[libc-commits] [libc] [llvm] [libc] enable stack protectors and frame pointers on default (PR #86288)
Schrodinger ZHU Yifan via libc-commits
libc-commits at lists.llvm.org
Fri Mar 22 07:24:25 PDT 2024
https://github.com/SchrodingerZhu created https://github.com/llvm/llvm-project/pull/86288
OS distros tend to enable them by default:
- https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer
- https://wiki.archlinux.org/title/Arch_package_guidelines/Security
- https://gitlab.archlinux.org/archlinux/packaging/packages/clang/-/blob/main/enable-fstack-protector-strong-by-default.patch?ref_type=heads
>From c5ee2f0135713c7767c4f18cdd112c7b1b3dd54d Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 22 Mar 2024 10:11:18 -0400
Subject: [PATCH 1/3] [libc] enable stack protectors and frame pointers on
default
---
libc/CMakeLists.txt | 4 ++++
libc/cmake/modules/LLVMLibCCompileOptionRules.cmake | 9 +++++++++
.../bazel/llvm-project-overlay/libc/libc_build_rules.bzl | 9 +++++++--
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/libc/CMakeLists.txt b/libc/CMakeLists.txt
index a0d79858a896ad..0c1fdae04cf955 100644
--- a/libc/CMakeLists.txt
+++ b/libc/CMakeLists.txt
@@ -47,6 +47,10 @@ set(LIBC_NAMESPACE ${default_namespace}
CACHE STRING "The namespace to use to enclose internal implementations. Must start with '__llvm_libc'."
)
+# Codegen options.
+option(LLVM_LIBC_KEEP_FRAME_POINTER "Keep frame pointers in LLVM libc" ON)
+option(LLVM_LIBC_ENABLE_STACK_PROTECTOR "Enable stack protector for LLVM libc" ON)
+
if(LLVM_LIBC_FULL_BUILD OR LLVM_LIBC_GPU_BUILD)
if(NOT LIBC_HDRGEN_EXE)
# We need to set up hdrgen first since other targets depend on it.
diff --git a/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake b/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
index 5bc0898298ce39..df7311f8ec6d9d 100644
--- a/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
+++ b/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
@@ -60,6 +60,15 @@ function(_get_common_compile_options output_var flags)
if (LIBC_CC_SUPPORTS_PATTERN_INIT)
list(APPEND compile_options "-ftrivial-auto-var-init=pattern")
endif()
+ if (LLVM_LIBC_KEEP_FRAME_POINTER)
+ list(APPEND compile_options "-fno-omit-frame-pointer")
+ if (LIBC_TARGET_ARCHITECTURE_IS_X86)
+ list(APPEND compile_options "-mno-omit-leaf-frame-pointer")
+ endif()
+ endif()
+ if (LLVM_LIBC_ENABLE_STACK_PROTECTOR)
+ list(APPEND compile_options "-fstack-protector-strong")
+ endif()
list(APPEND compile_options "-Wall")
list(APPEND compile_options "-Wextra")
# -DLIBC_WNO_ERROR=ON if you can't build cleanly with -Werror.
diff --git a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
index 7d815bc4a2299c..89ac906e2f3afb 100644
--- a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
+++ b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
@@ -78,15 +78,20 @@ def libc_function(
its deps.
**kwargs: Other attributes relevant for a cc_library. For example, deps.
"""
-
+ # x86 targets have -mno-omit-leaf-frame-pointer.
+ copts = selects.with_or({
+ PLATFORM_CPU_X86_64: ["-mno-omit-leaf-frame-pointer"],
+ "//conditions:default": []
+ })
# We use the explicit equals pattern here because append and += mutate the
# original list, where this creates a new list and stores it in deps.
- copts = copts or []
copts = copts + [
"-O3",
"-fno-builtin",
"-fno-lax-vector-conversions",
"-ftrivial-auto-var-init=pattern",
+ "-fno-omit-frame-pointer",
+ "-fstack-protector-strong",
]
# We compile the code twice, the first target is suffixed with ".__internal__" and contains the
>From db54ba12b3cd0dda2da8b4510bd5cd568da12b11 Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 22 Mar 2024 10:20:54 -0400
Subject: [PATCH 2/3] fix bazel
---
.../llvm-project-overlay/libc/libc_build_rules.bzl | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
index 89ac906e2f3afb..12c8145e9b06e7 100644
--- a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
+++ b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
@@ -78,11 +78,6 @@ def libc_function(
its deps.
**kwargs: Other attributes relevant for a cc_library. For example, deps.
"""
- # x86 targets have -mno-omit-leaf-frame-pointer.
- copts = selects.with_or({
- PLATFORM_CPU_X86_64: ["-mno-omit-leaf-frame-pointer"],
- "//conditions:default": []
- })
# We use the explicit equals pattern here because append and += mutate the
# original list, where this creates a new list and stores it in deps.
copts = copts + [
@@ -93,6 +88,12 @@ def libc_function(
"-fno-omit-frame-pointer",
"-fstack-protector-strong",
]
+ # x86 targets have -mno-omit-leaf-frame-pointer.
+ platform_copts = selects.with_or({
+ PLATFORM_CPU_X86_64: ["-mno-omit-leaf-frame-pointer"],
+ "//conditions:default": []
+ })
+ copts = copts + platform_copts
# We compile the code twice, the first target is suffixed with ".__internal__" and contains the
# C++ functions in the "LIBC_NAMESPACE" namespace. This allows us to test the function in the
>From 943b2347b72850f8fbb1de1c54139b1c26354469 Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 22 Mar 2024 10:22:25 -0400
Subject: [PATCH 3/3] fix bazel
---
utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl | 1 +
1 file changed, 1 insertion(+)
diff --git a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
index 12c8145e9b06e7..7dc12bade2605a 100644
--- a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
+++ b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
@@ -80,6 +80,7 @@ def libc_function(
"""
# We use the explicit equals pattern here because append and += mutate the
# original list, where this creates a new list and stores it in deps.
+ copts = copts or []
copts = copts + [
"-O3",
"-fno-builtin",
More information about the libc-commits
mailing list