Control-flow Enforcement Technology (CET), published by Intel, introduces indirect branch tracking (IBT) to guard all indirect 'jmp' and 'call'. The target of indirect 'jmp' or 'call' begin with 'endbr' instruction. Currently, CET has been implemented in x86 GNU Linux platforms.
In order to enable CET when building applications, we need to ensure:
- building source code with '-fcf-protection=full'
- all libraries linked must be CET enabled
This patch is used to build libc++ and libc++abi with CET enabled. If developers want to build applications with CET enabled and use libc++ and libc++abi, they must link CET enabled libc++ and libc++abi libraries. We introduce 2 options: LIBCXX_ENABLE_CET and LIBCXXABI_ENABLE_CET to enable CET building. This patch also enables running all libcxx and libcxxabi tests with CET enabled.
This needs more documentation. CET isn't a well known feature. Please also update libcxx/docs/BuildingLibcxx.rst regarding this feature. The comment for this patch already contains a lot of useful information, that I would like to see here.