mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Migrate the pffft sandbox to contrib/
PiperOrigin-RevId: 427443359 Change-Id: I852a818ae302a86abe32a2820f349f67861e342e
This commit is contained in:
parent
fdc38d58c6
commit
7e5a398164
|
@ -16,6 +16,7 @@
|
|||
set(SAPI_CONTRIB_SANDBOXES
|
||||
hunspell
|
||||
jsonnet
|
||||
pffft
|
||||
zopfli
|
||||
zstd
|
||||
)
|
||||
|
|
|
@ -5,12 +5,13 @@ libraries.
|
|||
|
||||
## Projects Sandboxed
|
||||
|
||||
Directory | Project | Home Page | Integration
|
||||
----------- | ------------------------------------------------- | -------------------------------------------------------------------- | -----------
|
||||
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
|
||||
`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake
|
||||
`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake
|
||||
`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake
|
||||
Directory | Project | Home Page | Integration
|
||||
----------- | ------------------------------------------------- | ---------------------------------------------------------------------------- | -----------
|
||||
`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake
|
||||
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
|
||||
`pffft/` | PFFFT - a pretty fast Fourier Transform | [bitbucket.org/jpommier/pffft.git](https://bitbucket.org/jpommier/pffft.git) | CMake
|
||||
`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake
|
||||
`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake
|
||||
|
||||
## Projects Shipping with Sandboxed API Sandboxes
|
||||
|
||||
|
|
|
@ -12,50 +12,48 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cmake_minimum_required(VERSION 3.10)
|
||||
|
||||
cmake_minimum_required(VERSION 3.13..3.22)
|
||||
project(pffft CXX C)
|
||||
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
if(NOT TARGET sapi::sapi)
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
add_subdirectory("${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
EXCLUDE_FROM_ALL)
|
||||
endif()
|
||||
|
||||
include(CheckLibraryExists)
|
||||
|
||||
FetchContent_Declare(pffft
|
||||
GIT_REPOSITORY https://bitbucket.org/jpommier/pffft.git
|
||||
GIT_TAG 988259a41d1522047a9420e6265a6ba8289c1654 # 2021-12-02
|
||||
)
|
||||
FetchContent_MakeAvailable(pffft)
|
||||
|
||||
add_library(pffft STATIC
|
||||
master/pffft.c
|
||||
master/pffft.h
|
||||
master/fftpack.c
|
||||
master/fftpack.h
|
||||
"${pffft_SOURCE_DIR}/pffft.c"
|
||||
"${pffft_SOURCE_DIR}/pffft.h"
|
||||
"${pffft_SOURCE_DIR}/fftpack.c"
|
||||
"${pffft_SOURCE_DIR}/fftpack.h"
|
||||
)
|
||||
|
||||
add_executable(pffft_main
|
||||
master/test_pffft.c
|
||||
"${pffft_SOURCE_DIR}/test_pffft.c"
|
||||
)
|
||||
|
||||
target_link_libraries(pffft_main PRIVATE
|
||||
pffft
|
||||
)
|
||||
|
||||
set(MATH_LIBS "")
|
||||
include(CheckLibraryExists)
|
||||
check_library_exists(m sin "" LIBM)
|
||||
if(LIBM)
|
||||
list(APPEND MATH_LIBS "m")
|
||||
check_library_exists(m sin "" _sapi_HAVE_LIBM)
|
||||
if(_sapi_HAVE_LIBM)
|
||||
target_link_libraries(pffft PUBLIC
|
||||
m
|
||||
)
|
||||
endif()
|
||||
|
||||
target_link_libraries(pffft PUBLIC ${MATH_LIBS})
|
||||
|
||||
# Adding dependencies
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
# Then configure:
|
||||
# mkdir -p build && cd build
|
||||
# cmake .. -G Ninja -DSAPI_ROOT=$HOME/sapi_root
|
||||
|
||||
set(SAPI_ENABLE_EXAMPLES OFF CACHE BOOL "")
|
||||
set(SAPI_ENABLE_TESTS OFF CACHE BOOL "")
|
||||
add_subdirectory("${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
# Omit this to have the full Sandboxed API in IDE
|
||||
EXCLUDE_FROM_ALL)
|
||||
|
||||
add_sapi_library(pffft_sapi
|
||||
FUNCTIONS pffft_new_setup
|
||||
pffft_destroy_setup
|
||||
|
@ -83,22 +81,23 @@ add_sapi_library(pffft_sapi
|
|||
sinti
|
||||
sint
|
||||
|
||||
INPUTS master/pffft.h master/fftpack.h
|
||||
INPUTS "${pffft_SOURCE_DIR}/pffft.h"
|
||||
"${pffft_SOURCE_DIR}/fftpack.h"
|
||||
LIBRARY pffft
|
||||
LIBRARY_NAME Pffft
|
||||
|
||||
NAMESPACE ""
|
||||
)
|
||||
|
||||
add_library(sapi_contrib::pffft ALIAS pffft_sapi)
|
||||
target_include_directories(pffft_sapi INTERFACE
|
||||
"${PROJECT_BINARY_DIR}"
|
||||
"${SAPI_SOURCE_DIR}"
|
||||
)
|
||||
|
||||
add_executable(pffft_sandboxed
|
||||
main_pffft_sandboxed.cc
|
||||
)
|
||||
|
||||
target_link_libraries(pffft_sandboxed PRIVATE
|
||||
pffft_sapi
|
||||
sapi_contrib::pffft
|
||||
sapi::sapi
|
||||
)
|
|
@ -1,16 +1,35 @@
|
|||
# Sandboxing PFFFT library
|
||||
|
||||
This library was sandboxed as part of Google's summer 2020 internship program
|
||||
([blog post](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)).
