Flag usage recommendations #165
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thomasnyman
force-pushed
the
flag-usage-recommendations
branch
from
7733e47
to
95bc03b
Compare
thomasnyman
force-pushed
the
flag-usage-recommendations
branch
from
95bc03b
to
7e1183f
Compare
|
Updated PR with rebase with respect to main after renaming files |
thomasnyman
commented
Jun 21, 2023
| @@ -76,9 +76,15 @@ The recommendations in Table 1 and Table 2 are primarily applicable to compiling | |||
|
|
|||
| For historical reasons, the GCC compiler and Binutils upstream projects do not enable optimization or security hardening options by default. While some aspects of the default options can be changed when building GCC and Binutils from source, the defaults used in the toolchains shipped with GNU/Linux distributions vary. Distributions may also ship multiple versions of toolchains with different defaults. Consequently, developers need to pay attention to compiler and linker options flags, and manage them according to their need of optimization, level of warning and error detection, and security hardening of the project. | |||
|
|
|||
| You can typically find the default flags used by GCC on your system by examining the output of the `gcc -v` command. Examining the `Configured with:` section, in the `gcc -v` output, can be useful for understanding how GCC is set up on your system and what options were chosen by the distribution's maintainers during the build process. It can also be useful for diagnosing issues with GCC or for troubleshooting problems that may arise during the compilation of software. | |||
| You can typically find the default flags used by GCC on your system by examining the output of the `gcc -v` command. Examining the `Configured with:` section, in the `gcc -v` output, can be useful for understanding how GCC is set up on your system and what options were chosen by the distribution's maintainers during the build process. It can also be useful for diagnosing issues with GCC or for troubleshooting problems that may arise during the compilation of software. For example, issues caused by interactions between order-sensitive flags. | |||
There was a problem hiding this comment.
Should include the corresponding flag for Clang (and possible the Microsoft compiler?)
Possible also the relevant variant for debugging issues with macros (gcc -O2 -dM -E - < /dev/null)
thomasnyman
force-pushed
the
flag-usage-recommendations
branch
2 times, most recently
from
a099cc0
to
b758084
Compare
|
Rebased to main and incorporated feedback from the C/C++ Compiler BP Guide call on 2023-06-21. |
thomasnyman
force-pushed
the
flag-usage-recommendations
branch
from
b758084
to
cb7e700
Compare
|
Minor further tweaks to avoid referring to only GCC. |
gkunz
requested changes
Aug 3, 2023
gkunz
requested changes
Aug 3, 2023
docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
Outdated
Show resolved
Hide resolved
With the caveat that distributions may recommend their own ways of incorporating build flags together with links to guidance for a few Linux distributions. Co-authored-by: Georg Kunz <[email protected]> Signed-off-by: Thomas Nyman <[email protected]>
…acros Signed-off-by: Thomas Nyman <[email protected]>
thomasnyman
force-pushed
the
flag-usage-recommendations
branch
from
96a0a94
to
750ae2f
Compare
|
Squashed requested changes to original commit. |
|
Merged as per discussion in C/C++ Compiler Guide BP call 2023-08-02. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In PR #132 (comment) @david-a-wheeler noted that we need to note somewhere that the option flags are order-sensitive. Another feedback from the C/C++ Compiler BP Guide calls was to add the recommendation to to explicitly enable hardening flag in a projects build system rather then relying on flags configured in the local GCC profile. This PR adds text to address these concerns.