From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) by sourceware.org (Postfix) with ESMTPS id 29DB23858D35 for ; Wed, 15 Nov 2023 11:46:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 29DB23858D35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 29DB23858D35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::132 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700048771; cv=none; b=AQRvETyuzs39XqnbFR3jcnobbtUG5Bz534OnrTuqWCIWx3v61EsAUm0z0czSfy/Cq+ZhvTi/c52lVUR8nQrklElBrw5pU75b6VUHO1JQiQJB9YnFXGKSdK/Xo/ZFXcFyRwqU9lKBFpwwh+XS3L3CPzlSyUeu3qV8JipCyEtiAPA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700048771; c=relaxed/simple; bh=j4IfiEu6TDAbQqwttKtLR00f/n3Q8hFf12VguVJk1p0=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=ZGksj1orXWyPyROy7KglSxcVovKavbajbv+gISsNWaRPPDvtHH5hOKFYZPKwwmQgJiyIIQE99RIyJiliHUFgU0XBVee24sljsST2nBJPYLFOXOL1MR6SnN4grX7Iz4qUVGOAWrLmoNqC2ITwsH+5QKP6gVMaBV3ZC0sPao6A5Ds= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-50a938dd873so1640500e87.3 for ; Wed, 15 Nov 2023 03:46:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700048768; x=1700653568; darn=gcc.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=pF5/ASPWcMb7dbLeemlSPuivmkHBCb9+Rh451hOrG3c=; b=kYhDsl627giowcUMoqJnAogizYYwy/XKLPib4/WvHVpfJCTCS+ix850w0yqw1zlSmS WdlXbHD/1cByztd1REeip4bjj2lQoyYkLmLBJAnTdxx7bapAks555kRoKsoUOpntUTv6 LSSVgBM9VtZmV0PjwdAKwAzz+maz92jgt6EOPkFMRV8JXjtnlvPee9hid/uWYnvN/8sz h5mC/fy5b+ZDUVKUsB8TUk8/V7WduRbJ4n7ZM/nV6p92bLHwr4bZKNefLXqxwaWvwRg/ Kz0Rx1xAKBLmkMMP7tHE541+PVAQXTezI+QKCVbRgg9+bJ5t8nfhzPk+H+hCDB2I/lsm I5/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700048768; x=1700653568; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pF5/ASPWcMb7dbLeemlSPuivmkHBCb9+Rh451hOrG3c=; b=lJgOZfeTW+cPv6cxC+nB3/T3LxahwVcsfR/prHDT/eF3C/M0vHNr2nkdpO0PQu520X dEwueUf6e8oRB9J1nlW7ayDteRqllITsIHIxp4m3E64IikhaG4yDZ0JM02KAeoIQEvfy 53s8mNSZ65DeZmuVbbkNWWPEbuNPO4xTaq6AoD8zKeaC4go42Y7u4MrY3P+7oUEE/LZZ DQx08DAiRx9Rv7dIEXVvtgsgTfPFPHUg6bwXRXmJkA+E/bCF9jYVKkJPZK4XnKCc1S/R pdXoCrQLZngYY11/K+62QkRPEhf0L6walvgPlWtafPvLEn/Rys9oftQMVe2Yg6A/wJBK +l9w== X-Gm-Message-State: AOJu0Yydf4ZEVZYT7kXnQ5j541Zi5tXeIBoi9p2he8znj7HPjq/Jlvbk wbHWlCdLp+PmemTGh3KBUcpbMfjCofHhnhLzwnc9+p32 X-Google-Smtp-Source: AGHT+IFrRyvv7Cn9qpLlXoGDr06L8lWOB5+c8hauPjZekg7Il6MjwDkuQijpAOHiOK+eDCPbcEUjsvv/K/b9WCNX+IQ= X-Received: by 2002:a05:6512:3994:b0:506:899d:1989 with SMTP id j20-20020a056512399400b00506899d1989mr11489409lfu.44.1700048768459; Wed, 15 Nov 2023 03:46:08 -0800 (PST) MIME-Version: 1.0 References: <8A3E5AA3-0785-4C2E-B75B-9388B703FFEA@gmail.com> In-Reply-To: From: Richard Biener Date: Wed, 15 Nov 2023 12:42:35 +0100 Message-ID: Subject: Re: [PATCH v4] gcc: Introduce -fhardened To: Marek Polacek Cc: iain@sandoe.co.uk, GCC Patches Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Nov 14, 2023 at 5:00=E2=80=AFPM Marek Polacek = wrote: > > On Tue, Nov 14, 2023 at 08:46:16AM +0100, Richard Biener wrote: > > On Fri, Nov 3, 2023 at 11:51=E2=80=AFPM Marek Polacek wrote: > > > > > > On Thu, Oct 26, 2023 at 05:55:56PM +0200, Richard Biener wrote: > > > > > > > > > > > > > Am 24.10.2023 um 21:09 schrieb Marek Polacek = : > > > > > > > > > > =EF=BB=BFOn Tue, Oct 24, 2023 at 09:22:25AM +0200, Richard Biener= wrote: > > > > >>> On Mon, Oct 23, 2023 at 9:26=E2=80=AFPM Marek Polacek wrote: > > > > >>> > > > > >>> On Thu, Oct 19, 2023 at 02:24:11PM +0200, Richard Biener wrote: > > > > >>>> Can you see how our > > > > >>>> primary and secondary targets (+ host OS) behave here? > > > > >>> > > > > >>> That's very reasonable. I tried to build gcc on Compile Farm 