Index: libcxx/CMakeLists.txt =================================================================== --- libcxx/CMakeLists.txt +++ libcxx/CMakeLists.txt @@ -84,6 +84,7 @@ # Basic options --------------------------------------------------------------- option(LIBCXX_ENABLE_ASSERTIONS "Enable assertions independent of build mode." OFF) +option(LIBCXX_ENABLE_CET "Build libc++ with CET enabled." OFF) option(LIBCXX_ENABLE_SHARED "Build libc++ as a shared library." ON) option(LIBCXX_ENABLE_STATIC "Build libc++ as a static library." ON) option(LIBCXX_ENABLE_EXPERIMENTAL_LIBRARY "Build libc++experimental.a" ON) @@ -154,6 +155,10 @@ endif() endif() +if (LIBCXX_ENABLE_CET AND MSVC) + message(FATAL_ERROR "libc++ CET support is not available for MSVC!") +endif() + option(LIBCXX_INCLUDE_DOCS "Build the libc++ documentation." ${LLVM_INCLUDE_DOCS}) set(LIBCXX_LIBDIR_SUFFIX "${LLVM_LIBDIR_SUFFIX}" CACHE STRING "Define suffix of library directory name (32/64)") @@ -666,6 +671,13 @@ endif() endfunction() +# CET flags =================================================================== +function(cxx_add_cet_flags target) + if (LIBCXX_ENABLE_CET) + target_add_compile_flags_if_supported(${target} PUBLIC -fcf-protection=full) + endif() +endfunction() + # Threading flags ============================================================= if (LIBCXX_BUILD_EXTERNAL_THREAD_LIBRARY AND LIBCXX_ENABLE_SHARED) # Need to allow unresolved symbols if this is to work with shared library builds @@ -927,6 +939,7 @@ cxx_add_exception_flags(${target}) cxx_add_rtti_flags(${target}) cxx_add_module_flags(${target}) + cxx_add_cet_flags(${target}) cxx_link_system_libraries(${target}) endfunction() Index: libcxx/test/CMakeLists.txt =================================================================== --- libcxx/test/CMakeLists.txt +++ libcxx/test/CMakeLists.txt @@ -56,6 +56,7 @@ endif() pythonize_bool(LIBCXX_ENABLE_SHARED) +pythonize_bool(LIBCXX_ENABLE_CET) pythonize_bool(LIBCXX_LINK_TESTS_WITH_SHARED_LIBCXX) pythonize_bool(LIBCXX_LINK_TESTS_WITH_SHARED_LIBCXXABI) pythonize_bool(LIBCXX_ENABLE_FILESYSTEM) Index: libcxx/test/configs/legacy.cfg.in =================================================================== --- libcxx/test/configs/legacy.cfg.in +++ libcxx/test/configs/legacy.cfg.in @@ -22,6 +22,7 @@ config.target_info = "@LIBCXX_TARGET_INFO@" config.test_linker_flags = "@LIBCXX_TEST_LINKER_FLAGS@" config.test_compiler_flags = "@LIBCXX_TEST_COMPILER_FLAGS@" +config.cet_on = @LIBCXX_ENABLE_CET@ config.executor = "@LIBCXX_EXECUTOR@" config.llvm_unwinder = @LIBCXXABI_USE_LLVM_UNWINDER@ Index: libcxx/utils/libcxx/test/config.py =================================================================== --- libcxx/utils/libcxx/test/config.py +++ libcxx/utils/libcxx/test/config.py @@ -261,6 +261,8 @@ additional_flags = self.get_lit_conf('test_compiler_flags') if additional_flags: self.cxx.compile_flags += shlex.split(additional_flags) + if self.get_lit_bool('cet_on'): + self.cxx.compile_flags += ['-fcf-protection=full'] def configure_default_compile_flags(self): # Configure include paths Index: libcxxabi/CMakeLists.txt =================================================================== --- libcxxabi/CMakeLists.txt +++ libcxxabi/CMakeLists.txt @@ -82,6 +82,7 @@ When disabled, libc++abi does not support stack unwinding and other exceptions-related features." ON) option(LIBCXXABI_ENABLE_ASSERTIONS "Enable assertions independent of build mode." ON) option(LIBCXXABI_ENABLE_PEDANTIC "Compile with pedantic enabled." ON) +option(LIBCXXABI_ENABLE_CET "Build libc++abi with CET enabled." OFF) option(LIBCXXABI_ENABLE_WERROR "Fail and stop if a warning is triggered." OFF) option(LIBCXXABI_USE_LLVM_UNWINDER "Build and use the LLVM unwinder." OFF) option(LIBCXXABI_ENABLE_STATIC_UNWINDER "Statically link the LLVM unwinder." OFF) @@ -155,6 +156,10 @@ message(FATAL_ERROR "libc++abi must be built as either a shared or static library.") endif() +if (LIBCXXABI_ENABLE_CET AND MSVC) + message(FATAL_ERROR "libc++abi CET support is not available for MSVC!") +endif() + # TODO: This is a workaround for the fact that Standalone builds can't use # targets from the other runtimes (so the cxx-headers target doesn't exist). set(LIBCXXABI_LIBCXX_INCLUDES "" CACHE PATH @@ -314,6 +319,10 @@ add_compile_flags_if_supported(-Werror=return-type) +if (LIBCXXABI_ENABLE_CET) + add_compile_flags_if_supported(-fcf-protection=full) +endif() + # Get warning flags add_compile_flags_if_supported(-W) add_compile_flags_if_supported(-Wall) Index: libcxxabi/test/CMakeLists.txt =================================================================== --- libcxxabi/test/CMakeLists.txt +++ libcxxabi/test/CMakeLists.txt @@ -39,6 +39,7 @@ pythonize_bool(LIBCXXABI_BUILD_32_BITS) pythonize_bool(LIBCXX_ENABLE_SHARED) +pythonize_bool(LIBCXXABI_ENABLE_CET) pythonize_bool(LIBCXXABI_ENABLE_SHARED) pythonize_bool(LIBCXXABI_ENABLE_THREADS) pythonize_bool(LIBCXXABI_USE_LLVM_UNWINDER) Index: libcxxabi/test/libcxxabi/test/config.py =================================================================== --- libcxxabi/test/libcxxabi/test/config.py +++ libcxxabi/test/libcxxabi/test/config.py @@ -52,6 +52,8 @@ if not self.get_lit_bool('enable_threads', True): self.cxx.compile_flags += ['-D_LIBCXXABI_HAS_NO_THREADS'] self.config.available_features.add('libcxxabi-no-threads') + if self.get_lit_bool('cet_on', False): + self.cxx.compile_flags += ['-fcf-protection=full'] super(Configuration, self).configure_compile_flags() def configure_compile_flags_header_includes(self): Index: libcxxabi/test/lit.site.cfg.in =================================================================== --- libcxxabi/test/lit.site.cfg.in +++ libcxxabi/test/lit.site.cfg.in @@ -26,6 +26,7 @@ config.sysroot = "@LIBCXXABI_SYSROOT@" config.gcc_toolchain = "@LIBCXXABI_GCC_TOOLCHAIN@" config.cxx_ext_threads = @LIBCXXABI_BUILD_EXTERNAL_THREAD_LIBRARY@ +config.cet_on = @LIBCXXABI_ENABLE_CET@ config.pstl_src_root = "@ParallelSTL_SOURCE_DIR@" if @LIBCXX_ENABLE_PARALLEL_ALGORITHMS@ else None config.pstl_obj_root = "@ParallelSTL_BINARY_DIR@" if @LIBCXX_ENABLE_PARALLEL_ALGORITHMS@ else None