1 # vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
2 # ===========================================================================
3 # https://github.com/BrianAker/ddm4/
4 # ===========================================================================
8 # AX_HARDEN_COMPILER_FLAGS() AX_HARDEN_LINKER_FLAGS()
12 # Any compiler flag that "hardens" or tests code. C99 is assumed.
14 # NOTE: Implementation based on AX_APPEND_FLAG.
18 # Copyright (C) 2012-2013 Brian Aker
19 # All rights reserved.
21 # Redistribution and use in source and binary forms, with or without
22 # modification, are permitted provided that the following conditions are
25 # * Redistributions of source code must retain the above copyright
26 # notice, this list of conditions and the following disclaimer.
28 # * Redistributions in binary form must reproduce the above
29 # copyright notice, this list of conditions and the following disclaimer
30 # in the documentation and/or other materials provided with the
33 # * The names of its contributors may not be used to endorse or
34 # promote products derived from this software without specific prior
37 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
38 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
39 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
40 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
41 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
44 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
45 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
47 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
50 # We do not test for c99 or c++11, that is out of scope.
52 # The Following flags are not checked for
53 # -Wdeclaration-after-statement is counter to C99
54 # _APPEND_COMPILE_FLAGS_ERROR([-pedantic])
58 AC_DEFUN([_SET_SANITIZE_FLAGS],
59 [AS_IF([test "x$MINGW" != xyes],[
60 AS_IF([test "x$enable_shared" = "xyes"],
61 [AS_CASE([$ax_harden_sanitize],
63 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread])],
65 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address])],
67 _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer])
68 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer])
69 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory])
70 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment])
71 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool])
72 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds])
73 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum])
74 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow])
75 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero])
76 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero])
77 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null])
78 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size])
79 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return])
80 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift])
81 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow])
82 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable])
83 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow])
84 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound])
85 _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr])])
90 AC_DEFUN([_WARNINGS_AS_ERRORS],
91 [AC_CACHE_CHECK([if all warnings into errors],[ac_cv_warnings_as_errors],
92 [AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ac_cv_warnings_as_errors=yes],
93 [ac_cv_warnings_as_errors=no])
97 # Note: Should this be LIBS or LDFLAGS?
98 AC_DEFUN([_APPEND_LINK_FLAGS_ERROR],
99 [AX_APPEND_LINK_FLAGS([$1],[LDFLAGS],[-Werror])
102 AC_DEFUN([_APPEND_COMPILE_FLAGS_ERROR],
103 [AX_APPEND_COMPILE_FLAGS([$1],,[-Werror])
106 # Everything above this does the heavy lifting, while what follows does the specifics.
108 AC_DEFUN([_HARDEN_LINKER_FLAGS],
109 [AS_IF([test "$CC" != "clang"],
110 [_APPEND_LINK_FLAGS_ERROR([-z relro -z now])
111 AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],[AX_APPEND_LINK_FLAGS([-Werror])])
112 AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
113 [_APPEND_LINK_FLAGS_ERROR([-rdynamic])
114 # AX_APPEND_LINK_FLAGS([--coverage])])
118 AC_DEFUN([_AX_HARDEN_SANITIZE],
119 [AC_REQUIRE([AX_DEBUG])
120 AC_ARG_WITH([sanitize],
121 [AS_HELP_STRING([--with-sanitize],
122 [Enable sanitize flag for compiler if it supports them @<:@default=no@:>@])],
123 [AS_CASE([$with_sanitize],
125 ax_harden_sanitize='thread'],
127 ax_harden_sanitize='address'],
128 [ax_harden_sanitize='rest'])
130 [AS_IF([test "x$ax_enable_debug" = xyes],[ax_harden_sanitize='rest'])])
133 AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS],
134 [AC_LANG_PUSH([C])dnl
136 AS_IF([test "x$ax_enable_debug" = xyes],
138 _APPEND_COMPILE_FLAGS_ERROR([-H])
139 _APPEND_COMPILE_FLAGS_ERROR([-g])
140 _APPEND_COMPILE_FLAGS_ERROR([-g3])
141 _APPEND_COMPILE_FLAGS_ERROR([-fmudflapth])
142 _APPEND_COMPILE_FLAGS_ERROR([-fno-eliminate-unused-debug-types])
143 _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer])
145 _APPEND_COMPILE_FLAGS_ERROR([-g])
146 _APPEND_COMPILE_FLAGS_ERROR([-O2])
149 AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
150 [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check])
151 # _APPEND_COMPILE_FLAGS_ERROR([--coverage])
152 _APPEND_COMPILE_FLAGS_ERROR([-Wpragmas])
153 _APPEND_COMPILE_FLAGS_ERROR([-Wunknown-pragmas])],
154 [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas])
155 _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])])
157 AS_IF([test "$CC" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])])
159 _APPEND_COMPILE_FLAGS_ERROR([-Wall])
160 _APPEND_COMPILE_FLAGS_ERROR([-Wextra])
161 _APPEND_COMPILE_FLAGS_ERROR([-Weverything])
162 _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail])
163 # Anything below this comment please keep sorted.
