STACK_CANARIES was enabling canaries in all functions using the compiler
flag -fstack-protector-all. This became confuse with the addition of the
options STRONG and EXPLICIT.
This commit adds the missing option (default level) and disambiguous the
options mapping them close to the compiler flags.
Now we have the following options:
STACK_CANARIES -> fstack-protector
STACK_CANARIES_STRONG -> fstack-protector-strong
STACK_CANARIES_ALL -> fstack-protector-all
STACK_CANARIES_EXPLICIT -> fstack-protector-explicit
Note that from now on STACK_CANARIES_ALL is the symbol that adds canaries
for all functions.
Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
Add option to enable stack canaries only when explicitely
declared. It adds a new function attribute, __stack_protect, that
can be used to enable stack protection in a function.
Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
Previously, when stack canaries were enabled, Zephyr applied this
protection to all functions. This commit introduces a new option that
allows stack canary protection to be applied selectively to specific
functions based on certain criteria.
Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
CMakeLists.txt uses the C compiler parameter -include,
This is causing issues for other toolchains and needs to generalized.
Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
Fix the following warnings:
[255/261] Linking C executable zephyr/zephyr_pre0.elf
lto-wrapper: warning: using serial compilation of 8 LTRANS jobs
lto-wrapper: note: see the '-flto' option documentation for more
information
[260/261] Linking C executable zephyr/zephyr.elf
lto-wrapper: warning: using serial compilation of 8 LTRANS jobs
lto-wrapper: note: see the '-flto' option documentation for more
information
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
`arcmwdt`` and `clang` both have
`-Wno-missing-field-initializers` in `warning_dw_1` and
`-Wmissing-field-initializers` in `warning_dw_2` while `gcc`
has `-Wmissing-field-initializers` in `warning_dw_1`, so
update it to match.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
Moving specs argument to compiler and linker properties so that the
compiler and linker in use can decide how the flags are mapped / handled
for the compiler and linker in use.
This avoids specifying `--specs=spec.picolibc` for clang which prints a
warning about an unused argument.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Both Clang [1] and (recently) GCC [2] support this flag to enable
additional codesize optimizations beyond -Os, possibly at the expense of
performance.
This tradeoff is worthwhile for some (and, Clang's -Oz seems to be
closer to GCC's -Os currently), so add a new abstraction for this flag
so users can select it as appropriate.
[1] https://clang.llvm.org/docs/CommandGuide/clang.html#cmdoption-O0
[2] https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-Oz
Signed-off-by: Jonathon Penix <jpenix@quicinc.com>
set_compiler_property does not accept a TARGET argument. Only set_property
does but they are easy to confuse. This patch fixes the wrong instances of
set_compiler_property that should have been set_property.
Signed-off-by: Nicolas Lebedenco <nicolas@lebedenco.net>
Too many times, code is pushed that includes floats that really
becomes doubles and C implicit promotion rules will want to make
floats into doubles very easily. As zephyr primarily targets
low-end process that may not have a double precision floating
point unit, enable this flag globally for now.
Signed-off-by: Ryan McClelland <ryanmcclelland@meta.com>
_FORTIFY_SOURCE=1 differs from _FORTIFY_SOURCE=2 only in the bounds
checking mode that it uses.
With _FORTIFY_SOURCE=1, bounds checks are 'loose', allowing access to the
whole underlying object, not just the subset referenced in the expression
(e.g, the bounds of a struct member is the whole struct, not just the
member).
With _FORTIFY_SOURCE=2, bounds checks are strict, meaning that the bounds
of an expression are limited to the referenced value.
Both of these perform their checks at runtime, calling _chk_fail if the
bounds check fails. That's done in the __*_chk functions included in the C
library. These are always called when _FORTIFY_SOURCE > 0, unless the
compiler replaces the call with inline code.
GCC already does all of the compile-time bounds checking for string and mem
functions when not using -ffreestanding, so there's nothing we need to add
for that to work. That means the security_fortify_compile_time property
should be empty.
Signed-off-by: Keith Packard <keithp@keithp.com>
This enables -Wshadow to warn about shadow variables on
in tree code under arch/, boards/, drivers/, kernel/,
lib/, soc/, and subsys/.
Note that this does not enable it globally because
out-of-tree modules will probably take some time to fix
(or not at all depending on the project), and it would be
great to avoid introduction of any new shadow variables
in the meantime.
Also note that this tries to be done in a minimally
invasive way so it is easy to revert when we enable
-Wshadow globally. Source files under modules/, samples/
and tests/ are currently excluded because there does not
seem to be a trivial way to add -Wshadow there without
going through all CMakeLists.txt to add the option
(as there are 1000+ files to change).
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Add new option to use thread local storage for stack
canaries. This makes harder to find the canaries location
and value. This is made optional because there is
a performance and size penalty when using it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This property specifies the flag used to pass the linker script filename
through the compiler front end tot he linker.
For clang, we use the general purpose linker-pass through -Wl flag with -T:
-Wl,-T as clang doesn't support -T.
