From 202de58a9798a17fc15feee1e990b4fd37e39091 Mon Sep 17 00:00:00 2001
From: "l.feng" <43399351+msclock@users.noreply.github.com>
Date: Thu, 2 Jan 2025 11:06:48 +0800
Subject: [PATCH] fix(hardening): fix hardening on windows based on msvc (#23)

Signed-off-by: l.feng <43399351+msclock@users.noreply.github.com>
---
 CMakeLists.txt                            |  11 --
 cmake/ConfigureWarningsAndHardening.cmake | 117 ----------------------
 cmake/ProjectOptions.cmake                | 106 ++++++++++++++++++++
 vcpkg.json                                |   4 +-
 4 files changed, 108 insertions(+), 130 deletions(-)
 delete mode 100644 cmake/ConfigureWarningsAndHardening.cmake
 create mode 100644 cmake/ProjectOptions.cmake

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 96abdf6..508f4f1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -15,23 +15,12 @@ project(
   VERSION ${SKBUILD_PROJECT_VERSION}
   LANGUAGES C CXX)
 
-set(CMAKE_CXX_STANDARD
-    20
-    CACHE STRING "C++ standard")
-set(CMAKE_CXX_STANDARD_REQUIRED
-    ON
-    CACHE BOOL "C++ standard required")
-set(CMAKE_CXX_EXTENSIONS
-    OFF
-    CACHE BOOL "C++ extensions")
-
 # Project default module
 find_package(cmake-modules REQUIRED)
 include(cmake-modules/ProjectDefault)
 
 # Project custom modules
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
-include(ConfigureWarningsAndHardening)
 include(ConfigureVersion)
 
