_FORTIFY_SOURCE=1 differs from _FORTIFY_SOURCE=2 only in the bounds
checking mode that it uses.
With _FORTIFY_SOURCE=1, bounds checks are 'loose', allowing access to the
whole underlying object, not just the subset referenced in the expression
(e.g, the bounds of a struct member is the whole struct, not just the
member).
With _FORTIFY_SOURCE=2, bounds checks are strict, meaning that the bounds
of an expression are limited to the referenced value.
Both of these perform their checks at runtime, calling _chk_fail if the
bounds check fails. That's done in the __*_chk functions included in the C
library. These are always called when _FORTIFY_SOURCE > 0, unless the
compiler replaces the call with inline code.
GCC already does all of the compile-time bounds checking for string and mem
functions when not using -ffreestanding, so there's nothing we need to add
for that to work. That means the security_fortify_compile_time property
should be empty.
Signed-off-by: Keith Packard <keithp@keithp.com>
Commit 40c2e08e82 ("xcc/cmake: don't discard stderr; don't (ever!) use
ERROR_QUIET") fixed xcc but the corresponding code is duplicated. Fix
the duplicates too.
See that commit for the issue description, longer commit message and
rationale.
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Replace the TLS base address pointer from TPIDRURO to TPIDRURW.
The difference between them is that TPIDRURO is read-only in user mode
but TPIDRURW isn't. So TPIDRURO is much more suitable for store
the address of _kernel.CPU[n]. For this reason, this commit replaces
the base pointer of the TLS area.
Signed-off-by: Huifeng Zhang <Huifeng.Zhang@arm.com>
This enables -Wshadow to warn about shadow variables on
in tree code under arch/, boards/, drivers/, kernel/,
lib/, soc/, and subsys/.
Note that this does not enable it globally because
out-of-tree modules will probably take some time to fix
(or not at all depending on the project), and it would be
great to avoid introduction of any new shadow variables
in the meantime.
Also note that this tries to be done in a minimally
invasive way so it is easy to revert when we enable
-Wshadow globally. Source files under modules/, samples/
and tests/ are currently excluded because there does not
seem to be a trivial way to add -Wshadow there without
going through all CMakeLists.txt to add the option
(as there are 1000+ files to change).
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Add new option to use thread local storage for stack
canaries. This makes harder to find the canaries location
and value. This is made optional because there is
a performance and size penalty when using it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
58408 fixed compilation for GCC >= 13.1. But -dumpversion's output
length depends on compile time configuration. It might only yield the
major version. So use -dumpfullversion instead, which is guaranteed to
always include major, minor and patch version.
Signed-off-by: Jan Henke <Jan.Henke@taujhe.de>
This property specifies the flag used to pass the linker script filename
through the compiler front end tot he linker.
For clang, we use the general purpose linker-pass through -Wl flag with -T:
-Wl,-T as clang doesn't support -T.
For gcc, we use -T directly as this keeps the picolibc specs file from
inserting the picolibc linker script as well.
If the compiler doesn't specify a value, we continue to use -Wl,-T as
before.
Signed-off-by: Keith Packard <keithp@keithp.com>
So they depend or select on the right NATIVE_BUILD
instead of NATIVE_APPLICATION.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Configuration error:
| -- Configuring done (4.9s)
| CMake Error in CMakeLists.txt:
| Target "zephyr_interface" contains relative path in its
| INTERFACE_INCLUDE_DIRECTORIES:
|
| "include-fixed"
With GCC-13, limits.h and syslimits.h header files
are always being installed to include folder.
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=be9dd80f933480
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Add a new compiler option to control tracking locations of tokens across
macro expansions. It may be useful to disable it when debugging long
macro expansion chains.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
These flags were added to avoid warnings when main was declared to return
void. Now that main returns int, those warnings will flag errors.
Signed-off-by: Keith Packard <keithp@keithp.com>
Add a Kconfig option to set the compiler save-temps flag and set the GCC
implementation. This is very useful for troubleshooting macro expansion
issues, having an option allows a user to set it like any other config
option.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
New C++ versions have deprecated "register" variables and restricted
"volatile" semantics, so new gcc's will emit warnings when they see
that syntax. Zephyr uses both in our C headers (though we should
probably get rid of register and unify with C++'s volatile model), so
we're disabling the resulting warnings.
But OLD gcc variants (like xcc, sigh) don't understand new -Wvolatile
and -Wregister on the command line, so they get confused. Limit the
uses to the standard versions for which gcc would emit warnigns; xcc
doesn't support those anyway.
