Skip to content

Commit 753cf5f

Browse files
iphydfiphydf
committed
test: Add control flow integrity sanitizer.
This will check whether conversions to and casts from `void*` are correct. E.g. `int* -> void* -> float*` will trip the sanitizer. https://clang.llvm.org/docs/ControlFlowIntegrity.html
1 parent 6133fb1 commit 753cf5f

File tree

3 files changed

+51
-2
lines changed

3 files changed

+51
-2
lines changed

.circleci/cmake-cfisan

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
#!/bin/bash
2+
3+
set -eu
4+
5+
CACHEDIR="$HOME/cache"
6+
7+
. ".github/scripts/flags-$CC.sh"
8+
add_flag -Werror
9+
add_flag -fdiagnostics-color=always
10+
add_flag -flto=thin # for cfi
11+
add_flag -fno-omit-frame-pointer
12+
add_flag -fsanitize=cfi
13+
cmake -B_build -H. -GNinja \
14+
-DCMAKE_C_FLAGS="$C_FLAGS" \
15+
-DCMAKE_CXX_FLAGS="$CXX_FLAGS" \
16+
-DCMAKE_EXE_LINKER_FLAGS="$LD_FLAGS" \
17+
-DCMAKE_SHARED_LINKER_FLAGS="$LD_FLAGS" \
18+
-DCMAKE_INSTALL_PREFIX:PATH="$PWD/_install" \
19+
-DCMAKE_UNITY_BUILD=ON \
20+
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
21+
-DMIN_LOGGER_LEVEL=TRACE \
22+
-DMUST_BUILD_TOXAV=ON \
23+
-DNON_HERMETIC_TESTS=ON \
24+
-DSTRICT_ABI=ON \
25+
-DENABLE_SHARED=OFF \
26+
-DTEST_TIMEOUT_SECONDS=120 \
27+
-DUSE_IPV6=OFF \
28+
-DAUTOTEST=ON
29+
30+
cd _build
31+
32+
ninja install -j"$(nproc)"
33+
34+
ctest -j50 --output-on-failure --rerun-failed --repeat until-pass:6

.circleci/config.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ workflows:
77
jobs:
88
# Dynamic analysis
99
- asan
10+
- cfisan
1011
- tsan
1112
- msan
1213
- ubsan
@@ -55,6 +56,17 @@ jobs:
5556
- run: git submodule update --init --recursive
5657
- run: CC=clang .circleci/cmake-tsan
5758

59+
cfisan:
60+
working_directory: ~/work
61+
docker:
62+
- image: ubuntu
63+
64+
steps:
65+
- run: *apt_install
66+
- checkout
67+
- run: git submodule update --init --recursive
68+
- run: CC=clang .circleci/cmake-cfisan
69+
5870
ubsan:
5971
working_directory: ~/work
6072
docker:

CMakeLists.txt

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@
1414
#
1515
################################################################################
1616

17-
cmake_minimum_required(VERSION 2.8.12)
18-
cmake_policy(VERSION 2.8.12)
17+
cmake_minimum_required(VERSION 3.9)
18+
cmake_policy(VERSION 3.9)
1919
project(toxcore)
2020

2121
list(APPEND CMAKE_MODULE_PATH ${toxcore_SOURCE_DIR}/cmake)
@@ -75,6 +75,9 @@ if(APPLE)
7575
include(MacRpath)
7676
endif()
7777

78+
include(CheckIPOSupported)
79+
check_ipo_supported()
80+
7881
enable_testing()
7982

8083
set(CMAKE_MACOSX_RPATH ON)

0 commit comments

Comments
 (0)