Ensure C++ user compatibility (#57)

* Initial use of clang for CI testing

* Fixing some clang compatibility problems

* Fixing C++ user compatibility problems

* Disambiguate all testing from unit testing

* Disambiguate coverage logging from testing

* Found actual crash and OOM behavior with invalid bundle and EID inputs

Author: BrianSipos

.github/workflows/build-test.yaml

@@ -82,9 +82,10 @@ jobs:
       - name: Dependencies
         run: ./build.sh deps
       - name: Prep
-        run: |
-          ./build.sh prep \
-              -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_TESTING=ON
+        run: >
+          ./build.sh prep
+          -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF
+          -DBUILD_UNITTEST=ON -DBUILD_COVERAGE=ON
       - name: Build
         run: ./build.sh
       - name: Install
@@ -153,7 +154,10 @@ jobs:
       - name: Dependencies
         run: ./build.sh deps
       - name: Prep
-        run: ./build.sh prep -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_TESTING=ON
+        run: >
+          ./build.sh prep
+          -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF
+          -DBUILD_UNITTEST=OFF -DBUILD_COVERAGE=ON
       - name: Build
         run: ./build.sh
       - name: Install

.github/workflows/codeql.yml

@@ -88,7 +88,7 @@ jobs:
           cmake ninja-build ruby build-essential \
           libssl-dev libjansson-dev
         ./build.sh deps
-        ./build.sh prep -DTEST_MEMCHECK=OFF -DTEST_COVERAGE=OFF -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF
+        ./build.sh prep -DTEST_MEMCHECK=OFF -DBUILD_COVERAGE=OFF -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/docs.yaml

@@ -55,7 +55,7 @@ jobs:
       - name: Prep
         run: >
           ./build.sh prep
-          -DBUILD_TESTING=OFF -DTEST_MEMCHECK=OFF -DTEST_COVERAGE=OFF
+          -DBUILD_TESTING=OFF -DTEST_MEMCHECK=OFF -DBUILD_COVERAGE=OFF
           -DBUILD_DOCS_API=ON
       - name: Build
         run: ./build.sh --target docs-api-html docs-api-pdf docs-api-misspelling

.github/workflows/fuzzing.yaml

@@ -0,0 +1,107 @@
+##
+## Copyright (c) 2025 The Johns Hopkins University Applied Physics
+## Laboratory LLC.
+##
+## This file is part of the Bundle Protocol Security Library (BSL).
+##
+## Licensed under the Apache License, Version 2.0 (the "License");
+## you may not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##     http://www.apache.org/licenses/LICENSE-2.0
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+## This work was performed for the Jet Propulsion Laboratory, California
+## Institute of Technology, sponsored by the United States Government under
+## the prime contract 80NM0018D0004 between the Caltech and NASA under
+## subcontract 1700763.
+##
+name: Build and run fuzzing
+on:
+  schedule:
+    - cron: '0 0 * * 0'
+  push:
+    branches:
+      - main
+      - 'apl-fy[0-9][0-9]'
+  pull_request: {} # any target
+
+jobs:
+  fuzzing:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ['ubuntu-24.04', 'centos-9']
+        compiler: ['clang']
+    name: Fuzzing (${{matrix.os}} ${{matrix.compiler}})
+    runs-on: ${{ matrix.os == 'centos-9' && 'ubuntu-24.04' || matrix.os }}
+    container: ${{ matrix.os == 'centos-9' && 'quay.io/centos/centos:stream9' || null }}
+    permissions:
+      contents: read
+      actions: write
+    env:
+      CC: ${{matrix.compiler=='clang' && 'clang' || 'gcc'}}
+      CXX: ${{matrix.compiler=='clang' && 'clang++' || 'g++'}}
+    steps:
+      - name: Set up OS
+        if: startsWith(matrix.os, 'ubuntu')
+        run: |
+          sudo rm /var/lib/man-db/auto-update
+          sudo apt-get update
+          sudo apt-get install -y \
+              cmake ninja-build \
+              ruby pkg-config ccache patch \
+              ${{matrix.compiler=='clang' && 'clang llvm' || 'gcc g++'}} \
+              libssl-dev libjansson-dev \
+              valgrind gcovr xmlstarlet
+          sudo gem install cbor-diag
+      - name: Set up OS
+        if: startsWith(matrix.os, 'centos')
+        run: |
+          dnf install -y epel-release
+          crb enable
+          dnf install -y \
+              git rsync \
+              cmake ninja-build \
+              ruby pkg-config ccache patch \
+              ${{matrix.compiler=='clang' && 'clang llvm' || 'gcc gcc-c++'}} \
+              openssl-devel jansson-devel \
+              valgrind xmlstarlet python3-pip
+          pip3 install gcovr
+          gem install cbor-diag
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: recursive
+      - name: ccache
+        uses: hendrikmuhs/ccache-action@v1.2
+        with:
+          create-symlink: true
+      - name: Dependencies
+        run: ./build.sh deps
+      - name: Prep
+        run: >
+          ./build.sh prep
+          -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF
+          -DBUILD_UNITTEST=OFF -DBUILD_FUZZING=ON -DBUILD_COVERAGE=ON
+      - name: Build
+        run: ./build.sh
+      - name: Install
+        run: ./build.sh install
+      - name: Test
+        run: ./build.sh check
+      - name: Report corpus
+        run: for FN in $(find test/*cbor*corpus -type f); do echo $FN; cborseq2diag.rb <$FN; done
+      - name: Collect coverage
+        run: ./build.sh coverage
+      - name: Archive coverage
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{github.job}}-${{matrix.os}}-${{matrix.compiler}}-coverage
+          path: build/default/coverage*
+      - name: Report coverage
+        run: ./build.sh coverage-summary >> $GITHUB_STEP_SUMMARY

