ci: add libcpp hardening flags to macOS fuzz job #33462

pull fanquake wants to merge 2 commits into bitcoin:master from fanquake:macos_fuzz_hardening changing 2 files +3 −3
  1. fanquake commented at 2:38 pm on September 23, 2025: member
    Follows up to #33425 (comment).
  2. ci: add libcpp hardening flags to macOS fuzz job 
    Follows up to
https://github.com/bitcoin/bitcoin/pull/33425#issuecomment-3323149107.
    c5d8702c3f
  3. DrahtBot added the label Tests on Sep 23, 2025
  4. DrahtBot commented at 2:38 pm on September 23, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33462.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK maflcko

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  5. fanquake commented at 3:11 pm on September 23, 2025: member
    Ah, this probably isn’t doing anything, because we are using the oldest supported Apple Clang here. Will push something else.
  6. WIP: use macOS 15 in CI f76eb16cf6
  7. fanquake force-pushed on Sep 23, 2025
  8. in .github/workflows/ci.yml:149 in f76eb16cf6 
    145@@ -146,7 +146,7 @@ jobs:
146           # doc/release-notes-empty-template.md and providing at least the
147           # minimum clang version denoted in doc/dependencies.md.
148           # See: https://developer.apple.com/documentation/xcode-release-notes/xcode-15-release-notes
149-          sudo xcode-select --switch /Applications/Xcode_15.0.app
150+          #sudo xcode-select --switch /Applications/Xcode_15.0.app
    maflcko commented at 3:39 pm on September 23, 2025:

    hardening was added in xcode 16: https://developer.apple.com/documentation/xcode-release-notes/xcode-16-release-notes#C++-Standard-Library

     0diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
 1index 52d21ef3ab..a0902e2700 100644
 2--- a/.github/workflows/ci.yml
 3+++ b/.github/workflows/ci.yml
 4@@ -145,8 +145,8 @@ jobs:
 5           # Use the earliest Xcode supported by the version of macOS denoted in
 6           # doc/release-notes-empty-template.md and providing at least the
 7           # minimum clang version denoted in doc/dependencies.md.
 8-          # See: https://developer.apple.com/documentation/xcode-release-notes/xcode-15-release-notes
 9-          sudo xcode-select --switch /Applications/Xcode_15.0.app
10+          # See: https://developer.apple.com/documentation/xcode-release-notes/xcode-16-release-notes
11+          sudo xcode-select --switch /Applications/Xcode_16.0.app
12           clang --version
13 
14       - name: Install Homebrew packages
15diff --git a/doc/release-notes-empty-template.md b/doc/release-notes-empty-template.md
16index 0e8dc7704e..7f419cbf42 100644
17--- a/doc/release-notes-empty-template.md
18+++ b/doc/release-notes-empty-template.md
19@@ -36,7 +36,7 @@ Compatibility
20 ==============
21 
22 Bitcoin Core is supported and tested on operating systems using the
23-Linux Kernel 3.17+, macOS 13+, and Windows 10+. Bitcoin
24+Linux Kernel 3.17+, macOS 14+, and Windows 10+. Bitcoin
25 Core should also work on most other Unix-like systems but is not as
26 frequently tested on them. It is not recommended to use Bitcoin Core on
27 unsupported systems.

    and macos 13 is unsupported: https://en.wikipedia.org/wiki/MacOS_Ventura

  9. fanquake commented at 6:03 pm on September 23, 2025: member

    Looks like this does pass with the correct Clang (https://github.com/bitcoin/bitcoin/actions/runs/17950891735/job/51049620756#step:3:16):

    0 Apple clang version 17.0.0 (clang-1700.0.13.5)
1Target: arm64-apple-darwin24.6.0
2Thread model: posix
3InstalledDir: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin

    with some slowdown. i.e on master:

    0tx_pool_standard: succeeded against 919 files in 22s.
1utxo_total_supply: succeeded against 831 files in 98s.

    in this PR:

    0tx_pool_standard: succeeded against 919 files in 152s.
1 utxo_total_supply: succeeded against 831 files in 126s.
  10. maflcko commented at 5:41 pm on September 25, 2025: member

    Concept ACK. The qa-assets repo has a libc++ debug run, so this isn’t required, but it seems fast enough to not hurt.

    Would be nice to push my suggested diff, so that the xcode is hardcoded again.


fanquake DrahtBot maflcko

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-09-26 15:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me