Commit graph

15 commits

Author SHA1 Message Date
Daniel Bertalan
a4645060e6 CMake: Add hardening flags
- `-fstack-protection-strong` enables stack canaries for functions where
  addresses of local variables are taken or arrays/structures
  containing arrays are allocated on the stack.
- `-fstrict-flex-arrays=2` causes the compiler to only treat arrays with
  unknown bounds (`[]`) or zero-length-arrays (`[0]`) as *flexible array
  members*, allowing the sanitizers to emit bounds checks for structs
  with proper arrays as their last member.

More rigorous options (such as AArch64 pointer authentication, Control
Flow Integrity, _FORTIFY_SOURCE) should be investigated in the future,
however this is a good baseline.
2024-07-17 21:51:29 +02:00
Daniel Bertalan
c62240aa80 Everywhere: Warn on function definitions without prototypes
If no header includes the prototype of a function, then it cannot be
used from outside the translation unit it was defined in. In that case,
it should be marked as `static`, in order to avoid possible ODR
problems, unnecessary exported symbols, and allow the compiler to better
optimize those.

If this warning triggers in a function defined in a header, `inline`
needs to be added, otherwise if the header is included in more than one
TU, it will fail to link with a duplicate definition error.

The reason this diff got so big is that Lagom-only code wasn't built
with this flag even in Serenity times.
2024-07-17 21:51:29 +02:00
Daniel Bertalan
7fe82a1cda CMake: Add back stricter warnings used in Serenity builds
These used to be enabled in `serenity_compile_options.cmake` for
Serenity builds and were removed in 9b05fb98. This is a slightly more
conservative subset of those, with ones that are enabled by default
omitted.

This should prevent our code quality regressing in the long run.
2024-07-17 21:51:29 +02:00
Diego Iastrubni
0b22aae518 Meta: Fix compilation flags for clang-cl
As part of https://github.com/LadybirdWebBrowser/ladybird/issues/38 -
the first baby step, is to make sure that we do not use compile flags
not supported by clang-cl.
2024-06-18 05:52:44 -06:00
Andrew Kaster
77e890b15e Meta+Documentation+Ports: Move from C++20 to C++23
Now that oss-fuzz is on a clang commit > the 17.x release candidates,
we can start looking at some shiny new features to enable.
2024-05-06 11:46:28 -06:00
ronak69
d720fb8845 CMake: Set CMAKE_COLOR_DIAGNOSTICS to ON for colored diagnostics
This patch removes the explicit compile flag that only works for g++
(`-fdiagnostics-color=always`; clang++ needs `-fcolor-diagnostics`) and
uses CMake's built in variable that can control color output.

Now both compilers should output colored diagnostics.
2024-01-18 13:59:35 +01:00
Dan Klishch
96d44b1572 Userland: Make bit-fields compatible with MSVC C++ ABI 2023-12-07 10:28:19 -07:00
Andreas Kling
a6106ca221 AK: Use __builtin_offsetof() + -Wno-invalid-offsetof to silence ASAN
ASAN was crying way too much when running the LibJS JIT since the old
OFFSET_OF implementation was too wild for its liking.

By turning off the invalid-offsetof warnings, we can use the offsetof
builtin instead. However, I'm leaving this as a wrapper macro, since
we may still want to do something different for other compilers.
2023-11-24 12:49:15 +01:00
Dan Klishch
2dba79bc6b Meta: Globally disable floating point contraction
FP contraction is a standard-conforming behavior which allows the
compiler to calculate intermediate results of expressions containing
floating point numbers with a greater precision than the expression type
allows. And in theory, it enables additional optimizations, such as
replacing `a * b + c` with fma(a, b, c).

Unfortunately, it is extremely hard to predict when the contraction will
happen. For example, Clang 17 on x86_64 with the default options will
use FMA only for constant-folded non-constexpr expressions. So, in
practice, FP contraction leads to hard-to-find bugs and inconsistencies
between executables compiled with different toolchains or for different
OSes. And we had two instances of this happening last week.

Since we did not ever used -mfma on x86_64, this patch can only possibly
regress performance on Apple ARM devices, where FMA is enabled by
default. However, this regression will likely be negligible since the
difference would be one additional add instruction, which would be then
likely executed in parallel with something else.
2023-11-16 19:05:13 -05:00
Daniel Bertalan
cf3c8a216b CMake: Disable Clang 18+ -Wvla-cxx-extension warning
This warning warns about variable-length arrays being a non-standard
extension to the C++ language. We still have a few instances of VLAs, so
let's disable the warning for now.

This does not interfere with `-Wvla`, which we use to completely forbid
this (potentially dangerous) feature in the Kernel and LibCrypto.
2023-11-05 13:41:13 -07:00
Daniel Bertalan
c0cf6e3744 CMake: Set -fvisibility-inlines-hidden on ELF platforms
The C++ semantics of `inline` dictate that such functions might be
defined in multiple translation units. As with all other functions, they
must have the same address in all TUs. Because of this, the compiler
emits `inline` functions as weak symbols, which the dynamic linker can
then resolve to the same address everywhere.

This rule is responsible for a significant overhead at startup, as such
lookups happen by name. Namely, 86'000 of the 114'000 by-name symbol
lookups when loading LibWeb can be attributed to this. Most of these
are only ever defined in a single object, making this even more
pointless.

As nothing in our code relies on either ELF symbol interposition rules
or function address equality, we can use the -fvisibility-inlines-hidden
escape hatch, which causes this rule to be disregarded. As the symbols
are now hidden, no load-time symbol lookup is needed. This flag is used
without issues in other large C++ codebases like Chromium and LLVM.

Some relevant light reading, suggested by Nico:
- https://ridiculousfish.com/blog/posts/i-didnt-order-that-so-why-is-it-on-my-bill-episode-1.html
- https://www.cs.dartmouth.edu/~sergey/cs258/ABI/UlrichDrepper-How-To-Write-Shared-Libraries.pdf
- https://blog.llvm.org/2018/11/30-faster-windows-builds-with-clang-cl_14.html
- https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Dialect-Options.html#index-fvisibility-inlines-hidden
2023-08-12 05:14:20 +02:00
Daniel Bertalan
00b4976f2c Everywhere: Make Lagom build with GCC 13
GCC 13 was released on 2023-04-26. This commit fixes Lagom build errors
when using an updated host toolchain:
- Adds a workaround for a bug in constraint handling, which made LibJS
  fail to compile: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109683
- Silences the new `-Wdangling-reference` diagnostic globally. It
  produces multiple false positives with no clear way to silence them
  without `#pragmas`.
- Silences `-Wself-move` in `RefPtr` tests as GCC 13 adds this
  previously Clang-exclusive warning.
2023-05-02 07:03:57 -04:00
Nico Weber
8f988b7bae Meta: Move more common flags to common_compile_options.cmake
For the most part no behavior change, except that we now pass
-Wno-implicit-const-int-float-conversion and -Wno-literal-suffix
only to clang and gcc each in both lagom and serenity builds,
while we previously passed them to both in lagom builds (and
passed them to one each in serenity builds). The former is
a clang flag, the latter a gcc flag, but since we also use
-Wno-unknown-warning-option it doesn't really matter.
2023-04-18 10:05:49 +02:00
Nico Weber
4aaefeb1d5 Meta: Move some flags to common_compile_options.cmake
No behavior change.
2023-04-17 00:52:21 +02:00
Linus Groh
ee721978f6 Meta: Move compiler flags into standalone CMake files
This way we can have all of them in a single place, similar to how we
structure options added via the serenity_option() macro.
2022-05-14 17:53:06 +02:00