perf: use ss-cmake (#407)

Fixes #408 See serious-scaffold/ss-pybind11#55 -------- Signed-off-by: l.feng <[email protected]>
serious-scaffold · Dec 8, 2024 · 9aa5f43 · 9aa5f43
1 parent a16b70f
commit 9aa5f43
Show file tree

Hide file tree

Showing 16 changed files with 270 additions and 13 deletions.
diff --git a/cmake/ConfigureWarningsAndHardening.cmake b/cmake/ConfigureWarningsAndHardening.cmake
@@ -73,4 +73,48 @@ include(cmake-modules/build/CompilerFlags)
 # Hardening
 # ##############################################################################
 
+# Comment `-Wl,-z,nodlopen` for dlopen call
+if(NOT MSVC)
+  set(USE_HARDENING_FLAGS
+      -D_GLIBCXX_ASSERTIONS # Enable assertions
+      -U_FORTIFY_SOURCE # Disable stack protector
+      -D_FORTIFY_SOURCE=3 # Enable stack protector
+      -fstack-protector-strong # Enable stack protector
+      -fcf-protection # Control Flow Guard
+      -fstack-clash-protection # Control Flow Guard
+      -Wimplicit-fallthrough # Enabled in compiler flags by default
+      -fstrict-flex-arrays=3 # Enable strict array bounds
+      -Wformat # Enabled in compiler flags by default
+      -Wformat=2 # Enabled in compiler flags by default
+      # -Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
+      -Wl,-z,noexecstack # Enable data execution prevention by marking stack
+      # memory as non-executable
+      -Wl,-z,relro # Mark relocation table entries resolved at load-time as
+      # read-only
+      -Wl,-z,now # Mark relocation table entries resolved at load-time as
+      # read-only. It impacts startup performance
+      "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
+      # undefined behavior sanitizer
+      -fno-delete-null-pointer-checks
+      -fno-strict-overflow
+      -fno-strict-aliasing
+      -ftrivial-auto-var-init=zero
+      -Wtrampolines # Enable trampolines(gcc only)
+      -mbranch-protection=standard # Enable indirect branches(aarch64 only)
+      CACHE STRING "Additional hardening compilation flags for GCC/Clang")
+
+  set(USE_HARDENING_LINKS
+      -fstack-protector-strong # Enable stack protector
+      "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
+      # undefined behavior sanitizer -Wl,-z,nodlopen # Restrict dlopen(3) calls
+      # to shared objects
+      -Wl,-z,noexecstack # Enable data execution prevention by marking stack
+      # memory as non-executable
+      -Wl,-z,relro # Mark relocation table entries resolved at load-time as
+      # read-only
+      -Wl,-z,now # Mark relocation table entries resolved at load-time as
+      # read-only. It impacts startup performance
+      CACHE STRING "Additional hardening linking flags for GCC/Clang")
+endif()
+
 include(cmake-modules/build/Hardening)
diff --git a/cmake/vcpkg/bootstrap/vcpkg_configure.cmake b/cmake/vcpkg/bootstrap/vcpkg_configure.cmake
@@ -52,6 +52,30 @@ macro(detect_vcpkg)
   endif()
 endmacro()
 
