Migrate the pffft sandbox to contrib/

PiperOrigin-RevId: 427443359
Change-Id: I852a818ae302a86abe32a2820f349f67861e342e
This commit is contained in:
Christian Blichmann 2022-02-09 05:19:56 -08:00 committed by Copybara-Service
parent fdc38d58c6
commit 7e5a398164
6 changed files with 71 additions and 50 deletions

View File

@ -16,6 +16,7 @@
set(SAPI_CONTRIB_SANDBOXES
hunspell
jsonnet
pffft
zopfli
zstd
)

View File

@ -5,12 +5,13 @@ libraries.
## Projects Sandboxed
Directory | Project | Home Page | Integration
----------- | ------------------------------------------------- | -------------------------------------------------------------------- | -----------
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake
`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake
`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake
Directory | Project | Home Page | Integration
----------- | ------------------------------------------------- | ---------------------------------------------------------------------------- | -----------
`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
`pffft/` | PFFFT - a pretty fast Fourier Transform | [bitbucket.org/jpommier/pffft.git](https://bitbucket.org/jpommier/pffft.git) | CMake
`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake
`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake
## Projects Shipping with Sandboxed API Sandboxes

View File

@ -12,50 +12,48 @@
# See the License for the specific language governing permissions and
# limitations under the License.
cmake_minimum_required(VERSION 3.10)
cmake_minimum_required(VERSION 3.13..3.22)
project(pffft CXX C)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED True)
if(NOT TARGET sapi::sapi)
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
add_subdirectory("${SAPI_ROOT}"
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
EXCLUDE_FROM_ALL)
endif()
include(CheckLibraryExists)
FetchContent_Declare(pffft
GIT_REPOSITORY https://bitbucket.org/jpommier/pffft.git
GIT_TAG 988259a41d1522047a9420e6265a6ba8289c1654 # 2021-12-02
)
FetchContent_MakeAvailable(pffft)
add_library(pffft STATIC
master/pffft.c
master/pffft.h
master/fftpack.c
master/fftpack.h
"${pffft_SOURCE_DIR}/pffft.c"
"${pffft_SOURCE_DIR}/pffft.h"
"${pffft_SOURCE_DIR}/fftpack.c"
"${pffft_SOURCE_DIR}/fftpack.h"
)
add_executable(pffft_main
master/test_pffft.c
"${pffft_SOURCE_DIR}/test_pffft.c"
)
target_link_libraries(pffft_main PRIVATE
pffft
)
set(MATH_LIBS "")
include(CheckLibraryExists)
check_library_exists(m sin "" LIBM)
if(LIBM)
list(APPEND MATH_LIBS "m")
check_library_exists(m sin "" _sapi_HAVE_LIBM)
if(_sapi_HAVE_LIBM)
target_link_libraries(pffft PUBLIC
m
)
endif()
target_link_libraries(pffft PUBLIC ${MATH_LIBS})
# Adding dependencies
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
# Then configure:
# mkdir -p build && cd build
# cmake .. -G Ninja -DSAPI_ROOT=$HOME/sapi_root
set(SAPI_ENABLE_EXAMPLES OFF CACHE BOOL "")
set(SAPI_ENABLE_TESTS OFF CACHE BOOL "")
add_subdirectory("${SAPI_ROOT}"
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
# Omit this to have the full Sandboxed API in IDE
EXCLUDE_FROM_ALL)
add_sapi_library(pffft_sapi
FUNCTIONS pffft_new_setup
pffft_destroy_setup
@ -83,22 +81,23 @@ add_sapi_library(pffft_sapi
sinti
sint
INPUTS master/pffft.h master/fftpack.h
INPUTS "${pffft_SOURCE_DIR}/pffft.h"
"${pffft_SOURCE_DIR}/fftpack.h"
LIBRARY pffft
LIBRARY_NAME Pffft
NAMESPACE ""
)
add_library(sapi_contrib::pffft ALIAS pffft_sapi)
target_include_directories(pffft_sapi INTERFACE
"${PROJECT_BINARY_DIR}"
"${SAPI_SOURCE_DIR}"
)
add_executable(pffft_sandboxed
main_pffft_sandboxed.cc
)
target_link_libraries(pffft_sandboxed PRIVATE
pffft_sapi
sapi_contrib::pffft
sapi::sapi
)

View File

@ -1,16 +1,35 @@
# Sandboxing PFFFT library
This library was sandboxed as part of Google's summer 2020 internship program
([blog post](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)).
Build System: CMake
OS: Linux
### Check out the PFFFT library & CMake set up
```
git submodule update --init --recursive
### How to use from an existing Project
mkdir -p build && cd build
cmake .. -G Ninja -DPFFFT_ROOT_DIR=$PWD
ninjas
If your project does not include Sandboxed API as a dependency yet, add the
following lines to the main `CMakeLists.txt`:
```cmake
include(FetchContent)
FetchContent_Declare(sandboxed-api
GIT_REPOSITORY https://github.com/google/sandboxed-api
GIT_TAG main # Or pin a specific commit/tag
)
FetchContent_MakeAvailable(sandboxed-api) # CMake 3.14 or higher
add_sapi_subdirectory(contrib/pffft)
```
The `add_sapi_subdirectory()` macro sets up the source and binary directories
for the sandboxed jsonnet targets.
Afterwards your project's code can link to `sapi_contrib::pffft` and use the
generated header `pffft_sapi.sapi.h`. An example sandbox policy can be found
in `main_pffft_sandboxed.cc`.
### For testing:
`cd build`, then `./pffft_sandboxed`
@ -19,14 +38,15 @@ display custom info with
`./pffft_sandboxed --logtostderr`
## ***About the project***
*PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
compromise between accuracy and speed. It deals with real and complex
vectors, both cases being illustrated in the testing part (`test_pffft.c`
for initially and original version, `main_pffft_sandboxed.cc` for our
currently implemented sandboxed version).
The original files can be found at: https://bitbucket.org/jpommier/pffft/src.*
*The purpose of sandboxing is to limit the permissions and capabilities of
The purpose of sandboxing is to limit the permissions and capabilities of
librarys methods, in order to secure the usage of them.
After obtaining the sandbox, the functions will be called through an
Sandbox API (being called `api` in the current test) and so, the
@ -50,10 +70,12 @@ Without using this type of argument when running, the output format is set
by default.*
#### CMake observations resume:
* linking pffft and fftpack (which contains necessary functions for pffft)
* set math library
#### Sandboxed main observations resume:
* containing two testing parts (fft / pffft benchmarks)
* showing the performance of the transformations implies
testing them through various FFT dimenstions.

View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <gflags/gflags.h>
#include <syscall.h>
#include <cmath>
#include <cstdio>
@ -21,6 +21,7 @@
#include <ctime>
#include <glog/logging.h>
#include "gflags/gflags.h"
#include "pffft_sapi.sapi.h" // NOLINT(build/include)
#include "sandboxed_api/util/flag.h"
#include "sandboxed_api/vars.h"

View File

@ -1,3 +0,0 @@
*.o
*.a
pffft_main