Announcement

**coder** · 07 January 2023, 03:01 PM

Originally posted by erniv2 View Post

Can anybody enlighten me on this one ? I know that -w is warnings and -f is compiler flags -m is maschine but what is this -D thing ?

Option Summary (Using the GNU Compiler Collection (GCC))

It´s not even described in the options page ?!

As Vermilion said, -D defines a preprocessor macro. It would be entirely equivalent to place:

Code:

 #define _FORTIFY_SOURCE 3

...before any direct or indirect includes of any glibc headers. However, that's more fragile (because someone could move/remove it or put a relevant include above it) and requires touching lots of source files.

But all that still doesn't tell you much. What this really does is switches on some additional compile-time and runtime checks, in code using GNU libc. Here's the (overly terse, IMO), documentation, in the glibc manual:

Macro: _FORTIFY_SOURCE

If this macro is defined to 1, security hardening is added to various library functions. If defined to 2, even stricter checks are applied. If defined to 3, the GNU C Library may also use checks that may have an additional performance overhead.

https://www.gnu.org/software/libc/ma...IFY_005fSOURCE

**ryao** · 07 January 2023, 08:16 PM

Originally posted by coder View Post

Compilers use a cost model for the target CPU (or a blended one, no arch is specified), since instructions have significantly different rates of issue, throughput, and latency. The default optimization target is to minimize the number of CPU clock cycles, although you could instead use a cost model that rates instructions by their energy usage.

Thanks for the links to Souper and GNU superoptimizer. I wasn't familiar with those tools.

I am happy to hear that you found the links useful.

Announcement

Fedora 38 To Beef Up Its Compiler Fortification Defenses

Comment

Comment