164 # _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute])
165 _APPEND_COMPILE_FLAGS_ERROR([-Wunsuffixed-float-constants])
166 _APPEND_COMPILE_FLAGS_ERROR([-Wjump-misses-init])
167 _APPEND_COMPILE_FLAGS_ERROR([-Wno-attributes])
168 _APPEND_COMPILE_FLAGS_ERROR([-Waddress])
169 _APPEND_COMPILE_FLAGS_ERROR([-Wvarargs])
170 _APPEND_COMPILE_FLAGS_ERROR([-Warray-bounds])
171 _APPEND_COMPILE_FLAGS_ERROR([-Wbad-function-cast])
172 # Not in use -Wc++-compat
173 _APPEND_COMPILE_FLAGS_ERROR([-Wchar-subscripts])
174 _APPEND_COMPILE_FLAGS_ERROR([-Wcomment])
175 _APPEND_COMPILE_FLAGS_ERROR([-Wfloat-equal])
176 _APPEND_COMPILE_FLAGS_ERROR([-Wformat-security])
177 _APPEND_COMPILE_FLAGS_ERROR([-Wformat=2])
178 _APPEND_COMPILE_FLAGS_ERROR([-Wformat-y2k])
179 _APPEND_COMPILE_FLAGS_ERROR([-Wlogical-op])
180 _APPEND_COMPILE_FLAGS_ERROR([-Wmaybe-uninitialized])
181 _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-field-initializers])
182 AS_IF([test "x$MINGW" = xyes],
183 [_APPEND_COMPILE_FLAGS_ERROR([-Wno-missing-noreturn])],
184 [_APPEND_COMPILE_FLAGS_ERROR([-Wmissing-noreturn])])
185 _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-prototypes])
186 _APPEND_COMPILE_FLAGS_ERROR([-Wnested-externs])
187 _APPEND_COMPILE_FLAGS_ERROR([-Wnormalized=id])
188 _APPEND_COMPILE_FLAGS_ERROR([-Woverride-init])
189 _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-arith])
190 _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-sign])
191 AS_IF([test "x$MINGW" = xyes],
192 [_APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=const])
193 _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=noreturn])
194 _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=pure])
195 _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])],
196 [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])])
197 _APPEND_COMPILE_FLAGS_ERROR([-Wshadow])
198 _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32])
199 _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare])
200 _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-overflow=1])
201 _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-prototypes])
202 _APPEND_COMPILE_FLAGS_ERROR([-Wswitch-enum])
203 _APPEND_COMPILE_FLAGS_ERROR([-Wtrampolines])
204 _APPEND_COMPILE_FLAGS_ERROR([-Wundef])
205 _APPEND_COMPILE_FLAGS_ERROR([-Wunsafe-loop-optimizations])
206 _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations])
208 _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered])
209 _APPEND_COMPILE_FLAGS_ERROR([-Wunused])
210 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result])
211 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-variable])
212 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-parameter])
213 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-local-typedefs])
214 _APPEND_COMPILE_FLAGS_ERROR([-Wwrite-strings])
215 _APPEND_COMPILE_FLAGS_ERROR([-fwrapv])
216 _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt])
217 _APPEND_COMPILE_FLAGS_ERROR([-pipe])
218 _APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie])
219 _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess])
220 _APPEND_COMPILE_FLAGS_ERROR([-Wpacked])
221 # _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long])
222 # GCC 4.5 removed this.
223 # _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code])
227 AS_IF([test "x$ax_enable_debug" = xno],
228 [AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
229 [AS_IF([test "x${host_os}" != "xmingw"],
230 [AS_IF([test "x$ac_c_gcc_recent" = xyes],
231 [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2])
232 #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector])
233 #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4])
234 _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all])
237 AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],
238 [AX_APPEND_FLAG([-Werror])])
243 AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS],
245 AS_IF([test "x$ax_enable_debug" = xyes],
247 _APPEND_COMPILE_FLAGS_ERROR([-H])
248 _APPEND_COMPILE_FLAGS_ERROR([-g])
249 _APPEND_COMPILE_FLAGS_ERROR([-g3])
250 _APPEND_COMPILE_FLAGS_ERROR([-fmudflapth])
251 _APPEND_COMPILE_FLAGS_ERROR([-fno-inline])
252 _APPEND_COMPILE_FLAGS_ERROR([-fno-eliminate-unused-debug-types])
253 _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer])
255 _APPEND_COMPILE_FLAGS_ERROR([-g])
256 _APPEND_COMPILE_FLAGS_ERROR([-O2])
259 AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
260 [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check])
261 # _APPEND_COMPILE_FLAGS_ERROR([--coverage])
262 _APPEND_COMPILE_FLAGS_ERROR([-Wpragmas])
263 _APPEND_COMPILE_FLAGS_ERROR([-Wunknown-pragmas])],
264 [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas])
265 _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])])
267 AS_IF([test "$CXX" = "clang++"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])])
269 _APPEND_COMPILE_FLAGS_ERROR([-Wall])
270 _APPEND_COMPILE_FLAGS_ERROR([-Wextra])
271 _APPEND_COMPILE_FLAGS_ERROR([-Weverything])
272 _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail])
273 # Anything below this comment please keep sorted.
