diff --git a/run_py/build.py b/run_py/build.py index edea2a1..3518ee3 100644 --- a/run_py/build.py +++ b/run_py/build.py @@ -65,8 +65,10 @@ def __repr__(self): base = BuildType('Base', is_default=True) base.compile_args += ['-static', '-std=gnu++2c', '-fcolor-diagnostics', '-ffunction-sections', - '-fdata-sections', '-funsigned-char', '-D_FORTIFY_SOURCE=2', '-Wformat', - '-Wformat-security', '-Werror=format-security', '-fno-plt', '-Wno-vla-extension', '-Wno-trigraphs'] + '-fdata-sections', '-funsigned-char', '-fno-signed-zeros', '-fno-semantic-interposition', + '-fno-plt', '-fno-strict-aliasing', '-fno-exceptions', + '-D_FORTIFY_SOURCE=2', '-Wformat', + '-Wformat-security', '-Werror=format-security', '-Wno-vla-extension', '-Wno-trigraphs'] if 'CXXFLAGS' in os.environ: base.compile_args += os.environ['CXXFLAGS'].split() @@ -82,9 +84,8 @@ def __repr__(self): fast.compile_args += ['-O1'] # Build type intended for practical usage (slow to build but very high performance) -# TODO: enable -fno-signed-zeros -fno-signaling-nans -fno-trapping-math -fno-semantic-interposition -fstrict-aliasing -fno-exceptions -ffunction-sections -fvtable-gc release = BuildType('Release', base) -release.compile_args += ['-O3', '-DNDEBUG', '-flto', '-fstack-protector'] +release.compile_args += ['-O3', '-DNDEBUG', '-flto', '-fstack-protector', '-fno-trapping-math'] release.link_args += ['-flto'] # Build type intended for debugging diff --git a/src/dev_commands.py b/src/dev_commands.py index 625f025..a5a5a2b 100644 --- a/src/dev_commands.py +++ b/src/dev_commands.py @@ -26,13 +26,14 @@ def run(args: str): 'LAN': 'enxe8802ee74415' }) +gatekeeper_bin = 'debug_gatekeeper' def debug(): - return run('build/debug_gatekeeper') + return run(f'build/{gatekeeper_bin}') def gdb(): - return run('gdb build/debug_gatekeeper -q -ex run') + return run(f'gdb build/{gatekeeper_bin} -q -ex run') def net_reset(): @@ -45,7 +46,7 @@ def net_reset(): def dogfood(): '''Copy the binary to maf's router and run it.''' - sh('scp build/debug_gatekeeper root@protectli:/opt/gatekeeper/gatekeeper.new', + sh(f'scp build/{gatekeeper_bin} root@protectli:/opt/gatekeeper/gatekeeper.new', check=True) try: sh('ssh root@protectli "mv /opt/gatekeeper/gatekeeper{,.old} && mv /opt/gatekeeper/gatekeeper{.new,} && systemctl restart gatekeeper"', @@ -80,7 +81,7 @@ def run_systemd(env): args = ['systemd-run', '--service-type=notify', '--same-dir', '--unit=gatekeeper-e2e', '--quiet'] for k, v in env.items(): args.append(f'--setenv={k}={v}') - args += ['build/debug_gatekeeper'] + args += ['build/' + gatekeeper_bin] p = subprocess.run(args) p.invocation_id = subprocess.check_output(['systemctl', 'show', '--value', '-p', 'InvocationID', 'gatekeeper-e2e']).decode().strip() if p.returncode != 0: @@ -248,7 +249,7 @@ def test_udp(): def hook_final(srcs, objs, bins, recipe: make.Recipe): - deps = ['build/debug_gatekeeper'] + deps = ['build/' + gatekeeper_bin] recipe.add_step(debug, [], deps) recipe.add_step(gdb, [], deps) recipe.add_step(net_reset, [], deps) diff --git a/src/generator.hh b/src/generator.hh index a173b83..bbf8066 100644 --- a/src/generator.hh +++ b/src/generator.hh @@ -40,7 +40,9 @@ public: void return_void() {} +#if defined(__cpp_exceptions) void unhandled_exception() { throw; } +#endif Ref Get() { return ref_.Get(); } diff --git a/src/glibc.py b/src/glibc.py index 1fffe05..502f820 100644 --- a/src/glibc.py +++ b/src/glibc.py @@ -84,6 +84,7 @@ def hook_recipe(recipe): CFLAGS = build_type.CFLAGS() for bad_flag in BAD_CFLAGS: CFLAGS = list(filter(lambda x: not x.startswith(bad_flag), CFLAGS)) + CFLAGS += ['-fvtable-gc', '-fno-signaling-nans'] CFLAGS = ' '.join(CFLAGS) @@ -155,6 +156,7 @@ def configure_gcc(prefix=PREFIX, gcc_objdir=GCC_OBJDIR): '--enable-threads=posix', '--enable-shared', '--enable-__cxa_atexit', + f'--enable-cxx-flags={CFLAGS}', '--disable-bootstrap', '--disable-cet', '--disable-default-pie',