diff --git a/go_std_tables.go b/go_std_tables.go index 6d801f0..6d6fc7b 100644 --- a/go_std_tables.go +++ b/go_std_tables.go @@ -1,6 +1,6 @@ // Code generated by scripts/gen-go-std-tables.sh; DO NOT EDIT. -// Generated from Go version devel go1.22-a2a2c5b947 Wed Dec 20 02:18:50 2023 +0000. +// Generated from Go version devel go1.23-1400b26852 Thu Feb 8 03:02:00 2024 +0000. package main @@ -20,8 +20,11 @@ var runtimeAndDeps = map[string]bool{ "runtime/internal/sys": true, "runtime/internal/syscall": true, "runtime": true, - // Not a runtime dependency, but still uses tricks allowed by import path. - // Not a big deal either way, given that it's only imported in test packages. + // Not runtime dependencies, but still use tricks allowed by import path. + // TODO: collect directly from cmd/internal/objabi/pkgspecial.go, + // in this particular case from allowAsmABIPkgs. + "reflect": true, + "syscall": true, "runtime/internal/startlinetest": true, } diff --git a/scripts/gen-go-std-tables.sh b/scripts/gen-go-std-tables.sh index 6348025..30f771e 100755 --- a/scripts/gen-go-std-tables.sh +++ b/scripts/gen-go-std-tables.sh @@ -34,8 +34,11 @@ var runtimeAndDeps = map[string]bool{ $(for path in ${runtime_and_deps}; do echo "\"${path}\": true," done) - // Not a runtime dependency, but still uses tricks allowed by import path. - // Not a big deal either way, given that it's only imported in test packages. + // Not runtime dependencies, but still use tricks allowed by import path. + // TODO: collect directly from cmd/internal/objabi/pkgspecial.go, + // in this particular case from allowAsmABIPkgs. + "reflect": true, + "syscall": true, "runtime/internal/startlinetest": true, } diff --git a/shared.go b/shared.go index 811ee87..b5b8401 100644 --- a/shared.go +++ b/shared.go @@ -188,6 +188,7 @@ func (p *listedPackage) obfuscatedImportPath() string { case "runtime", "reflect", "embed": return p.ImportPath } + // Intrinsics are matched by package import path as well. if compilerIntrinsicsPkgs[p.ImportPath] { return p.ImportPath } diff --git a/testdata/script/crossbuild.txtar b/testdata/script/crossbuild.txtar index 75f47b9..b2e5208 100644 --- a/testdata/script/crossbuild.txtar +++ b/testdata/script/crossbuild.txtar @@ -18,6 +18,16 @@ [arm] env GOARCH=arm64 exec garble build -gcflags=math/bits=-d=ssa/intrinsics/debug=1 stderr 'intrinsic substitution for Len64.*BitLen64' + +# As a last step, also test building for MacOS if we're not already on it. +# We already cover Windows and Linux above, and MacOS is the other major OS. +# The way it is implemented in the standard library, in particular with syscalls, +# is different enough that it sometimes causes special bugs. +[darwin] stop +env GOOS=darwin +env GOARCH=arm64 +exec garble build + -- go.mod -- module test/main diff --git a/testdata/script/gogarble.txtar b/testdata/script/gogarble.txtar index 3d9dab3..3931c9c 100644 --- a/testdata/script/gogarble.txtar +++ b/testdata/script/gogarble.txtar @@ -36,11 +36,11 @@ exec garble build std # Also ensure we are obfuscating low-level std packages. exec garble build -o=out ./stdimporter ! stderr . # no warnings -! binsubstr out 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' 'syscall.Listen' +! binsubstr out 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' # The same low-level std packages appear in plain sight in regular builds. go build -o=out_regular ./stdimporter -binsubstr out_regular 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' 'syscall.Listen' +binsubstr out_regular 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' # Also check that a full rebuild is reproducible, via a new GOCACHE. # This is slow, but necessary to uncover bugs hidden by the build cache. @@ -79,7 +79,6 @@ import ( "net/http" "runtime/debug" "time" - "syscall" ) func main() { @@ -88,5 +87,4 @@ func main() { // as it is implemented by runtime via a linkname. debug.WriteHeapDump(1) time.Now() - syscall.Listen(0, 1) }