X-Git-Url: https://git.m6w6.name/?a=blobdiff_plain;f=m4%2Fax_harden_compiler_flags.m4;h=8ceeca67a52f48d263367c8458e37b32eefadd25;hb=22da6f6d6410053ac1f4682453b52463e6c9a05f;hp=4d647996dcd466f0ac97aa2cb9fa5772ebcebd3c;hpb=6cca0302addd6ea9714f2b8deff2c48aab3002ef;p=awesomized%2Flibmemcached diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index 4d647996..8ceeca67 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -1,38 +1,37 @@ +# vim:expandtab:shiftwidth=2:tabstop=2:smarttab: # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html +# https://github.com/BrianAker/ddm4/ # =========================================================================== # # SYNOPSIS # -# AX_HARDEN_COMPILER_FLAGS +# AX_HARDEN_COMPILER_FLAGS() AX_HARDEN_LINKER_FLAGS() # # DESCRIPTION # # Any compiler flag that "hardens" or tests code. C99 is assumed. # -# NOTE: Implementation based on AX_APPEND_FLAG. -# # LICENSE # -# Copyright (C) 2012 Brian Aker +# Copyright (C) 2012-2019 Brian Aker # All rights reserved. -# +# # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are # met: -# +# # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. -# +# # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. -# +# # * The names of its contributors may not be used to endorse or # promote products derived from this software without specific prior # written permission. -# +# # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -44,77 +43,312 @@ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Notes: +# We do not test for c99 or c++11, that is out of scope. # The Following flags are not checked for # -Wdeclaration-after-statement is counter to C99 -# AX_APPEND_COMPILE_FLAGS([-std=c++11]) -- Not ready yet -# AX_APPEND_COMPILE_FLAGS([-pedantic]) -- ? -# AX_APPEND_COMPILE_FLAGS([-Wstack-protector]) -- Issues on 32bit compile -# AX_APPEND_COMPILE_FLAGS([-fstack-protector-all]) -- Issues on 32bit compile -# AX_APPEND_COMPILE_FLAGS([-Wlong-long]) -- Don't turn on for compatibility issues memcached_stat_st - -#serial 2 - - AC_DEFUN([AX_HARDEN_C_COMPILER_FLAGS], [ - AC_REQUIRE([AX_APPEND_COMPILE_FLAGS]) - AC_REQUIRE([AX_CHECK_LINK_FLAG]) - AC_REQUIRE([AX_VCS_CHECKOUT]) - - AC_LANG_PUSH([C]) - AX_APPEND_COMPILE_FLAGS([-O2]) - AX_APPEND_COMPILE_FLAGS([-Werror]) - AX_APPEND_COMPILE_FLAGS([-Wall]) - AX_APPEND_COMPILE_FLAGS([-Wextra]) - AX_APPEND_COMPILE_FLAGS([-std=c99]) - AX_APPEND_COMPILE_FLAGS([-Wbad-function-cast]) - AX_APPEND_COMPILE_FLAGS([-Wmissing-prototypes]) - AX_APPEND_COMPILE_FLAGS([-Wnested-externs]) - AX_APPEND_COMPILE_FLAGS([-Wold-style-definition]) - AX_APPEND_COMPILE_FLAGS([-Woverride-init]) - AX_APPEND_COMPILE_FLAGS([-Wstrict-prototypes]) - AX_APPEND_COMPILE_FLAGS([-Wlogical-op]) - AC_LANG_POP - ]) - - AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [ - AC_REQUIRE([AX_HARDEN_C_COMPILER_FLAGS]) - AC_LANG_PUSH([C++]) - AX_APPEND_COMPILE_FLAGS([-O2]) - AX_APPEND_COMPILE_FLAGS([-Werror]) - AX_APPEND_COMPILE_FLAGS([-Wall]) - AX_APPEND_COMPILE_FLAGS([-Wextra]) - AX_APPEND_COMPILE_FLAGS([-Wpragmas]) - AX_APPEND_COMPILE_FLAGS([--paramssp-buffer-size=1]) - AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2]) - AX_APPEND_COMPILE_FLAGS([-Waddress]) - AX_APPEND_COMPILE_FLAGS([-Warray-bounds]) - AX_APPEND_COMPILE_FLAGS([-Wchar-subscripts]) - AX_APPEND_COMPILE_FLAGS([-Wcomment]) - AX_APPEND_COMPILE_FLAGS([-Wctor-dtor-privacy]) - AX_APPEND_COMPILE_FLAGS([-Wfloat-equal]) - AX_APPEND_COMPILE_FLAGS([-Wformat=2]) - AX_APPEND_COMPILE_FLAGS([-Wmaybe-uninitialized]) - AX_APPEND_COMPILE_FLAGS([-Wmissing-field-initializers]) - AX_APPEND_COMPILE_FLAGS([-Wmissing-noreturn]) - AX_APPEND_COMPILE_FLAGS([-Wlogical-op]) - AX_APPEND_COMPILE_FLAGS([-Wnon-virtual-dtor]) - AX_APPEND_COMPILE_FLAGS([-Wnormalized=id]) - AX_APPEND_COMPILE_FLAGS([-Woverloaded-virtual]) - AX_APPEND_COMPILE_FLAGS([-Wpointer-arith]) - AX_APPEND_COMPILE_FLAGS([-Wredundant-decls]) - AX_APPEND_COMPILE_FLAGS([-Wshadow]) - AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32]) - AX_APPEND_COMPILE_FLAGS([-Wsign-compare]) - AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1]) - AX_APPEND_COMPILE_FLAGS([-Wswitch-enum]) - AX_APPEND_COMPILE_FLAGS([-Wundef]) - AX_APPEND_COMPILE_FLAGS([-Wunused-result]) - AX_APPEND_COMPILE_FLAGS([-Wunused-variable]) - AX_APPEND_COMPILE_FLAGS([-Wwrite-strings]) - AX_APPEND_COMPILE_FLAGS([-floop-parallelize-all]) - AX_APPEND_COMPILE_FLAGS([-fwrapv]) - AX_APPEND_COMPILE_FLAGS([-ggdb]) - AX_CHECK_LINK_FLAG([-Werror]) - AX_CHECK_LINK_FLAG([-z