+# vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
# ===========================================================================
-# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
+# https://github.com/BrianAker/ddm4/
# ===========================================================================
#
# SYNOPSIS
#
-# AX_HARDEN_COMPILER_FLAGS
+# AX_HARDEN_COMPILER_FLAGS() AX_HARDEN_LINKER_FLAGS()
#
# DESCRIPTION
#
-# Any compiler flag that "hardens" or tests code.
-#
-# NOTE: Implementation based on AX_APPEND_FLAG.
+# Any compiler flag that "hardens" or tests code. C99 is assumed.
#
# LICENSE
#
-# Copyright (C) 2012 Brian Aker
+# Copyright (C) 2012-2019 Brian Aker
# All rights reserved.
-#
+#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
-#
+#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
-#
+#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
-#
+#
# * The names of its contributors may not be used to endorse or
# promote products derived from this software without specific prior
# written permission.
-#
+#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Notes:
+# We do not test for c99 or c++11, that is out of scope.
+
+# The Following flags are not checked for
+# -Wdeclaration-after-statement is counter to C99
+# _APPEND_COMPILE_FLAGS_ERROR([-pedantic])
+
+#serial 17
+
+AC_DEFUN([_SET_SANITIZE_FLAGS],
+ [AS_IF([test "x$MINGW" != xyes],[
+ AS_IF([test "x$enable_shared" = "xyes"],
+ [AS_CASE([$ax_harden_sanitize],
+ [thread],[
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread])],
+ [address],[
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address])],
+ [rest],[
+ _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound])
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr])
+ AS_IF([test "$ax_cv_c_compiler_vendor" != "clang"],[
+ _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size])
+ ])
+ ])
+ ])
+ ])
+ ])
+
+# Note: Should this be LIBS or LDFLAGS?
+AC_DEFUN([_APPEND_LINK_FLAGS_ERROR],
+ [AX_APPEND_LINK_FLAGS([$1],[LDFLAGS],[-Werror])
+ ])
+
+AC_DEFUN([_APPEND_COMPILE_FLAGS_ERROR],
+ [AX_APPEND_COMPILE_FLAGS([$1],,[-Werror])
+ ])
+
+# Everything above this does the heavy lifting, while what follows does the specifics.
+
+AC_DEFUN([_HARDEN_LINKER_FLAGS],
+ [AS_IF([test "$ax_cv_c_compiler_vendor" != "clang"],
+ [_APPEND_LINK_FLAGS_ERROR(["-z relro" "-z now"])
+ AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
+ [_APPEND_LINK_FLAGS_ERROR([-rdynamic])
+# AX_APPEND_LINK_FLAGS([--coverage])])
+ AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],[AX_APPEND_LINK_FLAGS([-Werror])])
+ ])
+ ])
+
+AC_DEFUN([_AX_HARDEN_SANITIZE],
+ [AC_REQUIRE([AX_DEBUG])
+ AC_ARG_WITH([sanitize],
+ [AS_HELP_STRING([--with-sanitize],
+ [Enable sanitize flag for compiler if it supports them @<:@default=no@:>@])],
+ [AS_CASE([$with_sanitize],
+ [thread],[
+ ax_harden_sanitize='thread'],
+ [address],[
+ ax_harden_sanitize='address'],
+ [ax_harden_sanitize='rest'])
+ ],
+ [AS_IF([test "x$ax_enable_debug" = xyes],[ax_harden_sanitize='rest'])])
+ ])
+
+AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS],
+ [AC_LANG_PUSH([C])dnl
+
+ AS_IF([test "x$ax_enable_debug" = xyes],
+ [
+ #_APPEND_COMPILE_FLAGS_ERROR([-H])
+ _APPEND_COMPILE_FLAGS_ERROR([-g])
+ _APPEND_COMPILE_FLAGS_ERROR([-g3])
+ _APPEND_COMPILE_FLAGS_ERROR([-fno-eliminate-unused-debug-types])
+ _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer])
+ ],[
+ _APPEND_COMPILE_FLAGS_ERROR([-g])
+ _APPEND_COMPILE_FLAGS_ERROR([-O2])
+ ])
+
+ AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check])
+# _APPEND_COMPILE_FLAGS_ERROR([--coverage])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpragmas])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunknown-pragmas])],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])])
+
+ AS_IF([test "$ax_cv_c_compiler_vendor" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])])
+
+ _APPEND_COMPILE_FLAGS_ERROR([-Wall])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wextra])
+ _APPEND_COMPILE_FLAGS_ERROR([-Weverything])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail])
+# Anything below this comment please keep sorted.
