From 7e5a398164f254a360e2ae7001819fc0972a6863 Mon Sep 17 00:00:00 2001 From: Christian Blichmann Date: Wed, 9 Feb 2022 05:19:56 -0800 Subject: [PATCH] Migrate the pffft sandbox to `contrib/` PiperOrigin-RevId: 427443359 Change-Id: I852a818ae302a86abe32a2820f349f67861e342e --- contrib/CMakeLists.txt | 1 + contrib/README.md | 13 ++-- .../pffft/CMakeLists.txt | 63 +++++++++---------- .../pffft/README.md | 38 ++++++++--- .../pffft/main_pffft_sandboxed.cc | 3 +- oss-internship-2020/pffft/.gitignore | 3 - 6 files changed, 71 insertions(+), 50 deletions(-) rename {oss-internship-2020 => contrib}/pffft/CMakeLists.txt (63%) rename {oss-internship-2020 => contrib}/pffft/README.md (76%) rename {oss-internship-2020 => contrib}/pffft/main_pffft_sandboxed.cc (99%) delete mode 100644 oss-internship-2020/pffft/.gitignore diff --git a/contrib/CMakeLists.txt b/contrib/CMakeLists.txt index 7df8fcc..42c2b14 100644 --- a/contrib/CMakeLists.txt +++ b/contrib/CMakeLists.txt @@ -16,6 +16,7 @@ set(SAPI_CONTRIB_SANDBOXES hunspell jsonnet + pffft zopfli zstd ) diff --git a/contrib/README.md b/contrib/README.md index c9ae961..9853cda 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -5,12 +5,13 @@ libraries. ## Projects Sandboxed -Directory | Project | Home Page | Integration ------------ | ------------------------------------------------- | -------------------------------------------------------------------- | ----------- -`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake -`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake -`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake -`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake +Directory | Project | Home Page | Integration +----------- | ------------------------------------------------- | ---------------------------------------------------------------------------- | ----------- +`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake +`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake +`pffft/` | PFFFT - a pretty fast Fourier Transform | [bitbucket.org/jpommier/pffft.git](https://bitbucket.org/jpommier/pffft.git) | CMake +`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake +`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake ## Projects Shipping with Sandboxed API Sandboxes diff --git a/oss-internship-2020/pffft/CMakeLists.txt b/contrib/pffft/CMakeLists.txt similarity index 63% rename from oss-internship-2020/pffft/CMakeLists.txt rename to contrib/pffft/CMakeLists.txt index 5641b62..5b05ef4 100644 --- a/oss-internship-2020/pffft/CMakeLists.txt +++ b/contrib/pffft/CMakeLists.txt @@ -12,50 +12,48 @@ # See the License for the specific language governing permissions and # limitations under the License. -cmake_minimum_required(VERSION 3.10) - +cmake_minimum_required(VERSION 3.13..3.22) project(pffft CXX C) set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_STANDARD_REQUIRED True) +if(NOT TARGET sapi::sapi) + set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree") + add_subdirectory("${SAPI_ROOT}" + "${CMAKE_BINARY_DIR}/sandboxed-api-build" + EXCLUDE_FROM_ALL) +endif() + +include(CheckLibraryExists) + +FetchContent_Declare(pffft + GIT_REPOSITORY https://bitbucket.org/jpommier/pffft.git + GIT_TAG 988259a41d1522047a9420e6265a6ba8289c1654 # 2021-12-02 +) +FetchContent_MakeAvailable(pffft) + add_library(pffft STATIC - master/pffft.c - master/pffft.h - master/fftpack.c - master/fftpack.h + "${pffft_SOURCE_DIR}/pffft.c" + "${pffft_SOURCE_DIR}/pffft.h" + "${pffft_SOURCE_DIR}/fftpack.c" + "${pffft_SOURCE_DIR}/fftpack.h" ) add_executable(pffft_main - master/test_pffft.c + "${pffft_SOURCE_DIR}/test_pffft.c" ) - target_link_libraries(pffft_main PRIVATE pffft ) -set(MATH_LIBS "") -include(CheckLibraryExists) -check_library_exists(m sin "" LIBM) -if(LIBM) - list(APPEND MATH_LIBS "m") +check_library_exists(m sin "" _sapi_HAVE_LIBM) +if(_sapi_HAVE_LIBM) + target_link_libraries(pffft PUBLIC + m + ) endif() -target_link_libraries(pffft PUBLIC ${MATH_LIBS}) - -# Adding dependencies -set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree") -# Then configure: -# mkdir -p build && cd build -# cmake .. -G Ninja -DSAPI_ROOT=$HOME/sapi_root - -set(SAPI_ENABLE_EXAMPLES OFF CACHE BOOL "") -set(SAPI_ENABLE_TESTS OFF CACHE BOOL "") -add_subdirectory("${SAPI_ROOT}" - "${CMAKE_BINARY_DIR}/sandboxed-api-build" - # Omit this to have the full Sandboxed API in IDE - EXCLUDE_FROM_ALL) - add_sapi_library(pffft_sapi FUNCTIONS pffft_new_setup pffft_destroy_setup @@ -83,22 +81,23 @@ add_sapi_library(pffft_sapi sinti sint - INPUTS master/pffft.h master/fftpack.h + INPUTS "${pffft_SOURCE_DIR}/pffft.h" + "${pffft_SOURCE_DIR}/fftpack.h" LIBRARY pffft LIBRARY_NAME Pffft NAMESPACE "" ) - +add_library(sapi_contrib::pffft ALIAS pffft_sapi) target_include_directories(pffft_sapi INTERFACE "${PROJECT_BINARY_DIR}" + "${SAPI_SOURCE_DIR}" ) add_executable(pffft_sandboxed main_pffft_sandboxed.cc ) - target_link_libraries(pffft_sandboxed PRIVATE - pffft_sapi + sapi_contrib::pffft sapi::sapi ) diff --git a/oss-internship-2020/pffft/README.md b/contrib/pffft/README.md similarity index 76% rename from oss-internship-2020/pffft/README.md rename to contrib/pffft/README.md index d847b72..88bec66 100644 --- a/oss-internship-2020/pffft/README.md +++ b/contrib/pffft/README.md @@ -1,16 +1,35 @@ # Sandboxing PFFFT library +This library was sandboxed as part of Google's summer 2020 internship program +([blog post](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)). + Build System: CMake OS: Linux -### Check out the PFFFT library & CMake set up -``` -git submodule update --init --recursive +### How to use from an existing Project -mkdir -p build && cd build -cmake .. -G Ninja -DPFFFT_ROOT_DIR=$PWD -ninjas +If your project does not include Sandboxed API as a dependency yet, add the +following lines to the main `CMakeLists.txt`: + +```cmake +include(FetchContent) + +FetchContent_Declare(sandboxed-api + GIT_REPOSITORY https://github.com/google/sandboxed-api + GIT_TAG main # Or pin a specific commit/tag +) +FetchContent_MakeAvailable(sandboxed-api) # CMake 3.14 or higher + +add_sapi_subdirectory(contrib/pffft) ``` + +The `add_sapi_subdirectory()` macro sets up the source and binary directories +for the sandboxed jsonnet targets. + +Afterwards your project's code can link to `sapi_contrib::pffft` and use the +generated header `pffft_sapi.sapi.h`. An example sandbox policy can be found +in `main_pffft_sandboxed.cc`. + ### For testing: `cd build`, then `./pffft_sandboxed` @@ -19,14 +38,15 @@ display custom info with `./pffft_sandboxed --logtostderr` ## ***About the project*** -*PFFFT library is concerned with 1D Fast-Fourier Transformations finding a + +PFFFT library is concerned with 1D Fast-Fourier Transformations finding a compromise between accuracy and speed. It deals with real and complex vectors, both cases being illustrated in the testing part (`test_pffft.c` for initially and original version, `main_pffft_sandboxed.cc` for our currently implemented sandboxed version). The original files can be found at: https://bitbucket.org/jpommier/pffft/src.* -*The purpose of sandboxing is to limit the permissions and capabilities of +The purpose of sandboxing is to limit the permissions and capabilities of library’s methods, in order to secure the usage of them. After obtaining the sandbox, the functions will be called through an Sandbox API (being called `api` in the current test) and so, the @@ -50,10 +70,12 @@ Without using this type of argument when running, the output format is set by default.* #### CMake observations resume: + * linking pffft and fftpack (which contains necessary functions for pffft) * set math library #### Sandboxed main observations resume: + * containing two testing parts (fft / pffft benchmarks) * showing the performance of the transformations implies testing them through various FFT dimenstions. diff --git a/oss-internship-2020/pffft/main_pffft_sandboxed.cc b/contrib/pffft/main_pffft_sandboxed.cc similarity index 99% rename from oss-internship-2020/pffft/main_pffft_sandboxed.cc rename to contrib/pffft/main_pffft_sandboxed.cc index e9a6abb..41b5523 100644 --- a/oss-internship-2020/pffft/main_pffft_sandboxed.cc +++ b/contrib/pffft/main_pffft_sandboxed.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include +#include #include #include @@ -21,6 +21,7 @@ #include #include +#include "gflags/gflags.h" #include "pffft_sapi.sapi.h" // NOLINT(build/include) #include "sandboxed_api/util/flag.h" #include "sandboxed_api/vars.h" diff --git a/oss-internship-2020/pffft/.gitignore b/oss-internship-2020/pffft/.gitignore deleted file mode 100644 index eb6d948..0000000 --- a/oss-internship-2020/pffft/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.o -*.a -pffft_main