274 # _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute])
275 _APPEND_COMPILE_FLAGS_ERROR([-Wno-attributes])
276 _APPEND_COMPILE_FLAGS_ERROR([-Wvarargs])
277 _APPEND_COMPILE_FLAGS_ERROR([-Waddress])
278 _APPEND_COMPILE_FLAGS_ERROR([-Warray-bounds])
279 _APPEND_COMPILE_FLAGS_ERROR([-Wchar-subscripts])
280 _APPEND_COMPILE_FLAGS_ERROR([-Wcomment])
281 _APPEND_COMPILE_FLAGS_ERROR([-Wctor-dtor-privacy])
282 _APPEND_COMPILE_FLAGS_ERROR([-Wfloat-equal])
283 _APPEND_COMPILE_FLAGS_ERROR([-Wformat=2])
284 _APPEND_COMPILE_FLAGS_ERROR([-Wformat-y2k])
285 _APPEND_COMPILE_FLAGS_ERROR([-Wmaybe-uninitialized])
286 _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-field-initializers])
287 _APPEND_COMPILE_FLAGS_ERROR([-Wlogical-op])
288 _APPEND_COMPILE_FLAGS_ERROR([-Wnon-virtual-dtor])
289 _APPEND_COMPILE_FLAGS_ERROR([-Wnormalized=id])
290 _APPEND_COMPILE_FLAGS_ERROR([-Woverloaded-virtual])
291 _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-arith])
292 AS_IF([test "x$MINGW" = xyes],
293 [_APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=const])
294 _APPEND_COMPILE_FLAGS_ERROR([-Wno-missing-noreturn])
295 _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-noreturn])
296 _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=noreturn])
297 _APPEND_COMPILE_FLAGS_ERROR([-Wno-error=suggest-attribute=noreturn])
298 _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])],
299 [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])])
300 _APPEND_COMPILE_FLAGS_ERROR([-Wshadow])
301 _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32])
302 _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare])
303 _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-overflow=1])
304 _APPEND_COMPILE_FLAGS_ERROR([-Wswitch-enum])
305 _APPEND_COMPILE_FLAGS_ERROR([-Wtrampolines])
306 _APPEND_COMPILE_FLAGS_ERROR([-Wundef])
307 _APPEND_COMPILE_FLAGS_ERROR([-Wunsafe-loop-optimizations])
308 _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations])
309 _APPEND_COMPILE_FLAGS_ERROR([-Wc++11-compat])
310 # _APPEND_COMPILE_FLAGS_ERROR([-Weffc++])
311 # _APPEND_COMPILE_FLAGS_ERROR([-Wold-style-cast])
312 _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered])
313 _APPEND_COMPILE_FLAGS_ERROR([-Wunused])
314 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result])
315 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-variable])
316 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-parameter])
317 _APPEND_COMPILE_FLAGS_ERROR([-Wunused-local-typedefs])
318 _APPEND_COMPILE_FLAGS_ERROR([-Wwrite-strings])
319 _APPEND_COMPILE_FLAGS_ERROR([-Wformat-security])
320 _APPEND_COMPILE_FLAGS_ERROR([-fwrapv])
321 _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt])
322 _APPEND_COMPILE_FLAGS_ERROR([-pipe])
323 _APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie])
324 _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess])
325 _APPEND_COMPILE_FLAGS_ERROR([-Wpacked])
326 # _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long])
327 # GCC 4.5 removed this.
328 # _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code])
330 AS_IF([test "x$ax_enable_debug" = xno],
331 [AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
332 [AS_IF([test "x${host_os}" != "xmingw"],
333 [AS_IF([test "x$ac_c_gcc_recent" = xyes],
334 [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2])
335 #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector])
336 #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4])
337 _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all])
342 AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],
343 [AX_APPEND_FLAG([-Werror])])
347 # All of the heavy lifting happens in _HARDEN_LINKER_FLAGS,
348 # _HARDEN_CC_COMPILER_FLAGS, _HARDEN_CXX_COMPILER_FLAGS
349 AC_DEFUN([AX_HARDEN_COMPILER_FLAGS],
350 [AC_PREREQ([2.63])dnl
351 AC_REQUIRE([AC_CANONICAL_HOST])
352 AC_REQUIRE([AX_COMPILER_VERSION])
353 AC_REQUIRE([AX_ASSERT])
357 AC_REQUIRE([gl_VISIBILITY])
358 AS_IF([test -n "$CFLAG_VISIBILITY"],[CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"])
362 _HARDEN_CC_COMPILER_FLAGS
363 _HARDEN_CXX_COMPILER_FLAGS