Implement the %build_type_safety_c macro (#2218019)

The default remains at 0 (no change) until the corresponding Fedora
change proposal is accepted:

  <https://fedoraproject.org/wiki/Changes/GNUToolchainF39>
This commit is contained in:
Florian Weimer 2023-07-05 13:36:52 +02:00
parent 7692bbaf45
commit 246107d5f6
3 changed files with 59 additions and 2 deletions

View File

@ -114,6 +114,55 @@ or:
BuildRequires: clang compiler-rt
%endif
### Controlling Type Safety
The macro `%build_type_safety_c` can be set to change the C type
safety level. By default (value 0), all C constructs that GCC accepts
for backwards compatibility with obsolete language standards are
accepted during package builds. Packages can set
`%build_type_safety_c` to higher values to adopt future
distribution-wide type-safety increases early.
When changing the `%build_type_safety_c` level to increase it, spec
file should use a construct like this to avoid *lowering* a future
default:
```
%if %build_type_safety_c < 2
%global %build_type_safety_c 2
%endif
```
At level 1, the following additional error categories are enabled:
* `-Werror=implicit-int`: Reject declarations and definitions that
omit a type name where one is required. Examples are:
`extern int_variable;`, `extern int_returning_function (void);`,
and missing separate parameter type declarations in old-style
function definitions.
* `-Werror=implicit-function-declaration`: Reject calls to functions
to undeclared functions such as `function_not_defined_anywhere ()`.
Previously, such expressions where we compiled as if a declaration
`extern int function_not_defined_anywhere ();` (a prototype-less
function declaration) were in scope.
At level 2, the following error category is enabled in addition:
* `-Werror=int-conversion`: Reject the use of integer expressions
where a pointer type expected, and pointer expressions where an
integer type is expected. Without this option, GCC may produce an
executable, but often, there are failures at run time because not
the full 64 bits of pointers are preserved.
The additional level 3 error category is:
* `-Werror=incompatible-pointer-types`: An expression of one pointer
type is used where different pointer type is expected. (This does
not cover signed/unsigned mismatches in the pointer target type.)
Clang errors out on more obsolete and invalid C constructs than C, so
the type safety is higher by default than with the GCC toolchain.
### Disable autotools compatibility patching
By default, the invocation of the `%configure` macro replaces
@ -416,6 +465,7 @@ The general (architecture-independent) build flags are:
This can occasionally result in compilation errors. In that case,
the best option is to rewrite the source code so that only constant
format strings (string literals) are used.
* Other `-Werror=` options. See **Controlling C Type Safety**.
* `-U_FORTIFY_SOURCE, -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=3`:
See the Source Fortification section above and the `%_fortify_level`
override.

6
macros
View File

@ -384,12 +384,16 @@ print(result)
%_fortify_level 3
%_fortify_level_flags %[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
# This can be set to a positive integer to obtain increasing type
# safety levels for C. See buildflags.md.
%build_type_safety_c 0
# Some linkers default to a build-id algorithm that is not supported by rpmbuild,
# so we need to specify the right algorithm to use.
%_build_id_flags -Wl,--build-id=sha1
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
%_warning_options -Wall%[%__build_for_lang_any ? " -Wno-complain-wrong-lang" : ""]%[%__build_for_lang_c + %__build_for_lang_cxx ? " -Werror=format-security" : ""]
%_warning_options -Wall%[%__build_for_lang_any ? " -Wno-complain-wrong-lang" : ""]%[%__build_for_lang_c + %__build_for_lang_cxx ? " -Werror=format-security" : ""]%[%__build_for_lang_c && (%build_type_safety_c >= 1) ? " -Werror=implicit-function-declaration -Werror=implicit-int" : ""]%[%__build_for_lang_c && (%build_type_safety_c >= 2) ? " -Werror=int-conversion" : ""]%[%__build_for_lang_c && (%build_type_safety_c >= 3) ? " -Werror=incompatible-pointer-types" : ""]
%_preprocessor_defines %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
# Common variables are no longer generated by default by gcc and clang

View File

@ -4,7 +4,7 @@
# 2) When making changes, increment the version (in baserelease) by 1.
# rpmdev-bumpspec and other tools update the macro below, which is used
# in Version: to get the desired effect.
%global baserelease 259
%global baserelease 260
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
@ -254,6 +254,9 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora/srpm forge.lua
%doc buildflags.md
%changelog
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 260-1
- Implement the %%build_type_safety_c macro (#2218019)
* Wed Jul 5 2023 Florian Weimer <fweimer@redhat.com> - 259-1
- Filter out C, C++ build flags from Fortran build flags (#2177253)