On 7 Mar 2024, at 05:32, Mark Millard wrote:
>
> 2 of the notes for libc++ 18 for the harding mode are:
>
> QUOTE
> Enabling hardening has no impact on the ABI.
> . .
> Since the static and shared library components of libc++ are built by the
> vendor, setting this macro will have no impact on the hardening mode for the
> pre-built components. Most libc++ code is header-based, so a user-provided
> value for _LIBCPP_HARDENING_MODE will be mostly respected.
> END QUOTE
>
> The modes are described by:
>
> QUOTE
>• Unchecked mode/none, which disables all hardening checks.
>• Fast mode, which contains a set of security-critical checks that can be
> done with relatively little overhead in constant time and are intended to be
> used in production. We recommend most projects adopt this.
>• Extensive mode, which contains all the checks from fast mode and some
> additional checks for undefined behavior that incur relatively little
> overhead but aren’t security-critical. Production builds requiring a broader
> set of checks than fast mode should consider enabling extensive mode. The
> additional rigour impacts performance more than fast mode: we recommend
> benchmarking to determine if that is acceptable for your program.
>• Debug mode, which enables all the available checks in the library,
> including internal assertions, some of which might be very expensive. This
> mode is intended to be used for testing, not in production.
> END QUOTE
>
> Technically, DEBUG builds and non-DEBUG world builds could have different
> FreeBSD settings for LIBCXX_HARDENING_MODE I suppose.
>
> QUOTE (relative to non-prebuilt components)
> Users wishing for a different hardening level to their vendor default are
> able to control the level by passing one of the following options to the
> compiler:
>
> -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_NONE
> -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST
> -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE
> -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_DEBUG
> END QUOTE
In the llvm-18-update branch, I have updated the libc++ __config_site file to
use the upstream defaults for when assertions are enabled:
https://github.com/DimitryAndric/freebsd-src/blob/llvm-18-update/lib/libc%2B%2B/__config_site#L39
This is emitted by upstream's CMakeLists.txt for libcxx:
https://github.com/llvm/llvm-project/blob/release/18.x/libcxx/CMakeLists.txt#L784
The comment there says LIBCXX_ENABLE_ASSERTIONS will be deprecated, but I think
having the extensive option on by default is fine, certainly for -CURRENT.
Note, I have no particular objection if we would "crank down" the level to
"fast" for -STABLE or -RELEASE branches. But I don't know any specific
performance difference statistics for these various levels.
Note also that our earlier libc++ builds did not have assertions enabled, so it
may be worth some discussion whether it is desirable at all.
-Dimitry