41 Commits

Author SHA1 Message Date
Christian Blichmann
10c04ed42f CMake: Reorder PIE checks, fix bracket limit for Clang
The default limit for recent versions of Clang is 256 which is less than the
number of syscalls in our syscall tables (around 340). This change increases
this limit to an arbitrary 768.

PiperOrigin-RevId: 429258387
Change-Id: I4927eee78edc8aaa2a758b29811d02326e5aa953
2022-02-17 02:31:24 -08:00
Christian Blichmann
befdb09597 Link more complex test cases dynamically
Linking glibc in fully static mode is mostly unsupported. While such binaries
can easily be produced, conflicting symbols will often make them crash at
runtime. This happens because glibc will always (try to) load some dynamically
linked libraries, even when statically linked. This includes things like the
resolver, unicode/locale handling and others.

Internally at Google, this is not a concern due to the way glibc is being built
there. But in order to make all of our tests run in the open-source version of
this code, we need to change strategy a bit.

As a rule of thumb, glibc can safely be linked statically if a program is
resonably simple and does not use any networking of locale dependent
facilities. Calling syscalls directly instead of the corresponding libc
wrappers works as well, of course.

This change adjusts linker flags and sandbox policies to be more compatible
with regular Linux distributions.

Tested:
- `ctest -R '[A-Z].*'` (all SAPI/Sandbox2 tests)
PiperOrigin-RevId: 429025901
Change-Id: I46b677d9eb61080a8fe868002a34a77de287bf2d
2022-02-16 05:59:13 -08:00
Christian Blichmann
cef861a0f2 CMake: Properly inherit sapi_base propterties
- `SKIP_BUILD_RPATH` needs to be set per directory (not allow-listed for
  `INTERFACE` properties)
- Use correct name for position independent code
- `-pie`/`-fPIE` will only propagate fully on 3.14+

PiperOrigin-RevId: 428986266
Change-Id: Idf9d7fc184fbeec8ec1b77505246e262d9b8d880
2022-02-16 01:48:13 -08:00
Christian Blichmann
e21afae5a7 CMake: Build contrib sandboxes if requested
Add a new option `SAPI_ENABLE_CONTRIB_TESTS` that builds the sandboxes
in `contrib/` if set.

The new `contrib/CMakeLists.txt` should be extended each time we add a
new sandbox to `contrib/`.

This is in preparation of a follow-up change that should test the
sandboxes using GitHub Actions.

Drive-by:
- Rename the tests in `jsonnet_tests.cc` to conform to the style guide.
PiperOrigin-RevId: 425874289
Change-Id: I5b31546ccf84444c2480287220ef88abbd78a235
2022-02-02 07:02:28 -08:00
Christian Blichmann
2a8fca56fd CMake: Remove Ninja workaround
This never worked properly worked anyways.

The root of the problem is likely ninja issue [#1330](https://github.com/ninja-build/ninja/issues/1330)

PiperOrigin-RevId: 425610824
Change-Id: I53415be6ea6169b420964ba1a7365160167a4f89
2022-02-01 06:37:04 -08:00
Christian Blichmann
d451478e26 Change license link to HTTPS URL
PiperOrigin-RevId: 424811734
Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc
2022-01-28 01:39:09 -08:00
Christian Blichmann
41e0ca0a68 CMake: Use min v3.13 and FetchContent
This updates the mininum required version of CMake to 3.13, which is
present in Debian Buster.

At the same time, move all of our dependency handling to use
`FetchContent_Declare()`, `FetchContent_Populate()` and
`FetchContent_MakeAvailable()`. Since the latter was ony introduced in
3.14, provide a simple "polyfill" implementation for that.

As an added benefit, the configure step for libffi and libunwind will
now not be re-run every time the `CMakeLists.txt` changes.