Signed-off-by: Andy Ross <andyross@google.com>
Move extra warning option from generic twister script into
compiler-dependent config files.
ARCMWDT compiler doesn't support extra warning options ex.
"-Wl,--fatal-warnings". To avoid build fails flag
"disable_warnings_as_errors" should be passed to twister.
This allows all warning messages and make atomatic test useles.
Signed-off-by: Nikolay Agishev <agishev@synopsys.com>
Deprecate old sparse support as Zephyr now provides a proper
infrastructure for SCA tools. Set ZEPHYR_SCA_VARIANT to sparse if user
is using deprecated way.
This allows to cleanup sparse code in various places and thus have a
cleaner build system.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add a compiler option to not merge globals. gen_kobject_list.py
is not capable of distinguish addresses of merged objects. The script
itself does not look wrong. The dward specification says that the
attribute DW_AT_location with opcode DW_OP_addr encodes a machine
address and whose size is the size of an address on the target machine
but for merged objects the address is longer, not clear why.
Disable global merge when userspace is enabled to avoid this problem.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When using picolibc from the toolchain, we need to use the standard include
paths to make sure the library headers are found, especially for libstdc++.
Add toolchain picolibc to the list of cases for which this is the case.
Signed-off-by: Keith Packard <keithp@keithp.com>
This commit updates all in-tree code to use `CONFIG_CPP` instead of
`CONFIG_CPLUSPLUS`, which is now deprecated.
Signed-off-by: Stephanos Ioannidis <stephanos.ioannidis@nordicsemi.no>
This adds a choice of three different libc API buffer overflow detection
modes:
* None
* Compile-time
* Compile-time and Run-time
These correspond with the clang/gcc _FORTIFY_SOURCE modes (0/1/2).
_FORTIFY_SOURCE depends on compiler optimizations and require libc support
which the minimal C library doesn't include, so _FORTIFY_SOURCE is disabled
by default in those cases. Native tooling might also enable
_FORTIFY_SOURCE, so don't enable it by default in that case either.
Signed-off-by: Keith Packard <keithp@keithp.com>
GCC will compute expected sprintf (et al) return values internally and use
them in place of the actual return value. When the printf implementation
has reduced functionality, gcc may compute a different value.
For picolibc, this means disabling the optimization unless floating point
output is enabled.
Signed-off-by: Keith Packard <keithp@keithp.com>
The whole set of architecture flags must be specified together as
they might not make sense in isolation, e.g. -mfloat-abi=hard requires
a -mcpu value that might have an FPU. Use the NO_SPLIT feature to
bind all of the linker options together so that the linker can
compute the correct linker paths for toolchain-provided libraries like
libc and libgcc.
Signed-off-by: Keith Packard <keithp@keithp.com>
Make sure the linker knows what the target is, in case it needs to find
additional target-specific libraries (like picolibc).
Signed-off-by: Keith Packard <keithp@keithp.com>
Fixes commit 7a85ff7683 ("add sparse support")
The sparse build needs (at least) two things:
1. sparse to be in the PATH
2. the environment variable REAL_CC to be defined and to match the
value expected by CMake
Fix error messages when either condition is wrong.
- New error message when 1. is not satisfied:
```
CMake Error at zephyr/cmake/compiler/gcc/target.cmake:12 (find_program):
Could not find CMAKE_C_COMPILER using the following names: cgcc
```
- Previous error "message" when 1. is not satisfied:
```
CMake Error at zephyr/cmake/compiler/gcc/target.cmake:17 (message):
C compiler
ZSDK/xtensa-intel_s1000_zephyr-elf/bin/xtensa-intel_s1000_zephyr-elf-gcc
not found - Please check your toolchain installation
```
Note the "not found" cross-compiler actually exists!
- New error message when 2. is not satisfied:
```
Kconfig header saved to 'ws/build-tgl/zephyr/include/generated/autoconf.h'
-- Found sparse: /home/user/sparse/cgcc
CMake Error at ws/zephyr/cmake/compiler/gcc/target.cmake:25 (message):
The only way to override its 'cc' default when cross-compiling with
sparse is unfortunately an environment variable. So you _must_ set
REAL_CC at both configuration time and build time to:
$ZSDK/xtensa-intel_s1000_zephyr-elf/bin/xtensa-intel_s1000_zephyr-elf-gcc
```
- Previous error "message" when 2. is not satisfied:
```
modules/hal/xtensa/include/xtensa/config/core.h:54:10:
error:unable to open 'core-isa.h'`
```
Also: stop using the same name REAL_CC for both the internal CMake
variable and the external sparse parameter; they're two different
things so name them differently. Environment variable messes are
complicated enough.
