mirror of
https://github.com/gcc-mirror/gcc.git
synced 2024-11-21 13:40:47 +00:00
b6cb10af12
[ This is my third attempt to add this configure option. The first version was approved but it came too late in the development cycle. The second version was also approved, but I had to revert it: <https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>. I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer need to touch Makefile.def, so this patch is simplified. ] This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. It is similar to the option --enable-host-shared, except that --e-h-s won't add -shared to the linker flags whereas --e-h-p will add -pie. It is different from --enable-default-pie because that option just adds an implicit -fPIE/-pie when the compiler is invoked, but the compiler itself isn't PIE. Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH regressions. When building the compiler, the build process may use various in-tree libraries; these need to be built with -fPIE so that it's possible to use them when building a PIE. For instance, when --with-included-gettext is in effect, intl object files must be compiled with -fPIE. Similarly, when building in-tree gmp, isl, mpfr and mpc, they must be compiled with -fPIE. With this patch and --enable-host-pie used to configure gcc: $ file gcc/cc1{,plus,obj,gm2} gcc/f951 gcc/lto1 gcc/cpp gcc/go1 gcc/rust1 gcc/gnat1 gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=98e22cde129d304aa6f33e61b1c39e144aeb135e, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=859d1ea37e43dfe50c18fd4e3dd9a34bb1db8f77, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1964f8ecee6163182bc26134e2ac1f324816e434, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1gm2: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a396672c7ff913d21855829202e7b02ecf42ff4c, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=59c523db893186547ac75c7a71f48be0a461c06b, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=084a7b77df7be2d63c2d4c655b5bbc3fcdb6038d, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3503bf8390d219a10d6653b8560aa21158132168, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/go1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=988cc673af4fba5dcb482f4b34957b99050a68c5, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/rust1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b6a5d3d514446c4dcdee0707f086ab9b274a8a3c, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/gnat1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=bb11ccdc2c366fe3fe0980476bcd8ca19b67f9dc, for GNU/Linux 3.2.0, with debug_info, not stripped I plan to add an option to link with -Wl,-z,now. Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext --enable-host-pie as well as without --enable-host-pie. Also tested on a Debian system where the system gcc was configured with --enable-default-pie. Co-Authored by: Iain Sandoe <iain@sandoe.co.uk> ChangeLog: * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. c++tools/ChangeLog: * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. Use pic/libiberty.a if PICFLAG is set. * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. (--enable-host-pie): New check. * configure: Regenerate. fixincludes/ChangeLog: * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" build of libiberty if PICFLAG is set. * configure.ac: * configure: Regenerate. gcc/ChangeLog: * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. * doc/install.texi: Document --enable-host-pie. gcc/ada/ChangeLog: * gcc-interface/Make-lang.in (ALL_ADAFLAGS): Remove NO_PIE_CFLAGS. Add PICFLAG. Use PICFLAG when building ada/b_gnat1.o and ada/b_gnatb.o. * gcc-interface/Makefile.in: Use pic/libiberty.a if PICFLAG is set. Remove NO_PIE_FLAG. gcc/m2/ChangeLog: * Make-lang.in: New var, GM2_PICFLAGS. Use it. gcc/d/ChangeLog: * Make-lang.in: Remove NO_PIE_CFLAGS. intl/ChangeLog: * Makefile.in: Use @PICFLAG@ in COMPILE as well. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libcody/ChangeLog: * Makefile.in: Pass LD_PICFLAG to LDFLAGS. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. libcpp/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libdecnumber/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libiberty/ChangeLog: * configure.ac: Also set shared when enable_host_pie. * configure: Regenerate. zlib/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate.
299 lines
8.5 KiB
Plaintext
299 lines
8.5 KiB
Plaintext
# -*- Autoconf -*-
|
|
# Process this file with autoconf to produce a configure script.
|
|
|
|
AC_INIT(cpplib, [ ], gcc-bugs@gcc.gnu.org, cpplib)
|
|
AC_CONFIG_SRCDIR(ucnid.h)
|
|
AC_CONFIG_MACRO_DIR(../config)
|
|
AC_CANONICAL_SYSTEM
|
|
|
|
# Checks for programs.
|
|
AC_PROG_MAKE_SET
|
|
AC_PROG_INSTALL
|
|
AC_PROG_CC
|
|
AC_PROG_CXX
|
|
AC_PROG_RANLIB
|
|
AC_CHECK_TOOL(AR, ar)
|
|
|
|
AC_USE_SYSTEM_EXTENSIONS
|
|
AC_SYS_LARGEFILE
|
|
|
|
MISSING=`cd $ac_aux_dir && ${PWDCMD-pwd}`/missing
|
|
AC_CHECK_PROGS([ACLOCAL], [aclocal], [$MISSING aclocal])
|
|
AC_CHECK_PROGS([AUTOCONF], [autoconf], [$MISSING autoconf])
|
|
AC_CHECK_PROGS([AUTOHEADER], [autoheader], [$MISSING autoheader])
|
|
|
|
if test -z "$ETAGS"; then
|
|
ETAGS=etags
|
|
fi
|
|
AC_SUBST([ETAGS])
