This avoids a warning in newer CMake versions. For `CMP0083`, we still need to
explicitly select `NEW` behavior. `check_pie_supported()` will error if it is
unset even on later CMake versions.
PiperOrigin-RevId: 531200735
Change-Id: Icb17a00cac087bd6888f8a9b9f8dd837358a6090
This finally prevents Ninja from rebuilding everything needlessly each time a
CMake reconfiguration was triggered. The root cause is that we used
`file(WRITE ...)`, which always unconditionally overwrites, so Ninja sees
those files as "dirty".
PiperOrigin-RevId: 453849514
Change-Id: Ib878df21371387baa7bf791a0a054e1ea5d6b6ae
`BUILD_TESTING` is a CMake provided option and we should use similar naming,
just like how Abseil does it.
- `SAPI_ENABLE_TESTS` -> `SAPI_BUILD_TESTING`
- `SAPI_ENABLE_CONTRIB_TESTS` -> `SAPI_CONTRIB_BUILD_TESTING`
- `SAPI_ENABLE_EXAMPLES` -> `SAPI_BUILD_EXAMPLES`
Drive-by:
- Fix option name in GitHub action
PiperOrigin-RevId: 443305932
Change-Id: Ice2b42be1229a0f9ae7c2ceda9ce87187baf22c4
Including the `CTest` modules ensures that the `BUILD_TESTING` option is
defined and automatically calls `enable_testing()` if needed. It does not
change the default or introduce any dependencies on its own.
This follows what Abseil already does in their top-level `CMakeLists.txt`.
PiperOrigin-RevId: 443305646
Change-Id: If067c17470f497437c7748aab4aab5227c26e84f
When building contrib libraries as a Sandboxed API super-project or when
building Sandboxed API as a sub-project, CMake may not include all files
when writing a `compile_commands.json`, leading to missing include paths
for the libtooling interface generator.
This change sets `CMAKE_EXPORT_COMPILE_COMMANDS` as a cache variable so
that it persists across project boundaries. Writing compilation databases,
even when they are otherwise unused, is harmless.
PiperOrigin-RevId: 439820022
Change-Id: Ice96e78cf41fff5792aa0a8734f1ccf80f541e4c
The default limit for recent versions of Clang is 256 which is less than the
number of syscalls in our syscall tables (around 340). This change increases
this limit to an arbitrary 768.
PiperOrigin-RevId: 429258387
Change-Id: I4927eee78edc8aaa2a758b29811d02326e5aa953
Linking glibc in fully static mode is mostly unsupported. While such binaries
can easily be produced, conflicting symbols will often make them crash at
runtime. This happens because glibc will always (try to) load some dynamically
linked libraries, even when statically linked. This includes things like the
resolver, unicode/locale handling and others.
Internally at Google, this is not a concern due to the way glibc is being built
there. But in order to make all of our tests run in the open-source version of
this code, we need to change strategy a bit.
As a rule of thumb, glibc can safely be linked statically if a program is
resonably simple and does not use any networking of locale dependent
facilities. Calling syscalls directly instead of the corresponding libc
wrappers works as well, of course.
This change adjusts linker flags and sandbox policies to be more compatible
with regular Linux distributions.
Tested:
- `ctest -R '[A-Z].*'` (all SAPI/Sandbox2 tests)
PiperOrigin-RevId: 429025901
Change-Id: I46b677d9eb61080a8fe868002a34a77de287bf2d
- `SKIP_BUILD_RPATH` needs to be set per directory (not allow-listed for
`INTERFACE` properties)
- Use correct name for position independent code
- `-pie`/`-fPIE` will only propagate fully on 3.14+
PiperOrigin-RevId: 428986266
Change-Id: Idf9d7fc184fbeec8ec1b77505246e262d9b8d880
Add a new option `SAPI_ENABLE_CONTRIB_TESTS` that builds the sandboxes
in `contrib/` if set.
The new `contrib/CMakeLists.txt` should be extended each time we add a
new sandbox to `contrib/`.
This is in preparation of a follow-up change that should test the
sandboxes using GitHub Actions.
Drive-by:
- Rename the tests in `jsonnet_tests.cc` to conform to the style guide.
PiperOrigin-RevId: 425874289
Change-Id: I5b31546ccf84444c2480287220ef88abbd78a235
This never worked properly worked anyways.
The root of the problem is likely ninja issue [#1330](https://github.com/ninja-build/ninja/issues/1330)
PiperOrigin-RevId: 425610824
Change-Id: I53415be6ea6169b420964ba1a7365160167a4f89
This updates the mininum required version of CMake to 3.13, which is
present in Debian Buster.
At the same time, move all of our dependency handling to use
`FetchContent_Declare()`, `FetchContent_Populate()` and
`FetchContent_MakeAvailable()`. Since the latter was ony introduced in
3.14, provide a simple "polyfill" implementation for that.
As an added benefit, the configure step for libffi and libunwind will
now not be re-run every time the `CMakeLists.txt` changes.
Other changes:
- Explicitly spell out that we're testing up to 3.22 in
`cmake_minimum_version()`
- Rename `check_target()` to `sapi_check_target()` to avoid conflicts
with Abseil.
- Check for Linux (Android TBD once that lands) and C++17
- Move `SAPI_HARDENED_SOURCE` check after compile options are evaluated
- Use a more modern way to set the required C++ standard, compatible with
Abseil's `ABSL_PROPAGATE_CXX_STD`.