For gcc, we use -T directly as this keeps the picolibc specs file from
inserting the picolibc linker script as well.
If the compiler doesn't specify a value, we continue to use -Wl,-T as
before.
Signed-off-by: Keith Packard <keithp@keithp.com>
So they depend or select on the right NATIVE_BUILD
instead of NATIVE_APPLICATION.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Add a new compiler option to control tracking locations of tokens across
macro expansions. It may be useful to disable it when debugging long
macro expansion chains.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
These flags were added to avoid warnings when main was declared to return
void. Now that main returns int, those warnings will flag errors.
Signed-off-by: Keith Packard <keithp@keithp.com>
Add a Kconfig option to set the compiler save-temps flag and set the GCC
implementation. This is very useful for troubleshooting macro expansion
issues, having an option allows a user to set it like any other config
option.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
New C++ versions have deprecated "register" variables and restricted
"volatile" semantics, so new gcc's will emit warnings when they see
that syntax. Zephyr uses both in our C headers (though we should
probably get rid of register and unify with C++'s volatile model), so
we're disabling the resulting warnings.
But OLD gcc variants (like xcc, sigh) don't understand new -Wvolatile
and -Wregister on the command line, so they get confused. Limit the
uses to the standard versions for which gcc would emit warnigns; xcc
doesn't support those anyway.
Signed-off-by: Andy Ross <andyross@google.com>
Move extra warning option from generic twister script into
compiler-dependent config files.
ARCMWDT compiler doesn't support extra warning options ex.
"-Wl,--fatal-warnings". To avoid build fails flag
"disable_warnings_as_errors" should be passed to twister.
This allows all warning messages and make atomatic test useles.
Signed-off-by: Nikolay Agishev <agishev@synopsys.com>
Add a compiler option to not merge globals. gen_kobject_list.py
is not capable of distinguish addresses of merged objects. The script
itself does not look wrong. The dward specification says that the
attribute DW_AT_location with opcode DW_OP_addr encodes a machine
address and whose size is the size of an address on the target machine
but for merged objects the address is longer, not clear why.
Disable global merge when userspace is enabled to avoid this problem.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When using picolibc from the toolchain, we need to use the standard include
paths to make sure the library headers are found, especially for libstdc++.
Add toolchain picolibc to the list of cases for which this is the case.
Signed-off-by: Keith Packard <keithp@keithp.com>
This adds a choice of three different libc API buffer overflow detection
modes:
* None
* Compile-time
* Compile-time and Run-time
These correspond with the clang/gcc _FORTIFY_SOURCE modes (0/1/2).
_FORTIFY_SOURCE depends on compiler optimizations and require libc support
which the minimal C library doesn't include, so _FORTIFY_SOURCE is disabled
by default in those cases. Native tooling might also enable
_FORTIFY_SOURCE, so don't enable it by default in that case either.
Signed-off-by: Keith Packard <keithp@keithp.com>
GCC will compute expected sprintf (et al) return values internally and use
them in place of the actual return value. When the printf implementation
has reduced functionality, gcc may compute a different value.
For picolibc, this means disabling the optimization unless floating point
output is enabled.
Signed-off-by: Keith Packard <keithp@keithp.com>
Fixes: #47588
Use `check_set_compiler_property(... "SHELL:-Wformat -W<format-option>")`
to ensure that compiler options requiring `-Wformat` to work properly
are tested with said option.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
xcc-clang in based on clan-10 and does not support -fno-pic and
-fno-pie.
clang-10: warning: argument unused during compilation: '-fno-pic'
[-Wunused-command-line-argument]
[147/148] Linking C executable zephyr/zephyr.elf
clang-10: warning: argument unused during compilation: '-no-pie'
[-Wunused-command-line-argument]
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This had bitrotten a bit, and didn't build as shipped. Current
libasan implementations want -fsanitize=address passed as a linker
argument too. We have grown a "lld" linker variant that needs the
same cmake treatment as the "ld" binutils one, but never got it. But
the various flags had been cut/pasted around to different places, with
slightly different forms. That's really sort of a mess, as sanitizer
support was only ever support with host toolchains for native_posix
(and AFAICT no one anywhere has made this work on cross compilers in
an embedded environment). And the separate "gcc" vs. "llvm" layers
were silly, as there has only ever been one API for this feature (from
LLVM, then picked up compatibly by gcc).
Pull this stuff out and just do it in one place in the posix arch for
simplicity.
Also recent sanitizers are trying to add instrumentation padding
around data that we use linker trickery to pack tightly
(c.f. SYS_INIT, STRUCT_SECTION_ITERABLE) and we need a way
("__noasan") to turn that off. Actually for gcc, it was enough to
just make the records const (already true for most of them, except a
native_posix init struct), but clang apparently isn't smart enough.
Finally, add an ASAN_RECOVER kconfig that enables the use of
"halt_on_error=0" in $ASAN_OPTIONS, which continues execution past the
first error.
