From 509a140529328f316702411b8e9940a930340d52 Mon Sep 17 00:00:00 2001 From: Sam James Date: Tue, 12 Mar 2024 22:37:44 +0000 Subject: [PATCH] compilers: cpp: relax assertion level for libc++ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Followup to 90098473d51e6f059e775f1833b0a2ea91c8f8f9. I changed my mind on this a few times. libcxx's documentation describes [0] the hardening modes as: """ 1) Unchecked mode/none, which disables all hardening checks. 2) Fast mode, which contains a set of security-critical checks that can be done with relatively little overhead in constant time and are intended to be used in production. We recommend most projects adopt this. 3) Extensive mode, which contains all the checks from fast mode and some additional checks for undefined behavior that incur relatively little overhead but aren’t security-critical. Production builds requiring a broader set of checks than fast mode should consider enabling extensive mode. The additional rigour impacts performance more than fast mode: we recommend benchmarking to determine if that is acceptable for your program. 4) Debug mode, which enables all the available checks in the library, including internal assertions, some of which might be very expensive. This mode is intended to be used for testing, not in production. """ We chose 3) before because it felt like a better fit for what we're trying to do and the most equivalent option to libstdc++'s _GLIBCXX_ASSERTIONS, but on reflection, maybe we're better off picking a default with less overhead and more importantly guarantees constant time checks. [0] https://libcxx.llvm.org/Hardening.html#using-hardening-modes Bug: https://github.com/mesonbuild/meson/issues/12962 Signed-off-by: Sam James Signed-off-by: Eli Schwartz --- mesonbuild/compilers/cpp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mesonbuild/compilers/cpp.py b/mesonbuild/compilers/cpp.py index 540dedb18..f0d763b61 100644 --- a/mesonbuild/compilers/cpp.py +++ b/mesonbuild/compilers/cpp.py @@ -315,7 +315,7 @@ class ClangCPPCompiler(_StdCPPLibMixin, ClangCompiler, CPPCompiler): # Clang supports both libstdc++ and libc++ args.append('-D_GLIBCXX_ASSERTIONS=1') if version_compare(self.version, '>=18'): - args.append('-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE') + args.append('-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST') elif version_compare(self.version, '>=15'): args.append('-D_LIBCPP_ENABLE_ASSERTIONS=1')