From 43a64679ff5bd8133d0dc6e32ef486a17bd1822a Mon Sep 17 00:00:00 2001 From: Allen Winter Date: Fri, 7 Oct 2022 09:43:03 -0400 Subject: scripts/buildtests.sh - add test building with gcc FORTIFY --- scripts/buildtests.sh | 61 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/scripts/buildtests.sh b/scripts/buildtests.sh index a940576c..c2c326b0 100755 --- a/scripts/buildtests.sh +++ b/scripts/buildtests.sh @@ -39,6 +39,7 @@ HELP() { echo " -g, --no-gcc-build Don't run any gcc-build tests" echo " -a, --no-asan-build Don't run any ASAN-build tests" echo " -d, --no-tsan-build Don't run any TSAN-build tests" + echo " -f, --no-fortify-build Don't run the FORTIFY-build tests (gcc12)" echo } @@ -200,6 +201,31 @@ GCC_BUILD() { echo "===== END GCC BUILD: $1 ======" } +#function FORTIFY_BUILD: +# runs a build test using gcc (v12 or higher) with fortify CFLAGS +# $1 = the name of the test (which will have "-fortify" appended to it) +# $2 = CMake options +FORTIFY_BUILD() { + name="$1-fortify" + if ( test $runfortifybuild -ne 1 ) + then + echo "===== FORTIFY BUILD TEST $1 DISABLED DUE TO COMMAND LINE OPTION =====" + return + fi + COMMAND_EXISTS "gcc" + gccVersion=`gcc -dumpversion` + if ( test `expr $gccVersion + 0` -lt 12 ) + then + echo "Sorry, gcc must be version 12 or higher to support fortify. Exiting..." + exit 1 + fi + echo "===== START FORTIFY BUILD: $1 ======" + SET_GCC + export CFLAGS="-Og -gdwarf-5 -fno-optimize-sibling-calls -Wall -W -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_FORTIFY_SOURCE=3 -fPIC -grecord-gcc-switches -fno-allow-store-data-races -fstack-protector-strong -fstack-clash-protection -fcf-protection=full --param=ssp-buffer-size=1" + BUILD "$name" "$2" + echo "===== END FORTIFY BUILD: $1 ======" +} + #function NINJA_GCC_BUILD: # runs a build test using gcc using the Ninja cmake generator # $1 = the name of the test (which will have "-ninjagcc" appended to it) @@ -486,8 +512,8 @@ KRAZY() { ##### END FUNCTIONS ##### -#TEMP=`getopt -o hmkctbsnlgad --long help,no-cmake-compat,no-krazy,no-cppcheck,no-tidy,no-scan,no-splint,no-ninja,no-clang-build,no-gcc-build,no-asan-build,no-tsan-build -- "$@"` -TEMP=`getopt hmkctbsnlgad $*` +#TEMP=`getopt -o hmkctbsnlgadf --long help,no-cmake-compat,no-krazy,no-cppcheck,no-tidy,no-scan,no-splint,no-ninja,no-clang-build,no-gcc-build,no-asan-build,no-tsan-build,no-fortify-build -- "$@"` +TEMP=`getopt hmkctbsnlgadf $*` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi # Note the quotes around `$TEMP': they are essential! eval set -- "$TEMP" @@ -502,21 +528,23 @@ runclangbuild=1 rungccbuild=1 runasanbuild=1 runtsanbuild=1 +runfortifybuild=1 runsplint=1 while true ; do case "$1" in -h|--help) HELP; exit 1;; - -m|--no-cmake-compat) cmakecompat=0; shift;; - -k|--no-krazy) runkrazy=0; shift;; - -c|--no-cppcheck) runcppcheck=0; shift;; - -t|--no-tidy) runtidy=0; shift;; - -b|--no-scan) runscan=0; shift;; - -s|--no-splint) runsplint=0; shift;; - -n|--no-ninja) runninja=0; shift;; - -l|--no-clang-build) runclangbuild=0; shift;; - -g|--no-gcc-build) rungccbuild=0; shift;; - -a|--no-asan-build) runasanbuild=0; shift;; - -d|--no-tsan-build) runtsanbuild=0; shift;; + -m|--no-cmake-compat) cmakecompat=0; shift;; + -k|--no-krazy) runkrazy=0; shift;; + -c|--no-cppcheck) runcppcheck=0; shift;; + -t|--no-tidy) runtidy=0; shift;; + -b|--no-scan) runscan=0; shift;; + -s|--no-splint) runsplint=0; shift;; + -n|--no-ninja) runninja=0; shift;; + -l|--no-clang-build) runclangbuild=0; shift;; + -g|--no-gcc-build) rungccbuild=0; shift;; + -a|--no-asan-build) runasanbuild=0; shift;; + -d|--no-tsan-build) runtsanbuild=0; shift;; + -f|--no-fortify-build) runfortifybuild=0; shift;; --) shift; break;; *) echo "Internal error!"; exit 1;; esac @@ -628,4 +656,11 @@ TSAN_BUILD test3tsan "$TZCMAKEOPTS" TSAN_BUILD test4tsan "$UUCCMAKEOPTS" TSAN_BUILD test5tsan "$GLIBOPTS" +#Fortify build +FORTIFY_BUILD test1fortify "$DEFCMAKEOPTS" +FORTIFY_BUILD test2tsan "$CMAKEOPTS" +FORTIFY_BUILD test3tsan "$TZCMAKEOPTS" +FORTIFY_BUILD test4tsan "$UUCCMAKEOPTS" +FORTIFY_BUILD test5tsan "$GLIBOPTS" + echo "ALL TESTS COMPLETED SUCCESSFULLY" -- cgit v1.2.1