Skip to content

Review compiler options for Clang and GCC #1592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
+75 −3
Draft

Review compiler options for Clang and GCC #1592

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 52 additions & 3 deletions cmake/common/compiler/options.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ function(sourcemeta_add_default_options visibility target)
-Woverloaded-virtual
-Winvalid-offsetof
-funroll-loops
-fstrict-aliasing
-ftree-vectorize

# To improve how much GCC/Clang will vectorize
Expand All @@ -51,7 +50,41 @@ function(sourcemeta_add_default_options visibility target)
# multiplication wraps around using twos-complement representation
# See https://users.cs.utah.edu/~regehr/papers/overflow12.pdf
# See https://www.postgresql.org/message-id/[email protected]
-fwrapv)
-fwrapv

# See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
-Wformat
-Wformat=2
-Werror=format-security
-fstack-protector-strong)

# Control-flow protection: requires hardware and OS support
if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
# -fcf-protection uses Intel CET (Control-flow Enforcement Technology)
# Requires OS kernel support, primarily available on Linux
if(LINUX)
target_compile_options("${target}" ${visibility} -fcf-protection=full)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64")
# -mbranch-protection uses ARM BTI/PAC, requires Linux kernel 5.8+
if(LINUX)
target_compile_options("${target}" ${visibility} -mbranch-protection=standard)
endif()
endif()

# _FORTIFY_SOURCE requires optimization (-O1 or higher), so only enable in Release builds
# First undefine to avoid conflicts, then define
target_compile_options("${target}" ${visibility}
$<$<CONFIG:Release>:-U_FORTIFY_SOURCE>
$<$<CONFIG:RelWithDebInfo>:-U_FORTIFY_SOURCE>)
target_compile_definitions("${target}" ${visibility}
$<$<CONFIG:Release>:_FORTIFY_SOURCE=3>
$<$<CONFIG:RelWithDebInfo>:_FORTIFY_SOURCE=3>)

# _GLIBCXX_ASSERTIONS is libstdc++ (GNU) specific, not applicable to libc++ (LLVM/macOS)
if(NOT APPLE AND SOURCEMETA_COMPILER_GCC)
target_compile_definitions("${target}" ${visibility} $<$<CONFIG:Debug>:_GLIBCXX_ASSERTIONS>)
endif()
endif()

if(SOURCEMETA_COMPILER_LLVM)
Expand Down Expand Up @@ -80,6 +113,11 @@ function(sourcemeta_add_default_options visibility target)
-fvectorize
# Enable vectorization of straight-line code for performance
-fslp-vectorize)

# See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
target_compile_options("${target}" ${visibility}
$<$<CONFIG:Release>:-fno-delete-null-pointer-checks -fno-strict-aliasing -ftrivial-auto-var-init=zero>
$<$<CONFIG:RelWithDebInfo>:-fno-delete-null-pointer-checks -fno-strict-aliasing -ftrivial-auto-var-init=zero>)
elseif(SOURCEMETA_COMPILER_GCC)
target_compile_options("${target}" ${visibility}
-fno-trapping-math
Expand All @@ -88,7 +126,18 @@ function(sourcemeta_add_default_options visibility target)
# GCC seems to print a lot of false-positives here
-Wno-free-nonheap-object
# Disables runtime type information
-fno-rtti)
-fno-rtti

# See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
-Wtrampolines
-Wbidi-chars=any
-fstack-clash-protection
-fstrict-flex-arrays=3)

# See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
target_compile_options("${target}" ${visibility}
$<$<CONFIG:Release>:-fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing -ftrivial-auto-var-init=zero>
$<$<CONFIG:RelWithDebInfo>:-fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing -ftrivial-auto-var-init=zero>)
endif()
endfunction()

Expand Down
23 changes: 23 additions & 0 deletions cmake/common/targets/executable.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,28 @@ function(sourcemeta_executable)

add_executable("${TARGET_NAME}" ${SOURCEMETA_EXECUTABLE_SOURCES})
sourcemeta_add_default_options(PRIVATE ${TARGET_NAME})

# See https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
# Position Independent Executable (PIE) for ASLR support
if(SOURCEMETA_COMPILER_LLVM OR SOURCEMETA_COMPILER_GCC)
target_compile_options(${TARGET_NAME} PRIVATE
$<$<CONFIG:Release>:-fPIE>
$<$<CONFIG:RelWithDebInfo>:-fPIE>)
target_link_options(${TARGET_NAME} PRIVATE
$<$<CONFIG:Release>:-pie>
$<$<CONFIG:RelWithDebInfo>:-pie>)
endif()

# Linux-specific ELF linker hardening options
if(LINUX AND (SOURCEMETA_COMPILER_LLVM OR SOURCEMETA_COMPILER_GCC))
target_link_options(${TARGET_NAME} PRIVATE
"LINKER:-z,nodlopen"
"LINKER:-z,noexecstack"
"LINKER:-z,relro"
"LINKER:-z,now"
"LINKER:--as-needed"
"LINKER:--no-copy-dt-needed-entries")
endif()

set_target_properties("${TARGET_NAME}" PROPERTIES FOLDER "${FOLDER_NAME}")
endfunction()