From a8f980eb8d656390dd6cecf1e3a00e22070a72a5 Mon Sep 17 00:00:00 2001 From: iphydf Date: Wed, 30 Aug 2023 12:47:58 +0000 Subject: [PATCH] test: Add control flow integrity sanitizer. This will check whether conversions to and casts from `void*` are correct. E.g. `int* -> void* -> float*` will trip the sanitizer. https://clang.llvm.org/docs/ControlFlowIntegrity.html --- .circleci/cmake-cfisan | 35 ++++++++++++++++++++++++++++++++ .circleci/config.yml | 12 +++++++++++ CMakeLists.txt | 7 +++++-- other/docker/circleci/Dockerfile | 2 +- 4 files changed, 53 insertions(+), 3 deletions(-) create mode 100755 .circleci/cmake-cfisan diff --git a/.circleci/cmake-cfisan b/.circleci/cmake-cfisan new file mode 100755 index 0000000000..170bcdcb0f --- /dev/null +++ b/.circleci/cmake-cfisan @@ -0,0 +1,35 @@ +#!/bin/bash + +set -eu + +CACHEDIR="$HOME/cache" + +. ".github/scripts/flags-$CC.sh" +add_flag -Werror +add_flag -fdiagnostics-color=always +add_flag -flto=thin # for cfi +add_flag -fvisibility=hidden # for cfi +add_flag -fno-omit-frame-pointer +add_flag -fsanitize=cfi +cmake -B_build -H. -GNinja \ + -DCMAKE_C_FLAGS="$C_FLAGS" \ + -DCMAKE_CXX_FLAGS="$CXX_FLAGS" \ + -DCMAKE_EXE_LINKER_FLAGS="$LD_FLAGS" \ + -DCMAKE_SHARED_LINKER_FLAGS="$LD_FLAGS" \ + -DCMAKE_INSTALL_PREFIX:PATH="$PWD/_install" \ + -DCMAKE_UNITY_BUILD=ON \ + -DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \ + -DMIN_LOGGER_LEVEL=TRACE \ + -DMUST_BUILD_TOXAV=ON \ + -DNON_HERMETIC_TESTS=ON \ + -DSTRICT_ABI=ON \ + -DENABLE_SHARED=OFF \ + -DTEST_TIMEOUT_SECONDS=120 \ + -DUSE_IPV6=OFF \ + -DAUTOTEST=ON + +cd _build + +ninja install -j"$(nproc)" + +ctest -j50 --output-on-failure --rerun-failed --repeat until-pass:6 diff --git a/.circleci/config.yml b/.circleci/config.yml index 27d396fe2a..796e6fec06 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,6 +7,7 @@ workflows: jobs: # Dynamic analysis - asan + - cfisan - tsan - msan - ubsan @@ -55,6 +56,17 @@ jobs: - run: git submodule update --init --recursive - run: CC=clang .circleci/cmake-tsan + cfisan: + working_directory: ~/work + docker: + - image: ubuntu + + steps: + - run: *apt_install + - checkout + - run: git submodule update --init --recursive + - run: CC=clang .circleci/cmake-cfisan + ubsan: working_directory: ~/work docker: diff --git a/CMakeLists.txt b/CMakeLists.txt index f6228e4eb8..7fbc359de2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,8 +14,8 @@ # ################################################################################ -cmake_minimum_required(VERSION 2.8.12) -cmake_policy(VERSION 2.8.12) +cmake_minimum_required(VERSION 3.9) +cmake_policy(VERSION 3.9) project(toxcore) list(APPEND CMAKE_MODULE_PATH ${toxcore_SOURCE_DIR}/cmake) @@ -75,6 +75,9 @@ if(APPLE) include(MacRpath) endif() +include(CheckIPOSupported) +check_ipo_supported() + enable_testing() set(CMAKE_MACOSX_RPATH ON) diff --git a/other/docker/circleci/Dockerfile b/other/docker/circleci/Dockerfile index 446e847768..6874c0ca7a 100644 --- a/other/docker/circleci/Dockerfile +++ b/other/docker/circleci/Dockerfile @@ -1,6 +1,6 @@ ################################################ # cmake-asan -FROM ubuntu:20.04 +FROM ubuntu:22.04 RUN apt-get update && \ DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \