Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable OSSF compiler hardening flags by default #9441

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Enable OSSF compiler hardening flags by default #9441

wants to merge 10 commits into from

Conversation

garazdawi
Copy link
Contributor

This PR enables some extra gcc/clang flags by default that disallow certain types of bugs/attack vectors. From what I can tell the flags do not impact performance, but depending on the usecase they might.

The flags are taken from https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md#-fno-strict-overflow

@garazdawi garazdawi added team:VM Assigned to OTP team VM enhancement labels Feb 14, 2025
@garazdawi garazdawi self-assigned this Feb 14, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 14, 2025
edited
Loading

CT Test Results

   11 files    253 suites   3h 22m 26s ⏱️
3 232 tests 3 043 ✅ 189 💤 0 ❌
4 692 runs  4 242 ✅ 450 💤 0 ❌

Results for commit 727cf7c.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@garazdawi garazdawi added this to the OTP-28.0 milestone Feb 17, 2025
@garazdawi garazdawi added the testing currently being tested, tag is used by OTP internal CI label Feb 17, 2025
sverker
sverker previously approved these changes Feb 17, 2025
View reviewed changes
@sverker sverker removed the testing currently being tested, tag is used by OTP internal CI label Feb 20, 2025
@garazdawi garazdawi force-pushed the lukas/otp/ossf-compiler-flags branch from f29ae91 to 32841a7 Compare February 21, 2025 07:30
@garazdawi garazdawi added the testing currently being tested, tag is used by OTP internal CI label Feb 21, 2025
@garazdawi garazdawi force-pushed the lukas/otp/ossf-compiler-flags branch from facce89 to 727cf7c Compare February 21, 2025 13:30
@garazdawi garazdawi requested a review from sverker February 21, 2025 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rickard-green rickard-green Awaiting requested review from rickard-green

@jhogberg jhogberg Awaiting requested review from jhogberg

@sverker sverker Awaiting requested review from sverker

At least 1 approving review is required to merge this pull request.

Assignees

@garazdawi garazdawi

Labels
enhancement team:VM Assigned to OTP team VM testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
OTP-28.0
Development

Successfully merging this pull request may close these issues.
2 participants
@garazdawi @sverker