(node ast.Node) bool {
					seen := false
					ast.Inspect(node, func(node ast.Node) bool {
						ident, ok := node.(*ast.Ident)
						if ok && ident.Name == "gogetenv" {
							seen = true
							return false
						}
						return true
					})
					return seen
				}
			filenames:
				switch x.Name.Name {
				case "parsedebugvars":
					// keep defaults for GODEBUG cgocheck and invalidptr,
					// remove code that reads GODEBUG via gogetenv
					for i, stmt := range x.Body.List {
						if usesEnv(stmt) {
							x.Body.List = x.Body.List[:i]
							break filenames
						}
					}
					panic("did not see any gogetenv call in parsedebugvars")
				case "setTraceback":
					// tracebacks are completely hidden, no
					// sense keeping this function
					x.Body.List = nil
				}
			case "traceback.go":
				// only used for printing tracebacks
				switch x.Name.Name {
				case "tracebackdefers", "printcreatedby", "printcreatedby1", "traceback", "tracebacktrap", "traceback1", "printAncestorTraceback",
					"printAncestorTracebackFuncInfo", "goroutineheader", "tracebackothers", "tracebackHexdump", "printCgoTraceback":
					x.Body.List = nil
				case "printOneCgoTraceback":
					x.Body = ah.BlockStmt(ah.ReturnStmt(ah.IntLit(0)))
				default:
					if strings.HasPrefix(x.Name.Name, "print") {
						x.Body.List = nil
					}
				}
			default:
				break
			}
		case *ast.GenDecl:
			if x.Tok != token.IMPORT {
				continue
			}

			switch filename {
			case "print.go":
				// was used in hexdumpWords
				x.Specs = removeImport(`"runtime/internal/sys"`, x.Specs) // Before Go 1.18.
				x.Specs = removeImport(`"internal/goarch"`, x.Specs)      // Go 1.18.
			case "traceback.go":
				// was used in traceback1
				x.Specs = removeImport(`"runtime/internal/atomic"`, x.Specs)
			}

		}
	}

	switch filename {
	case "runtime1.go":
		// On Go 1.17.x, the code above results in runtime1.go having an
		// unused import. Make it an underscore import.
		// If this is a recurring problem, we could go for a more
		// generic solution like x/tools/imports.
		for _, imp := range file.Imports {
			if imp.Path.Value == `"internal/bytealg"` {
				imp.Name = &ast.Ident{Name: "_"}
				break
			}
		}
	case "print.go":
		file.Decls = append(file.Decls, hidePrintDecl)
		return
	}

	// replace all 'print' and 'println' statements in
	// the runtime with an empty func, which will be
	// optimized out by the compiler
	ast.Inspect(file, stripPrints)
}

func removeImport(importPath string, specs []ast.Spec) []ast.Spec {
	for i, spec := range specs {
		imp := spec.(*ast.ImportSpec)
		if imp.Path.Value == importPath {
			specs = append(specs[:i], specs[i+1:]...)
			break
		}
	}

	return specs
}

var hidePrintDecl = &ast.FuncDecl{
	Name: ast.NewIdent("hidePrint"),
	Type: &ast.FuncType{Params: &ast.FieldList{
		List: []*ast.Field{{
			Names: []*ast.Ident{{Name: "args"}},
			Type: &ast.Ellipsis{Elt: &ast.InterfaceType{
				Methods: &ast.FieldList{},
			}},
		}},
	}},
	Body: &ast.BlockStmt{},
}
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`// Copyright (c) 2020, The Garble Authors.`
			`// See LICENSE for licensing information.`

			`package main`

			`import (`
			`"go/ast"`
			`"go/token"`
			`"strings"`

			`ah "mvdan.cc/garble/internal/asthelper"`
			`)`

			`// stripRuntime removes unnecessary code from the runtime,`
			`// such as panic and fatal error printing, and code that`
			`// prints trace/debug info of the runtime.`
			`func stripRuntime(filename string, file *ast.File) {`
			`stripPrints := func(node ast.Node) bool {`
			`call, ok := node.(*ast.CallExpr)`
			`if !ok {`
			`return true`
			`}`
			`id, ok := call.Fun.(*ast.Ident)`
			`if !ok {`
			`return true`
			`}`

			`switch id.Name {`
			`case "print", "println":`
			`id.Name = "hidePrint"`
			`return false`
			`default:`
			`return true`
			`}`
			`}`