 add_subdirectory(src)
diff --git a/cmake/ConfigureWarningsAndHardening.cmake b/cmake/ConfigureWarningsAndHardening.cmake
deleted file mode 100644
index 784fd89..0000000
--- a/cmake/ConfigureWarningsAndHardening.cmake
+++ /dev/null
@@ -1,117 +0,0 @@
-#[[
-This file configures the following things:
-  - dynamic tools: sanitizers, valgrind.
-  - static tools: clang-tidy, cppcheck.
-  - compiler flags
-  - hardening options
-
-]]
-
-include_guard(GLOBAL)
-
-# ##############################################################################
-# Sanitizer
-# ##############################################################################
-
-set(USE_SANITIZER
-    OFF
-    CACHE BOOL "Enable sanitizer")
-
-include(cmake-modules/build/Sanitizer)
-
-# ##############################################################################
-# Valgrind
-# ##############################################################################
-
-set(USE_VALGRIND
-    OFF
-    CACHE BOOL "Enable Valgrind")
-set(USE_VALGRIND_OPTIONS
-    --leak-check=full # Each individual leak will be shown in detail.
-    --show-leak-kinds=all # Show all of "definite, indirect, possible,
-                          # reachable" leak kinds in the "full" report.
-    --gen-suppressions=all # gen suppress info automatically.
-    --track-origins=yes # Favor useful output over speed. This tracks the
-                        # origins of uninitialized values, which could be very
-                        # useful for memory errors. Consider turning off if
-                        # Valgrind is unacceptably slow.
-    CACHE STRING "valgrind options.")
-
-include(cmake-modules/test/Valgrind)
-
-# ##############################################################################
-# Clang-Tidy
-# ##############################################################################
-
-set(USE_CLANGTIDY
-    OFF
-    CACHE BOOL "Enable Clang-Tidy")
-
-include(cmake-modules/build/ClangTidy)
-
-# ##############################################################################
-# Cppcheck
-# ##############################################################################
-
-set(USE_CPPCHECK
-    OFF
-    CACHE BOOL "Enable Cppcheck")
-set(USE_CPPCHECK_SUPPRESSION_FILE
-    ${CMAKE_SOURCE_DIR}/.cppcheck-suppressions.txt
-    CACHE STRING
-          "Customize the path to the Cppcheck suppressions file of the project")
-
-include(cmake-modules/build/Cppcheck)
-
-# ##############################################################################
-# CompilerFlags
-# ##############################################################################
-
-include(cmake-modules/build/CompilerFlags)
-
-# ##############################################################################
-# Hardening
-# ##############################################################################
-
-set(USE_HARDENING_FLAGS
-    -D_GLIBCXX_ASSERTIONS # Enable assertions
-    -U_FORTIFY_SOURCE # Disable stack protector
-    -D_FORTIFY_SOURCE=3 # Enable stack protector
-    -fstack-protector-strong # Enable stack protector
-    -fcf-protection # Control Flow Guard
-    -fstack-clash-protection # Control Flow Guard
-    -Wimplicit-fallthrough # Enabled in compiler flags by default
-    -fstrict-flex-arrays=3 # Enable strict array bounds
-    -Wformat # Enabled in compiler flags by default
-    -Wformat=2 # Enabled in compiler flags by default
-    # -Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
-    -Wl,-z,noexecstack # Enable data execution prevention by marking stack
-    # memory as non-executable
-    -Wl,-z,relro # Mark relocation table entries resolved at load-time as
-    # read-only
-    -Wl,-z,now # Mark relocation table entries resolved at load-time as
-    # read-only. It impacts startup performance
-    "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
-    # undefined behavior sanitizer
-    -fno-delete-null-pointer-checks
-    -fno-strict-overflow
-    -fno-strict-aliasing
-    -ftrivial-auto-var-init=zero
-    -Wtrampolines # Enable trampolines(gcc only)
-    -mbranch-protection=standard # Enable indirect branches(aarch64 only)
-    CACHE STRING "Additional hardening compilation flags for GCC/Clang")
-
-set(USE_HARDENING_LINKS
-    -fstack-protector-strong # Enable stack protector
-    "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
-    # undefined behavior sanitizer -Wl,-z,nodlopen # Restrict dlopen(3) calls to
-    # shared objects
-    -Wl,-z,noexecstack # Enable data execution prevention by marking stack
-    # memory as non-executable
-    -Wl,-z,relro # Mark relocation table entries resolved at load-time as
-    # read-only
-    -Wl,-z,now # Mark relocation table entries resolved at load-time as
-    # read-only. It impacts startup performance
-    CACHE STRING "Additional hardening linking flags for GCC/Clang")
-
-include(cmake-modules/build/Hardening)
diff --git a/cmake/ProjectOptions.cmake b/cmake/ProjectOptions.cmake
new file mode 100644
index 0000000..9dc10ff
--- /dev/null
+++ b/cmake/ProjectOptions.cmake
@@ -0,0 +1,106 @@
+#[[
+ProjectOptions.cmake - Defines project-specific options for CMake.