+# _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-attributes])
+ _APPEND_COMPILE_FLAGS_ERROR([-Waddress])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wvarargs])
+ _APPEND_COMPILE_FLAGS_ERROR([-Warray-bounds])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wbad-function-cast])
+# Not in use -Wc++-compat
+ _APPEND_COMPILE_FLAGS_ERROR([-Wchar-subscripts])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wcomment])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wfloat-equal])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wformat-security])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wformat=2])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wformat-y2k])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-field-initializers])
+ AS_IF([test "x$MINGW" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wno-missing-noreturn])],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wmissing-noreturn])])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-prototypes])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wnested-externs])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-arith])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-sign])
+ AS_IF([test "x$MINGW" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=const])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=noreturn])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=pure])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wshadow])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-overflow=1])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-prototypes])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wswitch-enum])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wundef])
+
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-variable])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-parameter])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-local-typedefs])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wwrite-strings])
+ _APPEND_COMPILE_FLAGS_ERROR([-fwrapv])
+ _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt])
+ _APPEND_COMPILE_FLAGS_ERROR([-pipe])
+ AS_IF([test "x$MINGW" = xyes],
+ [],
+ [_APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie])])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpacked])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long])
+ _APPEND_COMPILE_FLAGS_ERROR([-ftrapv])
+ # Stop error when using -pie on library builds
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-unused-command-line-argument])
+# GCC 4.5 removed this.
+# _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code])
+
+ _SET_SANITIZE_FLAGS
+
+ AS_IF([test "x$ax_enable_debug" = xno],
+ [AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
+ [AS_IF([test "x${host_os}" != "xmingw"],
+ [AS_IF([test "x$ac_c_gcc_recent" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2])
+ #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector])
+ #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4])
+ _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all])
+ ])])])])
+
+ AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],
+ [AX_APPEND_COMPILE_FLAGS([-Werror])])
+
+ AC_LANG_POP([C])
+ ])
+
+AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS],
+ [AC_LANG_PUSH([C++])
+ AS_IF([test "x$ax_enable_debug" = xyes],
+ [CXXFLAGS=''
+ #_APPEND_COMPILE_FLAGS_ERROR([-H])
+ _APPEND_COMPILE_FLAGS_ERROR([-g])
+ _APPEND_COMPILE_FLAGS_ERROR([-g3])
+ _APPEND_COMPILE_FLAGS_ERROR([-fno-inline])
+ _APPEND_COMPILE_FLAGS_ERROR([-fno-eliminate-unused-debug-types])
+ _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer])
+ ],[
+ _APPEND_COMPILE_FLAGS_ERROR([-g])
+ _APPEND_COMPILE_FLAGS_ERROR([-O2])
+ ])
+
+ AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check])
+# _APPEND_COMPILE_FLAGS_ERROR([--coverage])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpragmas])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunknown-pragmas])],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])])
+
+ AS_IF([test "$ax_cv_c_compiler_vendor" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])])
+
+ _APPEND_COMPILE_FLAGS_ERROR([-Wall])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wextra])
+ _APPEND_COMPILE_FLAGS_ERROR([-Weverything])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail])
+# Anything below this comment please keep sorted.
