SUSE: Disable the following: * Optimizer flags. Anything other than straight -O2 isn't well tested (either more or less optimization) * -flto still needs to be handled by gn as it needs to be disabled for some targets, and global CFLAGS go at the end of the commandline * Submodel options (-march and friends). Upstream notoriously forces SSE3 despite the code not requiring it. * note that cpu options for ARM are currently left in, as they do not seem to do harm and V8 needs to know the exact target anyway * libstdc++ assertions. Enabling them or not should in general be the distro's decision. Electron does not run untrusted code (unlike browsers) and as such does not really benefit from security paranoia. * Debuginfo format. Upstream seems to force something that is not recognized by rpmbuild. * per-target debuginfo level is left in as it is still useful (-g2 everywhere does not work) * Emitting code for the PIC model. It is needed in case of shared libraries, but results in a larger executable (and Electron is already enormous) It should be enabled individually on code that gets into separate libraries (and we know when to do it — otherwise we're getting linker error) * -rdynamic. The rationale given is bogus (the allocator gets exported regardless). The main executable needs to be linked with -rdynamic anyway, but eg. chrome_crashpad_handler doesn't. From 307a0f63dd9b118f4b8470ed3d7567e81fdb7a6d Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Fri, 22 Apr 2022 09:05:24 +0000 Subject: [PATCH] Disable various compiler configs --- build/config/compiler/BUILD.gn | 114 +++++---------------------------- 1 file changed, 17 insertions(+), 97 deletions(-) --- src/build/config/compiler/BUILD.gn.orig 2025-07-19 11:32:29.581980058 +0200 +++ src/build/config/compiler/BUILD.gn 2025-07-19 16:12:37.505818698 +0200 @@ -310,9 +310,7 @@ config("compiler") { configs += [ # See the definitions below. - ":clang_revision", ":rustc_revision", - ":compiler_cpu_abi", ":compiler_codegen", ":compiler_deterministic", ":clang_warning_suppression", @@ -338,7 +336,6 @@ config("compiler") { # See: https://gcc.gnu.org/PR97913 # TODO(mpdenton): remove is_clang once GCC bug is fixed. if ((!is_nacl || is_nacl_saigo) && !is_ubsan && is_clang) { - cflags += [ "-fno-delete-null-pointer-checks" ] } # Make signed overflow and pointer overflowdefined to wrap. @@ -348,7 +345,6 @@ config("compiler") { if (is_win) { cflags += [ "/clang:-fno-strict-overflow" ] } else { - cflags += [ "-fno-strict-overflow" ] } } @@ -364,7 +360,12 @@ config("compiler") { if (!is_win) { # Common POSIX compiler flags setup. # -------------------------------- - cflags += [ "-fno-strict-aliasing" ] # See http://crbug.com/32204 + # To future SUSE maintainers: Do not re-enable this, you will save yourself hours of debugging! + # This is an optimizer flag, not a C dialect flag to make GCC behave like clang. + # Despite what the -Wlto-type-mismatch warning text tells you, enabling this will NOT fix miscompiles, + # and seems to cause other problems in GCC12. See https://bugs.chromium.org/p/chromium/issues/detail?id=1373615#c6 + # ANY BUGS DUE TO ALIASING SHOULD BE FIXED IN CODE, AND THE PATCHES SENT UPSTREAM! + # cflags += [ "-fno-strict-aliasing" ] # See http://crbug.com/32204 # Stack protection. ShadowCallStack and Stack protector address the same # problems. Therefore, we only enable one or the other. Clang advertises SCS as @@ -500,10 +501,6 @@ config("compiler") { # Linux/Android/Fuchsia common flags setup. # --------------------------------- if (is_linux || is_chromeos || is_android || is_fuchsia) { - asmflags += [ "-fPIC" ] - cflags += [ "-fPIC" ] - ldflags += [ "-fPIC" ] - rustflags += [ "-Crelocation-model=pic" ] if (!is_clang) { # Use pipes for communicating between sub-processes. Faster. @@ -1148,11 +1145,6 @@ config("libcxx_hardening") { defines = [ "_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_NONE" ] } - # Enable libstdc++ hardening lightweight assertions. Those have a low - # performance penalty but are considered a bare minimum for security. - if (use_safe_libstdcxx) { - defines += [ "_GLIBCXX_ASSERTIONS=1" ] - } } # The BUILDCONFIG file sets this config on targets by default, which means when @@ -1218,7 +1210,8 @@ config("thinlto_optimize_max") { # without using everything that "compiler" brings in. Options that # tweak code generation for a particular CPU do not belong here! # See "compiler_codegen", below. -config("compiler_cpu_abi") { +config("compiler_cpu_abi") { } +config("xcompiler_cpu_abi") { cflags = [] ldflags = [] defines = [] @@ -1994,7 +1987,8 @@ config("tot_warnings") { # Collects all warning flags that are used by default. This is used as a # subconfig of both chromium_code and no_chromium_code. This way these # flags are guaranteed to appear on the compile command line after -Wall. -config("default_warnings") { +config("default_warnings") { } +config("xdefault_warnings") { cflags = [] cflags_cc = [] ldflags = [] @@ -2262,11 +2256,7 @@ config("chromium_code") { defines = [ "_HAS_NODISCARD" ] } } else { - cflags = [ "-Wall" ] - if (is_clang) { - # Enable extra warnings for chromium_code when we control the compiler. - cflags += [ "-Wextra" ] - } + cflags = [] # In Chromium code, we define __STDC_foo_MACROS in order to get the # C99 macros on Mac and Linux. @@ -2275,24 +2265,6 @@ config("chromium_code") { "__STDC_FORMAT_MACROS", ] - if (!is_debug && !using_sanitizer && current_cpu != "s390x" && - current_cpu != "s390" && current_cpu != "ppc64" && - current_cpu != "mips" && current_cpu != "mips64" && - current_cpu != "riscv64" && current_cpu != "loong64") { - # Non-chromium code is not guaranteed to compile cleanly with - # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are - # disabled, so only do that for Release build. - fortify_level = "2" - - # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3 - # implementation with a few custom glibc patches. Use that if it's - # available. - if (is_chromeos_device && !lacros_use_chromium_toolchain) { - fortify_level = "3" - } - defines += [ "_FORTIFY_SOURCE=" + fortify_level ] - } - if (is_apple) { cflags_objc = [ "-Wimplicit-retain-self" ] cflags_objcc = [ "-Wimplicit-retain-self" ] @@ -2451,7 +2423,6 @@ config("no_rtti") { # to heap-allocated memory are passed over shared library boundaries. config("export_dynamic") { if (is_linux || export_libcxxabi_from_executables) { - ldflags = [ "-rdynamic" ] } } @@ -2550,7 +2521,8 @@ config("wexit_time_destructors") { # gcc 4.9 and earlier had no way of suppressing this warning without # suppressing the rest of them. Here we centralize the identification of # the gcc 4.9 toolchains. -config("no_incompatible_pointer_warnings") { +config("no_incompatible_pointer_warnings") { } +config("xno_incompatible_pointer_warnings") { cflags = [] if (is_clang) { cflags += [ "-Wno-incompatible-pointer-types" ] @@ -2667,7 +2639,8 @@ if (is_win) { common_optimize_on_cflags += [ "-fno-math-errno" ] } -config("default_stack_frames") { +config("default_stack_frames") { } +config("xdefault_stack_frames") { if (!is_win) { if (enable_frame_pointers) { cflags = [ "-fno-omit-frame-pointer" ] @@ -2708,7 +2681,8 @@ config("default_stack_frames") { # [0]: https://pinpoint-dot-chromeperf.appspot.com/job/147634a8be0000 # [1]: https://pinpoint-dot-chromeperf.appspot.com/job/132bc772be0000 # [2]: https://crrev.com/c/5447532 -config("optimize") { +config("optimize") { } +config("xoptimize") { if (is_win) { # clang-cl's /O2 corresponds to clang's -O3, and really want -O2 for # consistency with the other platforms. @@ -2757,7 +2731,8 @@ config("optimize") { } # Turn off optimizations. -config("no_optimize") { +config("no_optimize") { } +config("xno_optimize") { if (is_win) { cflags = [ "/Od", # Disable optimization. @@ -2792,7 +2767,8 @@ config("no_optimize") { # Turns up the optimization level. Used to explicitly enable -O2 instead of # -Os for select targets on platforms that use optimize_for_size. No-op # elsewhere. -config("optimize_max") { +config("optimize_max") { } +config("xoptimize_max") { if (is_nacl && is_nacl_irt) { # The NaCl IRT is a special case and always wants its own config. # Various components do: @@ -2825,7 +2801,8 @@ config("optimize_max") { # # TODO(crbug.com/41259697) - rework how all of these configs are related # so that we don't need this disclaimer. -config("optimize_speed") { +config("optimize_speed") { } +config("xoptimize_speed") { if (is_nacl && is_nacl_irt) { # The NaCl IRT is a special case and always wants its own config. # Various components do: @@ -2854,7 +2831,8 @@ config("optimize_speed") { } } -config("optimize_fuzzing") { +config("optimize_fuzzing") { } +config("xoptimize_fuzzing") { cflags = [ "-O1" ] + common_optimize_on_cflags rustflags = [ "-Copt-level=1" ] ldflags = common_optimize_on_ldflags @@ -2985,7 +2963,8 @@ config("win_pdbaltpath") { } # Full symbols. -config("symbols") { +config("symbols") { cflags = ["-g2"] } +config("xsymbols") { rustflags = [] configs = [] if (is_win) { @@ -3159,7 +3138,8 @@ config("symbols") { # Minimal symbols. # This config guarantees to hold symbol for stack trace which are shown to user # when crash happens in unittests running on buildbot. -config("minimal_symbols") { +config("minimal_symbols") { cflags = ["-g1"] } +config("xminimal_symbols") { rustflags = [] if (is_win) { # Functions, files, and line tables only. @@ -3244,7 +3224,8 @@ config("minimal_symbols") { # This configuration contains function names only. That is, the compiler is # told to not generate debug information and the linker then just puts function # names in the final debug information. -config("no_symbols") { +config("no_symbols") { cflags = ["-g0"]} +config("xno_symbols") { if (is_win) { ldflags = [ "/DEBUG" ]