From 4e454f3cf8b258169bf64e135467b90be4030533 Mon Sep 17 00:00:00 2001 From: iphydf Date: Wed, 30 Aug 2023 12:47:58 +0000 Subject: [PATCH 1/2] test: Add control flow integrity sanitizer. This will check whether conversions to and casts from `void*` are correct. E.g. `int* -> void* -> float*` will trip the sanitizer. https://clang.llvm.org/docs/ControlFlowIntegrity.html --- .circleci/cmake-cfisan | 34 ++++++++++++++++++++++++++++++++++ .circleci/config.yml | 12 ++++++++++++ CMakeLists.txt | 7 +++++-- 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100755 .circleci/cmake-cfisan diff --git a/.circleci/cmake-cfisan b/.circleci/cmake-cfisan new file mode 100755 index 0000000000..a7db34ece5 --- /dev/null +++ b/.circleci/cmake-cfisan @@ -0,0 +1,34 @@ +#!/bin/bash + +set -eu + +CACHEDIR="$HOME/cache" + +. ".github/scripts/flags-$CC.sh" +add_flag -Werror +add_flag -fdiagnostics-color=always +add_flag -flto=thin # for cfi +add_flag -fno-omit-frame-pointer +add_flag -fsanitize=cfi +cmake -B_build -H. -GNinja \ + -DCMAKE_C_FLAGS="$C_FLAGS" \ + -DCMAKE_CXX_FLAGS="$CXX_FLAGS" \ + -DCMAKE_EXE_LINKER_FLAGS="$LD_FLAGS" \ + -DCMAKE_SHARED_LINKER_FLAGS="$LD_FLAGS" \ + -DCMAKE_INSTALL_PREFIX:PATH="$PWD/_install" \ + -DCMAKE_UNITY_BUILD=ON \ + -DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \ + -DMIN_LOGGER_LEVEL=TRACE \ + -DMUST_BUILD_TOXAV=ON \ + -DNON_HERMETIC_TESTS=ON \ + -DSTRICT_ABI=ON \ + -DENABLE_SHARED=OFF \ + -DTEST_TIMEOUT_SECONDS=120 \ + -DUSE_IPV6=OFF \ + -DAUTOTEST=ON + +cd _build + +ninja install -j"$(nproc)" + +ctest -j50 --output-on-failure --rerun-failed --repeat until-pass:6 diff --git a/.circleci/config.yml b/.circleci/config.yml index 27d396fe2a..796e6fec06 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,6 +7,7 @@ workflows: jobs: # Dynamic analysis - asan + - cfisan - tsan - msan - ubsan @@ -55,6 +56,17 @@ jobs: - run: git submodule update --init --recursive - run: CC=clang .circleci/cmake-tsan + cfisan: + working_directory: ~/work + docker: + - image: ubuntu + + steps: + - run: *apt_install + - checkout + - run: git submodule update --init --recursive + - run: CC=clang .circleci/cmake-cfisan + ubsan: working_directory: ~/work docker: diff --git a/CMakeLists.txt b/CMakeLists.txt index f6228e4eb8..7fbc359de2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,8 +14,8 @@ # ################################################################################ -cmake_minimum_required(VERSION 2.8.12) -cmake_policy(VERSION 2.8.12) +cmake_minimum_required(VERSION 3.9) +cmake_policy(VERSION 3.9) project(toxcore) list(APPEND CMAKE_MODULE_PATH ${toxcore_SOURCE_DIR}/cmake) @@ -75,6 +75,9 @@ if(APPLE) include(MacRpath) endif() +include(CheckIPOSupported) +check_ipo_supported() + enable_testing() set(CMAKE_MACOSX_RPATH ON) From 2be2013a8a13d0d2bf383a5234b4aec7e0fd731a Mon Sep 17 00:00:00 2001 From: "Restyled.io" Date: Wed, 30 Aug 2023 12:49:22 +0000 Subject: [PATCH 2/2] Restyled by shfmt --- .circleci/cmake-cfisan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/cmake-cfisan b/.circleci/cmake-cfisan index a7db34ece5..7637fcc909 100755 --- a/.circleci/cmake-cfisan +++ b/.circleci/cmake-cfisan @@ -7,7 +7,7 @@ CACHEDIR="$HOME/cache" . ".github/scripts/flags-$CC.sh" add_flag -Werror add_flag -fdiagnostics-color=always -add_flag -flto=thin # for cfi +add_flag -flto=thin # for cfi add_flag -fno-omit-frame-pointer add_flag -fsanitize=cfi cmake -B_build -H. -GNinja \