- Scope `-fno-exceptions` and `POSITION_INDEPENDENT_CODE` to SAPI targets
- Increase maximum stack frame size yet again
PiperOrigin-RevId: 422369190
Change-Id: If75405ee43740de90196f52cddc8938482eae851
The former fixes the actual compiler option checks in `CMakeLists.txt`.
The latter is to avoid a compiler warning in `sandboxed_api/sandbox2/util.cc`,
which needs a stack frame size bigger than pthread's default value (16K).
PiperOrigin-RevId: 419618052
Change-Id: Ieaf72a03bfad0853d774ce0548040e3f2a3ebbc0
- Move CMake superbuild files
- Drop use of `CMakeLists.txt.in` configure files
- Allow overriding dependency directories. For now, this should only be
used by GitHub workflows. Will be expanded on later, possibly renaming
the variables.
This change is one in a series to make it easier to consume/customize
Sandboxed API in downstream projects.
Drive-by:
- Update `.gitignore` to ignore clangd's `.cache` directory
Signed-off-by: Christian Blichmann <cblichmann@google.com>
Bazel readily enforces header visiblity for each target, CMake is more lenient.
PiperOrigin-RevId: 355407845
Change-Id: Ic59fa2162db8456d4c5cf4205c0fe42cc79874a9
This allows resource-constrained environments to benefit from the
space savings of dynamic linking. This is not meant to be used in
the general case.
PiperOrigin-RevId: 347398828
Change-Id: Ia634959148a31159878f48c44255dd733424a2b8
- Support multiple input files
- Better testability
- Support for the `--sapi_isystem` argument, same as the Python generator
PiperOrigin-RevId: 333686891
Change-Id: I3e618165c1bd58bb755e1193617fb0737c29ee77
- Extract dependent types directly from the Clang AST and re-serialize
back into compilable code
- Collect types and emit diagnostics
- Format generated code
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
Practically all current compilers fully support C++17 by now, with the exception of `filesystem` (which we won't use).
PiperOrigin-RevId: 281494879
Change-Id: Ia0ef650ede4e5907e4a6421b8ad11743c8bae88f
This fixes some CMake-3.12+-isms, like `list(JOIN ...)` and setting link
properties on OBJECT libraries.
PiperOrigin-RevId: 265033725
Change-Id: I0ee1ec0e1b1097ea8226ad6fdeff794a97c2881b
This change moves away from a classical superbuild which downloads and builds
at build time. Instead, we now follow a "Fetch Content" workflow (available as
FetchContent in CMake 3.11+) and download dependencies at config time.
Rationale: Superbuild projects have the disadvantage that projects cannot
directly access their individual declared targets. This is not a problem with
regular libraries, as those are usually/supposed to be installed. With
Sandboxed API, this is not desirable, as it has dependencies like Abseil and
glog, which are almost always consumed by including their source tree using
add_subdirectory().
Fixes#10 and makes external embedding easier.
PiperOrigin-RevId: 260129870
Change-Id: I70f295f29a6e4fc8c330512c94b01ef10c017166
* Move add_sapi_library() into a build defs file
* Override protobuf_generate_cpp() instead of naming it sapi_protobuf_generate_cpp()
* Factor out inclusion/find_package() calls of external dependencies
PiperOrigin-RevId: 258133422
Change-Id: Ibdbab0c735157eac0ed6122ab78f9d583c6905cc
* Implement add_sapi_library() similar to the Bazel rule
* Fix SuperBuild so that glog properly depends on gflags (needed for --logtostderr)
* Raise minimum required version of CMake to 3.10 (Ubuntu 18.04 LTS)
* Update sum sandbox policy to allow to get IDs and PIDs
PiperOrigin-RevId: 258124160
Change-Id: I64c2f8b27a3e842874adca9100bfce20a2b74f17
This change adds CMake targets for the actual Sandboxed API library. On its
own, this is not very useful, as there is no CMake equivalent to the
sapi_library() rule, yet. This will be worked on next.
PiperOrigin-RevId: 257177362
Change-Id: Ic06c945ab534b27306021d970a83691aae2e7e60
This change also tries to make the build more idempotent wrt to embedding projects.
PiperOrigin-RevId: 257177255
Change-Id: I291cd02840496db901f829e902623887f6e0eb10
Since the interface generator is invoked via a Bazel macro, it will be
expanded in the embedding context of the project using SAPI, so package access
needs to go through the full workspace root @com_google_sandboxed_api.
This change also modifies the CMakeLists.txt accordingly, as the "external"
subdirectory is no longer needed/wanted.
PiperOrigin-RevId: 255918784
Change-Id: I052c687509f65fef7f011a9d1a074a171595330f
This test runs, but fails due to a different problem:
StackTraceTest.ForkEnterNsLibunwindDoesNotLeakFDs
PiperOrigin-RevId: 251218516
Change-Id: If06cdbcb71fad84ebd9d934ff173d7ef1a1eebc0
- Add a superbuild in cmake/SuperBuild.cmake that downloads and builds
dependencies
- Builds for sandbox2/ and a its tests
- Helper CMake function to strip proto paths
- Module to find libcap
- Custom build for libunwind that wraps its symbols
- Fix environment so that CTest executes tests similar to Bazel
- Filewrapper functionality, like Bazel's cc_embed_data()
- Build forkserver with embedded binary
- Enable ASM language so that libunwind builds correctly
- Allow glog target to propagate transitively (to propagate its include dirs)
Signed-off-by: Christian Blichmann <cblichmann@google.com>