|
|
|
|
# Figure out what compiler warnings we can enable.
|
|
# See config/warnings.m4 for details.
|
|
|
|
ACX_PROG_CC_WARNING_OPTS([-W -Wall -Wno-narrowing -Wwrite-strings \
|
|
-Wmissing-format-attribute], [warn])
|
|
ACX_PROG_CC_WARNING_OPTS([-Wstrict-prototypes -Wmissing-prototypes \
|
|
-Wold-style-definition -Wc++-compat], [c_warn])
|
|
ACX_PROG_CC_WARNING_ALMOST_PEDANTIC([-Wno-long-long])
|
|
|
|
# Disable exceptions and RTTI if building with g++
|
|
ACX_PROG_CC_WARNING_OPTS(
|
|
m4_quote(m4_do([-fno-exceptions -fno-rtti])), [noexception_flags])
|
|
|
|
# Only enable with --enable-werror-always until existing warnings are
|
|
# corrected.
|
|
ACX_PROG_CC_WARNINGS_ARE_ERRORS([manual])
|
|
|
|
# Dependency checking.
|
|
ZW_CREATE_DEPDIR
|
|
AC_LANG_PUSH([C++])
|
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([int i;])], [],
|
|
[AC_MSG_ERROR([C++ compiler missing or inoperational])])
|
|
AC_LANG_POP([C++])
|
|
ZW_PROG_COMPILER_DEPENDENCIES([CXX])
|
|
|
|
# Checks for header files.
|
|
AC_HEADER_TIME
|
|
ACX_HEADER_STRING
|
|
|
|
AC_CHECK_HEADERS(locale.h fcntl.h limits.h stddef.h \
|
|
stdlib.h strings.h string.h sys/file.h unistd.h)
|
|
|
|
# Checks for typedefs, structures, and compiler characteristics.
|
|
AC_C_BIGENDIAN
|
|
AC_C_CONST
|
|
AC_C_INLINE
|
|
AC_FUNC_OBSTACK
|
|
AC_TYPE_OFF_T
|
|
AC_TYPE_SIZE_T
|
|
AC_TYPE_SSIZE_T
|
|
AC_TYPE_UINTPTR_T
|
|
AC_CHECK_TYPE(ptrdiff_t, int)
|
|
AC_TYPE_UINT64_T
|
|
if test x"$ac_cv_c_uint64_t" = x"no"; then
|
|
AC_MSG_ERROR([uint64_t not found])
|
|
fi
|
|
AC_STRUCT_TM
|
|
AC_CHECK_SIZEOF(int)
|
|
AC_CHECK_SIZEOF(long)
|
|
define(libcpp_UNLOCKED_FUNCS, clearerr_unlocked feof_unlocked dnl
|
|
ferror_unlocked fflush_unlocked fgetc_unlocked fgets_unlocked dnl
|
|
fileno_unlocked fprintf_unlocked fputc_unlocked fputs_unlocked dnl
|
|
fread_unlocked fwrite_unlocked getchar_unlocked getc_unlocked dnl
|
|
putchar_unlocked putc_unlocked)
|
|
AC_CHECK_FUNCS(libcpp_UNLOCKED_FUNCS)
|
|
AC_CHECK_DECLS([abort, asprintf, basename(char *), errno, getopt, vasprintf])
|
|
AC_CHECK_DECLS(m4_split(m4_normalize(libcpp_UNLOCKED_FUNCS)))
|
|
|
|
# Checks for library functions.
|
|
AC_FUNC_ALLOCA
|
|
AC_HEADER_STDC
|
|
AM_LANGINFO_CODESET
|
|
ZW_GNU_GETTEXT_SISTER_DIR
|
|
|
|
AC_CACHE_CHECK(for uchar, gcc_cv_type_uchar,
|
|
[AC_TRY_COMPILE([
|
|
#include <sys/types.h>
|
|
],
|
|
[if ((uchar *)0) return 0;
|
|
if (sizeof(uchar)) return 0;],
|
|
ac_cv_type_uchar=yes, ac_cv_type_uchar=no)])
|
|
if test $ac_cv_type_uchar = yes; then
|
|
AC_DEFINE(HAVE_UCHAR, 1,
|
|
[Define if <sys/types.h> defines \`uchar'.])