Other changes:
- Explicitly spell out that we're testing up to 3.22 in
  `cmake_minimum_version()`
- Rename `check_target()` to `sapi_check_target()` to avoid conflicts
  with Abseil.
2022-01-25 13:59:45 +01:00
Christian Blichmann
baa1e570b4 CMake build: Skip examples/tests when used via add_subdirectory
PiperOrigin-RevId: 422512365
Change-Id: I38c6b23d1b33b89346ccf6c6692d50f88c82212b
2022-01-18 03:23:16 -08:00
Christian Blichmann
066af80c8b CMake build improvements
- Check for Linux (Android TBD once that lands) and C++17
- Move `SAPI_HARDENED_SOURCE` check after compile options are evaluated
- Use a more modern way to set the required C++ standard, compatible with
  Abseil's `ABSL_PROPAGATE_CXX_STD`.
- Scope `-fno-exceptions` and `POSITION_INDEPENDENT_CODE` to SAPI targets
- Increase maximum stack frame size yet again

PiperOrigin-RevId: 422369190
Change-Id: If75405ee43740de90196f52cddc8938482eae851
2022-01-17 08:17:07 -08:00
Christian Blichmann
ba19e48d90 Fix C++ compiler option checks, increase max stack frame size
The former fixes the actual compiler option checks in `CMakeLists.txt`.

The latter is to avoid a compiler warning in `sandboxed_api/sandbox2/util.cc`,
which needs a stack frame size bigger than pthread's default value (16K).

PiperOrigin-RevId: 419618052
Change-Id: Ieaf72a03bfad0853d774ce0548040e3f2a3ebbc0
2022-01-04 09:49:21 -08:00
Christian Blichmann
8b61945e93 Remove duplicate CMake variable
PiperOrigin-RevId: 417812513
Change-Id: I1128ff3e94cba42d59d13ccfddf32d5b30082382
2021-12-22 06:57:45 -08:00
Christian Blichmann
6a58a29039 Make CMake superbuild behave more similar to FetchContent
- Move CMake superbuild files
- Drop use of `CMakeLists.txt.in` configure files
- Allow overriding dependency directories. For now, this should only be
  used by GitHub workflows. Will be expanded on later, possibly renaming
  the variables.

This change is one in a series to make it easier to consume/customize
Sandboxed API in downstream projects.

Drive-by:
- Update `.gitignore` to ignore clangd's `.cache` directory

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-02-03 18:15:15 +01:00
Christian Blichmann
42f540bc7e Be more strict about target_link_libraries()
Bazel readily enforces header visiblity for each target, CMake is more lenient.

PiperOrigin-RevId: 355407845
Change-Id: Ic59fa2162db8456d4c5cf4205c0fe42cc79874a9
2021-02-03 09:01:31 -08:00
Anton D. Kachalov
4763959227 Add pkg-config files generation.
PiperOrigin-RevId: 347812826
Change-Id: I1722d39759628ad976b99887c8406cff08195009
2020-12-16 06:46:03 -08:00
Anton D. Kachalov
0e8d16e011 Enable shared libraries build and cross-compilation
This allows resource-constrained environments to benefit from the
space savings of dynamic linking. This is not meant to be used in
the general case.

PiperOrigin-RevId: 347398828
Change-Id: Ia634959148a31159878f48c44255dd733424a2b8
2020-12-14 09:16:14 -08:00
Anton D. Kachalov
218435d88e Make compiler/linker flags visible to dependencies.
PiperOrigin-RevId: 347396613
Change-Id: Ic80b6a731a3b182f3aa320d36b598d074e7f3802
2020-12-14 09:03:52 -08:00
Anton D. Kachalov
8924b63d5a Add hardening linker options.
PiperOrigin-RevId: 347367335
Change-Id: Ia7d707bd3e7e58021fc3bb14df13a9f06c5e2735
2020-12-14 05:39:35 -08:00
Sandboxed API Team
d172411d7b Force -fno-exceptions compiler option.
Add hardening compiler options (enabled via SAPI_HARDENED_SOURCE)

PiperOrigin-RevId: 347081406
Change-Id: I6c293a95a3bb05ea3b581bd9497381847c7aa510
2020-12-11 14:58:27 -08:00
Christian Blichmann
19a8e38a51 Support AArch64 and PPC64 in third party dependencies
PiperOrigin-RevId: 338992825
Change-Id: I2f77ea8379e55007a22ad0461efc98f41a01ad44
2020-10-26 01:22:23 -07:00
Christian Blichmann
35f9268e23 Restructure the Clang based header generator
- Support multiple input files
- Better testability
- Support for the `--sapi_isystem` argument, same as the Python generator

