oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard

Published 20 hours ago verified publisher icon google

bitcoin-core: Enable libc++ "Debug" hardening mode

Open hebasto opened this issue 1 year ago • 15 comments

This PR enables libc++ "Debug" hardening mode.

See https://github.com/google/oss-fuzz/pull/11725#issuecomment-2084937398.

hebasto avatar Mar 24 '24 19:03 hebasto

hebasto is a new contributor to projects/bitcoin-core. The PR must be approved by known contributors before it can be merged. The past contributors are: fanquake, guidovranken, dergoegge, maflcko, achow101

github-actions[bot] avatar Mar 24 '24 19:03 github-actions[bot]

cc @maflcko @fanquake

hebasto avatar Mar 24 '24 19:03 hebasto

Seems fine, looking at the CI output.

Previously: https://github.com/google/oss-fuzz/actions/runs/7656996295/job/20866632302#step:7:9774 This pull: https://github.com/google/oss-fuzz/actions/runs/8411616467/job/23084431048#step:7:9734

maflcko avatar Mar 27 '24 11:03 maflcko

@fanquake Any objections?

maflcko avatar Mar 27 '24 11:03 maflcko

Seems fine as long as we still have LTO. Although not sure if the flags will make any difference here? given builds are with libc++, and the LLVM debug mode wont work as-is as far as I'm aware (It's also the legacy mode).

fanquake avatar Mar 27 '24 12:03 fanquake

Right, D_LIBCPP_ENABLE_DEBUG_MODE should be a no-op in libc++-14-trunk. Though, I am working on bumping it to 18-trunk in oss-fuzz, so it will hopefully take effect then.

maflcko avatar Mar 27 '24 21:03 maflcko

I think it is fine, but let's wait for clang-18-trunk, so that it can be tested :)

maflcko avatar Apr 01 '24 11:04 maflcko

I think it is fine, but let's wait for clang-18-trunk, so that it can be tested :)

If Clang is bumped to 18 then https://github.com/bitcoin/bitcoin/pull/29781 will also be needed, as the current macro will still be a no-op.

fanquake avatar Apr 01 '24 17:04 fanquake

Cross-ref to https://github.com/google/oss-fuzz/pull/10166/files

maflcko avatar Apr 02 '24 14:04 maflcko

Thanks @hebasto and @maflcko, I will convert this to a draft for now until it is verified : )

DonggeLiu avatar Apr 18 '24 02:04 DonggeLiu

This should be good to go now. Please merge or rebase with master.

maflcko avatar Apr 30 '24 09:04 maflcko

This should be good to go now. Please merge or rebase with master.

Rebased.

hebasto avatar Apr 30 '24 09:04 hebasto

The added comment says we aren't using CPPFLAGS, but then a few lines down we do use it.

Given we established the other flags mentioned in your PR description don't actually matter (could also be re-written now that it's outdated), why not just put -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_DEBUG into CPPFLAGS, and leave everything else untouched?

fanquake avatar Apr 30 '24 10:04 fanquake

The added comment says we aren't using CPPFLAGS, but then a few lines down we do use it.

Given we established the other flags mentioned in your PR description don't actually matter (could also be re-written now that it's outdated), why not just put -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_DEBUG into CPPFLAGS, and leave everything else untouched?

Thanks! Reworked.

hebasto avatar May 04 '24 09:05 hebasto

@DavidKorczynski this is ready for merge

maflcko avatar May 06 '24 08:05 maflcko

cc @DavidKorczynski . Anything left to do here for this project patch?

maflcko avatar May 22 '24 09:05 maflcko

Apologies for the delay! Will land this once the CI is green!

DavidKorczynski avatar May 22 '24 09:05 DavidKorczynski