Followup to 90098473d5.
I changed my mind on this a few times. libcxx's documentation describes [0]
the hardening modes as:
"""
1) Unchecked mode/none, which disables all hardening checks.
2) Fast mode, which contains a set of security-critical checks that can be done
with relatively little overhead in constant time and are intended to be used
in production. We recommend most projects adopt this.
3) Extensive mode, which contains all the checks from fast mode and some additional
checks for undefined behavior that incur relatively little overhead but aren’t
security-critical. Production builds requiring a broader set of checks than fast
mode should consider enabling extensive mode. The additional rigour impacts performance
more than fast mode: we recommend benchmarking to determine if that is acceptable
for your program.
4) Debug mode, which enables all the available checks in the library, including
internal assertions, some of which might be very expensive. This mode is
intended to be used for testing, not in production.
"""
We chose 3) before because it felt like a better fit for what we're trying
to do and the most equivalent option to libstdc++'s _GLIBCXX_ASSERTIONS, but on
reflection, maybe we're better off picking a default with less overhead and
more importantly guarantees constant time checks.
[0] https://libcxx.llvm.org/Hardening.html#using-hardening-modes
Bug: https://github.com/mesonbuild/meson/issues/12962
Signed-off-by: Sam James <sam@gentoo.org>
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
pull/13014/head
Sam James
8 months ago
committed by
Eli Schwartz
parent
80e1d28b04
commit
509a140529
1 changed files with 1 additions and 1 deletions
Loading…
Reference in new issue