I wanted to create some tests looking at the performance impacts of Clang CFI. My initial attempts have come up short, as I tried to compile deal.II (version 9.2.0) with clang-11 cfi, but had multiple problems with the build. (deal.II was of interest to me as it performs thousands of casts in some of its example programs provided with the build)
Building
I built deal.II with the following additons to the CMakeList.txt file
set(CMAKE_C_COMPILER /lib/llvm-11/bin/clang)
set(CMAKE_CXX_COMPILER /lib/llvm-11/bin/clang++)
set(CLANG11_CFI_FLAGS "-fsanitize=cfi -flto -fvisibility=hidden ")
set(DEAL_II_CXX_FLAGS "${CLANG11_CFI_FLAGS} ${DEAL_II_CXX_FLAGS} ")
set(DEAL_II_LINKER_FLAGS "${CLANG11_CFI_FLAGS} ${DEAL_II_LINKER_FLAGS} ")
This produced multiple undefined reference errors. eg
/tmp/lto-llvm-8f380e.o(.rodata..L__unnamed_1+0x170): error: undefined reference to 'dealii::FiniteElement<2, 2>::compare_for_face_domination(dealii::FiniteElement<2, 2> const&) const'
After searching the internet, this stack overflow post seems to be a solution. This posts recommended generated static libraries and adding the following macros to the CMakeList.txt file:
SET(CMAKE_AR "llvm-ar")
SET(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> qcsO <TARGET> <LINK_FLAGS> <OBJECTS>")
SET(CMAKE_C_ARCHIVE_FINISH true)
SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> qcsO <TARGET> <LINK_FLAGS> <OBJECTS>")
SET(CMAKE_CXX_ARCHIVE_FINISH true)
and found that this indeed would build the deal libraries, as long as the following flag was set to generate them statically: -DDEAL_II_STATIC_EXECUTABLE=ON
Although the libraries were now build, I could not build any of the examples, as attempts would generate the following warning
/tmp/lto-llvm-46b907.o:ld-temp.o:function tbb::internal::dynamic_link(char const*, tbb::internal::dynamic_link_descriptor const*, unsigned long, void**, int): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
and would cause an Illegal instruction (core dumped) when run.
I tried a couple of things, mainly changing the linker flags used for building the examples, but so far, nothing has works. It seems that to compile the deal.II libraries with CFI, they must be static. But to link them to any of the examples they must be dynamic. Therefore seems impossible...
It would be greatly appreciated if anyone with better knowledge of static/dynamic linking and clang cfi could point me in the right direction. Even if the answer is that its not possible... Many thanks
question from:https://stackoverflow.com/questions/65901752/is-it-possible-to-compile-deal-ii-with-clang-cfi-protections