+# Add VCPKG_INSTALL_REPORT_FAILURE option to report vcpkg failure in detail
+function(_vcpkg_install_report_failure)
+  if(DEFINED ENV{CI} AND NOT "$ENV{CI}" STREQUAL "")
+    set(VCPKG_INSTALL_REPORT_FAILURE
+        ON
+        CACHE INTERNAL "Enable vcpkg install failure report in detail")
+  endif()
+  file(READ "$CACHE{_VCPKG_TOOLCHAIN_FILE}" _vcpkg_toolchain_content)
+  if(VCPKG_INSTALL_REPORT_FAILURE
+     AND NOT "${_vcpkg_toolchain_content}" MATCHES
+         [[VCPKG INSTALL REPORT FAILURE IN DETAIL]])
+    string(
+      REPLACE
+        [[message(STATUS "Running vcpkg install - failed")]]
+        [[message(STATUS "Running vcpkg install - failed")
+            file(READ "${CMAKE_CURRENT_BINARY_DIR}/vcpkg_installed/vcpkg/issue_body.md" issue_body_content)
+            message(STATUS "")
+            set(Z_NATIVE_VCPKG_MANIFEST_INSTALL_LOGFILE "${Z_NATIVE_VCPKG_MANIFEST_INSTALL_LOGFILE}\nVCPKG INSTALL REPORT FAILURE IN DETAIL: ${CMAKE_CURRENT_BINARY_DIR}/vcpkg_installed/vcpkg/issue_body.md\n${issue_body_content}\n")]]
+        _vcpkg_toolchain_content
+        "${_vcpkg_toolchain_content}")
+    file(WRITE "$CACHE{_VCPKG_TOOLCHAIN_FILE}" "${_vcpkg_toolchain_content}")
+  endif()
+endfunction()
+
 # bootstrap and configure vcpkg
 macro(vcpkg_configure)
   detect_vcpkg()
@@ -68,6 +92,9 @@ macro(vcpkg_configure)
   endif()
 
   _vcpkg_chainload_toolchain()
+
+  _vcpkg_install_report_failure()
+
   message(STATUS "vcpkg_toolchain_file:$CACHE{_VCPKG_TOOLCHAIN_FILE}")
   include("$CACHE{_VCPKG_TOOLCHAIN_FILE}")
 endmacro()
diff --git a/cmake/vcpkg/bootstrap/vcpkg_load_triplet.cmake b/cmake/vcpkg/bootstrap/vcpkg_load_triplet.cmake
@@ -46,7 +46,7 @@ function(_vcpkg_detect_host_triplet)
       if(_detect_osx_arch_count EQUAL "0")
         message(
           WARNING
-            "Unable to determine target architecture. "
+            "Unable to determine target architecture from ${CMAKE_OSX_ARCHITECTURES}. "
             "Consider providing a value for the CMAKE_OSX_ARCHITECTURES cache variable. "
             "Continuing without vcpkg.")
         set(VCPKG_TOOLCHAIN ON)
@@ -57,7 +57,8 @@ function(_vcpkg_detect_host_triplet)
       if(_detect_osx_arch_count GREATER "1")
         message(
           WARNING
-            "Detected more than one target architecture. Using the first one.")
+            "Detected more than one target architecture from ${CMAKE_OSX_ARCHITECTURES}. Using the first one."
+        )
       endif()
       list(GET CMAKE_OSX_ARCHITECTURES "0" _detect_osx_target_arch)
       if(_detect_osx_target_arch STREQUAL "arm64")
@@ -75,7 +76,7 @@ function(_vcpkg_detect_host_triplet)
       else()
         message(
           WARNING
-            "Unable to determine target architecture, continuing without vcpkg."
+            "Unable to determine target architecture from ${CMAKE_OSX_ARCHITECTURES}, continuing without vcpkg."
         )
         set(VCPKG_TOOLCHAIN ON)
         cmake_policy(POP)
@@ -96,6 +97,8 @@ function(_vcpkg_detect_host_triplet)
         OR CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "AMD64"
         OR CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "amd64")
         set(_detect_target_triplet_arch x64)
+      elseif(CMAKE_HOST_SYSTEM_PROCESSOR MATCHES "^i.86$")
+        set(_detect_target_triplet_arch x86)
       elseif(CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "s390x")
         set(_detect_target_triplet_arch s390x)
       elseif(CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "ppc64le")
@@ -115,7 +118,7 @@ function(_vcpkg_detect_host_triplet)
       else()
         message(
           WARNING
-            "Unable to determine target architecture, continuing without vcpkg."
+            "Unable to determine target architecture from ${CMAKE_HOST_SYSTEM_PROCESSOR}, continuing without vcpkg."
         )
         set(VCPKG_TOOLCHAIN ON)
         cmake_policy(POP)
@@ -166,6 +169,12 @@ function(_vcpkg_detect_host_triplet)
 
