[libc] add cmake for hardening mode

[nickdesaulniers]

We'd need to think about what precisely we'd want here, but I'd like to have some configuration knob for llvm-libc, for users that want additional hardening levels applied to their build.

For example, a bunch of the syscall wrappers take pointers. If we pass these to the Linux kernel, the kernel aught to flag this. But sometimes we use/trust those pointers, and that can lead to a bad time. As an example #86169 creates a reference from these pointers without checking for nullptr.

Should that be an LIBC_ASSERT? Should someone just enable assertions for their build of llvm-libc if they're paranoid? Do we need two different configs to distinguish between potentially expensive asserts vs hardening asserts?

This is probably worth an RFC, but filing a feature request for now.

[llvmbot]

@llvm/issue-subscribers-libc

Author: Nick Desaulniers (nickdesaulniers)

We'd need to think about what precisely we'd want here, but I'd like to have some configuration knob for llvm-libc, for users that want additional hardening levels applied to their build.

For example, a bunch of the syscall wrappers take pointers. If we pass these to the Linux kernel, the kernel aught to flag this. But sometimes we use/trust those pointers, and that can lead to a bad time. As an example #86169 creates a reference from these pointers without checking for nullptr.

Should that be an LIBC_ASSERT? Should someone just enable assertions for their build of llvm-libc if they're paranoid? Do we need two different configs to distinguish between potentially expensive asserts vs hardening asserts?

This is probably worth an RFC, but filing a feature request for now.