			`for _, decl := range file.Decls {`
			`switch x := decl.(type) {`
			`case *ast.FuncDecl:`
			`switch filename {`
			`case "error.go":`
			`// only used in panics`
			`switch x.Name.Name {`
			`case "printany", "printanycustomtype":`
			`x.Body.List = nil`
			`}`
			`case "mgcscavenge.go":`
			`// used in tracing the scavenger`
			`if x.Name.Name == "printScavTrace" {`
			`x.Body.List = nil`
			`break`
			`}`
			`case "mprof.go":`
			`// remove all functions that print debug/tracing info`
			`// of the runtime`
			`if strings.HasPrefix(x.Name.Name, "trace") {`
			`x.Body.List = nil`
			`}`
			`case "panic.go":`
			`// used for printing panics`
			`switch x.Name.Name {`
			`case "preprintpanics", "printpanics":`
			`x.Body.List = nil`
			`}`
			`case "print.go":`
			`// only used in tracebacks`
			`if x.Name.Name == "hexdumpWords" {`
			`x.Body.List = nil`
			`break`
			`}`
			`case "proc.go":`
			`// used in tracing the scheduler`
			`if x.Name.Name == "schedtrace" {`
			`x.Body.List = nil`
			`break`
			`}`
			`case "runtime1.go":`
small improvements towards obfuscating the runtime I spent a couple of days trying to obfuscate all of std. Ultimately I failed at making it fully work, especially when it comes to the runtime package, but I did fix a few problems along the way, as seen here. First, fix the TODO to allow handleDirectives and transformGo to run on runtime packages as well, if they are considered private. Note that this is never true right now, but it matters once we remove runtimeRelated. Second, modify parsedebugvars in a way that doesn't break typechecking. We can remove AST nodes or even modify them in simple ways, but if we add new AST nodes after typechecking, those will lack type information. We were replacing the entire body, running into that problem. Instead, carefully cut the body to set some defaults, but remove everything from the point GODEBUG is read. Finally, add commented-out debug prints of transformed asm files. For #193. 4 years ago			`usesEnv := func(node ast.Node) bool {`
			`seen := false`
			`ast.Inspect(node, func(node ast.Node) bool {`
			`ident, ok := node.(*ast.Ident)`
			`if ok && ident.Name == "gogetenv" {`
			`seen = true`
			`return false`
			`}`
			`return true`
			`})`
			`return seen`
			`}`
			`filenames:`
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`switch x.Name.Name {`
			`case "parsedebugvars":`
small improvements towards obfuscating the runtime I spent a couple of days trying to obfuscate all of std. Ultimately I failed at making it fully work, especially when it comes to the runtime package, but I did fix a few problems along the way, as seen here. First, fix the TODO to allow handleDirectives and transformGo to run on runtime packages as well, if they are considered private. Note that this is never true right now, but it matters once we remove runtimeRelated. Second, modify parsedebugvars in a way that doesn't break typechecking. We can remove AST nodes or even modify them in simple ways, but if we add new AST nodes after typechecking, those will lack type information. We were replacing the entire body, running into that problem. Instead, carefully cut the body to set some defaults, but remove everything from the point GODEBUG is read. Finally, add commented-out debug prints of transformed asm files. For #193. 4 years ago			`// keep defaults for GODEBUG cgocheck and invalidptr,`
			`// remove code that reads GODEBUG via gogetenv`
			`for i, stmt := range x.Body.List {`
			`if usesEnv(stmt) {`
			`x.Body.List = x.Body.List[:i]`
			`break filenames`
			`}`
			`}`
			`panic("did not see any gogetenv call in parsedebugvars")`
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`case "setTraceback":`
			`// tracebacks are completely hidden, no`
			`// sense keeping this function`
			`x.Body.List = nil`
			`}`
			`case "traceback.go":`
			`// only used for printing tracebacks`
			`switch x.Name.Name {`
strip a few more unneeded runtime functions Strip a few more traceback printing related functions in the runtime, new for Go 1.16. Also test that GODEBUG=inittrace=1 does not print anything when -tiny is passed. 4 years ago			`case "tracebackdefers", "printcreatedby", "printcreatedby1", "traceback", "tracebacktrap", "traceback1", "printAncestorTraceback",`
			`"printAncestorTracebackFuncInfo", "goroutineheader", "tracebackothers", "tracebackHexdump", "printCgoTraceback":`
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`x.Body.List = nil`
			`case "printOneCgoTraceback":`
			`x.Body = ah.BlockStmt(ah.ReturnStmt(ah.IntLit(0)))`
			`default:`
			`if strings.HasPrefix(x.Name.Name, "print") {`
			`x.Body.List = nil`
			`}`
			`}`
			`default:`
			`break`
			`}`
			`case *ast.GenDecl:`
			`if x.Tok != token.IMPORT {`
			`continue`
			`}`

			`switch filename {`
			`case "print.go":`
			`// was used in hexdumpWords`
fix runtime stripping for Go 1.18 In Go 1.18 runtime/internal/sys is replaced with internal/goarch. This change makes sure that when running garble after the runtime package change, runtime stripping correctly removes the unused import. Also bump go-internal version to work with go1.18, but disable go1.18 in CI tests. 3 years ago			x.Specs = removeImport(`"runtime/internal/sys"`, x.Specs) // Before Go 1.18.
			x.Specs = removeImport(`"internal/goarch"`, x.Specs) // Go 1.18.
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`case "traceback.go":`
			`// was used in traceback1`
			x.Specs = removeImport(`"runtime/internal/atomic"`, x.Specs)
			`}`

