Charles
45487891f1
Also remove static library when cleaning
2025-09-25 15:24:40 -04:00
Charles
51e8ffe080
Add an option to build a static library
2025-09-25 15:12:11 -04:00
Daniel Micay
3c274731ba
Revert "use safe_flag for -fstack-clash-protection"
...
This reverts commit 4171bd164e
2023-11-14 16:19:33 -05:00
Daniel Micay
4171bd164e
use safe_flag for -fstack-clash-protection
2023-11-08 14:21:04 -05:00
Daniel Micay
2d302f7d85
enable -Wundef
2023-06-10 14:58:33 -04:00
Daniel Micay
8f3281ed6a
enable strict prototypes warning
2023-06-10 14:18:27 -04:00
Christian Göttsche
af866a7faa
support versioned Clang
...
make CC=clang-14
clang-14 -std=c17 -O3 -flto -fPIC -fvisibility=hidden -fno-plt -fstack-clash-protection -fstack-protector-strong -pipe -Wall -Wcast-qual -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -Wcast-align=strict -Wcast-qual -Wwrite-strings -Werror -march=native -Wmissing-prototypes -D_GNU_SOURCE -I include -DCONFIG_SEAL_METADATA=false -DZERO_ON_FREE=true -DWRITE_AFTER_FREE_CHECK=true -DSLOT_RANDOMIZE=true -DSLAB_CANARY=true -DSLAB_QUARANTINE_RANDOM_LENGTH=1 -DSLAB_QUARANTINE_QUEUE_LENGTH=1 -DCONFIG_EXTENDED_SIZE_CLASSES=true -DCONFIG_LARGE_SIZE_CLASSES=true -DGUARD_SLABS_INTERVAL=1 -DGUARD_SIZE_DIVISOR=2 -DREGION_QUARANTINE_RANDOM_LENGTH=256 -DREGION_QUARANTINE_QUEUE_LENGTH=1024 -DREGION_QUARANTINE_SKIP_THRESHOLD=33554432 -DFREE_SLABS_QUARANTINE_RANDOM_LENGTH=32 -DCONFIG_CLASS_REGION_SIZE=34359738368 -DN_ARENA=4 -DCONFIG_STATS=false -c -o out/chacha.o chacha.c
error: unknown warning option '-Wcast-align=strict'; did you mean '-Wcast-align'? [-Werror,-Wunknown-warning-option]
make: *** [Makefile:114: out/chacha.o] Error 1
2023-06-10 14:18:27 -04:00
Daniel Micay
6038030d0b
no need to check for -fstack-clash-protection
...
This is supported by the compiler versions listed as minimum
requirements in the README.
2023-02-17 13:07:26 -05:00
Daniel Micay
4d23fa37ad
enable Intel CET support
2023-02-17 13:07:26 -05:00
Daniel Micay
cd9b875297
reorganize compiler switches
2023-02-17 13:07:24 -05:00
Daniel Micay
8f38bbdee6
add configuration for self-init
...
This needs to be disabled for compatibility with the exploit protection
compatibility mode on GrapheneOS. hardened_malloc shouldn't be trying to
initialize itself when exploit protection compatibility mode is enabled.
This has to be handled in our Bionic integration instead.
2022-09-14 03:41:31 -04:00
jvoisin
04a86566c3
Don't depend on gcc_s
2022-01-28 14:59:58 -05:00
jvoisin
3fa30842ed
Use $(MAKE) instead of make in Makefiles
...
This will pass the correct flags to the make
invocations.
2022-01-17 16:21:00 -05:00
Daniel Micay
e814cf4f5c
enable linking optimization for GNU linker
2022-01-16 12:18:00 -05:00
Daniel Micay
705211ef49
define UBSan flags for SHARED_FLAGS to reuse it
2022-01-16 11:50:55 -05:00
Daniel Micay
189d3362d5
enable sized deallocation ABI for consistency
2022-01-16 11:49:51 -05:00
Daniel Micay
17891d743e
switch from c11 to c17 standard
2022-01-12 10:20:47 -05:00
Daniel Micay
b3372e1576
add configuration template system
2022-01-10 04:47:01 -05:00
Daniel Micay
3696f071a4
use SLAB_CANARY for conditional checks
2022-01-03 02:17:04 -05:00
jvoisin
3878f4a5f4
Don't ignore the return value of the testsuite
2022-01-02 00:55:21 -05:00
Daniel Micay
75e26afdb6
remove legacy safe_flag check for -fno-plt
...
This is supported by the minimum versions of the dependencies.
2021-12-30 19:17:33 -05:00
jvoisin
06192ae499
make clean is now thorough
2021-12-26 16:28:03 -05:00
Daniel Micay
4ccd6f16df
always enable C++17
...
