Re: RFR: JDK-8129395 Configure should verify that -fstack-protector is valid - take 2

Mon, 08 Feb 2016 02:29:55 -0800 

On 2016-02-05 13:25, David Holmes wrote:

Hi Magnus,

This seems reasonable. The proof of course is in the testing.
Testing on our JPRT systems that include a gcc which does not support -fstack-protector showed in the configure log that it was not enabled. 

/Magnus



Thanks,
David

On 5/02/2016 8:48 PM, Magnus Ihse Bursie wrote:

A previous fix to check if -fstack-protector is accepted by gcc failed,
since when testing the option, gcc emitted a warning and not an error.

The one thing I'm thinking here about is if the ssp-buffer-size option
should be more tightly coupled with the -fstack-protector flag. It does
not harm to have it without the -f flag, but it seems a bit funny.
Opinions?

I also noted that this flag is added to CFLAGS_DEBUG_OPTIONS. This means
that it only gets activated if we generate debug symbols. For Oracle
builds we always do so it doesn't really matter, but I'd say that it's
technically incorrect. I'd rather not fix that now, though, but save it
for the upcoming and long overdue cleanup of flags handling.

Bug: https://bugs.openjdk.java.net/browse/JDK-8129395
Patch inline:
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4
--- a/common/autoconf/flags.m4
+++ b/common/autoconf/flags.m4
@@ -1,5 +1,5 @@
  #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights
reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights
reserved.
  # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  #
  # This code is free software; you can redistribute it and/or modify it
@@ -426,7 +426,7 @@
        # Add runtime stack smashing and undefined behavior checks.
        # Not all versions of gcc support -fstack-protector
        STACK_PROTECTOR_CFLAG="-fstack-protector-all"
-      FLAGS_COMPILER_CHECK_ARGUMENTS(ARGUMENT:
[$STACK_PROTECTOR_CFLAG], IF_FALSE: [STACK_PROTECTOR_CFLAG=""])
+      FLAGS_COMPILER_CHECK_ARGUMENTS(ARGUMENT: [$STACK_PROTECTOR_CFLAG
-Werror], IF_FALSE: [STACK_PROTECTOR_CFLAG=""])

        CFLAGS_DEBUG_OPTIONS="$STACK_PROTECTOR_CFLAG --param
ssp-buffer-size=1"
        CXXFLAGS_DEBUG_OPTIONS="$STACK_PROTECTOR_CFLAG --param
ssp-buffer-size=1"

/Magnus

Reply via email to