1= 19 (AIX) but > > > > >>> that fails with: > > > > >>> > > > > >>> ar -X64 x ../ppc64/libgcc/libgcc_s.a shr.o > > > > >>> ar: 0707-100 ../ppc64/libgcc/libgcc_s.a does not exist. > > > > >>> make[2]: *** [/home/polacek/gcc/libgcc/config/rs6000/t-slibgcc-= aix:98: all] Error 1 > > > > >>> make[2]: Leaving directory '/home/polacek/x/trunk/powerpc-ibm-a= ix7.3.1.0/libgcc' > > > > >>> > > > > >>> and I tried Darwin (104) and that fails with > > > > >>> > > > > >>> *** Configuration aarch64-apple-darwin21.6.0 not supported > > > > >>> > > > > >>> Is anyone else able to build gcc on those machines, or test the= attached > > > > >>> patch? > > > > >>> > > > > >>>> I think the > > > > >>>> documentation should elaborate a bit on expectations for non-L= inux/GNU > > > > >>>> targets, specifically I think the default configuration for a = target should > > > > >>>> with -fhardened _not_ have any -Whardened diagnostics. Maybe = we can > > > > >>>> have a testcase for this? > > > > >>> > > > > >>> Sorry, I'm not sure how to test that. I suppose if -fhardened = enables > > > > >>> something not supported on those systems, and it's something fo= r which > > > > >>> we have a configure test, then we shouldn't warn. This is alre= ady the > > > > >>> case for -pie, -z relro, and -z now. > > > > >> > > > > >> I was thinking of > > > > >> > > > > >> /* { dg-do compile } */ > > > > >> /* { dg-additional-options "-fhardened -Whardened" } */ > > > > >> > > > > >> int main () {} > > > > >> > > > > >> and excess errors should catch "misconfigurations"? > > > > > > > > > > I see. fhardened-3.c is basically just like this (-Whardened is = on by default). > > > > > > > > > >>> Should the docs say something like the following for features w= ithout > > > > >>> configure checks? > > > > >>> > > > > >>> @option{-fhardened} can, on certain systems, attempt to enable = features > > > > >>> not supported on that particular system. In that case, it's po= ssible to > > > > >>> prevent the warning using the @option{-Wno-hardened} option. > > > > >> > > > > >> Yeah, but ideally > > > > >> > > > > >> @option{-fhardened} can, on certain systems, not enable features= not > > > > >> available on those systems and @option{-Whardened} will not diag= nose > > > > >> those as missing. > > > > >> > > > > >> But I understand it doesn't work like that? > > > > > > > > > > Right. It will not diagnose missing features if they have a conf= igure > > > > > check, otherwise it will. And I don't know if we want a configur= e check > > > > > for every feature. Maybe we can add them in the future if the cu= rrent > > > > > patch turns out to be problematical in practice? > > > > > > > > Maybe we can have a switch on known target triples and statically c= onfigure based > > > > On that, eventually even not support -fhardened for targets not lis= ted. That=E2=80=99s certainly easier than detecting the target system feat= ures (think of cross compilers) > > > > > > You mean like the following? The only difference is the addition of > > > HAVE_FHARDENED_SUPPORT and updating the tests to only run on gnu/linu= x > > > targets. If other OSs want to use -fhardened, they need to update th= e > > > configure test. Thanks, > > > > Yes, something like this. IMHO we should aim to at least support all > > our primary platforms (and maybe secondary if they have a relevant > > host OS part). > > That sounds good. Do you want to see any other changes in this patch > or are you fine with it as-is (provided that someone else also acks it)? I'm fine with it as-is if somebody else also acks it. Richard. > Thanks, > > Marek >