Skip to content

Commit

Permalink
refactor: refine indent and usages (#104)
Browse files Browse the repository at this point in the history
Signed-off-by: msclock <[email protected]>
  • Loading branch information
msclock authored May 1, 2024
1 parent 23af4b1 commit b26d6c5
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 12 deletions.
4 changes: 4 additions & 0 deletions cmake/build/CompilerFlags.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,10 @@ if(CMAKE_VERSION VERSION_LESS 3.24)
option(CMAKE_COMPILE_WARNING_AS_ERROR "Treat Warnings As Errors" OFF)
endif()

set(COMPILER_FLAGS_SKIP_TARGETS_REGEXES
""
CACHE STRING "List of regexes to skip targets.")

message(
STATUS
"Use Compiler flags:
Expand Down
30 changes: 19 additions & 11 deletions cmake/build/Hardening.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,13 @@ else()
-Wformat=2 # Enabled in compiler flags by default
-Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
-Wl,-z,noexecstack # Enable data execution prevention by marking stack
# memory as non-executable
# memory as non-executable
-Wl,-z,relro # Mark relocation table entries resolved at load-time as
# read-only
# read-only
-Wl,-z,now # Mark relocation table entries resolved at load-time as
# read-only. It impacts startup performance
# read-only. It impacts startup performance
"-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
# undefined behavior
# sanitizer
# undefined behavior sanitizer
-fno-delete-null-pointer-checks
-fno-strict-overflow
-fno-strict-aliasing
Expand All @@ -68,18 +67,21 @@ else()
set(USE_HARDENING_LINKS
-fstack-protector-strong # Enable stack protector
"-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
# undefined behavior
# sanitizer
# undefined behavior sanitizer
-Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
-Wl,-z,noexecstack # Enable data execution prevention by marking stack
# memory as non-executable
# memory as non-executable
-Wl,-z,relro # Mark relocation table entries resolved at load-time as
# read-only
# read-only
-Wl,-z,now # Mark relocation table entries resolved at load-time as
# read-only. It impacts startup performance
# read-only. It impacts startup performance
CACHE STRING "Additional hardening linking flags for GCC/Clang")
endif()

set(USE_HARDENING_SKIP_TARGETS_REGEXES
""
CACHE STRING "List of regexes to skip targts")

message(
STATUS
"Use hardening compilation with USE_HARDENING: ${USE_HARDENING}
Expand All @@ -94,6 +96,8 @@ if(NOT USE_HARDENING)
message(STATUS "Hardening disabled by USE_HARDENING evaluates to false")
endif()

# Create a custom target to hold the hardening flags

message(VERBOSE "Check Hardening flags: ${USE_HARDENING_FLAGS}")

foreach(_harden ${USE_HARDENING_FLAGS})
Expand All @@ -106,6 +110,7 @@ message(VERBOSE "Check Hardening links: ${USE_HARDENING_LINKS}")

foreach(_harden ${USE_HARDENING_LINKS})
flags_to_list(_harden_list "${_harden}")

if(hardening_flags MATCHES "${_harden_list}")
list(APPEND hardening_links ${_harden})
endif()
Expand All @@ -126,7 +131,6 @@ endif()
flags_to_list(hardening_links "${hardening_links}")

# Handle the conflics between hardening ubsan and asan

if(TARGET sanitizer_flags)
get_target_property(_san sanitizer_flags _san)

Expand Down Expand Up @@ -201,10 +205,12 @@ function(harden_target target)
if(arg_INCLUDE_FLAGS)
message(VERBOSE
"Including flags: ${arg_INCLUDE_FLAGS} for target ${target}")

foreach(_include_flag ${arg_INCLUDE_FLAGS})
check_and_append_flag(FLAGS "${_include_flag}" TARGETS FLAGS QUOTELESS)
check_and_append_flag(FLAGS "${_include_flag}" TARGETS LINKS QUOTELESS)
endforeach()

message(VERBOSE "Hardening flags with included flags for ${target}:
Hardening compiling flags: ${FLAGS}
Hardening linking flags: ${LINKS}")
Expand All @@ -213,10 +219,12 @@ function(harden_target target)
if(arg_EXCLUDE_FLAGS)
message(VERBOSE
"Excluding flags: ${arg_EXCLUDE_FLAGS} for target ${target}")

foreach(_exclude_flag ${arg_EXCLUDE_FLAGS})
list(REMOVE_ITEM FLAGS "${_exclude_flag}")
list(REMOVE_ITEM LINKS "${_exclude_flag}")
endforeach()

message(VERBOSE "Hardening flags with excluded flags for ${target}:
Hardening compiling flags: ${FLAGS}
Hardening linking flags: ${LINKS}")
Expand Down
13 changes: 12 additions & 1 deletion cmake/build/Sanitizer.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,18 @@ set(USE_SANITIZER
"Address,Undefined"
CACHE STRING "Compile with sanitizer flags.")

set(USE_SANITIZER_SKIP_TARGETS_REGEXES
""
CACHE STRING "Regexes to skip targets to sanitize.")

set(USE_SANITIZER_BLACKLIST_FILE
""
CACHE STRING "Path to a blacklist file for Undefined sanitizer.")

set(USE_SANITIZER_EXTRA_FLAGS
""
CACHE STRING "Extra flags to pass to the sanitizer. Default to empty.")

message(
STATUS
"Use sanitizer with USE_SANITIZER: ${USE_SANITIZER}
Expand Down Expand Up @@ -90,7 +102,6 @@ message(
Sanitizer provides the commands:
sanitize_target(target) - add sanitizer flags to a target including copy sanitizer runtime.
copy_sanitizer_runtime(target) - copy sanitizer runtime to target location.
")

string(TOLOWER "${USE_SANITIZER}" USE_SANITIZER)
Expand Down

0 comments on commit b26d6c5

Please sign in to comment.