As noticed in #21135, main in our macOS and Windows test_bitcoin binaries doesn’t contain control flow instrumentation. This is because main for those binaries is provided by Boost, and when we compile Boost in depends, we don’t build with -fcf-protection=full, like we do in configure. The reason the Linux test_bitcoin binaries contain instrumentation is because the GCC used to build them is patched by Ubuntu to enable -fcf-protection=full by default.
Fixing this isn’t as simple as building Boost in depends with -fcf-protection=full, because we still support compilers that don’t support that option, and we don’t currently have a way to test-before-using in depends. However, given that this only affects test_bitcoin, and only macOS and Windows, we can probably just do the following:
For macOS, we can actually just build Boost with -fcf-protection=full, as our cross-compiler (LLVM Clang 10) supports this option, and any Apple Clang we’d expected to be used for building depends should also support it.
For Windows, the x86_64-w64-mingw32-g++ in Bionic in based off GCC 7.3.0, and therefore doesn’t support -fcf-protection (introduced in GCC 8). Given we’d expect users to be cross-compiling for Windows on Bionic for a while longer yet, we can just implement the control flow checks, but skip it for test_bitcoin.
For Linux, we don’t need to do anything build wise, just add the instrumentation checks. I would probably prefer to do this when we are using LIEF for Linux.