Merge "Build with traps on signed overflow" into main
This commit is contained in:
commit
61d394e344
4 changed files with 29 additions and 7 deletions
9
local.mk
9
local.mk
|
@ -1,4 +1,11 @@
|
|||
GLOBAL_CXXFLAGS += -Wno-deprecated-declarations -Werror=switch
|
||||
# 2024-03-24: jade benchmarked the default sanitize reporting in clang and got
|
||||
# a regression of about 10% on hackage-packages.nix with clang. So we are trapping instead.
|
||||
#
|
||||
# This has an overhead of 0-4% on gcc and unmeasurably little on clang, in
|
||||
# Nix evaluation benchmarks.
|
||||
DEFAULT_SANITIZE_FLAGS = -fsanitize=signed-integer-overflow -fsanitize-undefined-trap-on-error
|
||||
GLOBAL_CXXFLAGS += -Wno-deprecated-declarations -Werror=switch $(DEFAULT_SANITIZE_FLAGS)
|
||||
GLOBAL_LDFLAGS += $(DEFAULT_SANITIZE_FLAGS)
|
||||
# Allow switch-enum to be overridden for files that do not support it, usually because of dependency headers.
|
||||
ERROR_SWITCH_ENUM = -Werror=switch-enum
|
||||
|
||||
|
|
17
meson.build
17
meson.build
|
@ -305,6 +305,23 @@ add_project_arguments(
|
|||
language : 'cpp',
|
||||
)
|
||||
|
||||
if cxx.get_id() in ['gcc', 'clang']
|
||||
# 2024-03-24: jade benchmarked the default sanitize reporting in clang and got
|
||||
# a regression of about 10% on hackage-packages.nix with clang. So we are trapping instead.
|
||||
#
|
||||
# This has an overhead of 0-4% on gcc and unmeasurably little on clang, in
|
||||
# Nix evaluation benchmarks.
|
||||
#
|
||||
# N.B. Meson generates a completely nonsense warning here:
|
||||
# https://github.com/mesonbuild/meson/issues/9822
|
||||
# Both of these args cannot be written in the default meson configuration.
|
||||
# b_sanitize=signed-integer-overflow is ignored, and
|
||||
# -fsanitize-undefined-trap-on-error is not representable.
|
||||
sanitize_args = ['-fsanitize=signed-integer-overflow', '-fsanitize-undefined-trap-on-error']
|
||||
add_project_arguments(sanitize_args, language: 'cpp')
|
||||
add_project_link_arguments(sanitize_args, language: 'cpp')
|
||||
endif
|
||||
|
||||
add_project_link_arguments('-pthread', language : 'cpp')
|
||||
if cxx.get_linker_id() in ['ld.bfd', 'ld.gold']
|
||||
add_project_link_arguments('-Wl,--no-copy-dt-needed-entries', language : 'cpp')
|
||||
|
|
|
@ -78,11 +78,7 @@ define build-library
|
|||
$(1)_LDFLAGS += -undefined suppress -flat_namespace
|
||||
endif
|
||||
else
|
||||
ifndef HOST_DARWIN
|
||||
ifndef HOST_CYGWIN
|
||||
$(1)_LDFLAGS += -Wl,-z,defs
|
||||
endif
|
||||
endif
|
||||
# -Wl,-z,defs is broken with sanitizers on Linux/clang at least.
|
||||
endif
|
||||
|
||||
ifndef HOST_DARWIN
|
||||
|
|
|
@ -297,7 +297,9 @@ in stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
strictDeps = true;
|
||||
|
||||
hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
|
||||
# strictoverflow is disabled because we trap on signed overflow instead
|
||||
hardeningDisable = [ "strictoverflow" ]
|
||||
++ lib.optional stdenv.hostPlatform.isStatic "pie";
|
||||
|
||||
meta.platforms = lib.platforms.unix;
|
||||
|
||||
|
|
Loading…
Reference in a new issue