+]]
+
+set(CMAKE_CXX_STANDARD
+    20
+    CACHE STRING "C++ standard")
+set(CMAKE_CXX_STANDARD_REQUIRED
+    ON
+    CACHE BOOL "C++ standard required")
+set(CMAKE_CXX_EXTENSIONS
+    OFF
+    CACHE BOOL "C++ extensions")
+
+# ##############################################################################
+# Sanitizer - cmake-modules/build/Sanitizer.cmake
+# ##############################################################################
+
+set(USE_SANITIZER
+    OFF
+    CACHE BOOL "Enable sanitizer")
+
+# ##############################################################################
+# Valgrind - cmake-modules/test/Valgrind.cmake
+# ##############################################################################
+
+set(USE_VALGRIND
+    OFF
+    CACHE BOOL "Enable Valgrind")
+set(USE_VALGRIND_OPTIONS
+    --leak-check=full # Each individual leak will be shown in detail.
+    --show-leak-kinds=all # Show all of "definite, indirect, possible,
+                          # reachable" leak kinds in the "full" report.
+    --gen-suppressions=all # gen suppress info automatically.
+    --track-origins=yes # Favor useful output over speed. This tracks the
+                        # origins of uninitialized values, which could be very
+                        # useful for memory errors. Consider turning off if
+                        # Valgrind is unacceptably slow.
+    CACHE STRING "valgrind options.")
+
+# ##############################################################################
+# Clang-Tidy - cmake-modules/build/ClangTidy.cmake
+# ##############################################################################
+
+set(USE_CLANGTIDY
+    OFF
+    CACHE BOOL "Enable Clang-Tidy")
+
+# ##############################################################################
+# Cppcheck - cmake-modules/build/Cppcheck.cmake
+# ##############################################################################
+
+set(USE_CPPCHECK
+    OFF
+    CACHE BOOL "Enable Cppcheck")
+set(USE_CPPCHECK_SUPPRESSION_FILE
+    ${CMAKE_SOURCE_DIR}/.cppcheck-suppressions.txt
+    CACHE STRING
+          "Customize the path to the Cppcheck suppressions file of the project")
+
+# ##############################################################################
+# Hardening - cmake-modules/build/Hardening.cmake
+# ##############################################################################
+
+# Comment `-Wl,-z,nodlopen` for dlopen call
+if(NOT MSVC)
+  set(USE_HARDENING_FLAGS
+      -D_GLIBCXX_ASSERTIONS # Enable assertions
+      -U_FORTIFY_SOURCE # Disable stack protector
+      -D_FORTIFY_SOURCE=3 # Enable stack protector
+      -fstack-protector-strong # Enable stack protector
+      -fcf-protection # Control Flow Guard
+      -fstack-clash-protection # Control Flow Guard
+      -Wimplicit-fallthrough # Enabled in compiler flags by default
+      -fstrict-flex-arrays=3 # Enable strict array bounds
+      -Wformat # Enabled in compiler flags by default
+      -Wformat=2 # Enabled in compiler flags by default
+      # -Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
+      -Wl,-z,noexecstack # Enable data execution prevention by marking stack
+      # memory as non-executable
+      -Wl,-z,relro # Mark relocation table entries resolved at load-time as
+      # read-only
+      -Wl,-z,now # Mark relocation table entries resolved at load-time as
+      # read-only. It impacts startup performance
+      "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime
+      # undefined behavior sanitizer
+      -fno-delete-null-pointer-checks
+      -fno-strict-overflow
+      -fno-strict-aliasing
+      -ftrivial-auto-var-init=zero
+      -Wtrampolines # Enable trampolines(gcc only)
+      -mbranch-protection=standard # Enable indirect branches(aarch64 only)
+      CACHE STRING "Additional hardening compilation flags for GCC/Clang")
+
+  set(USE_HARDENING_LINKS
+      -fstack-protector-strong # Enable stack protector
+      "-fsanitize=undefined -fsanitize-minimal-runtime"
+      # -Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects
+      -Wl,-z,noexecstack # Enable data execution prevention by marking stack
+      # memory as non-executable
+      -Wl,-z,relro # Mark relocation table entries resolved at load-time as
+      # read-only
+      -Wl,-z,now # Mark relocation table entries resolved at load-time as
+      # read-only. It impacts startup performance
+      CACHE STRING "Additional hardening linking flags for GCC/Clang")
+endif()
diff --git a/vcpkg.json b/vcpkg.json
index 314429c..9b69137 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -31,7 +31,7 @@
     },
     {
       "name": "cmake-modules",
-      "version": "1.6.12"
+      "version": "1.6.13"
     },
     {
       "name": "robotology-cmake-ycm",
@@ -53,7 +53,7 @@
     "registries": [
       {
         "kind": "git",
-        "baseline": "d97dd1ef7fecabcfd756dbf520dfd625bb562046",
+        "baseline": "acce0190fabf75096d6be7db6138cb714bc7aace",
         "repository": "https://github.com/msclock/cmake-registry",
         "packages": [
           "cmake-modules",