Hi Erik, here is the updated webrev : http://cr.openjdk.java.net/~mbaesken/webrevs/8130017.2/
Best regards, Matthias > -----Original Message----- > From: Erik Joelsson <erik.joels...@oracle.com> > Sent: Freitag, 10. Mai 2019 16:29 > To: Baesken, Matthias <matthias.baes...@sap.com>; David Holmes > <david.hol...@oracle.com>; 'build-dev@openjdk.java.net' <build- > d...@openjdk.java.net> > Subject: Re: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds - > was : RE: gcc FORTIFY_SOURCE application security flags > > Hello Matthias, > > I think just -U_FORTIFY_SOURCE should be enough to unset it, no need to > also set it to 0. Also, I think it would be good to use an extra set of > variables to avoid repeating the flag, like this: > > ENABLE_FORTIFY_CFLAGS="-D_FORTIFY_SOURCE=2" > DISABLE_FORTIFY_CFLAGS="-U_FORTIFY_SOURCE" > C_O_FLAG_HIGHEST_JVM="${C_O_FLAG_HIGHEST_JVM} > ${ENABLE_FORTIFY_CFLAGS}" > ... > > /Erik > > On 2019-05-09 22:46, Baesken, Matthias wrote: > > Hello, here is the new webrev with the > > > > "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0" > > > > Set for the lower level optimization flags : > > > > http://cr.openjdk.java.net/~mbaesken/webrevs/8130017.1/ > > > > > > I would suggest to leave the pre-gcc4.8 cleanup to a separate change. > > > > Best regards, Matthias > > > > > > > >> Configure will protest if GCC version is less than 4.8 (see toolchain.m4 > >> *_MINIMUM_VERSION variables). > >> > >> That said, as long as we conditionally set the FDLIBM_CFLAGS like this, > >> I would say we need to continue honoring the result of that check. You > >> could also remove the check altogether since it seems to no longer be > >> needed. > >> > >> /Erik > >> > >> On 2019-05-09 07:14, Baesken, Matthias wrote: > >>> Hello, > >>> I tried setting > >>> > >>> "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0" > >>> > >>> And this seems indeed to work , no warning any more . > >>> > >>> Let's hope gcc does not change the command line parsing . > >>> > >>> Btw. is there a gcc version that a) still compiles jdk/jdk and b) > >>> would > >> show the issue ? > >>> (with our internally used gcc's we are always > 4.6 in jdk/jdk ) > >>> > >>> Best regards, Matthias > >>> > >>> > >>>> -----Original Message----- > >>>> From: Erik Joelsson <erik.joels...@oracle.com> > >>>> Sent: Donnerstag, 9. Mai 2019 15:18 > >>>> To: Baesken, Matthias <matthias.baes...@sap.com>; David Holmes > >>>> <david.hol...@oracle.com>; 'build-dev@openjdk.java.net' <build- > >>>> d...@openjdk.java.net> > >>>> Subject: Re: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug > builds - > >>>> was : RE: gcc FORTIFY_SOURCE application security flags > >>>> > >>>> Hello, > >>>> > >>>> I just tried this and you are correct. However, it does seem to work if > >>>> you instead use -U_FORTIFY_SOURCE. > >>>> > >>>> /Erik > >>>> > >>>> On 2019-05-09 05:36, Baesken, Matthias wrote: > >>>>> Hi Erik, while setting -O<x> and -O<y> (with x != y ) in one > >>>>> gcc/g++ > >>>> command line call works , > >>>>> setting together -D_FORTIFY_SOURCE=2 and - > >> D_FORTIFY_SOURCE=0 > >>>> in one command line call generates a warning , so I think we cannot do > >> that . > >>>>> Best regards, Matthias > >>>>>