add more secure compilation flags

Author: bratpiorka

benchmark/ubench.c

@@ -63,7 +63,7 @@ static void do_benchmark(alloc_t *array, size_t iters, malloc_t malloc_f,
     int i = 0;
     do {
         array[i].ptr = malloc_f(provider, Alloc_size, 0);
-    } while (array[i++].ptr != NULL && i < iters);
+    } while (array[i++].ptr != NULL && i < (int)iters);
 
     while (--i >= 0) {
         free_f(provider, array[i].ptr, Alloc_size);
@@ -110,14 +110,14 @@ UBENCH_EX(simple, glibc_malloc) {
 
 static umf_os_memory_provider_params_t UMF_OS_MEMORY_PROVIDER_PARAMS = {
     /* .protection = */ UMF_PROTECTION_READ | UMF_PROTECTION_WRITE,
-    /* .visibility */ UMF_MEM_MAP_PRIVATE,
+    /* .visibility = */ UMF_MEM_MAP_PRIVATE,
+    /* .shm_name = */ NULL,
 
     // NUMA config
-    /* .nodemask = */ NULL,
-    /* .maxnode = */ 0,
+    /* .numa_list = */ NULL,
+    /* .numa_list_len = */ 0,
     /* .numa_mode = */ UMF_NUMA_MODE_DEFAULT,
-
-    // others
+    /* .part_size = */ 0,
 };
 
 static void *w_umfMemoryProviderAlloc(void *provider, size_t size,

cmake/helpers.cmake

@@ -91,18 +91,24 @@ function(add_umf_target_compile_options name)
         target_compile_options(
             ${name}
             PRIVATE -fPIC
+                    # -fPIE
                     -Wall
+                    -Wextra
+                    -Werror
                     -Wpedantic
                     -Wempty-body
                     -Wunused-parameter
+                    -Wformat
+                    -Wformat-security
+                    -fstack-protector-strong
+                    -D_FORTIFY_SOURCE=2
+                    # -flto -fvisibility=hidden
                     $<$<CXX_COMPILER_ID:GNU>:-fdiagnostics-color=auto>)
         if(CMAKE_BUILD_TYPE STREQUAL "Release")
             target_compile_definitions(${name} PRIVATE -D_FORTIFY_SOURCE=2)
         endif()
         if(UMF_DEVELOPER_MODE)
-            target_compile_options(
-                ${name} PRIVATE -Werror -fno-omit-frame-pointer
-                                -fstack-protector-strong)
+            target_compile_options(${name} PRIVATE -fno-omit-frame-pointer)
         endif()
         if(USE_GCOV)
             if(NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
@@ -113,20 +119,30 @@ function(add_umf_target_compile_options name)
     elseif(MSVC)
         target_compile_options(
             ${name}
-            PRIVATE $<$<CXX_COMPILER_ID:MSVC>:/MP> # clang-cl.exe does not
-                                                   # support /MP
-                    /W3 /MD$<$<CONFIG:Debug>:d> /GS)
-
-        if(UMF_DEVELOPER_MODE)
-            target_compile_options(${name} PRIVATE /WX /GS)
-        endif()
+            PRIVATE # clang-cl.exe does not support /MP
+                    $<$<CXX_COMPILER_ID:MSVC>:/MP>
+                    /W4
+                    /WX
+                    /MD$<$<CONFIG:Debug>:d>
+                    /Gy
+                    /GS
+                    /analyze
+                    /sdl
+                    # warning 6326: Potential comparison of a constant with
+                    # another constant
+                    /wd6326
+                    /DYNAMICBASE
+                    /HIGHENTROPYVA
+                    /NXCOMPAT
+                    /ALLOWISOLATION)
     endif()
 endfunction()
 
 function(add_umf_target_link_options name)
     if(NOT MSVC)
         if(NOT APPLE)
-            target_link_options(${name} PRIVATE "LINKER:-z,relro,-z,now")
+            target_link_options(${name} PRIVATE "LINKER:-z,relro,-z,now"
+            )# -z,noexecstack
             if(USE_GCOV)
                 if(NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
                     message(

examples/basic/ipc_ipcapi_consumer.c

@@ -135,13 +135,14 @@ int main(int argc, char *argv[]) {
     memset(recv_buffer, 0, RECV_BUFF_SIZE);
 
     // receive a size of the IPC handle from the producer's
-    ssize_t len = recv(producer_socket, recv_buffer, RECV_BUFF_SIZE, 0);
-    if (len < 0) {
+    ssize_t recv_len = recv(producer_socket, recv_buffer, RECV_BUFF_SIZE, 0);
+    if (recv_len < 0) {
         fprintf(
             stderr,
             "[consumer] ERROR: receiving a size of the IPC handle failed\n");
         goto err_close_producer_socket;
     }
+    size_t len = (size_t)recv_len;
 
     size_t size_IPC_handle = *(size_t *)recv_buffer;
 
@@ -151,11 +152,13 @@ int main(int argc, char *argv[]) {
             len, size_IPC_handle);
 
     // send received size to the producer as a confirmation
-    len = send(producer_socket, &size_IPC_handle, sizeof(size_IPC_handle), 0);
-    if (len < 0) {
+    recv_len =
+        send(producer_socket, &size_IPC_handle, sizeof(size_IPC_handle), 0);
+    if (recv_len < 0) {
         fprintf(stderr, "[consumer] ERROR: sending confirmation failed\n");
         goto err_close_producer_socket;
     }
+    len = (size_t)recv_len;
 
     fprintf(stderr,
             "[consumer] Sent a confirmation to the producer (%zu bytes)\n",
@@ -169,11 +172,13 @@ int main(int argc, char *argv[]) {
     }
 
     // receive the IPC handle from the producer's
-    len = recv(producer_socket, IPC_handle, size_IPC_handle, 0);
-    if (len < 0) {
+    recv_len = recv(producer_socket, IPC_handle, size_IPC_handle, 0);
+    if (recv_len < 0) {
         fprintf(stderr, "[consumer] ERROR: receiving the IPC handle failed\n");
         goto err_free_IPC_handle;
     }
+    len = (size_t)recv_len;
+
     if (len < size_IPC_handle) {
         fprintf(stderr,
                 "[consumer] ERROR: receiving the IPC handle failed - received "

include/umf/proxy_lib_new_delete.h

@@ -48,6 +48,16 @@ SOFTWARE.
 #include <stdlib.h>
 #endif // _WIN32
 
+// disable warning C28196: The requirement that '(_Param_(1)>0)?(return!=0):(1)'
+// is not satisfied. (The expression does not evaluate to true.)
+// disable warning C6387: 'return' could be '0': this does not adhere to the
+// specification for the function 'new'.
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable : 28196)
+#pragma warning(disable : 6387)
+#endif // _MSC_VER
+
 static inline void *internal_aligned_alloc(size_t alignment, size_t size) {
 #ifdef _WIN32
     return _aligned_malloc(size, alignment);
@@ -147,6 +157,11 @@ void *operator new[](std::size_t n, std::align_val_t al,
                      const std::nothrow_t &) noexcept {
     return internal_aligned_alloc(static_cast<size_t>(al), n);
 }
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif // _MSC_VER
+
 #endif // (__cplusplus > 201402L || defined(__cpp_aligned_new))
 #endif // defined(__cplusplus)
 

src/base_alloc/base_alloc.c

@@ -14,6 +14,13 @@
 #include "utils_log.h"
 #include "utils_sanitizers.h"
 
+// disable 4200 warning: nonstandard extension used: zero-sized array in
+// struct/union used in umf_ba_chunk_t, umf_ba_pool_t and umf_ba_next_pool_t
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable : 4200)
+#endif // _MSC_VER
+
 // minimum size of a single pool of the base allocator
 #define MINIMUM_POOL_SIZE (ba_os_get_page_size())
 
@@ -219,6 +226,12 @@ void *umf_ba_alloc(umf_ba_pool_t *pool) {
     // we'll mark the memory as undefined
     utils_annotate_memory_defined(chunk, sizeof(*chunk));
 
+    // check if the free list is not empty
+    if (pool->metadata.free_list == NULL) {
+        LOG_ERR("pool->metadata.free_list == NULL");
+        return NULL;
+    }
+
     pool->metadata.free_list = pool->metadata.free_list->next;
     pool->metadata.n_allocs++;
 #ifndef NDEBUG
@@ -305,3 +318,7 @@ void umf_ba_destroy(umf_ba_pool_t *pool) {
     util_mutex_destroy_not_free(&pool->metadata.free_lock);
     ba_os_free(pool, size);
 }
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif // _MSC_VER

src/base_alloc/base_alloc_linear.c

@@ -14,6 +14,13 @@
 #include "utils_concurrency.h"
 #include "utils_log.h"
 
+// disable 4200 warning: nonstandard extension used: zero-sized array in
+// struct/union used in umf_ba_linear_pool and umf_ba_next_linear_pool_t
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable : 4200)
+#endif // _MSC_VER
+
 #ifndef NDEBUG
 #define _DEBUG_EXECUTE(expression) DO_WHILE_EXPRS(expression)
 #else
@@ -197,9 +204,9 @@ int umf_ba_linear_free(umf_ba_linear_pool_t *pool, void *ptr) {
         if ((pool->metadata.pool_n_allocs == 0) && pool->next_pool &&
             (pool->metadata.pool_size > page_size)) {
             // we can free the first (main) pool except of the first page containing the metadata
-            void *ptr = (char *)pool + page_size;
+            void *pool_ptr = (char *)pool + page_size;
             size_t size = pool->metadata.pool_size - page_size;
-            ba_os_free(ptr, size);
+            ba_os_free(pool_ptr, size);
             // update pool_size
             pool->metadata.pool_size = page_size;
         }
@@ -222,9 +229,9 @@ int umf_ba_linear_free(umf_ba_linear_pool_t *pool, void *ptr) {
                 assert(prev_pool->next_pool == next_pool);
                 prev_pool->next_pool = next_pool->next_pool;
                 _DEBUG_EXECUTE(pool->metadata.n_pools--);
-                void *ptr = next_pool;
+                void *next_pool_ptr = next_pool;
                 size_t size = next_pool->pool_size;
-                ba_os_free(ptr, size);
+                ba_os_free(next_pool_ptr, size);
             }
             _DEBUG_EXECUTE(ba_debug_checks(pool));
             util_mutex_unlock(&pool->metadata.lock);
@@ -295,3 +302,7 @@ size_t umf_ba_linear_pool_contains_pointer(umf_ba_linear_pool_t *pool,
     util_mutex_unlock(&pool->metadata.lock);
     return 0;
 }
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif // _MSC_VER