The safe_flag check doesn't work properly for C++ flags with Clang so
this wasn't getting enabled despite the conditional compilation being
removed from the code, leading to breaking Clang builds.
2021-12-26 16:26:38 -05:00
Daniel Micay
3b72a4f810
set C / C++ standard parameter for clang-tidy
2021-09-30 11:05:47 -04:00
Daniel Micay
db21ecd529
use longer default region quarantine random array
2021-03-18 06:27:46 -04:00
Daniel Micay
b9ebf47c7c
explicitly use python3 to run tests
2020-09-19 09:40:56 -04:00
Daniel Micay
1cba254452
move external API to include directory
2020-09-14 05:52:53 -04:00
Daniel Micay
cf55ac0f6d
disable annoying Clang warning from avoiding ifdef
2020-04-30 18:14:40 -04:00
rwarr627
ec6854c71b
added test rule
2020-04-11 15:08:30 -04:00
Daniel Micay
74eb614f16
inherit base CXXFLAGS from the environment too
2019-09-26 14:50:58 -04:00
Daniel Micay
5b3d59ec7d
Makefile: split long line for SHARED_FLAGS
2019-08-18 08:41:12 -04:00
Daniel Micay
58b56f10ea
avoid -shared-libgcc due to old Clang versions
2019-08-18 04:53:51 -04:00
Daniel Micay
abece7656b
add enabled-by-default option to use -Werror
2019-08-18 02:28:23 -04:00
Daniel Micay
c70745ab15
Makefile: add check target depending on tidy
2019-08-18 02:20:06 -04:00
Daniel Micay
8133444f43
move clang-tidy configuration to .clang-tidy
2019-08-18 02:12:18 -04:00
Daniel Micay
8f9f2521a0
disable sanitizer recovery in UBSan debug builds
...
This makes it harder to miss that an error occurred and avoids spamming
output. There should never be a single error, so it doesn't make sense
to gather as many errors as possible when a single error is already a
serious issue that would need to be fixed.
2019-08-18 02:00:13 -04:00
Daniel Micay
d8ebdea05f
handle CONFIG_SEAL_METADATA option like the others
2019-08-18 01:56:20 -04:00
Daniel Micay
8d2df1deb8
use CC as CXX to make sure LTO is compatible
2019-08-18 01:28:59 -04:00
Daniel Micay
1bc201c4c1
use -Wcast-align if -Wcast-align=strict is missing
2019-08-18 01:15:54 -04:00
Daniel Micay
cc8c4459e1
make safe_flag treat unknown warnings as missing
2019-08-18 01:15:54 -04:00
Patrick Schleizer
75e86914aa
respect existing CFLAGS, CPPFLAGS and LDFLAGS
2019-07-29 13:52:55 -04:00
Daniel Micay
90d12fb340
override local default to -fstack-protector-strong
...
This is a no-op on a toolchain compiled with the basic mitigations
enabled by default, so this is generally a no-op anywhere this project
is likely to be deployed. SSP has a very low performance cost so there's
little reason to avoid it, even though it also has zero value for this
code in practice. It would be great if one of the more modern approaches
was widely adopted, but unfortunately SSP is as good as it gets for
portable options. It doesn't provide any protection against external
writes to the stack data which is all that's really needed here.
ShadowCallStack is a great option for arm64, but it's substantially more
difficult to protect return addresses well on x86_64 due to the design of
the ISA and ABI.
2019-07-19 11:53:55 -04:00
Daniel Micay
77743e5a36
use -fstack-clash-protection for completeness
...
This is a no-op for the current code and will likely remain that way so
there's no benefit but also no performance cost.
2019-07-19 11:18:49 -04:00
Daniel Micay
bb65d088dc
drop default class region size to 32GiB
2019-06-19 01:00:22 -04:00
Daniel Micay
5449f4a94e
use safe_flag for -fno-plt
...
This isn't supported by the ancient Clang release in Debian Stable.
2019-06-06 07:33:39 -04:00
Daniel Micay
6c31f6710a
support extended range of small size classes
2019-04-10 08:31:51 -04:00
Daniel Micay
1b34fd4a69
enable 4 arenas by default
2019-04-10 08:12:59 -04:00
Daniel Micay
cef7368b3c
disable unusable readability-magic-numbers lint
...
This wouldn't be worth using even if it had a whole bunch of heuristics
like ignoring expressions in static_assert, ignoring repeated patterns
like assigning different things to sequential array indexes, etc.
2019-04-09 00:58:06 -04:00
Daniel Micay
295bfbde94
disable bugprone-too-small-loop-variable lint
...
This has too many false positives since it doesn't permit comparisons
against constants where the compiler can verify it doesn't overflow.
2019-04-09 00:55:16 -04:00
Daniel Micay
ef90f404a6
add sanity check for stats option
2019-04-07 09:06:03 -04:00
