Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8130017

use _FORTIFY_SOURCE in gcc fastdebug builds

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 13
    • Component/s: infrastructure
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b22

      Description

      Defining the _FORTIFY_SOURCE={1 or 2} macro when compiling with gcc enables some checks for buffer overflow when the optimization level is at least 1. See man feature_test_macros(7) for some more details about what this configuration macro does.

      Because it only applies with -O1 and higher, this macro isn't useful for (slow)debug builds, which use -O0.

      Unfortunately, some care is needed for fastdebug builds.

      Because _FORTIFY_SOURCE > 0 only applies with -O1 and higher, some versions of glibc (starting with glibc-2.16) test the optimization level when _FORTIFY_SOURCE is defined, and produce a warning if the optimization level is insufficient. This is to prevent the user's request for additional checking from being silently ignored. See

        https://sourceware.org/bugzilla/show_bug.cgi?id=13979

      This check and warning is in /usr/include/features.h. This warning, combined with -Werror being on in at least some places, would result in a build failure on affected platforms when building hotspot if a non-0 _FORTIFY_SOURCE value is used, since there are some files that are specifically built with -O0 for various reasons. We previously tried enabling _FORTIFY_SOURCE (JDK-8032045) and ran into exactly this problem. See JDK-8047952 and JDK-8050803, which were addressed by backing out the use of _FORTIFY_SOURCE.

      The files in question add $(OPT_CFLAGS/NOOPT) to their file-specific OPT_CFLAGS. I think adding "-U_FORTIFY_SOURCE" to OPT_CFLAGS/NOOPT on affected platforms might be sufficient to address this problem.

      Defining _FORTIFY_SOURCE=2 may be overly agressive, as the documentation for this feature says this may cause some valid code to fail.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mbaesken Matthias Baesken
              Reporter:
              kbarrett Kim Barrett
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: