Skip to content

Commit a8f980e

Browse files
iphydfiphydf
committed
test: Add control flow integrity sanitizer.
This will check whether conversions to and casts from `void*` are correct. E.g. `int* -> void* -> float*` will trip the sanitizer. https://clang.llvm.org/docs/ControlFlowIntegrity.html
1 parent 6133fb1 commit a8f980e

File tree

4 files changed

+53
-3
lines changed

4 files changed

+53
-3
lines changed

.circleci/cmake-cfisan

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
#!/bin/bash
2+
3+
set -eu
4+
5+
CACHEDIR="$HOME/cache"
6+
7+
. ".github/scripts/flags-$CC.sh"
8+
add_flag -Werror
9+
add_flag -fdiagnostics-color=always
10+
add_flag -flto=thin # for cfi
11+
add_flag -fvisibility=hidden # for cfi
12+
add_flag -fno-omit-frame-pointer
13+
add_flag -fsanitize=cfi
14+
cmake -B_build -H. -GNinja \
15+
-DCMAKE_C_FLAGS="$C_FLAGS" \
16+
-DCMAKE_CXX_FLAGS="$CXX_FLAGS" \
17+
-DCMAKE_EXE_LINKER_FLAGS="$LD_FLAGS" \
18+
-DCMAKE_SHARED_LINKER_FLAGS="$LD_FLAGS" \
19+
-DCMAKE_INSTALL_PREFIX:PATH="$PWD/_install" \
20+
-DCMAKE_UNITY_BUILD=ON \
21+
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
22+
-DMIN_LOGGER_LEVEL=TRACE \
23+
-DMUST_BUILD_TOXAV=ON \
24+
-DNON_HERMETIC_TESTS=ON \
25+
-DSTRICT_ABI=ON \
26+
-DENABLE_SHARED=OFF \
27+
-DTEST_TIMEOUT_SECONDS=120 \
28+
-DUSE_IPV6=OFF \
29+
-DAUTOTEST=ON
30+
31+
cd _build
32+
33+
ninja install -j"$(nproc)"
34+
35+
ctest -j50 --output-on-failure --rerun-failed --repeat until-pass:6

.circleci/config.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ workflows:
77
jobs:
88
# Dynamic analysis
99
- asan
10+
- cfisan
1011
- tsan
1112
- msan
1213
- ubsan
@@ -55,6 +56,17 @@ jobs:
5556
- run: git submodule update --init --recursive
5657
- run: CC=clang .circleci/cmake-tsan
5758

59+
cfisan:
60+
working_directory: ~/work
61+
docker:
62+
- image: ubuntu
63+
64+
steps:
65+
- run: *apt_install
66+
- checkout
67+
- run: git submodule update --init --recursive
68+
- run: CC=clang .circleci/cmake-cfisan
69+
5870
ubsan:
5971
working_directory: ~/work
6072
docker:

CMakeLists.txt

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@
1414
#
1515
################################################################################
1616

17-
cmake_minimum_required(VERSION 2.8.12)
18-
cmake_policy(VERSION 2.8.12)
17+
cmake_minimum_required(VERSION 3.9)
18+
cmake_policy(VERSION 3.9)
1919
project(toxcore)
2020

2121
list(APPEND CMAKE_MODULE_PATH ${toxcore_SOURCE_DIR}/cmake)
@@ -75,6 +75,9 @@ if(APPLE)
7575
include(MacRpath)
7676
endif()
7777

78+
include(CheckIPOSupported)
79+
check_ipo_supported()
80+
7881
enable_testing()
7982

8083
set(CMAKE_MACOSX_RPATH ON)

other/docker/circleci/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
################################################
22
# cmake-asan
3-
FROM ubuntu:20.04
3+
FROM ubuntu:22.04
44

55
RUN apt-get update && \
66
DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \

0 commit comments

Comments
 (0)