   if(NOT _detect_target_triplet_arch STREQUAL ""
      AND NOT _detect_target_triplet_plat STREQUAL "")
+    set(VCPKG_DETECT_TRIPLET_ARCH
+        ${_detect_target_triplet_arch}
+        PARENT_SCOPE)
+    set(VCPKG_DETECT_TRIPLET_PLAT
+        ${_detect_target_triplet_plat}
+        PARENT_SCOPE)
     set(VCPKG_HOST_TRIPLET
         "${_detect_target_triplet_arch}-${_detect_target_triplet_plat}"
         PARENT_SCOPE)

diff --git a/copier.yml b/copier.yml
@@ -1,3 +1,11 @@
+---
+# Copier will load all these files
+!include includes/copier.*.yml
+---
+_exclude:
+  - .copier-answers.*.yml
+  - copier.*.yml
+
 _envops:
   block_end_string: '%]'
   block_start_string: '[%'
@@ -193,3 +201,53 @@ use_codeql:
   help: 'Whether to add codeql integration:'
   type: bool
   when: '{{ repo_platform == "github" }}'
+
+# Override ss-cmake variables
+
+ss_cmake_repo_name:
+  default: '{{ repo_name }}'
+  help: 'Provide a name for the repository:'
+  type: str
+  when: false
+
+ss_cmake_repo_url:
+  default: '[% from pathjoin("includes", "variable.jinja") import repo_url with context %]{{ repo_url() }}'
+  help: 'Provide a url for the repository:'
+  type: str
+  when: false
+
+ss_cmake_project_description:
+  default: '{{ project_description }}'
+  help: 'Provide a brief description for the project:'
+  type: str
+  when: false
+
+ss_cmake_configure_coverage:
+  default: true
+  help: Whether to configure coverage in cmake integration for C++.
+  type: bool
+  when: false
+
+ss_cmake_configure_version:
+  default: true
+  help: Whether to configure to detect git version in cmake integration for C++
+  type: bool
+  when: false
+
+ss_cmake_configure_warnings_and_hardening:
+  default: true
+  help: Whether to configure warnings and hardening compiling options in cmake integrationo for C++
+  type: bool
+  when: false
+
+ss_cmake_use_cpm:
+  default: '{{ use_cpm }}'
+  help: Whether to use CPM to manage C++ dependencies that will break up vcpkg dependency management.
+  type: bool
+  when: false
+
+ss_cmake_use_conan:
+  default: '{{ use_conan }}'
+  help: Whether to use conan to manage C++ dependencies that will break up vcpkg dependency management.
+  type: bool
+  when: false
diff --git a/docs/tutorials/dependencies.md b/docs/tutorials/dependencies.md
@@ -36,7 +36,7 @@ copier copy gh:serious-scaffold/ss-cpp /path/to/project -d use_conan=true
 
 The above command will generate a cmake module file `cmake/ConfigureConanDependencies.cmake`, which presents an example of how to use Conan to manage dependencies.
 
-```{literalinclude} ../../template/cmake/[% if use_conan == true %]ConfigureConanDependencies.cmake[% endif %]
+```{literalinclude} ../../template/cmake/[% if ss_cmake_use_conan == true %]ConfigureConanDependencies.cmake[% endif %]
 :language: cmake
 ```
 
@@ -57,6 +57,6 @@ copier copy gh:serious-scaffold/ss-cpp /path/to/project -d use_cpm=true
 The above command will generate a cmake module file `cmake/ConfigureCPMDependencies.cmake`, which presents an example of how to use CPM to manage dependencies.
 
 
-```{literalinclude} ../../template/cmake/[% if use_cpm == true %]ConfigureCPMDependencies.cmake[% endif %]
+```{literalinclude} ../../template/cmake/[% if ss_cmake_use_cpm == true %]ConfigureCPMDependencies.cmake[% endif %]
 :language: cmake
 ```
diff --git a/template/.copier-answers.ss-cmake.yml b/template/.copier-answers.ss-cmake.yml
@@ -0,0 +1,3 @@
+# Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
+_commit: v0.0.5
+_src_path: https://github.com/serious-scaffold/ss-cmake
diff --git a/...s[% endif %]/[% if repo_name == 'ss-cpp' %]tutorials[% endif %]/dependencies.md b/...s[% endif %]/[% if repo_name == 'ss-cpp' %]tutorials[% endif %]/dependencies.md
@@ -36,7 +36,7 @@ copier copy gh:serious-scaffold/ss-cpp /path/to/project -d use_conan=true
 
