X-Git-Url: https://git.m6w6.name/?a=blobdiff_plain;f=m4%2Fax_harden_compiler_flags.m4;h=d4fccad605d56b726da94ffe6009dbb8948743e7;hb=7b3833138cda25e0de1ac93cfbaae09a5529b01f;hp=b3b939217ad9c6acafc82e05dbe89f5716046ad3;hpb=d06e7698797da42f8cc7101e74556e35844ebfa0;p=awesomized%2Flibmemcached diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index b3b93921..d4fccad6 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -15,7 +15,7 @@ # # LICENSE # -# Copyright (C) 2012 Brian Aker +# Copyright (C) 2012-2013 Brian Aker # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -45,15 +45,15 @@ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Notes: +# We do not test for c99 or c++11, that is out of scope. # The Following flags are not checked for # -Wdeclaration-after-statement is counter to C99 -# _APPEND_COMPILE_FLAGS_ERROR([-std=c++11]) -- Not ready yet -# _APPEND_COMPILE_FLAGS_ERROR([-pedantic]) -- -# ? _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) -- Don't turn on for -# compatibility issues memcached_stat_st +# _APPEND_COMPILE_FLAGS_ERROR([-pedantic]) -#serial 9 +#serial 10 AC_DEFUN([_WARNINGS_AS_ERRORS], [AC_CACHE_CHECK([if all warnings into errors],[ac_cv_warnings_as_errors], @@ -76,13 +76,12 @@ AC_DEFUN([_APPEND_COMPILE_FLAGS_ERROR], # Everything above this does the heavy lifting, while what follows does the specifics. AC_DEFUN([_HARDEN_LINKER_FLAGS], - [ - AS_IF([test "$CC" != "clang"], - [_APPEND_LINK_FLAGS_ERROR([-z relro -z now]) -#_APPEND_LINK_FLAGS_ERROR([-pie]) - AS_IF([test "x$ac_cv_warnings_as_errors" = xyes], - [AX_APPEND_LINK_FLAGS([-Werror])])]) - ]) + [AS_IF([test "$CC" != "clang"], + [_APPEND_LINK_FLAGS_ERROR([-z relro -z now]) + AS_IF([test "x$ac_cv_warnings_as_errors" = xyes],[AX_APPEND_LINK_FLAGS([-Werror])]) + AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[_APPEND_LINK_FLAGS_ERROR([-rdynamic])]) + ]) + ]) AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], [AC_LANG_PUSH([C])dnl @@ -106,13 +105,12 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas]) _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])]) - AS_IF([test "$CC" = "clang"], - [_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) + AS_IF([test "$CC" = "clang"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) _APPEND_COMPILE_FLAGS_ERROR([-Wall]) _APPEND_COMPILE_FLAGS_ERROR([-Wextra]) + _APPEND_COMPILE_FLAGS_ERROR([-Weverything]) _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail]) - _APPEND_COMPILE_FLAGS_ERROR([-std=c99]) # Anything below this comment please keep sorted. # _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute]) _APPEND_COMPILE_FLAGS_ERROR([-Wunsuffixed-float-constants]) @@ -147,7 +145,6 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-Wno-suggest-attribute=pure]) _APPEND_COMPILE_FLAGS_ERROR([-Wno-redundant-decls])], [_APPEND_COMPILE_FLAGS_ERROR([-Wredundant-decls])]) - _APPEND_COMPILE_FLAGS_ERROR([-Wshadow]) _APPEND_COMPILE_FLAGS_ERROR([-Wshorten-64-to-32]) _APPEND_COMPILE_FLAGS_ERROR([-Wsign-compare]) @@ -158,30 +155,32 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-Wundef]) _APPEND_COMPILE_FLAGS_ERROR([-Wunsafe-loop-optimizations]) _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations]) - AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ - _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) - AS_IF([test "x$enable_shared" = "xyes"],[ + AS_IF([test "x$MINGW" != xyes],[ + AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ + AS_IF([test "x$enable_shared" = "xyes"],[ + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread]) - ]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + ]) + ]) ]) _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered]) _APPEND_COMPILE_FLAGS_ERROR([-Wunused]) @@ -194,7 +193,11 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-fwrapv]) _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt]) _APPEND_COMPILE_FLAGS_ERROR([-pipe]) + _APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie]) _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpacked]) +# _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code]) AS_IF([test "x$ax_enable_debug" = xno], [AS_IF([test "x$ac_cv_vcs_checkout" = xyes], @@ -202,8 +205,7 @@ AC_DEFUN([_HARDEN_CC_COMPILER_FLAGS], [AS_IF([test "x$ac_c_gcc_recent" = xyes], [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2]) #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([--param=ssp-buffer-size=1]) + #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4]) _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all]) ])])])]) @@ -236,11 +238,11 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], [_APPEND_COMPILE_FLAGS_ERROR([-Wno-unknown-pragmas]) _APPEND_COMPILE_FLAGS_ERROR([-Wno-pragmas])]) - AS_IF([test "$CXX" = "clang++"], - [_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) + AS_IF([test "$CXX" = "clang++"],[_APPEND_COMPILE_FLAGS_ERROR([-Qunused-arguments])]) _APPEND_COMPILE_FLAGS_ERROR([-Wall]) _APPEND_COMPILE_FLAGS_ERROR([-Wextra]) + _APPEND_COMPILE_FLAGS_ERROR([-Weverything]) _APPEND_COMPILE_FLAGS_ERROR([-Wthis-test-should-fail]) # Anything below this comment please keep sorted. # _APPEND_COMPILE_FLAGS_ERROR([-Wmissing-format-attribute]) @@ -280,30 +282,32 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-funsafe-loop-optimizations]) _APPEND_COMPILE_FLAGS_ERROR([-Wc++11-compat]) # _APPEND_COMPILE_FLAGS_ERROR([-Weffc++]) - AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ - _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) - AS_IF([test "x$enable_shared" = "xyes"],[ + AS_IF([test "x$MINGW" != xyes],[ + AS_IF([test "x$ac_cv_vcs_checkout" = xyes],[ + AS_IF([test "x$enable_shared" = "xyes"],[ + _APPEND_COMPILE_FLAGS_ERROR([-fno-omit-frame-pointer]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=address]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer]) _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=thread]) - ]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) - _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=memory]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=alignment]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bool]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=bounds]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=enum]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-cast-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=float-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=integer-divide-by-zero]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=null]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=object-size]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=return]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=shift]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=signed-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unreachable]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=unsigned-integer-overflow]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vla-bound]) + _APPEND_COMPILE_FLAGS_ERROR([-fsanitize=vptr]) + ]) + ]) ]) # _APPEND_COMPILE_FLAGS_ERROR([-Wold-style-cast]) _APPEND_COMPILE_FLAGS_ERROR([-Wclobbered]) @@ -318,7 +322,11 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], _APPEND_COMPILE_FLAGS_ERROR([-fwrapv]) _APPEND_COMPILE_FLAGS_ERROR([-fmudflapt]) _APPEND_COMPILE_FLAGS_ERROR([-pipe]) + _APPEND_COMPILE_FLAGS_ERROR([-fPIE -pie]) _APPEND_COMPILE_FLAGS_ERROR([-Wsizeof-pointer-memaccess]) + _APPEND_COMPILE_FLAGS_ERROR([-Wpacked]) +# _APPEND_COMPILE_FLAGS_ERROR([-Wlong-long]) + _APPEND_COMPILE_FLAGS_ERROR([-Wunreachable-code]) AS_IF([test "x$ax_enable_debug" = xno], [AS_IF([test "x$ac_cv_vcs_checkout" = xyes], @@ -326,8 +334,7 @@ AC_DEFUN([_HARDEN_CXX_COMPILER_FLAGS], [AS_IF([test "x$ac_c_gcc_recent" = xyes], [_APPEND_COMPILE_FLAGS_ERROR([-D_FORTIFY_SOURCE=2]) #_APPEND_COMPILE_FLAGS_ERROR([-Wstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector]) - #_APPEND_COMPILE_FLAGS_ERROR([--param=ssp-buffer-size=1]) + #_APPEND_COMPILE_FLAGS_ERROR([-fstack-protector --param=ssp-buffer-size=4]) _APPEND_COMPILE_FLAGS_ERROR([-fstack-protector-all]) ])])])])