|
|
fi
|
|
|
|
AC_CHECK_SIZEOF(ino_t)
|
|
AC_CHECK_SIZEOF(dev_t)
|
|
|
|
# g++ on Solaris 10+ defines _XOPEN_SOURCE=600, which exposes a different
|
|
# iconv() prototype.
|
|
AC_LANG_PUSH([C++])
|
|
AM_ICONV
|
|
AC_LANG_POP([C++])
|
|
|
|
# More defines and substitutions.
|
|
PACKAGE="$PACKAGE_TARNAME"
|
|
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Define to the name of this package.])
|
|
AC_SUBST(PACKAGE)
|
|
|
|
if test "x$enable_nls" != xno; then
|
|
USED_CATALOGS='$(CATALOGS)'
|
|
else
|
|
USED_CATALOGS=
|
|
fi
|
|
AC_SUBST(USED_CATALOGS)
|
|
|
|
AC_ARG_ENABLE(maintainer-mode,
|
|
[ --enable-maintainer-mode enable rules only needed by maintainers],,
|
|
enable_maintainer_mode=no)
|
|
|
|
if test "x$enable_maintainer_mode" = xno; then
|
|
MAINT='#'
|
|
else
|
|
MAINT=
|
|
fi
|
|
AC_SUBST(MAINT)
|
|
|
|
# Enable expensive internal checks
|
|
is_release=
|
|
if test -f $srcdir/../gcc/DEV-PHASE \
|
|
&& test x"`cat $srcdir/../gcc/DEV-PHASE`" != xexperimental; then
|
|
is_release=yes
|
|
fi
|
|
|
|
AC_ARG_ENABLE(checking,
|
|
[AS_HELP_STRING([[--enable-checking[=LIST]]],
|
|
[enable expensive run-time checks. With LIST,
|
|
enable only specific categories of checks.
|
|
Categories are: yes,no,all,none,release.
|
|
Flags are: misc,valgrind or other strings])],
|
|
[ac_checking_flags="${enableval}"],[
|
|
# Determine the default checks.
|
|
if test x$is_release = x ; then
|
|
ac_checking_flags=yes
|
|
else
|
|
ac_checking_flags=release
|
|
fi])
|
|
IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="$IFS,"
|
|
for check in release $ac_checking_flags
|
|
do
|
|
case $check in
|
|
# these set all the flags to specific states
|
|
yes|all) ac_checking=1 ; ac_assert_checking=1 ; ac_valgrind_checking= ;;
|
|
no|none) ac_checking= ; ac_assert_checking= ; ac_valgrind_checking= ;;
|
|
release) ac_checking= ; ac_assert_checking=1 ; ac_valgrind_checking= ;;
|
|
# these enable particular checks
|
|
assert) ac_assert_checking=1 ;;
|
|
misc) ac_checking=1 ;;
|
|
valgrind) ac_valgrind_checking=1 ;;
|
|
# accept
|
|
*) ;;
|
|
esac
|
|
done
|
|
IFS="$ac_save_IFS"
|
|
|
|
if test x$ac_checking != x ; then
|
|
AC_DEFINE(CHECKING_P, 1,
|
|
[Define to 1 if you want more run-time sanity checks.])
|
|
else
|
|
AC_DEFINE(CHECKING_P, 0)
|
|
fi
|
|
|
|
if test x$ac_assert_checking != x ; then
|
|
AC_DEFINE(ENABLE_ASSERT_CHECKING, 1,
|
|
[Define if you want assertions enabled. This is a cheap check.])
|
|
fi
|
|
|
|
if test x$ac_valgrind_checking != x ; then
|
|
AC_DEFINE(ENABLE_VALGRIND_CHECKING, 1,
|
|
[Define if you want to workaround valgrind (a memory checker) warnings about
|
|
possible memory leaks because of libcpp use of interior pointers.])
|
|
fi
|
|
|
|
AC_ARG_ENABLE(canonical-system-headers,
|
|
[ --enable-canonical-system-headers
|
|
enable or disable system headers canonicalization],
|
|
[],
|
|
enable_canonical_system_headers=yes)
|
|
if test $enable_canonical_system_headers != no; then
|
|
AC_DEFINE(ENABLE_CANONICAL_SYSTEM_HEADERS,
|
|
1, [Define to enable system headers canonicalization.])
|
|
fi
|
|
|
|
case $target in
|
|
i?86-* | x86_64-*)
|
|
AC_TRY_COMPILE([], [asm ("pcmpestri %0, %%xmm0, %%xmm1" : : "i"(0))],
|
|
[AC_DEFINE([HAVE_SSE4], [1],
|
|
[Define to 1 if you can assemble SSE4 insns.])])
