From e7f466a9a477f700e57a34a831731df479ce5094 Mon Sep 17 00:00:00 2001 From: Juan Cruz Viotti Date: Tue, 1 Apr 2025 14:44:29 -0400 Subject: [PATCH] Review compiler options for Clang and GCC Signed-off-by: Juan Cruz Viotti --- cmake/common/compiler/options.cmake | 35 +++++++++++++++++++++++++-- cmake/common/targets/executable.cmake | 21 ++++++++++++++++ 2 files changed, 54 insertions(+), 2 deletions(-) diff --git a/cmake/common/compiler/options.cmake b/cmake/common/compiler/options.cmake index 228022a13..27f17fe31 100644 --- a/cmake/common/compiler/options.cmake +++ b/cmake/common/compiler/options.cmake @@ -51,7 +51,22 @@ function(sourcemeta_add_default_options visibility target) # multiplication wraps around using twos-complement representation # See https://users.cs.utah.edu/~regehr/papers/overflow12.pdf # See https://www.postgresql.org/message-id/1689.1134422394@sss.pgh.pa.us - -fwrapv) + -fwrapv + + # See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html + -Wformat + -Wformat=2 + -Werror=format-security + -fstack-protector-strong) + + if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64") + target_compile_options("${target}" ${visibility} -fcf-protection=full) + elseif(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64") + target_compile_options("${target}" ${visibility} -mbranch-protection=standard) + endif() + + target_compile_definitions("${target}" ${visibility} _FORTIFY_SOURCE=3) + target_compile_definitions("${target}" ${visibility} $<$:_GLIBCXX_ASSERTIONS>) endif() if(SOURCEMETA_COMPILER_LLVM) @@ -80,6 +95,11 @@ function(sourcemeta_add_default_options visibility target) -fvectorize # Enable vectorization of straight-line code for performance -fslp-vectorize) + + # See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html + target_compile_options("${target}" ${visibility} + $<$:-fno-delete-null-pointer-checks -fno-strict-aliasing -ftrivial-auto-var-init=zero> + $<$:-fno-delete-null-pointer-checks -fno-strict-aliasing -ftrivial-auto-var-init=zero>) elseif(SOURCEMETA_COMPILER_GCC) target_compile_options("${target}" ${visibility} -fno-trapping-math @@ -88,7 +108,18 @@ function(sourcemeta_add_default_options visibility target) # GCC seems to print a lot of false-positives here -Wno-free-nonheap-object # Disables runtime type information - -fno-rtti) + -fno-rtti + + # See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html + -Wtrampolines + -Wbidi-chars=any + -fstack-clash-protection + -fstrict-flex-arrays=3) + + # See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html + target_compile_options("${target}" ${visibility} + $<$:-fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing -ftrivial-auto-var-init=zero> + $<$:-fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing -ftrivial-auto-var-init=zero>) endif() endfunction() diff --git a/cmake/common/targets/executable.cmake b/cmake/common/targets/executable.cmake index 4f5db98f8..684b5a030 100644 --- a/cmake/common/targets/executable.cmake +++ b/cmake/common/targets/executable.cmake @@ -30,5 +30,26 @@ function(sourcemeta_executable) add_executable("${TARGET_NAME}" ${SOURCEMETA_EXECUTABLE_SOURCES}) sourcemeta_add_default_options(PRIVATE ${TARGET_NAME}) + + # See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html + if(SOURCEMETA_COMPILER_LLVM) + target_compile_options(${TARGET_NAME} PRIVATE + $<$:-fPIE> + $<$:-fPIE>) + elseif(SOURCEMETA_COMPILER_GCC) + target_compile_options(${TARGET_NAME} PRIVATE + $<$:-fPIE -pie> + $<$:-fPIE -pie>) + if(NOT APPLE) + target_link_options(${TARGET_NAME} PRIVATE + "LINKER:-z,nodlopen" + "LINKER:-z,noexecstack" + "LINKER:-z,relro" + "LINKER:-z,now" + "LINKER:--as-needed" + "LINKER:--no-copy-dt-needed-entries") + endif() + endif() + set_target_properties("${TARGET_NAME}" PROPERTIES FOLDER "${FOLDER_NAME}") endfunction()