Signed-off-by: Andy Ross <andyross@google.com>
This commit adds the `no_strict_aliasing` flag, which disables
the strict aliasing rule, for the GCC compiler and its derivatives.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Compilation warnings appears for C++ files, that following
options are not valid:
-ffrestanding,
-Wno-format-zero-length
-Wno-main
-fgnu89-inline
-std-gnu99
Added checks to filter out unsupported flags.
Signed-off-by: Jaroslaw Stelter <Jaroslaw.Stelter@intel.com>
Current Espressif porting requires standard include as
part of hal implementation. compiler_flags.cmake checks for
variant name to keep those stdinc in build.
Instead of using variant name as check, use this new CONFIG
to make it clear and to allow having toolchain integrated
in zephyr-sdk package.
stdinc dependency in hal_espressif will be worked out and removed
soon.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
This will generate profile data that can be analyzed using gprof. When
you build the application (currently for native_posix only), after
running the application you will get a file "gmon.out" with the call
graph which can be processed with gprof:
gprof build/zephyr/zephyr.exe gmon.out > analysis.txt
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add a compiler property for disabling pointer arithmetic warnings,
and implement that property for GCC.
Signed-off-by: Yonatan Schachter <yonatan.schachter@gmail.com>
This reverts commit deeb98da53.
A less invasive change has been implemented which does not
require changes to the GCC compiler flag file. So revert
the commit.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Some older versions of XCC Clang would result in the following
error during compilation:
/tmp/file.s: Assembler messages:
/tmp/file.s:20: Error: file number 1 already allocated
clang-3.9: error: Xtensa-as command failed with exit code 1
due to a bug in LLVM: https://bugs.llvm.org/show_bug.cgi?id=11740.
This is fixed in upstream, https://reviews.llvm.org/D20002, in 2016.
However, it seems that it is only fixed after XCC RI-2018.0.
Instead of blanket disabling usage of '-g', use an environment
variable "XCC_NO_G_FLAG" to disable usage of flag '-g' to workaround
this issue. This needs to be manually set because there is no way to
know which XCC version is being used, and compiler flag checking for
'-g' would not result in error (and thus '-g' is not ignored).
This is only needed for older XCC Clang. For sufficiently new XCC
verisons, there is no need for this.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
After having resolved all of the instances of packed member access,
re-enable the warning.
Fixes#16587.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This commit adds the `nostdincxx` C++ compiler property for GCC, which
is specified when the C++ standard library (`CONFIG_LIB_CPLUSPLUS`) is
disabled.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
The compiler option "-fdiagnostics-color=always" is not known to XCC
(which is based on really old GCC). So don't enable color
diagnostic output when building with XCC.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
GCC 11 defaults to output DWARF version 5 which pyelftools cannot
currently parse. So keep output at version 4 for the time being.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Adds no-threadsafe-statics to compiler flags for gcc and arcmwdt.
The flag is required to compile the samples - the module can compile
without it.
Signed-off-by: Lauren Murphy <lauren.murphy@intel.com>
When compiler results are piped through a non-terminal (e.g. ninja)
the compiler disables colour diagnostics. Using `-fdiagnostics-color`
forces the compiler to enable colour output. This flag is set for
clang and gcc when `ZEPHYR_BUILD_COLOUR_DIAGNOSTIC` environment
variable is set when a clean build is started.
Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>
'-Wexpansion-to-defined'
Warn whenever 'defined' is encountered in the expansion of a macro
(including the case where the macro is expanded by an '#if'
directive). Such usage is not portable. This warning is also
enabled by '-Wpedantic' and '-Wextra'.
This is enabled by default in llvm but not in gcc. Given that it is 'not
portable', lets disallow this in gcc and keep both compilers in sync.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Compound assigments like x |= y to volatile qualified values are
deprecated in C++20. This idiom is common in CMSIS headers for
manipulating peripheral registers. Since these headers are core they
are likely to be included indirectly in C++ modules; since they are in
vendor-provided headers we can't "fix" them.
Disable the warning when building for C++.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
XCC does not support the compiler flag -Wno-unused-but-set-variable
so check for flag support before setting it in cmake.
Fixes#29707
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Flavio Ceolin
Benedikt Schmidt
Robin Kastberg
Vinayak Kariappa Chettimada
Yong Cong Sin
Torsten Rasmussen
Jonathon Penix
Nicolas Lebedenco
Marc Herbert
Radoslaw Koppel
Ryan McClelland
Keith Packard
Grant Ramsay
Daniel Leung
Flavio Ceolin
Alberto Escolar Piedras
Gerard Marull-Paretas
Fabio Baltieri
Andy Ross
Nikolay Agishev
Stephanos Ioannidis
Jaroslaw Stelter
Sylvio Alves
Anas Nashif
Yonatan Schachter
Nazar Kazakov
Carles Cufi
Alexander Wachter
Lauren Murphy
Arvin Farahmand
Shubham Kulkarni
Peter Bigot