.github/workflows/packages.yaml

@@ -41,7 +41,7 @@ jobs:
           dnf config-manager --set-enabled crb
           dnf install -y epel-release
           dnf install -y \
-              rsync cmake git ninja-build gcc ruby \
+              rsync cmake git ninja-build gcc gcc-c++ ccache ruby \
               openssl-devel jansson-devel \
               doxygen graphviz plantuml texlive-bibtex \
               asciidoctor \
@@ -51,6 +51,10 @@ jobs:
         with:
           fetch-depth: 0
           submodules: recursive
+      - name: ccache
+        uses: hendrikmuhs/ccache-action@v1.2
+        with:
+          create-symlink: true
       - name: Prep
         run: ./build.sh rpm-prep
       - name: Build

CMakeLists.txt

@@ -25,9 +25,10 @@ option(BUILD_LIB "Build the library itself" ON)
 option(BUILD_SHARED_LIBS "Build using shared libraries" ON)
 option(BUILD_DOCS_API "Enable API documentation building" OFF)
 option(BUILD_DOCS_MAN "Enable manpage building" OFF)
-option(BUILD_TESTING "Enable building unit tests" ON)
+option(BUILD_UNITTEST "Enable building unit tests" ON)
 option(TEST_MEMCHECK "Enable test runtime memory checking" ON)
-option(TEST_COVERAGE "Enable test runtime coverage logging" ON)
+option(BUILD_COVERAGE "Enable runtime coverage logging and reporting" OFF)
+option(BUILD_FUZZING "Enable building fuzzing executables" OFF)
 option(BUILD_PACKAGE "Enable building package outputs" OFF)
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
@@ -59,7 +60,7 @@ STRING(REPLACE "-" "." GIT_TAG_MOD ${GIT_TAG_MOD})
 message(STATUS "Using version marking ${GIT_TAG_VERS} - ${GIT_TAG_MOD}")
 
 project(bsl
-    LANGUAGES C
+    LANGUAGES C CXX
     VERSION ${GIT_TAG_VERS}
 )
 
@@ -75,21 +76,19 @@ add_definitions(
 # Generic warn/error options
 add_compile_options(
     -Wall
-    -Wextra
-    -Wpedantic
-    -Werror
+    $<$<COMPILE_LANGUAGE:C>:-Wextra>
+    $<$<COMPILE_LANGUAGE:C>:-Wpedantic>
+    $<$<COMPILE_LANGUAGE:C>:-Werror>
     -Wshadow -Wpointer-arith -Wstrict-prototypes
     -Wmissing-prototypes -Wredundant-decls -Wcast-align
-    -Wformat=2 -Wswitch-enum
+    -Wformat=2
     -fno-strict-aliasing -Werror=format-security -fno-common
     -Wstrict-aliasing=2
     # -Wconversion
-)
-add_compile_options(
     -ffunction-sections
     -fdata-sections
     -fno-omit-frame-pointer
-    $<$<COMPILE_LANGUAGE:CXX>:-fno-exceptions>
+    $<$<COMPILE_LANGUAGE:C>:-Wswitch-enum>
 )
 if(CMAKE_C_COMPILER_ID MATCHES "GNU")
     set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -O0")
@@ -127,7 +126,7 @@ include(CheckTypeSize)
 check_type_size("int" SIZE_INT LANGUAGE C)
 check_type_size("size_t" SIZE_SIZET LANGUAGE C)
 
