HomePhabricator

misc updates security-check and symbol-check

Description

misc updates security-check and symbol-check

Summary:
non backport changes:

  • fix identify_executable argument in security-check.py The argument name was wrong, and shown as unused by my IDE. It happenend to work by accident because in the loop where identify_executable is called there is a local variable filename which happened to be the expected thing.

test: use subprocess.run() in test-security-check.py

https://github.com/bitcoin/bitcoin/pull/18434/commits/9fe71a57a6780569e618cf9a8d4f1acf6321017f


scripts: prevent GCC optimising test symbols in test-symbol-check

I noticed in core#22381 that when the test-symbol-check target was being built with Clang and run in the CI it would fail due to using a too-new version of pow (used here). Our CIs use Focal (glibc 2.31) and the version of pow was the optimized version introduced in glibc 2.29:

  • Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf.

This made sense, except for that if it was failing when built using Clang, why hadn't it also been failing when being built with GCC?

Turns out GCC is optimizing away that call to pow at all optimization levels,

core#22645


build: Use and test PE binutils with --reloc-section

Also fix test-security-check.py to account for new PE PIE failure
indication.

https://github.com/bitcoin/bitcoin/pull/22381/commits/a8127b34bce3597b8091e14057c926197966a234


This fixes TestSecurityChecks.test_PE, I can now make it work on my machine.
contrib/devtools/test-security-check.py TestSecurityChecks.test_PE

This is a backport of core#22645, and a partial backport of core#18434 (I didn't do the CI part, as these tests are still not ready) and core#22381 (other commits are already backported)

Depends on D13966

Test Plan:
gitian builds
guix build

contrib\devtools\test-security-check.py
contrib\devtools\test-symbol-check.py

test-security-check.py now works for both test_ELF and test_PE. test_macho would require running the test on a Mac.

test-symbol-check.py still only works for test_ELF. test_PE needs more backports.

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Subscribers: Fabien

Differential Revision: https://reviews.bitcoinabc.org/D13962

Details

Provenance
PiRKAuthored on Jun 1 2023, 10:00
PiRKPushed on Jun 3 2023, 08:22
Reviewer
Restricted Project
Differential Revision
D13962: misc updates security-check and symbol-check
Parents
rABCc682e1d7f65b: refactor: Drop boost/algorithm/string/replace.hpp dependency
Branches
Unknown
Tags
Unknown