X-Git-Url: https://git.m6w6.name/?a=blobdiff_plain;f=m4%2Fax_harden_compiler_flags.m4;h=d4fccad605d56b726da94ffe6009dbb8948743e7;hb=53418c8467e0e0845e8f9875fccf05a6cc5a4684;hp=2daeb1a19c4015c9c67ebdd0237c5bcd5f48b2ab;hpb=cb3ca2b63f9ddb2e070814623a3965c88a84eea7;p=awesomized%2Flibmemcached diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index 2daeb1a1..d4fccad6 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -15,7 +15,7 @@ # # LICENSE # -# Copyright (C) 2012 Brian Aker +# Copyright (C) 2012-2013 Brian Aker # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -45,15 +45,15 @@ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Notes: +# We do not test for c99 or c++11, that is out of scope. # The Following flags are not checked for # -Wdeclaration-after-statement is counter to C99 -# _APPEND_COMPILE_FLAGS_ERROR([-std=c++11]) -- Not ready yet -# _APPEND_COMPILE_FLAGS_ERROR([-pedantic]) -- -# ? _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) -- Don't turn on for -# compatibility issues memcached_stat_st +# _APPEND_COMPILE_FLAGS_ERROR([-pedantic]) -#serial 8 +#serial 10 AC_DEFUN([_WARNINGS_AS_ERRORS], [AC_CACHE_CHECK([if all warnings into errors],[ac_cv_warnings_as_errors], @@ -76,13 +76,12 @@ AC_DEFUN([_APPEND_COMPILE_FLAGS_ERROR], # Everything above this does the heavy lifting, while what follows does the specifics. AC_DEFUN([_HARDEN_LINKER_FLAGS], - [ - AS_IF([test "$CC" != "clang"], - [_APPEND_LINK_FLAGS_ERROR([-z relro -z now]) -#_APPEND_LINK_FLAGS_ERROR([-pie]) - AS_IF([test "x$ac_cv_warnings_as_errors" = xyes], - [AX_APPEND_LINK_FLAGS([-Werror])])]) - ]) + [AS_IF([test "$CC" != "clang"], + [_APPEND_LINK_FLAGS_ERROR([-z relro -z now]) + AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],[AX_APPEND_LINK_FLAGS([-Werror])]) + AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[_APPEND_LINK_FLAGS_ERROR([-rdynamic])]) + ]) + ]) AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], [AC_LANG_PUSH([C])dnl @@ -92,9 +91,12 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-H]) _APPEND_COMPILE_FLAGS_ERROR([-ggdb]) _APPEND_COMPILE_FLAGS_ERROR([-g]) - _APPEND_COMPILE_FLAGS_ERROR([-O0])], - [_APPEND_COMPILE_FLAGS_ERROR([-g]) - _APPEND_COMPILE_FLAGS_ERROR([-O2])]) + _APPEND_COMPILE_FLAGS_ERROR([-O0]), + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + ],[ + _APPEND_COMPILE_FLAGS_ERROR([-g]) + _APPEND_COMPILE_FLAGS_ERROR([-O2]) + ]) AS_IF([test "x$ac_cv_vcs_checkout" = xyes], [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check]) @@ -103,13 +105,12 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas]) _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])]) - AS_IF([test "$CC" = "clang"], - [_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) + AS_IF([test "$CC" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) _APPEND_COMPILE_FLAGS_ERROR([-Wall]) _APPEND_COMPILE_FLAGS_ERROR([-Wextra]) + _APPEND_COMPILE_FLAGS_ERROR([-Weverything]) _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail]) - _APPEND_COMPILE_FLAGS_ERROR([-std=c99]) # Anything below this comment please keep sorted. # _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute]) _APPEND_COMPILE_FLAGS_ERROR([-Wunsuffixed-float-constants]) @@ -144,7 +145,6 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=pure]) _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])], [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])]) - _APPEND_COMPILE_FLAGS_ERROR([-Wshadow]) _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32]) _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare]) @@ -155,26 +155,33 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-Wundef]) _APPEND_COMPILE_FLAGS_ERROR([-Wunsafe-loop-optimizations]) _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + AS_IF([test "x$MINGW" != xyes],[ + AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ + AS_IF([test "x$enable_shared" = "xyes"],[ + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + ]) + ]) + ]) _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered]) _APPEND_COMPILE_FLAGS_ERROR([-Wunused]) _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result]) @@ -186,6 +193,11 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-fwrapv]) _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt]) _APPEND_COMPILE_FLAGS_ERROR([-pipe]) + _APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie]) + _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpacked]) +# _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code]) AS_IF([test "x$ax_enable_debug" = xno], [AS_IF([test "x$ac_cv_vcs_checkout" = xyes], @@ -193,8 +205,7 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], [AS_IF([test "x$ac_c_gcc_recent" = xyes], [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2]) #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([--param=ssp-buffer-size=1]) + #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4]) _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all]) ])])])]) @@ -213,9 +224,12 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-H]) _APPEND_COMPILE_FLAGS_ERROR([-ggdb]) _APPEND_COMPILE_FLAGS_ERROR([-g]) - _APPEND_COMPILE_FLAGS_ERROR([-O0])], - [_APPEND_COMPILE_FLAGS_ERROR([-g]) - _APPEND_COMPILE_FLAGS_ERROR([-O2])]) + _APPEND_COMPILE_FLAGS_ERROR([-O0]), + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + ],[ + _APPEND_COMPILE_FLAGS_ERROR([-g]) + _APPEND_COMPILE_FLAGS_ERROR([-O2]) + ]) AS_IF([test "x$ac_cv_vcs_checkout" = xyes], [_APPEND_COMPILE_FLAGS_ERROR([-fstack-check]) @@ -224,11 +238,11 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas]) _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])]) - AS_IF([test "$CXX" = "clang++"], - [_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) + AS_IF([test "$CXX" = "clang++"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) _APPEND_COMPILE_FLAGS_ERROR([-Wall]) _APPEND_COMPILE_FLAGS_ERROR([-Wextra]) + _APPEND_COMPILE_FLAGS_ERROR([-Weverything]) _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail]) # Anything below this comment please keep sorted. # _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute]) @@ -268,27 +282,34 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations]) _APPEND_COMPILE_FLAGS_ERROR([-Wc++11-compat]) # _APPEND_COMPILE_FLAGS_ERROR([-Weffc++]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) -# _APPEND_COMPILE_FLAGS_ERROR([-Wold-style-cast]) + AS_IF([test "x$MINGW" != xyes],[ + AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ + AS_IF([test "x$enable_shared" = "xyes"],[ + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + ]) + ]) + ]) +# _APPEND_COMPILE_FLAGS_ERROR([-Wold-style-cast]) _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered]) _APPEND_COMPILE_FLAGS_ERROR([-Wunused]) _APPEND_COMPILE_FLAGS_ERROR([-Wunused-result]) @@ -301,6 +322,11 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-fwrapv]) _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt]) _APPEND_COMPILE_FLAGS_ERROR([-pipe]) + _APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie]) + _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpacked]) +# _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code]) AS_IF([test "x$ax_enable_debug" = xno], [AS_IF([test "x$ac_cv_vcs_checkout" = xyes], @@ -308,8 +334,7 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], [AS_IF([test "x$ac_c_gcc_recent" = xyes], [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2]) #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([--param=ssp-buffer-size=1]) + #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4]) _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all]) ])])])])