relro -z now]) - AC_LANG_POP +# _APPEND_COMPILE_FLAGS_ERROR([-pedantic]) + +#serial 17 + +AC_DEFUN([_SET_SANITIZE_FLAGS], + [AS_IF([test "x$MINGW" != xyes],[ + AS_IF([test "x$enable_shared" = "xyes"], + [AS_CASE([$ax_harden_sanitize], + [thread],[ + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread])], + [address],[ + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address])], + [rest],[ + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + AS_IF([test "$ax_cv_c_compiler_vendor" != "clang"],[ + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) + ]) + ]) + ]) + ]) + ]) + +# Note: Should this be LIBS or LDFLAGS? +AC_DEFUN([_APPEND_LINK_FLAGS_ERROR], + [AX_APPEND_LINK_FLAGS([$1],[LDFLAGS],[-Werror]) + ]) + +AC_DEFUN([_APPEND_COMPILE_FLAGS_ERROR], + [AX_APPEND_COMPILE_FLAGS([$1],,[-Werror]) + ]) + +# Everything above this does the heavy lifting, while what follows does the specifics. + +AC_DEFUN([_HARDEN_LINKER_FLAGS], + [AS_IF([test "$ax_cv_c_compiler_vendor" != "clang"], + [_APPEND_LINK_FLAGS_ERROR(["-z relro" "-z now"]) + AS_IF([test "x$ac_cv_vcs_checkout" = xyes], + [_APPEND_LINK_FLAGS_ERROR([-rdynamic]) +# AX_APPEND_LINK_FLAGS([--coverage])]) + AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],[AX_APPEND_LINK_FLAGS([-Werror])]) + ]) + ]) + +AC_DEFUN([_AX_HARDEN_SANITIZE], + [AC_REQUIRE([AX_DEBUG]) + AC_ARG_WITH([sanitize], + [AS_HELP_STRING([--with-sanitize], + [Enable sanitize flag for compiler if it supports them @<:@default=no@:>@])], + [AS_CASE([$with_sanitize], + [thread],[ + ax_harden_sanitize='thread'], + [address],[ + ax_harden_sanitize='address'], + [ax_harden_sanitize='rest']) + ], + [AS_IF([test "x$ax_enable_debug" = xyes],[ax_harden_sanitize='rest'])]) + ]) + +AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], + [AC_LANG_PUSH([C])dnl + + AS_IF([test "x$ax_enable_debug" = xyes], + [ + #_APPEND_COMPILE_FLAGS_ERROR([-H]) + _APPEND_COMPILE_FLAGS_ERROR([-g]) + _APPEND_COMPILE_FLAGS_ERROR([-g3]) + _APPEND_COMPILE_FLAGS_ERROR([-fno-eliminate-unused-debug-types]) + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + ],[ + _APPEND_COMPILE_FLAGS_ERROR([-g]) + _APPEND_COMPILE_FLAGS_ERROR([-O2]) + ]) + + AS_IF([test "x$ac_cv_vcs_checkout" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check]) +# _APPEND_COMPILE_FLAGS_ERROR([--coverage]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpragmas]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunknown-pragmas])], + [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])]) + + AS_IF([test "$ax_cv_c_compiler_vendor" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) + + _APPEND_COMPILE_FLAGS_ERROR([-Wall]) + _APPEND_COMPILE_FLAGS_ERROR([-Wextra]) + _APPEND_COMPILE_FLAGS_ERROR([-Weverything]) + _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail]) +# Anything below this comment please keep sorted. +# _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-attributes]) + _APPEND_COMPILE_FLAGS_ERROR([-Waddress]) + _APPEND_COMPILE_FLAGS_ERROR([-Wvarargs]) + _APPEND_COMPILE_FLAGS_ERROR([-Warray-bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-Wbad-function-cast]) +# Not in use -Wc++-compat + _APPEND_COMPILE_FLAGS_ERROR([-Wchar-subscripts]) + _APPEND_COMPILE_FLAGS_ERROR([-Wcomment]) + _APPEND_COMPILE_FLAGS_ERROR([-Wfloat-equal]) + _APPEND_COMPILE_FLAGS_ERROR([-Wformat-security]) + _APPEND_COMPILE_FLAGS_ERROR([-Wformat=2]) + _APPEND_COMPILE_FLAGS_ERROR([-Wformat-y2k]) + _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-field-initializers]) + AS_IF([test "x$MINGW" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-Wno-missing-noreturn])], + [_APPEND_COMPILE_FLAGS_ERROR([-Wmissing-noreturn])]) + _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-prototypes]) + _APPEND_COMPILE_FLAGS_ERROR([-Wnested-externs]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-arith]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-sign]) + AS_IF([test "x$MINGW" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=const]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=noreturn]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=pure]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])], + [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])]) + _APPEND_COMPILE_FLAGS_ERROR([-Wshadow]) + _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32]) + _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare]) + _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-overflow=1]) + _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-prototypes]) + _APPEND_COMPILE_FLAGS_ERROR([-Wswitch-enum]) + _APPEND_COMPILE_FLAGS_ERROR([-Wundef]) + + _APPEND_COMPILE_FLAGS_ERROR([-Wunused]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-variable]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-parameter]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-local-typedefs]) + _APPEND_COMPILE_FLAGS_ERROR([-Wwrite-strings]) + _APPEND_COMPILE_FLAGS_ERROR([-fwrapv]) + _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt]) + _APPEND_COMPILE_FLAGS_ERROR([-pipe]) + AS_IF([test "x$MINGW" = xyes], + [], + [_APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie])]) + _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpacked]) + _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) + _APPEND_COMPILE_FLAGS_ERROR([-ftrapv]) + # Stop error when using -pie on library builds + _APPEND_COMPILE_FLAGS_ERROR([-Wno-unused-command-line-argument]) +# GCC 4.5 removed this. +# _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code]) + + _SET_SANITIZE_FLAGS + + AS_IF([test "x$ax_enable_debug" = xno], + [AS_IF([test "x$ac_cv_vcs_checkout" = xyes], + [AS_IF([test "x${host_os}" != "xmingw"], + [AS_IF([test "x$ac_c_gcc_recent" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2]) + #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector]) + #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4]) + _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all]) + ])])])]) + + AS_IF([test "x$ac_cv_warnings_as_errors" = xyes], + [AX_APPEND_COMPILE_FLAGS([-Werror])]) + + AC_LANG_POP([C]) + ]) + +AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], + [AC_LANG_PUSH([C++]) + AS_IF([test "x$ax_enable_debug" = xyes], + [CXXFLAGS='' + #_APPEND_COMPILE_FLAGS_ERROR([-H]) + _APPEND_COMPILE_FLAGS_ERROR([-g]) + _APPEND_COMPILE_FLAGS_ERROR([-g3]) + _APPEND_COMPILE_FLAGS_ERROR([-fno-inline]) + _APPEND_COMPILE_FLAGS_ERROR([-fno-eliminate-unused-debug-types]) + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + ],[ + _APPEND_COMPILE_FLAGS_ERROR([-g]) + _APPEND_COMPILE_FLAGS_ERROR([-O2]) + ]) + + AS_IF([test "x$ac_cv_vcs_checkout" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check]) +# _APPEND_COMPILE_FLAGS_ERROR([--coverage]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpragmas]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunknown-pragmas])], + [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])]) + + AS_IF([test "$ax_cv_c_compiler_vendor" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) + + _APPEND_COMPILE_FLAGS_ERROR([-Wall]) + _APPEND_COMPILE_FLAGS_ERROR([-Wextra]) + _APPEND_COMPILE_FLAGS_ERROR([-Weverything]) + _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail]) +# Anything below this comment please keep