Hardening Mode for the Compiler
9 months ago
- #Compiler
- #C++
- #Security
- Joint proposal from AaronBallman, shafik, Endill, and cor3ntin to improve C and C++ program safety and security.
- Current mechanisms for safety and security in Clang are scattered and poorly documented, making them hard to use.
- Proposal to unify existing mechanisms into an easy-to-use hardened mode for users.
- User expectations need to shift: breaking changes in compiler releases for safety are a feature, not a bug.
- GCC's -fhardened mode is referenced as prior art, but Clang may differ in implementation.
- Goals include enabling various flags (-f, -m, -D, -W) and macros automatically, requiring modern language standards, and passing linker flags.
- Multiple approaches proposed: config file, new driver mode, orthogonal flags, or a single flag for hardening.
- Community feedback sought on high-level direction before proceeding with detailed proposals.