Compiler Flags

Every package MUST honour the compiler flags when building. Honouring means that the compiler that is compiling code is actually using them.

They are set in the environment inCFLAGS andCXXFLAGS environment variables.

Hardening

By default, code that is created by the IPFire compiler is hardened. In particular we have-fstack-protector-all and-fPIE enabled.

PIE

All libraries and binaries MUST be compiled with-fPIC. The quality-agent won't accept code that is not compiled in that way.

In some cases, it is required to disable it in the compiler in order to create code, that is NOT running in the userspace (Linux kernel, bootloaders, memtest, etc.). In that case, add-fno-PIE to the compiler flags.

Stack Smashing Protector

All the code is compiled with-fstack-protector-all.

In the same circumstances as in the PIE section, it may be required to disable that feature. Add-fno-stack-protector to the compiler flags.

Altering CFLAGS

It is not recommended to alter CFLAGS in any other cases than described above.

If you need to, ask the distribution maintainers and add a comment to the makefile.

Additional optimization

It is strongly discouraged to turn on experimental flags like-ffast-math or-O3.

If you can prove significant increase of performance on the compiled code you need to document that in the makefile.

Safe flags to use

-fno-strict-aliasing

Some code cannot be strictly aliased (turned on by-O2). You will notice numerous compiler warnings. In that case, it is safe to add-fno-strict-aliasing to the compiler flags.

Edit Page ‐ Yes, you can edit!

Older Revisions • November 11, 2015 at 11:10 am • Michael Tremer