Skip to content

Commit

Permalink
test: Add control flow integrity sanitizer.
Browse files Browse the repository at this point in the history
This will check whether conversions to and casts from `void*` are
correct. E.g. `int* -> void* -> float*` will trip the sanitizer.

https://clang.llvm.org/docs/ControlFlowIntegrity.html
  • Loading branch information
iphydf committed Aug 30, 2023
1 parent 6133fb1 commit a8f980e
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 3 deletions.
35 changes: 35 additions & 0 deletions .circleci/cmake-cfisan
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/bin/bash

set -eu

CACHEDIR="$HOME/cache"

. ".github/scripts/flags-$CC.sh"
add_flag -Werror
add_flag -fdiagnostics-color=always
add_flag -flto=thin # for cfi
add_flag -fvisibility=hidden # for cfi
add_flag -fno-omit-frame-pointer
add_flag -fsanitize=cfi
cmake -B_build -H. -GNinja \
-DCMAKE_C_FLAGS="$C_FLAGS" \
-DCMAKE_CXX_FLAGS="$CXX_FLAGS" \
-DCMAKE_EXE_LINKER_FLAGS="$LD_FLAGS" \
-DCMAKE_SHARED_LINKER_FLAGS="$LD_FLAGS" \
-DCMAKE_INSTALL_PREFIX:PATH="$PWD/_install" \
-DCMAKE_UNITY_BUILD=ON \
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
-DMIN_LOGGER_LEVEL=TRACE \
-DMUST_BUILD_TOXAV=ON \
-DNON_HERMETIC_TESTS=ON \
-DSTRICT_ABI=ON \
-DENABLE_SHARED=OFF \
-DTEST_TIMEOUT_SECONDS=120 \
-DUSE_IPV6=OFF \
-DAUTOTEST=ON

cd _build

ninja install -j"$(nproc)"

ctest -j50 --output-on-failure --rerun-failed --repeat until-pass:6
12 changes: 12 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ workflows:
jobs:
# Dynamic analysis
- asan
- cfisan
- tsan
- msan
- ubsan
Expand Down Expand Up @@ -55,6 +56,17 @@ jobs:
- run: git submodule update --init --recursive
- run: CC=clang .circleci/cmake-tsan

cfisan:
working_directory: ~/work
docker:
- image: ubuntu

steps:
- run: *apt_install
- checkout
- run: git submodule update --init --recursive
- run: CC=clang .circleci/cmake-cfisan

ubsan:
working_directory: ~/work
docker:
Expand Down
7 changes: 5 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@
#
################################################################################

cmake_minimum_required(VERSION 2.8.12)
cmake_policy(VERSION 2.8.12)
cmake_minimum_required(VERSION 3.9)
cmake_policy(VERSION 3.9)
project(toxcore)

list(APPEND CMAKE_MODULE_PATH ${toxcore_SOURCE_DIR}/cmake)
Expand Down Expand Up @@ -75,6 +75,9 @@ if(APPLE)
include(MacRpath)
endif()

include(CheckIPOSupported)
check_ipo_supported()

enable_testing()

set(CMAKE_MACOSX_RPATH ON)
Expand Down
2 changes: 1 addition & 1 deletion other/docker/circleci/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
################################################
# cmake-asan
FROM ubuntu:20.04
FROM ubuntu:22.04

RUN apt-get update && \
DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \
Expand Down

0 comments on commit a8f980e

Please sign in to comment.