-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcc_and_flags.mk
78 lines (66 loc) · 2.39 KB
/
cc_and_flags.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
WGCC = -Wlogical-op -Wcast-align=strict
WGCC += -Wsuggest-attribute=format -Wsuggest-attribute=malloc
WGCC += -Wsuggest-attribute=pure -Wsuggest-attribute=const
WGCC += -Wsuggest-attribute=noreturn -Wsuggest-attribute=cold
WGCC += -Wformat-security -Warray-bounds -Wstack-protector
WGCC += -Wall -Wextra -Wpedantic -Wshadow -Wvla -Wpointer-arith -Wwrite-strings \
-Wfloat-equal -Wcast-align -Wcast-qual -Wbad-function-cast \
-Wunreachable-code -Wundef -Werror=format-security -Werror=array-bounds
WNOFLAGS= -Wno-unknown-pragmas -Wno-unused-result
VISIBILITY ?= -fvisibility=hidden
ifeq ($(RELEASE),true)
F_CFLAGS = -march=x86-64 -O2
else
F_CFLAGS = -O2
endif
LFLAGS =
# detect if the user chose GCC or Clang
ifeq ($(shell $(CC) -v 2>&1 | grep -c "gcc version"), 1)
LINKER = $(CC)
# LTO = -flto -fno-fat-lto-objects
STRIP ?= strip
ifeq ($(DEBUG),true)
# gcc-specific security/debug flags
WGCC += -fanalyzer
F_CFLAGS += -ggdb
endif #debug
F_CFLAGS += $(WGCC)
else ifeq ($(shell $(CC) -v 2>&1 | grep -c "clang version"), 1)
LINKER = $(CC)
LTO = -flto=thin
AS = llvm-as
OBJCOPY = llvm-objcopy
STRIP ?= llvm-strip
ifeq ($(DEBUG),true)
# clang-specific security/debug flags
F_CFLAGS += -fsanitize=undefined,signed-integer-overflow,null,alignment,address,leak,cfi \
-fsanitize-undefined-trap-on-error -ftrivial-auto-var-init=pattern \
-mspeculative-load-hardening -mretpoline
LFLAGS = -fsanitize=address
endif #debug
F_CFLAGS += -Wall -Wextra -Wpedantic
WNOFLAGS += -Wno-disabled-macro-expansion
endif #compiler
ifeq ($(DEBUG),true)
# generic security/debug flags
F_CFLAGS += -Og -D_DEBUG -fno-builtin
LFLAGS += -Wl,-z,relro,-z,noexecstack
endif # DEBUG
ifeq ($(RELEASE),true)
F_CFLAGS += -fstack-clash-protection -D_FORTIFY_SOURCE=2 -fcf-protection \
-Werror=format-security
LFLAGS += -fPIE -fPIC
endif
# Are we doing PGO?
ifeq ($(PGO),gen)
F_CFLAGS += -fprofile-instr-generate -gline-tables-only -fcoverage-mapping
LFLAGS += -fprofile-instr-generate
else ifeq ($(PGO),use)
F_CFLAGS += -fprofile-instr-use=fetchme.profdata -gline-tables-only
LFLAGS += -fprofile-instr-use=fetchme.profdata
endif
# build generic release
# Flags every compile will need
F_CFLAGS += -D_PACKAGE_NAME=\"$(TARGET)\" -D_PACKAGE_VERSION=\"$(VERSION)\" \
$(MODULES) -std=c99 -pipe $(LTO) $(WNOFLAGS) $(IVAR) $(VISIBILITY) $(CFLAGS)
LFLAGS += $(IVAR) $(LTO) $(M_LFLAGS) -L/usr/local/lib $(LDFLAGS)