+# _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-attributes])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wvarargs])
+ _APPEND_COMPILE_FLAGS_ERROR([-Waddress])
+ _APPEND_COMPILE_FLAGS_ERROR([-Warray-bounds])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wchar-subscripts])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wcomment])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wctor-dtor-privacy])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wfloat-equal])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wformat=2])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wformat-y2k])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wmaybe-uninitialized])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-field-initializers])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wlogical-op])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wnon-virtual-dtor])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wnormalized=id])
+ _APPEND_COMPILE_FLAGS_ERROR([-Woverloaded-virtual])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-arith])
+ AS_IF([test "x$MINGW" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=const])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-missing-noreturn])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-noreturn])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=noreturn])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-error=suggest-attribute=noreturn])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])],
+ [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wshadow])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-overflow=1])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wswitch-enum])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wtrampolines])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wundef])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunsafe-loop-optimizations])
+ _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wc++11-compat])
+# Disabled due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55837
+# _APPEND_COMPILE_FLAGS_ERROR([-Weffc++])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wold-style-cast])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-variable])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-parameter])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wunused-local-typedefs])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wwrite-strings])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wformat-security])
+ _APPEND_COMPILE_FLAGS_ERROR([-fwrapv])
+ _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt])
+ _APPEND_COMPILE_FLAGS_ERROR([-pipe])
+ AS_IF([test "x$MINGW" = xyes],
+ [],
+ [_APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie])])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wpacked])
+ _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long])
+# GCC 4.5 removed this.
+# _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code])
+
+ AS_IF([test "x$ax_enable_debug" = xno],
+ [AS_IF([test "x$ac_cv_vcs_checkout" = xyes],
+ [AS_IF([test "x${host_os}" != "xmingw"],
+ [AS_IF([test "x$ac_c_gcc_recent" = xyes],
+ [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2])
+ #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector])
+ #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4])
+ _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all])
+ ])])])])
+
+ _SET_SANITIZE_FLAGS
+
+ AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],
+ [AX_APPEND_COMPILE_FLAGS([-Werror])])
+ AC_LANG_POP([C++])
+ ])
+
+# All of the heavy lifting happens in _HARDEN_LINKER_FLAGS,
+# _HARDEN_CC_COMPILER_FLAGS, _HARDEN_CXX_COMPILER_FLAGS
+ AC_DEFUN([AX_HARDEN_COMPILER_FLAGS],
+ [AC_PREREQ([2.63])dnl
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_REQUIRE([AX_COMPILER_VERSION])
+ AC_REQUIRE([AX_DEBUG])
+ AC_REQUIRE([AX_ASSERT])
+ _AX_HARDEN_SANITIZE
+
+ AC_REQUIRE([gl_VISIBILITY])
+ AS_IF([test -n "$CFLAG_VISIBILITY"],[CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"])
+
+ _HARDEN_LINKER_FLAGS
+ _HARDEN_CC_COMPILER_FLAGS
+ _HARDEN_CXX_COMPILER_FLAGS
+ ])
-#serial 1
-
-AC_DEFUN([AX_HARDEN_COMPILER_FLAGS],
-[AC_REQUIRE([AX_CHECK_COMPILE_FLAG])
-AC_REQUIRE([AX_APPEND_FLAG])
-AC_REQUIRE([AX_CHECK_LINK_FLAG])
-AX_APPEND_COMPILE_FLAGS([-O2])
-AX_APPEND_COMPILE_FLAGS([-Werror])
-AX_APPEND_COMPILE_FLAGS([-Wall])
-AX_APPEND_COMPILE_FLAGS([-Wextra])
-AX_APPEND_COMPILE_FLAGS([-Wmaybe-uninitialized])
-AX_APPEND_COMPILE_FLAGS([-Wsign-compare])
-AX_APPEND_COMPILE_FLAGS([-Wunused-result])
-AX_APPEND_COMPILE_FLAGS([-Wunused-variable])
-AX_APPEND_COMPILE_FLAGS([-floop-parallelize-all])
-AX_APPEND_COMPILE_FLAGS([-fstack-protector-all])
-AX_APPEND_COMPILE_FLAGS([-ggdb])
-AX_APPEND_COMPILE_FLAGS([-fstack-protector-all])
-AX_APPEND_COMPILE_FLAGS([-Wstack-protector])
-AX_APPEND_COMPILE_FLAGS([-fwrapv])
-AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
-AX_APPEND_COMPILE_FLAGS([--param],[ssp-buffer-size=1])
-AX_CHECK_LINK_FLAG([-Werror])
-AX_CHECK_LINK_FLAG([-z relro -z now])
-])dnl AX_HARDEN_COMPILER_FLAGS