 The above command will generate a cmake module file `cmake/ConfigureConanDependencies.cmake`, which presents an example of how to use Conan to manage dependencies.
 
-```{literalinclude} ../../template/cmake/[% if use_conan == true %]ConfigureConanDependencies.cmake[% endif %]
+```{literalinclude} ../../template/cmake/[% if ss_cmake_use_conan == true %]ConfigureConanDependencies.cmake[% endif %]
 :language: cmake
 ```
 
@@ -57,6 +57,6 @@ copier copy gh:serious-scaffold/ss-cpp /path/to/project -d use_cpm=true
 The above command will generate a cmake module file `cmake/ConfigureCPMDependencies.cmake`, which presents an example of how to use CPM to manage dependencies.
 
 
-```{literalinclude} ../../template/cmake/[% if use_cpm == true %]ConfigureCPMDependencies.cmake[% endif %]
+```{literalinclude} ../../template/cmake/[% if ss_cmake_use_cpm == true %]ConfigureCPMDependencies.cmake[% endif %]
 :language: cmake
 ```
diff --git a/template/cmake/ConfigureCoverage.cmake → ...true %]ConfigureCoverage.cmake[% endif %] b/template/cmake/ConfigureCoverage.cmake → ...true %]ConfigureCoverage.cmake[% endif %]
diff --git a/template/cmake/ConfigureVersion.cmake → ... true %]ConfigureVersion.cmake[% endif %] b/template/cmake/ConfigureVersion.cmake → ... true %]ConfigureVersion.cmake[% endif %]
diff --git a/...cmake/ConfigureWarningsAndHardening.cmake → ...gureWarningsAndHardening.cmake[% endif %] b/...cmake/ConfigureWarningsAndHardening.cmake → ...gureWarningsAndHardening.cmake[% endif %]
@@ -73,4 +73,48 @@ include(cmake-modules/build/CompilerFlags)
 # Hardening
 # ##############################################################################
 