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Fixes: #47588
Use `check_set_compiler_property(... "SHELL:-Wformat -W<format-option>")`
to ensure that compiler options requiring `-Wformat` to work properly
are tested with said option.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
ARC processors are highly configurable, so ARC toolchain supports
big amount of mcpu options for all that HW configurations.
As difference in many configurations among the same processor
family usually doesn't affect Zephyr code we don't want
to create Kconfig option for each possible CPU configuration
(just to map Kconfig option to correspondent mcpu value
in 'cmake/gcc-m-cpu.cmake').
Instead we prefer being able to set proper mcpu value
individually for any ARC SoC and using 'cmake/gcc-m-cpu.cmake'
just for reasonable defaults.
To apply SoC-related changes for build-options on early stages of building
'tune_build_ops.cmake' should be created in appropriate SoC directory.
Example:
./soc/arc/snps_qemu/tune_build_ops.cmake
File content:
set(GCC_ARC_TUNED_CPU hs4xd)
Signed-off-by: Nikolay Agishev <agishev@synopsys.com>
xcc-clang in based on clan-10 and does not support -fno-pic and
-fno-pie.
clang-10: warning: argument unused during compilation: '-fno-pic'
[-Wunused-command-line-argument]
[147/148] Linking C executable zephyr/zephyr.elf
clang-10: warning: argument unused during compilation: '-no-pie'
[-Wunused-command-line-argument]
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This had bitrotten a bit, and didn't build as shipped. Current
libasan implementations want -fsanitize=address passed as a linker
argument too. We have grown a "lld" linker variant that needs the
same cmake treatment as the "ld" binutils one, but never got it. But
the various flags had been cut/pasted around to different places, with
slightly different forms. That's really sort of a mess, as sanitizer
support was only ever support with host toolchains for native_posix
(and AFAICT no one anywhere has made this work on cross compilers in
an embedded environment). And the separate "gcc" vs. "llvm" layers
were silly, as there has only ever been one API for this feature (from
LLVM, then picked up compatibly by gcc).
Pull this stuff out and just do it in one place in the posix arch for
simplicity.
Also recent sanitizers are trying to add instrumentation padding
around data that we use linker trickery to pack tightly
(c.f. SYS_INIT, STRUCT_SECTION_ITERABLE) and we need a way
("__noasan") to turn that off. Actually for gcc, it was enough to
just make the records const (already true for most of them, except a
native_posix init struct), but clang apparently isn't smart enough.
Finally, add an ASAN_RECOVER kconfig that enables the use of
"halt_on_error=0" in $ASAN_OPTIONS, which continues execution past the
first error.
Signed-off-by: Andy Ross <andyross@google.com>
This commit adds the `no_strict_aliasing` flag, which disables
the strict aliasing rule, for the GCC compiler and its derivatives.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Some processors support Dual-redundant Core Lock-step
DCLS) topology but the processor still can be ran in
split-lock mode (by default or changed at flash time).
So, introduce config DCLS that is enabled by default if
config CPU_HAS_DCLS is set, it should be disabled if
processor is used in split-lock mode.
Signed-off-by: Dat Nguyen Duy <dat.nguyenduy@nxp.com>
Compilation warnings appears for C++ files, that following
options are not valid:
-ffrestanding,
-Wno-format-zero-length
-Wno-main
-fgnu89-inline
-std-gnu99
Added checks to filter out unsupported flags.
Signed-off-by: Jaroslaw Stelter <Jaroslaw.Stelter@intel.com>
This patch is doing several things:
- Core ISA and extension Kconfig symbols have now a formalized name
(CONFIG_RISCV_ISA_* and CONFIG_RISCV_ISA_EXT_*)
- a new Kconfig.isa file was introduced with the full set of extensions
currently supported by the v2.2 spec
- a new Kconfig.core file was introduced to host all the RISCV cores
(currently only E31)
- ISA and extensions settings are moved to SoC configuration files
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
When SYSROOT_DIR is provided, gcc should use it through the --sysroot=
option otherwise some commands won't work as expected.
For example, in the Yocto environment when cross compiling,
--print-libgcc-file-name prints only "libgcc.a" instead of the full
path to it and the subsequent assert_exists(LIBGCC_FILE_NAME) will
fail.
Fixes#45578
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Current Espressif porting requires standard include as
part of hal implementation. compiler_flags.cmake checks for
variant name to keep those stdinc in build.