src/base_alloc/base_alloc_windows.c

@@ -16,7 +16,10 @@ void *ba_os_alloc(size_t size) {
     return VirtualAlloc(NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
 }
 
-void ba_os_free(void *ptr, size_t size) { VirtualFree(ptr, 0, MEM_RELEASE); }
+void ba_os_free(void *ptr, size_t size) {
+    (void)size;
+    VirtualFree(ptr, 0, MEM_RELEASE);
+}
 
 static void _ba_os_init_page_size(void) {
     SYSTEM_INFO SystemInfo;

src/cpp_helpers.hpp

@@ -117,6 +117,7 @@ template <typename T, typename ParamType> umf_memory_pool_ops_t poolMakeCOps() {
         }
 
         if constexpr (std::is_same_v<ParamType, void>) {
+            (void)params; // unused
             return detail::initialize<T>(reinterpret_cast<T *>(*obj),
                                          std::make_tuple(provider));
         } else {
@@ -145,6 +146,7 @@ umf_memory_provider_ops_t providerMakeCOps() {
         }
 
         if constexpr (std::is_same_v<ParamType, void>) {
+            (void)params; // unused
             return detail::initialize<T>(reinterpret_cast<T *>(*obj),
                                          std::make_tuple());
         } else {

src/ipc_internal.h

@@ -12,6 +12,13 @@
 
 #include <umf/base.h>
 
+// disable 4200 warning: nonstandard extension used: zero-sized array in
+// struct/union used in umf_ipc_data_t
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable : 4200)
+#endif // _MSC_VER
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -31,4 +38,8 @@ typedef struct umf_ipc_data_t {
 }
 #endif
 
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif // _MSC_VER
+
 #endif /* UMF_IPC_INTERNAL_H */

src/libumf_windows.c

@@ -14,6 +14,9 @@
 #if defined(UMF_SHARED_LIBRARY) /* SHARED LIBRARY */
 
 BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
+    (void)hinstDLL;    // unused
+    (void)lpvReserved; // unused
+
     if (fdwReason == DLL_PROCESS_ATTACH) {
         (void)umfInit();
     } else if (fdwReason == DLL_PROCESS_DETACH) {
@@ -32,6 +35,10 @@ INIT_ONCE init_once_flag = INIT_ONCE_STATIC_INIT;
 
 BOOL CALLBACK initOnceCb(PINIT_ONCE InitOnce, PVOID Parameter,
                          PVOID *lpContext) {
+    (void)InitOnce;
+    (void)Parameter;
+    (void)lpContext;
+
     int ret = umfInit();
     atexit(umfTearDown);
     return (ret == 0) ? TRUE : FALSE;

src/memory_targets/memory_target_numa.c

@@ -8,7 +8,6 @@
  */
 
 #include <assert.h>
-#include <hwloc.h>
 #include <stdlib.h>
 
 #include <umf/pools/pool_disjoint.h>

src/memspace.c

@@ -265,7 +265,7 @@ umf_result_t umfMemspaceFilter(umf_memspace_handle_t hMemspace,
     }
 
     size_t cloneIdx = 0;
-    for (size_t cloneIdx = 0; cloneIdx < newMemspace->size; cloneIdx++) {
+    for (cloneIdx = 0; cloneIdx < newMemspace->size; cloneIdx++) {
         ret = umfMemoryTargetClone(uniqueBestNodes[cloneIdx],
                                    &newMemspace->nodes[cloneIdx]);
         if (ret != UMF_RESULT_SUCCESS) {

src/memspaces/memspace_highest_bandwidth.c

@@ -9,7 +9,6 @@
 
 #include <assert.h>
 #include <ctype.h>
-#include <hwloc.h>
 #include <stdlib.h>
 
 #include "base_alloc_global.h"

src/memspaces/memspace_highest_capacity.c

@@ -8,7 +8,6 @@
  */
 
 #include <assert.h>
-#include <hwloc.h>
 #include <stdlib.h>
 
 #include "base_alloc_global.h"

src/memspaces/memspace_host_all.c

@@ -8,7 +8,6 @@
  */
 
 #include <assert.h>
-#include <hwloc.h>
 #include <stdlib.h>
 
 #include "base_alloc_global.h"

src/memspaces/memspace_lowest_latency.c

@@ -9,7 +9,6 @@
 
 #include <assert.h>
 #include <ctype.h>
-#include <hwloc.h>
 #include <stdlib.h>
 
 #include "base_alloc_global.h"