+# Comment `-Wl,-z,nodlopen` for dlopen call
+if(NOT MSVC)
+  set(USE_HARDENING_FLAGS
+      -D_GLIBCXX_ASSERTIONS # Enable assertions
+      -U_FORTIFY_SOURCE # Disable stack protector
+      -D_FORTIFY_SOURCE=3 # Enable stack protector
+      -fstack-protector-strong # Enable stack protector
+      -fcf-protection # Control Flow Guard
+      -fstack-clash-protection # Control Flow Guard
+      -Wimplicit-fallthrough # Enabled in compiler flags by default
+      -fstrict-flex-arrays=3 # Enable strict array bounds
+      -Wformat # Enabled in compiler flags by default
+      -Wformat=2 # Enabled in compiler flags by default
+      # -Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
+      -Wl,-z,noexecstack # Enable data execution prevention by marking stack
+      # memory as non-executable
+      -Wl,-z,relro # Mark relocation table entries resolved at load-time as
+      # read-only
+      -Wl,-z,now # Mark relocation table entries resolved at load-time as
+      # read-only. It impacts startup performance
+      "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
+      # undefined behavior sanitizer
+      -fno-delete-null-pointer-checks
+      -fno-strict-overflow
+      -fno-strict-aliasing
+      -ftrivial-auto-var-init=zero
+      -Wtrampolines # Enable trampolines(gcc only)
+      -mbranch-protection=standard # Enable indirect branches(aarch64 only)
+      CACHE STRING "Additional hardening compilation flags for GCC/Clang")
+
+  set(USE_HARDENING_LINKS
+      -fstack-protector-strong # Enable stack protector
+      "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
+      # undefined behavior sanitizer -Wl,-z,nodlopen # Restrict dlopen(3) calls
+      # to shared objects
+      -Wl,-z,noexecstack # Enable data execution prevention by marking stack
+      # memory as non-executable
+      -Wl,-z,relro # Mark relocation table entries resolved at load-time as
+      # read-only
+      -Wl,-z,now # Mark relocation table entries resolved at load-time as
+      # read-only. It impacts startup performance
+      CACHE STRING "Additional hardening linking flags for GCC/Clang")
+endif()
+
 include(cmake-modules/build/Hardening)
diff --git a/...nfigureConanDependencies.cmake[% endif %] → ...nfigureConanDependencies.cmake[% endif %] b/...nfigureConanDependencies.cmake[% endif %] → ...nfigureConanDependencies.cmake[% endif %]
diff --git a/...ConfigureCPMDependencies.cmake[% endif %] → ...ConfigureCPMDependencies.cmake[% endif %] b/...ConfigureCPMDependencies.cmake[% endif %] → ...ConfigureCPMDependencies.cmake[% endif %]
diff --git a/template/cmake/vcpkg/bootstrap/vcpkg_configure.cmake b/template/cmake/vcpkg/bootstrap/vcpkg_configure.cmake
@@ -52,6 +52,30 @@ macro(detect_vcpkg)
   endif()
 endmacro()
 
+# Add VCPKG_INSTALL_REPORT_FAILURE option to report vcpkg failure in detail
+function(_vcpkg_install_report_failure)
+  if(DEFINED ENV{CI} AND NOT "$ENV{CI}" STREQUAL "")
+    set(VCPKG_INSTALL_REPORT_FAILURE
+        ON
+        CACHE INTERNAL "Enable vcpkg install failure report in detail")
+  endif()
+  file(READ "$CACHE{_VCPKG_TOOLCHAIN_FILE}" _vcpkg_toolchain_content)
+  if(VCPKG_INSTALL_REPORT_FAILURE
+     AND NOT "${_vcpkg_toolchain_content}" MATCHES
+         [[VCPKG INSTALL REPORT FAILURE IN DETAIL]])
+    string(
+      REPLACE
+        [[message(STATUS "Running vcpkg install - failed")]]
+        [[message(STATUS "Running vcpkg install - failed")
+            file(READ "${CMAKE_CURRENT_BINARY_DIR}/vcpkg_installed/vcpkg/issue_body.md" issue_body_content)
+            message(STATUS "")
+            set(Z_NATIVE_VCPKG_MANIFEST_INSTALL_LOGFILE "${Z_NATIVE_VCPKG_MANIFEST_INSTALL_LOGFILE}\nVCPKG INSTALL REPORT FAILURE IN DETAIL: ${CMAKE_CURRENT_BINARY_DIR}/vcpkg_installed/vcpkg/issue_body.md\n${issue_body_content}\n")]]
+        _vcpkg_toolchain_content
+        "${_vcpkg_toolchain_content}")
+    file(WRITE "$CACHE{_VCPKG_TOOLCHAIN_FILE}" "${_vcpkg_toolchain_content}")
+  endif()
+endfunction()
+
 # bootstrap and configure vcpkg
 macro(vcpkg_configure)
   detect_vcpkg()
@@ -68,6 +92,9 @@ macro(vcpkg_configure)
   endif()
 
   _vcpkg_chainload_toolchain()
+
+  _vcpkg_install_report_failure()
+
   message(STATUS "vcpkg_toolchain_file:$CACHE{_VCPKG_TOOLCHAIN_FILE}")
   include("$CACHE{_VCPKG_TOOLCHAIN_FILE}")
 endmacro()