-if(BUILD_TESTING)
+if(BUILD_UNITTEST)
   if(TEST_MEMCHECK)
     find_program(MEMCHECK_CMD valgrind)
     message(STATUS "Using valgrind memcheck for tests: ${MEMCHECK_CMD}")
@@ -142,45 +141,46 @@ if(BUILD_TESTING)
     # Arguments as list into global scope for Findunitytools.cmake
     set(TEST_EXEC_PREFIX "${MEMCHECK_CMD}" ${MEMCHECK_OPTIONS})
   endif(TEST_MEMCHECK)
-  if(TEST_COVERAGE)
-    include(CodeCoverage)
-    append_coverage_compiler_flags()
-
-    set(COVERAGE_EXCLUDES
-      "${CMAKE_CURRENT_SOURCE_DIR}/deps/*"
-      "${CMAKE_CURRENT_SOURCE_DIR}/testroot/*"
-      "${CMAKE_CURRENT_BINARY_DIR}/test/*"
-    )
-    set(GCOVR_ADDITIONAL_ARGS
-    )
-    setup_target_for_coverage_gcovr_xml(
-      NAME coverage-xml
-      BASE_DIRECTORY "${PROJECT_SOURCE_DIR}"
-    )
-    setup_target_for_coverage_gcovr_html(
-      NAME coverage-html
-      BASE_DIRECTORY "${PROJECT_SOURCE_DIR}"
-    )
-  endif(TEST_COVERAGE)
-
-  include(CTest)
-  set(CMAKE_CTEST_ARGUMENTS
-    --output-junit testresults.xml
-    --output-on-failure
+endif(BUILD_UNITTEST)
+if(BUILD_FUZZING)
+  find_package(libfuzzer)
+endif(BUILD_FUZZING)
+if(BUILD_COVERAGE)
+  include(CodeCoverage)
+  append_coverage_compiler_flags()
+
+  set(COVERAGE_EXCLUDES
+    "${CMAKE_CURRENT_SOURCE_DIR}/deps/*"
+    "${CMAKE_CURRENT_SOURCE_DIR}/testroot/*"
+    "${CMAKE_CURRENT_BINARY_DIR}/test/*"
   )
-endif(BUILD_TESTING)
+  set(GCOVR_ADDITIONAL_ARGS
+  )
+  setup_target_for_coverage_gcovr_xml(
+    NAME coverage-xml
+    BASE_DIRECTORY "${PROJECT_SOURCE_DIR}"
+  )
+  setup_target_for_coverage_gcovr_html(
+    NAME coverage-html
+    BASE_DIRECTORY "${PROJECT_SOURCE_DIR}"
+  )
+endif(BUILD_COVERAGE)
+
+include(CTest)
+set(CMAKE_CTEST_ARGUMENTS
+  --output-junit testresults.xml
+  --output-on-failure
+)
 
 # Install config used by tall targets
 include(GNUInstallDirs)
 
 if(BUILD_LIB)
     add_subdirectory(src)
 endif(BUILD_LIB)
-if(BUILD_TESTING)
-    message(STATUS "Building tests")
-    set(TEST_INSTALL_PREFIX "${CMAKE_INSTALL_LIBEXECDIR}/${PROJECT_NAME}")
-    add_subdirectory(test)
-endif(BUILD_TESTING)
+
+set(TEST_INSTALL_PREFIX "${CMAKE_INSTALL_LIBEXECDIR}/${PROJECT_NAME}")
+add_subdirectory(test)
 add_subdirectory(docs)
 
 if(BUILD_PACKAGE)

build.sh

@@ -111,7 +111,7 @@ function cmd_rpm_prep {
     then
         git config --global --add safe.directory ${PWD}
     fi
-    ./resources/prep.sh -DBUILD_LIB=OFF -DBUILD_TESTING=OFF -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_PACKAGE=ON
+    ./resources/prep.sh -DBUILD_LIB=OFF -DBUILD_UNITTEST=OFF -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_PACKAGE=ON
 }
 
 function cmd_rpm_build {

cmake/CodeCoverage.cmake

@@ -164,8 +164,13 @@ foreach(LANG ${LANGUAGES})
   endif()
 endforeach()
 
-set(COVERAGE_COMPILER_FLAGS "-g --coverage"
-    CACHE INTERNAL "")
+if(CMAKE_C_COMPILER_ID MATCHES "GNU")
+    set(COVERAGE_COMPILER_FLAGS "-g --coverage")
+    set(GCOV_EXEC "--gcov-executable" "gcov")
+elseif(CMAKE_C_COMPILER_ID MATCHES "Clang")
+    set(COVERAGE_COMPILER_FLAGS "-gdwarf-4 --coverage")
+    set(GCOV_EXEC "--gcov-executable" "llvm-cov gcov")
+endif()
 
 if(CMAKE_CXX_COMPILER_ID MATCHES "(GNU|Clang)")
     include(CheckCXXCompilerFlag)
@@ -309,7 +314,7 @@ function(setup_target_for_coverage_lcov)
     if(${Coverage_SONARQUBE})
         # Generate SonarQube output
         set(GCOVR_XML_CMD
-            ${GCOVR_PATH} --sonarqube ${Coverage_NAME}_sonarqube.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
+            ${GCOVR_PATH} ${GCOV_EXEC} --sonarqube ${Coverage_NAME}_sonarqube.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
             ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
         )
         set(GCOVR_XML_CMD_COMMAND
@@ -455,7 +460,7 @@ function(setup_target_for_coverage_gcovr_xml)
     )
     # Running gcovr
     set(GCOVR_XML_CMD
-        ${GCOVR_PATH} --xml ${Coverage_NAME}.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
+        ${GCOVR_PATH} ${GCOV_EXEC} --xml ${Coverage_NAME}.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
         ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
     )
 
@@ -551,7 +556,7 @@ function(setup_target_for_coverage_gcovr_html)
     )
     # Running gcovr
     set(GCOVR_HTML_CMD
-        ${GCOVR_PATH} --html ${Coverage_NAME}/index.html --html-details -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
+        ${GCOVR_PATH} ${GCOV_EXEC} --html ${Coverage_NAME}/index.html --html-details -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
         ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
     )