Merge "Build with traps on signed overflow" into main
This commit is contained in:
commit
61d394e344
9
local.mk
9
local.mk
|
@ -1,4 +1,11 @@
|
||||||
GLOBAL_CXXFLAGS += -Wno-deprecated-declarations -Werror=switch
|
# 2024-03-24: jade benchmarked the default sanitize reporting in clang and got
|
||||||
|
# a regression of about 10% on hackage-packages.nix with clang. So we are trapping instead.
|
||||||
|
#
|
||||||
|
# This has an overhead of 0-4% on gcc and unmeasurably little on clang, in
|
||||||
|
# Nix evaluation benchmarks.
|
||||||
|
DEFAULT_SANITIZE_FLAGS = -fsanitize=signed-integer-overflow -fsanitize-undefined-trap-on-error
|
||||||
|
GLOBAL_CXXFLAGS += -Wno-deprecated-declarations -Werror=switch $(DEFAULT_SANITIZE_FLAGS)
|
||||||
|
GLOBAL_LDFLAGS += $(DEFAULT_SANITIZE_FLAGS)
|
||||||
# Allow switch-enum to be overridden for files that do not support it, usually because of dependency headers.
|
# Allow switch-enum to be overridden for files that do not support it, usually because of dependency headers.
|
||||||
ERROR_SWITCH_ENUM = -Werror=switch-enum
|
ERROR_SWITCH_ENUM = -Werror=switch-enum
|
||||||
|
|
||||||
|
|
17
meson.build
17
meson.build
|
@ -305,6 +305,23 @@ add_project_arguments(
|
||||||
language : 'cpp',
|
language : 'cpp',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if cxx.get_id() in ['gcc', 'clang']
|
||||||
|
# 2024-03-24: jade benchmarked the default sanitize reporting in clang and got
|
||||||
|
# a regression of about 10% on hackage-packages.nix with clang. So we are trapping instead.
|
||||||
|
#
|
||||||
|
# This has an overhead of 0-4% on gcc and unmeasurably little on clang, in
|
||||||
|
# Nix evaluation benchmarks.
|
||||||
|
#
|
||||||
|
# N.B. Meson generates a completely nonsense warning here:
|
||||||
|
# https://github.com/mesonbuild/meson/issues/9822
|
||||||
|
# Both of these args cannot be written in the default meson configuration.
|
||||||
|
# b_sanitize=signed-integer-overflow is ignored, and
|
||||||
|
# -fsanitize-undefined-trap-on-error is not representable.
|
||||||
|
sanitize_args = ['-fsanitize=signed-integer-overflow', '-fsanitize-undefined-trap-on-error']
|
||||||
|
add_project_arguments(sanitize_args, language: 'cpp')
|
||||||
|
add_project_link_arguments(sanitize_args, language: 'cpp')
|
||||||
|
endif
|
||||||
|
|
||||||
add_project_link_arguments('-pthread', language : 'cpp')
|
add_project_link_arguments('-pthread', language : 'cpp')
|
||||||
if cxx.get_linker_id() in ['ld.bfd', 'ld.gold']
|
if cxx.get_linker_id() in ['ld.bfd', 'ld.gold']
|
||||||
add_project_link_arguments('-Wl,--no-copy-dt-needed-entries', language : 'cpp')
|
add_project_link_arguments('-Wl,--no-copy-dt-needed-entries', language : 'cpp')
|
||||||
|
|
|
@ -78,11 +78,7 @@ define build-library
|
||||||
$(1)_LDFLAGS += -undefined suppress -flat_namespace
|
$(1)_LDFLAGS += -undefined suppress -flat_namespace
|
||||||
endif
|
endif
|
||||||
else
|
else
|
||||||
ifndef HOST_DARWIN
|
# -Wl,-z,defs is broken with sanitizers on Linux/clang at least.
|
||||||
ifndef HOST_CYGWIN
|
|
||||||
$(1)_LDFLAGS += -Wl,-z,defs
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifndef HOST_DARWIN
|
ifndef HOST_DARWIN
|
||||||
|
|
|
@ -297,7 +297,9 @@ in stdenv.mkDerivation (finalAttrs: {
|
||||||
|
|
||||||
strictDeps = true;
|
strictDeps = true;
|
||||||
|
|
||||||
hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
|
# strictoverflow is disabled because we trap on signed overflow instead
|
||||||
|
hardeningDisable = [ "strictoverflow" ]
|
||||||
|
++ lib.optional stdenv.hostPlatform.isStatic "pie";
|
||||||
|
|
||||||
meta.platforms = lib.platforms.unix;
|
meta.platforms = lib.platforms.unix;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue