Add a build-time check that libpq doesn't call exit() or abort().

Directly exiting or aborting seems like poor form for a general-purpose
library.  Now that libpq liberally uses bits out of src/common/,
it's very easy to accidentally include code that would do something
unwanted like calling exit(1) after OOM --- see for example 8ec00dc5c.
Hence, add a simple cross-check that no such calls have made it into
libpq.so.

The cross-check depends on nm(1) being available and being able to
work on a shared library, which probably isn't true everywhere.
But we can just make the test silently do nothing if nm fails.
As long as the check is effective on common platforms, that should
be good enough.  (By the same logic, I've not worried about providing
an equivalent test in MSVC builds.)

Discussion: https://postgr.es/m/3128896.1624742969@sss.pgh.pa.us

diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile
index 0c4e55b6ad34d934c843f85db800c37c83207659..e8cd07e9c9996155d4e183ed724eaed19b50f2c1 100644 (file)
--- a/src/interfaces/libpq/Makefile
+++ b/src/interfaces/libpq/Makefile
@@ -96,12 +96,19 @@ SHLIB_EXPORTS = exports.txt
 
 PKG_CONFIG_REQUIRES_PRIVATE = libssl libcrypto
 
-all: all-lib
+all: all-lib check-libpq-refs
 
 # Shared library stuff
 include $(top_srcdir)/src/Makefile.shlib
 backend_src = $(top_srcdir)/src/backend
 
+# Check for functions that libpq must not call, currently abort() and exit().
+# If nm doesn't exist or doesn't work on shlibs, this test will silently
+# do nothing, which is fine.  The exclusion of _eprintf.o is to prevent
+# complaining about <assert.h> infrastructure on ancient macOS releases.
+.PHONY: check-libpq-refs
+check-libpq-refs: $(shlib)
+   ! nm -A -g -u $< 2>/dev/null | grep -v '_eprintf\.o:' | grep -e abort -e exit
 
 # Make dependencies on pg_config_paths.h visible in all builds.
 fe-connect.o: fe-connect.c $(top_builddir)/src/port/pg_config_paths.h