|
|
esac
|
|
|
|
# Enable --enable-host-shared.
|
|
AC_ARG_ENABLE(host-shared,
|
|
[AS_HELP_STRING([--enable-host-shared],
|
|
[build host code as shared libraries])])
|
|
AC_SUBST(enable_host_shared)
|
|
|
|
# Enable --enable-host-pie.
|
|
AC_ARG_ENABLE(host-pie,
|
|
[AS_HELP_STRING([--enable-host-pie],
|
|
[build host code as PIE])])
|
|
AC_SUBST(enable_host_pie)
|
|
|
|
if test x$enable_host_shared = xyes; then
|
|
PICFLAG=-fPIC
|
|
elif test x$enable_host_pie = xyes; then
|
|
PICFLAG=-fPIE
|
|
else
|
|
PICFLAG=
|
|
fi
|
|
|
|
AC_SUBST(PICFLAG)
|
|
|
|
# Enable Intel CET on Intel CET enabled host if jit is enabled.
|
|
GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
|
|
case x$enable_languages in
|
|
*jit*)
|
|
;;
|
|
*)
|
|
CET_HOST_FLAGS=
|
|
;;
|
|
esac
|
|
AC_SUBST(CET_HOST_FLAGS)
|
|
|
|
dnl # This check AC_REQUIREs various stuff, so it *must not* be inside
|
|
dnl # an if statement. This was the source of very frustrating bugs
|
|
dnl # in converting to autoconf 2.5x!
|
|
AC_CHECK_HEADER(valgrind.h, have_valgrind_h=yes, have_valgrind_h=no)
|
|
|
|
# It is certainly possible that there's valgrind but no valgrind.h.
|
|
# GCC relies on making annotations so we must have both.
|
|
AC_MSG_CHECKING(for VALGRIND_DISCARD in <valgrind/memcheck.h>)
|
|
AC_PREPROC_IFELSE([AC_LANG_SOURCE(
|
|
[[#include <valgrind/memcheck.h>
|
|
#ifndef VALGRIND_DISCARD
|
|
#error VALGRIND_DISCARD not defined
|
|
#endif]])],
|
|
[gcc_cv_header_valgrind_memcheck_h=yes],
|
|
[gcc_cv_header_valgrind_memcheck_h=no])
|
|
AC_MSG_RESULT($gcc_cv_header_valgrind_memcheck_h)
|
|
AC_MSG_CHECKING(for VALGRIND_DISCARD in <memcheck.h>)
|
|
AC_PREPROC_IFELSE([AC_LANG_SOURCE(
|
|
[[#include <memcheck.h>
|
|
#ifndef VALGRIND_DISCARD
|
|
#error VALGRIND_DISCARD not defined
|
|
#endif]])],
|
|
[gcc_cv_header_memcheck_h=yes],
|
|
[gcc_cv_header_memcheck_h=no])
|
|
AC_MSG_RESULT($gcc_cv_header_memcheck_h)
|
|
if test $gcc_cv_header_valgrind_memcheck_h = yes; then
|
|
AC_DEFINE(HAVE_VALGRIND_MEMCHECK_H, 1,
|
|
[Define if valgrind's valgrind/memcheck.h header is installed.])
|
|
fi
|
|
if test $gcc_cv_header_memcheck_h = yes; then
|
|
AC_DEFINE(HAVE_MEMCHECK_H, 1,
|
|
[Define if valgrind's memcheck.h header is installed.])
|
|
fi
|
|
|
|
AC_ARG_ENABLE(valgrind-annotations,
|
|
[AS_HELP_STRING([--enable-valgrind-annotations],
|
|
[enable valgrind runtime interaction])], [],
|
|
[enable_valgrind_annotations=no])
|
|
if test x$enable_valgrind_annotations != xno \
|
|
|| test x$ac_valgrind_checking != x; then
|
|
if (test $have_valgrind_h = no \
|
|
&& test $gcc_cv_header_memcheck_h = no \
|
|
&& test $gcc_cv_header_valgrind_memcheck_h = no); then
|
|
AC_MSG_ERROR([*** valgrind annotations requested, but])
|
|
AC_MSG_ERROR([*** Can't find valgrind/memcheck.h, memcheck.h or valgrind.h])
|
|
fi
|
|
AC_DEFINE(ENABLE_VALGRIND_ANNOTATIONS, 1,
|
|
[Define to get calls to the valgrind runtime enabled.])
|
|
fi
|
|
|
|
# Output.
|
|
|
|
AC_CONFIG_HEADERS(config.h:config.in, [echo timestamp > stamp-h1])
|
|
AC_CONFIG_FILES(Makefile)
|
|
AC_OUTPUT
|