|
||||
|
||||
Build System: CMake
|
||||
OS: Linux
|
||||
|
||||
### Check out the PFFFT library & CMake set up
|
||||
```
|
||||
git submodule update --init --recursive
|
||||
### How to use from an existing Project
|
||||
|
||||
mkdir -p build && cd build
|
||||
cmake .. -G Ninja -DPFFFT_ROOT_DIR=$PWD
|
||||
ninjas
|
||||
If your project does not include Sandboxed API as a dependency yet, add the
|
||||
following lines to the main `CMakeLists.txt`:
|
||||
|
||||
```cmake
|
||||
include(FetchContent)
|
||||
|
||||
FetchContent_Declare(sandboxed-api
|
||||
GIT_REPOSITORY https://github.com/google/sandboxed-api
|
||||
GIT_TAG main # Or pin a specific commit/tag
|
||||
)
|
||||
FetchContent_MakeAvailable(sandboxed-api) # CMake 3.14 or higher
|
||||
|
||||
add_sapi_subdirectory(contrib/pffft)
|
||||
```
|
||||
|
||||
The `add_sapi_subdirectory()` macro sets up the source and binary directories
|
||||
for the sandboxed jsonnet targets.
|
||||
|
||||
Afterwards your project's code can link to `sapi_contrib::pffft` and use the
|
||||
generated header `pffft_sapi.sapi.h`. An example sandbox policy can be found
|
||||
in `main_pffft_sandboxed.cc`.
|
||||
|
||||
### For testing:
|
||||
`cd build`, then `./pffft_sandboxed`
|
||||
|
||||
|
@ -19,14 +38,15 @@ display custom info with
|
|||
`./pffft_sandboxed --logtostderr`
|
||||
|
||||
## ***About the project***
|
||||
*PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
|
||||
|
||||
PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
|
||||
compromise between accuracy and speed. It deals with real and complex
|
||||
vectors, both cases being illustrated in the testing part (`test_pffft.c`
|
||||
for initially and original version, `main_pffft_sandboxed.cc` for our
|
||||
currently implemented sandboxed version).
|
||||
The original files can be found at: https://bitbucket.org/jpommier/pffft/src.*
|
||||
|
||||
*The purpose of sandboxing is to limit the permissions and capabilities of
|
||||
The purpose of sandboxing is to limit the permissions and capabilities of
|
||||
library’s methods, in order to secure the usage of them.
|
||||
After obtaining the sandbox, the functions will be called through an
|
||||
Sandbox API (being called `api` in the current test) and so, the
|
||||
|
@ -50,10 +70,12 @@ Without using this type of argument when running, the output format is set
|
|||
by default.*
|
||||
|
||||
#### CMake observations resume:
|
||||
|
||||
* linking pffft and fftpack (which contains necessary functions for pffft)
|
||||
* set math library
|
||||
|
||||
#### Sandboxed main observations resume:
|
||||
|
||||
* containing two testing parts (fft / pffft benchmarks)
|
||||
* showing the performance of the transformations implies
|
||||
testing them through various FFT dimenstions.
|
|
@ -12,7 +12,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <gflags/gflags.h>
|
||||
#include <syscall.h>
|
||||
|
||||
#include <cmath>
|
||||
#include <cstdio>
|
||||
|
@ -21,6 +21,7 @@
|
|||
#include <ctime>
|
||||
|
||||
#include <glog/logging.h>
|
||||
#include "gflags/gflags.h"
|
||||
#include "pffft_sapi.sapi.h" // NOLINT(build/include)
|
||||
#include "sandboxed_api/util/flag.h"
|
||||
#include "sandboxed_api/vars.h"
|
3
oss-internship-2020/pffft/.gitignore
vendored
3
oss-internship-2020/pffft/.gitignore
vendored
|
@ -1,3 +0,0 @@
|
|||
*.o
|
||||
*.a
|
||||
pffft_main
|
Loading…
Reference in New Issue
Block a user