[RFC] [PATCH] Implement -ffortify for C/C++
Dirk Mueller
dmueller@suse.de
Tue Jan 30 15:47:00 GMT 2007
Hi,
this patch adds a command line switch -ffortify=1,2 that works simliar to the
glibc define -D_FORTIFY_SOURCE=1,2. The main difference to the glibc
implementation is that it also works for C++ code. The glibc implementation
uses #define's that replace certain string and memory related functions (e.g.
strcpy) with the strcpy_chk variant. This does not work with C++ due to
namespace issues and is therefore disabled alltogether for this language. The
gcc implementation does not suffer from this issue and can also fortify
namespaced calls, e.g. calls to "std::strcpy" correctly.
The patch is so far bootstrapped for c,c++ and fortran and tested on various
testcases and real world code. regression test is unaffected since it is not
enabled by default. A regression test run with unconditionally enabled
ffortify leads to some failures, which I believe are related to testcases not
expecting the rewrite (investigation still in progress).
Comments?
Thanks,
Dirk
2007-01-27 Dirk Mueller <dmueller@suse.de>
* doc/invoke.texi (-ffortify): Document.
* common.opt (ffortify): Define.
c-common.c (build_bos_call, fortify_mem_builtin_fn,
fortify_printf_builtin_fn): New.
(resolve_overloaded_builtin): Call fortify_mem_builtin_fn
and fortify_printf_builtin_fn if -ffortify is set to
substitute directly into *_chk variants of the fortify builtins.
* cp/semantics.c (finish_call_expr): Move call to
resolve_overloaded_builtin ..
* cp/call.c (build_new_function_call): to after overload
resolution to be able to fortify even std:: variants of builtins.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fortify-2.diff
Type: text/x-diff
Size: 9955 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20070130/e41d2ab0/attachment.bin>
More information about the Gcc-patches
mailing list