PiperOrigin-RevId: 333686891
Change-Id: I3e618165c1bd58bb755e1193617fb0737c29ee77
2020-09-25 01:14:18 -07:00
Christian Blichmann
00e724fb8a CMake build improvements
- Try to fix Ninja needlessly rebuilding everything every time
  See https://stackoverflow.com/questions/47087237/cmake-and-ninja-rebuild-unnecessary-files/47100426#47100426
- Since SAPI requires CMake >= 3.12, remove custom `list_join`

PiperOrigin-RevId: 333281764
Change-Id: I334d67d7ee54d21824b19e60a7a7f1e43bb5a057
2020-09-23 06:43:01 -07:00
Christian Blichmann
e76e73dfe8 Merge pull request #40 from cblichmann:clang-tool
PiperOrigin-RevId: 313577454
Change-Id: I4de93e1ffca003899ae3c7110ab3fd10f700907c
2020-05-28 16:01:09 +02:00
Christian Blichmann
143e539d79 First MVP of a LibTooling based SAPI header generator
- Extract dependent types directly from the Clang AST and re-serialize
  back into compilable code
- Collect types and emit diagnostics
- Format generated code

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-05-15 15:35:42 +02:00
Christian Blichmann
441201884a Update license header with recommended best practices
PiperOrigin-RevId: 290250533
Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3
2020-01-17 05:05:29 -08:00
Christian Blichmann
948b75efe9 CMake cleanups
- Bump minimum requred version to 3.12 (Ubuntu Cosmic LTS)
- Rename `SAPI_USE_?` options to `SAPI_DOWNLOAD_?`
- Improve detection of Python 3
- Use platform independent static library suffixes for `find_library()`

PiperOrigin-RevId: 281727467
Change-Id: I45596b6ba08e4f8201d8dcde19a03baf825b83ec
2019-11-21 05:17:25 -08:00
Christian Blichmann
ae2954f598 Build in C++17 mode.
Practically all current compilers fully support C++17 by now, with the exception of `filesystem` (which we won't use).

PiperOrigin-RevId: 281494879
Change-Id: Ia0ef650ede4e5907e4a6421b8ad11743c8bae88f
2019-11-20 04:40:09 -08:00
Christian Blichmann
d91879f752 Ensure compatibility with CMake 3.10
This fixes some CMake-3.12+-isms, like `list(JOIN ...)` and setting link
properties on OBJECT libraries.

PiperOrigin-RevId: 265033725
Change-Id: I0ee1ec0e1b1097ea8226ad6fdeff794a97c2881b
2019-08-23 05:08:55 -07:00
Christian Blichmann
0c64532a8c Validate Unix-only compiler flags in CMake build
PiperOrigin-RevId: 260706238
Change-Id: I2206f4d724a93de8714aeef521c544b660101d17
2019-07-30 06:51:38 -07:00
Christian Blichmann
3c51348aaf Enable CMake projects to consume Sandboxed API via add_subdirectory()
This change moves away from a classical superbuild which downloads and builds
at build time. Instead, we now follow a "Fetch Content" workflow (available as
FetchContent in CMake 3.11+) and download dependencies at config time.

Rationale: Superbuild projects have the disadvantage that projects cannot
directly access their individual declared targets. This is not a problem with
regular libraries, as those are usually/supposed to be installed. With
Sandboxed API, this is not desirable, as it has dependencies like Abseil and
glog, which are almost always consumed by including their source tree using
add_subdirectory().

Fixes #10 and makes external embedding easier.

PiperOrigin-RevId: 260129870
Change-Id: I70f295f29a6e4fc8c330512c94b01ef10c017166
2019-07-26 05:51:08 -07:00
Christian Blichmann
6d33c1f908 Add CMake options to exclude examples and tests from build
PiperOrigin-RevId: 258136393
Change-Id: Ifb2d7a24f93cd1d2782b4e4d6ac2c34a0d1c2bff
2019-07-15 04:42:58 -07:00
Christian Blichmann
99ac7fa60d Refactor CMake files
* Move add_sapi_library() into a build defs file
* Override protobuf_generate_cpp() instead of naming it sapi_protobuf_generate_cpp()
* Factor out inclusion/find_package() calls of external dependencies

PiperOrigin-RevId: 258133422
Change-Id: Ibdbab0c735157eac0ed6122ab78f9d583c6905cc
2019-07-15 04:13:15 -07:00
Christian Blichmann
b219661be0 Add basic CMake support for SAPI, build examples
* Implement add_sapi_library() similar to the Bazel rule
* Fix SuperBuild so that glog properly depends on gflags (needed for --logtostderr)
* Raise minimum required version of CMake to 3.10 (Ubuntu 18.04 LTS)
* Update sum sandbox policy to allow to get IDs and PIDs

PiperOrigin-RevId: 258124160
Change-Id: I64c2f8b27a3e842874adca9100bfce20a2b74f17
2019-07-15 02:53:43 -07:00
Christian Blichmann
6b24025860 CMake targets for SAPI, add find_package() support for libffi
This change adds CMake targets for the actual Sandboxed API library. On its
own, this is not very useful, as there is no CMake equivalent to the
sapi_library() rule, yet. This will be worked on next.

PiperOrigin-RevId: 257177362
Change-Id: Ic06c945ab534b27306021d970a83691aae2e7e60
2019-07-09 06:13:08 -07:00
Christian Blichmann
b5d85f5e56 Do not use any global compiler settings in CMake build
This change also tries to make the build more idempotent wrt to embedding projects.

PiperOrigin-RevId: 257177255
Change-Id: I291cd02840496db901f829e902623887f6e0eb10
2019-07-09 06:12:11 -07:00
Christian Blichmann
4e20e0702a Use full workspace name to access Bazel packages in generator
Since the interface generator is invoked via a Bazel macro, it will be
expanded in the embedding context of the project using SAPI, so package access
needs to go through the full workspace root @com_google_sandboxed_api.

This change also modifies the CMakeLists.txt accordingly, as the "external"
subdirectory is no longer needed/wanted.

PiperOrigin-RevId: 255918784
Change-Id: I052c687509f65fef7f011a9d1a074a171595330f
2019-07-01 02:53:41 -07:00
Christian Blichmann
dfbfb5cc43 Add CMake builds for the examples
PiperOrigin-RevId: 252045309
Change-Id: I57ffc3debbe64010b1f20b2e6df900b9916fa37f
2019-06-07 07:27:33 -07:00
Christian Blichmann
e09bda2628 Internal change
PiperOrigin-RevId: 251624033
Change-Id: I9b2ab423082be3bfdb6da66ab7a8e77e5673789b
2019-06-05 05:28:56 -07:00
Christian Blichmann
dd20e170d0 Internal change
PiperOrigin-RevId: 251409173
Change-Id: Ic5fcf3056c32b39a8365efa0bea4ebf7547d64e0
2019-06-04 03:47:41 -07:00
Christian Blichmann
9351e02182 Internal change
PiperOrigin-RevId: 251404733
Change-Id: Iaa53a1c14e7818dae4ae247bfefb2cba4498ba4d
2019-06-04 03:06:36 -07:00
Christian Blichmann
719cd24933 Fix sandbox2 tests when run with CTest
This test runs, but fails due to a different problem:
  StackTraceTest.ForkEnterNsLibunwindDoesNotLeakFDs

PiperOrigin-RevId: 251218516
Change-Id: If06cdbcb71fad84ebd9d934ff173d7ef1a1eebc0
2019-06-03 06:27:59 -07:00
Christian Blichmann
6bfa83befe CMake support for Sandbox2
- Add a superbuild in cmake/SuperBuild.cmake that downloads and builds
  dependencies
- Builds for sandbox2/ and a its tests
- Helper CMake function to strip proto paths
- Module to find libcap
- Custom build for libunwind that wraps its symbols
- Fix environment so that CTest executes tests similar to Bazel
- Filewrapper functionality, like Bazel's cc_embed_data()
- Build forkserver with embedded binary
- Enable ASM language so that libunwind builds correctly
- Allow glog target to propagate transitively (to propagate its include dirs)

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-05-06 14:03:29 +02:00