sorted. +# _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-attributes]) + _APPEND_COMPILE_FLAGS_ERROR([-Wvarargs]) + _APPEND_COMPILE_FLAGS_ERROR([-Waddress]) + _APPEND_COMPILE_FLAGS_ERROR([-Warray-bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-Wchar-subscripts]) + _APPEND_COMPILE_FLAGS_ERROR([-Wcomment]) + _APPEND_COMPILE_FLAGS_ERROR([-Wctor-dtor-privacy]) + _APPEND_COMPILE_FLAGS_ERROR([-Wfloat-equal]) + _APPEND_COMPILE_FLAGS_ERROR([-Wformat=2]) + _APPEND_COMPILE_FLAGS_ERROR([-Wformat-y2k]) + _APPEND_COMPILE_FLAGS_ERROR([-Wmaybe-uninitialized]) + _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-field-initializers]) + _APPEND_COMPILE_FLAGS_ERROR([-Wlogical-op]) + _APPEND_COMPILE_FLAGS_ERROR([-Wnon-virtual-dtor]) + _APPEND_COMPILE_FLAGS_ERROR([-Wnormalized=id]) + _APPEND_COMPILE_FLAGS_ERROR([-Woverloaded-virtual]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpointer-arith]) + AS_IF([test "x$MINGW" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=const]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-missing-noreturn]) + _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-noreturn]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=noreturn]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-error=suggest-attribute=noreturn]) + _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])], + [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])]) + _APPEND_COMPILE_FLAGS_ERROR([-Wshadow]) + _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32]) + _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare]) + _APPEND_COMPILE_FLAGS_ERROR([-Wstrict-overflow=1]) + _APPEND_COMPILE_FLAGS_ERROR([-Wswitch-enum]) + _APPEND_COMPILE_FLAGS_ERROR([-Wtrampolines]) + _APPEND_COMPILE_FLAGS_ERROR([-Wundef]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunsafe-loop-optimizations]) + _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations]) + _APPEND_COMPILE_FLAGS_ERROR([-Wc++11-compat]) +# Disabled due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55837 +# _APPEND_COMPILE_FLAGS_ERROR([-Weffc++]) + _APPEND_COMPILE_FLAGS_ERROR([-Wold-style-cast]) + _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-variable]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-parameter]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunused-local-typedefs]) + _APPEND_COMPILE_FLAGS_ERROR([-Wwrite-strings]) + _APPEND_COMPILE_FLAGS_ERROR([-Wformat-security]) + _APPEND_COMPILE_FLAGS_ERROR([-fwrapv]) + _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt]) + _APPEND_COMPILE_FLAGS_ERROR([-pipe]) + AS_IF([test "x$MINGW" = xyes], + [], + [_APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie])]) + _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpacked]) + _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) +# GCC 4.5 removed this. +# _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code]) + + AS_IF([test "x$ax_enable_debug" = xno], + [AS_IF([test "x$ac_cv_vcs_checkout" = xyes], + [AS_IF([test "x${host_os}" != "xmingw"], + [AS_IF([test "x$ac_c_gcc_recent" = xyes], + [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2]) + #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector]) + #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4]) + _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all]) + ])])])]) + + _SET_SANITIZE_FLAGS + + AS_IF([test "x$ac_cv_warnings_as_errors" = xyes], + [AX_APPEND_COMPILE_FLAGS([-Werror])]) + AC_LANG_POP([C++]) ]) + +# All of the heavy lifting happens in _HARDEN_LINKER_FLAGS, +# _HARDEN_CC_COMPILER_FLAGS, _HARDEN_CXX_COMPILER_FLAGS + AC_DEFUN([AX_HARDEN_COMPILER_FLAGS], + [AC_PREREQ([2.63])dnl + AC_REQUIRE([AC_CANONICAL_HOST]) + AC_REQUIRE([AX_COMPILER_VERSION]) + AC_REQUIRE([AX_DEBUG]) + AC_REQUIRE([AX_ASSERT]) + _AX_HARDEN_SANITIZE + + AC_REQUIRE([gl_VISIBILITY]) + AS_IF([test -n "$CFLAG_VISIBILITY"],[CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"]) + + _HARDEN_LINKER_FLAGS + _HARDEN_CC_COMPILER_FLAGS + _HARDEN_CXX_COMPILER_FLAGS + ]) +