Hardened.jl is a simple package to strictly check that Julia is running with the correct flags for Hardened Compilation. This is useful for security and safety crtical systems.
Currently this checks for:
- Bounds checking
- Global IEEE math mode
- Function overwrite
Bounds checking: overrides any @inbounds
declarations
IEEE math mode: overrides any @fastmath
declarations
Function overwrite: insures against resource injection and ensures testing integrity
using Hardened
using PrecompileTools
# PrecompileTools workload
@setup_workload begin
# This will check that the compilation is hardened
Hardened.check()
@compile_workload begin
# ...
end
end
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/787.html
https://cwe.mitre.org/data/definitions/1339.html
https://cwe.mitre.org/data/definitions/99.html
This package only provides coverage against some CWEs. For additional checks, tools such as JuliaHub can provide greater static coverage.