			`}`
			`}`

start working on Go 1.16 support (#244) There are three minor bugs breaking Go 1.16 with the current version of garble, after the import path obfuscation refactor: 1) Stripping the runtime results in an unused import error. This PR fixes that. 2) The asm.txt test seems to be broken; something to do with the export data not being right for the exported assembly func. 3) The obfuscated build of std fails, since our runtimeRelated table was generated for Go 1.15, not 1.16. This PR fixes the first issue, adds conditional skip lines for 1.16 for the other two issues, and enables 1.16 on CI. Note that 1.16 support is not here just yet, because of the other two issues. As such, no doc changes. Updates #124. 4 years ago			`switch filename {`
			`case "runtime1.go":`
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me> 4 years ago			`// On Go 1.17.x, the code above results in runtime1.go having an`
			`// unused import. Make it an underscore import.`
start working on Go 1.16 support (#244) There are three minor bugs breaking Go 1.16 with the current version of garble, after the import path obfuscation refactor: 1) Stripping the runtime results in an unused import error. This PR fixes that. 2) The asm.txt test seems to be broken; something to do with the export data not being right for the exported assembly func. 3) The obfuscated build of std fails, since our runtimeRelated table was generated for Go 1.15, not 1.16. This PR fixes the first issue, adds conditional skip lines for 1.16 for the other two issues, and enables 1.16 on CI. Note that 1.16 support is not here just yet, because of the other two issues. As such, no doc changes. Updates #124. 4 years ago			`// If this is a recurring problem, we could go for a more`
			`// generic solution like x/tools/imports.`
			`for _, imp := range file.Imports {`
			if imp.Path.Value == `"internal/bytealg"` {
small improvements towards obfuscating the runtime I spent a couple of days trying to obfuscate all of std. Ultimately I failed at making it fully work, especially when it comes to the runtime package, but I did fix a few problems along the way, as seen here. First, fix the TODO to allow handleDirectives and transformGo to run on runtime packages as well, if they are considered private. Note that this is never true right now, but it matters once we remove runtimeRelated. Second, modify parsedebugvars in a way that doesn't break typechecking. We can remove AST nodes or even modify them in simple ways, but if we add new AST nodes after typechecking, those will lack type information. We were replacing the entire body, running into that problem. Instead, carefully cut the body to set some defaults, but remove everything from the point GODEBUG is read. Finally, add commented-out debug prints of transformed asm files. For #193. 4 years ago			`imp.Name = &ast.Ident{Name: "_"}`
start working on Go 1.16 support (#244) There are three minor bugs breaking Go 1.16 with the current version of garble, after the import path obfuscation refactor: 1) Stripping the runtime results in an unused import error. This PR fixes that. 2) The asm.txt test seems to be broken; something to do with the export data not being right for the exported assembly func. 3) The obfuscated build of std fails, since our runtimeRelated table was generated for Go 1.15, not 1.16. This PR fixes the first issue, adds conditional skip lines for 1.16 for the other two issues, and enables 1.16 on CI. Note that 1.16 support is not here just yet, because of the other two issues. As such, no doc changes. Updates #124. 4 years ago			`break`
			`}`
			`}`
			`case "print.go":`
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`file.Decls = append(file.Decls, hidePrintDecl)`
Print interfaces/pointers when -tiny is used (#170) fixes #167 4 years ago			`return`
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`}`

			`// replace all 'print' and 'println' statements in`
			`// the runtime with an empty func, which will be`
			`// optimized out by the compiler`
			`ast.Inspect(file, stripPrints)`
			`}`

			`func removeImport(importPath string, specs []ast.Spec) []ast.Spec {`
			`for i, spec := range specs {`
			`imp := spec.(*ast.ImportSpec)`
			`if imp.Path.Value == importPath {`
			`specs = append(specs[:i], specs[i+1:]...)`
			`break`
			`}`
			`}`

			`return specs`
			`}`

			`var hidePrintDecl = &ast.FuncDecl{`
Replaced asthelper.Ident with ast.NewIdent No point in having around a helper method that has been implemented for us by `go/ast` 4 years ago			`Name: ast.NewIdent("hidePrint"),`
remove unnecessary data from runtime if -tiny is passed Fixes #127. Saves an additional ~1-2% binary size in my testing. 5 years ago			`Type: &ast.FuncType{Params: &ast.FieldList{`
			`List: []*ast.Field{{`
			`Names: []*ast.Ident{{Name: "args"}},`
			`Type: &ast.Ellipsis{Elt: &ast.InterfaceType{`
			`Methods: &ast.FieldList{},`
			`}},`
			`}},`
			`}},`
			`Body: &ast.BlockStmt{},`
			`}`