Add -fcf-protection. #4437
Add -fcf-protection. #4437
Conversation
driver/main.cpp
Outdated
| @@ -1003,6 +1003,20 @@ void registerPredefinedVersions() { | |||
| VersionCondition::addPredefinedGlobalIdent("LDC_ThreadSanitizer"); | |||
| } | |||
|
|
|||
| switch (opts::fCFProtection) { | |||
| case opts::CFProtectionType::Branch: | |||
| VersionCondition::addPredefinedGlobalIdent("__CET_1__"); | |||
There was a problem hiding this comment.
if you wanted to add a enum instead of a bunch of version there is __traits(getInfo, "string_key")
There was a problem hiding this comment.
__traits(getTargetInfo, "key"), might be a good idea. clang's __CET__ can be used as bitmask, whereas checking for branch-protection with the current versions would probably be something ugly like
version (__CET_1__) version = BranchCFProtection;
version (__CET_3__) version = BranchCFProtection;
version (BranchCFProtection) …There was a problem hiding this comment.
getTargetInfo, that was what I meant to say. Also it is not immediately obvious what __CET_n__ refer to. I agree that adding VersionCondition::addPredefinedGlobalIdent("LDC_BranchCFProtection"); is much better.
(as an aside, does GCC/GDC have something similar? if so we should try to have a common interface "D_BranchControlFlowProtection"? @ibuclaw).
There was a problem hiding this comment.
as an aside, does GCC/GDC have something similar?
GDC supports CET but I don't think it sets any predefined version
There was a problem hiding this comment.
Thanks for the help here :)
__traits(getTargetInfo, "__CET__") for similarity with C ? Or without the underscores?
No version needed then, static if (__traits(getTargetInfo, "key") > 0) would suffice. I'm thinking that __CET__ is very rarely needed; the only usecase I can think of is writing assembly (I see in cet.h the bitmasking usecase the Martin mentioned).
There was a problem hiding this comment.
as an aside, does GCC/GDC have something similar?
GDC supports CET but I don't think it sets any predefined version
Correct. The druntime library is compiled with -fversion=CET because I've not ported fibers to work with both branch protection or shadow stack.
I gather otherwise the end user shouldn't really care about it.
There was a problem hiding this comment.
Thanks for the help here :)
__traits(getTargetInfo, "__CET__")for similarity with C ? Or without the underscores?
No version needed then,static if (__traits(getTargetInfo, "key") > 0)would suffice.
BTW, I went with -fversion because the code that really needs to be aware of it in druntime (asm Fibers) is a bunch of nested version conditions and declarations.
|
It turns out that @ibara Can you try building LDC's runtime with this patch and test the whole LDC test suite on OpenBSD (with CET requirement)? |
|
Should we error when this flag is passed for non-X86 targets? |
Yes, Clang currently shows |
Will test this weekend. Thanks! |
|
[LLVM 9 needs a fix: |
|
all green now |
|
Didn't forget about this. Will get you test data when I am home a little later today. |
Resolves issue #4435
I do not know how to cleanly add compiler-defined enum value (e.g.__CET__ == 1), so I opted for adding compiler-defined versions instead.