Instead of using variant name as check, use this new CONFIG
to make it clear and to allow having toolchain integrated
in zephyr-sdk package.
stdinc dependency in hal_espressif will be worked out and removed
soon.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
When Dual-redundant Core Lock-step (DCLS) topology is used, the VFP
registers across the two redundant cores must be manually initialised
and synchronised, and this requires the `-mfloat-abi=hard` option to
be specified.
This commit forces the use of FP "hard" ABI on the VFP-equipped cores
that are configured in DCLS topology.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the Zephyr build system to support specifying
advanced floating-point compilation options derived from the newly
introduced unified floating-point configurations.
The following changes are introduced by this commit:
1. Specify architecture floating-point option to the `-mcpu` flag.
2. Specify floating-point unit (FPU) type using the `-mfpu` flag.
Note that the `-march` flag is not specified separately because the
`-mcpu` flag provides more detailed architecture options and this
makes the `-march` flag redundant.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
With this adding "-DSPARSE=y" to the "west build" command line
performs a sparse check of the project build. So far only gcc-based
builds are supported.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
This will generate profile data that can be analyzed using gprof. When
you build the application (currently for native_posix only), after
running the application you will get a file "gmon.out" with the call
graph which can be processed with gprof:
gprof build/zephyr/zephyr.exe gmon.out > analysis.txt
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
New KConfig options for 'A' and 'M' RISC-V extensions have been
added. These are used to configure the '-march' string used by GCC
to produce a compatible binary for the requested RISC-V variant.
In order to maintain compatibility with all currently defined SoC,
default the options for HW mul / Atomics support to 'y', but allow
them to be overridden for any SoC which does not support these.
I tested this change locally via twister agaisnt a few RISC-V platforms
including some 32bit and 64bit. To verify the 4 possibilities of Atomics
& HW Mul: (No, No), (No, Yes), (Yes, No), (Yes, Yes -- current behavior),
I used an out-of-tree GCC (xPack RISC-V GCC) which has multilib support
for rv32i, rv32ia, rv32ima to test against our out-of-tree Intel Nios V/m
processor in HW. The Zephyr SDK RISCV GCC currently does not contain
multilib support for all variants exposed by these new KConfig options.
Signed-off-by: Nathan Krueger <nathan.krueger@intel.com>
Add a compiler property for disabling pointer arithmetic warnings,
and implement that property for GCC.
Signed-off-by: Yonatan Schachter <yonatan.schachter@gmail.com>
This reverts commit deeb98da53.
A less invasive change has been implemented which does not
require changes to the GCC compiler flag file. So revert
the commit.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Some older versions of XCC Clang would result in the following
error during compilation:
/tmp/file.s: Assembler messages:
/tmp/file.s:20: Error: file number 1 already allocated
clang-3.9: error: Xtensa-as command failed with exit code 1
due to a bug in LLVM: https://bugs.llvm.org/show_bug.cgi?id=11740.
This is fixed in upstream, https://reviews.llvm.org/D20002, in 2016.
However, it seems that it is only fixed after XCC RI-2018.0.
Instead of blanket disabling usage of '-g', use an environment
variable "XCC_NO_G_FLAG" to disable usage of flag '-g' to workaround
this issue. This needs to be manually set because there is no way to
know which XCC version is being used, and compiler flag checking for
'-g' would not result in error (and thus '-g' is not ignored).
This is only needed for older XCC Clang. For sufficiently new XCC
verisons, there is no need for this.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This commit defines the toolchain command line options for the
Zephyr MIPS architectural port.
Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com>
Signed-off-by: Remy Luisant <remy@luisant.ca>
After having resolved all of the instances of packed member access,
re-enable the warning.
Fixes#16587.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This commit adds the `nostdincxx` C++ compiler property for GCC, which
is specified when the C++ standard library (`CONFIG_LIB_CPLUSPLUS`) is
disabled.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Keith Packard
Marc Herbert
Grant Ramsay
Huifeng Zhang
Daniel Leung
Flavio Ceolin
Jan Henke
Girisha Dengi
Alberto Escolar Piedras
Naveen Saini
Gerard Marull-Paretas
Fabio Baltieri
Andy Ross
Nikolay Agishev
Torsten Rasmussen
Stephanos Ioannidis
Carlo Caione
Stephanos Ioannidis
Dat Nguyen Duy
Jaroslaw Stelter
Luca Fancellu
Sylvio Alves
Guennadi Liakhovetski
Anas Nashif
Nathan Krueger
Yonatan Schachter
Nazar Kazakov
Antony Pavlov
Carles Cufi