From Fedora Project Wiki

< Changes
Revision as of 11:52, 19 January 2015 by Fweimer (talk | contribs) (Add off_t/ino_t)

Modernise GCC Flags

Summary

Update the default GCC flags to reflect current architecture requirements and compiler capabilities.

Owner

Current status

  • Targeted release: Fedora 22
  • Last updated: 2014-12-15
  • Tracker bug:

Detailed Description

The following changes are propsoed.

  • Enable position-independent executables (PIE) by default for all applications, using -fpie -pie.
  • Switch to SSE 2 for floating-point calculations, using -msse2 -mfpmath=sse.
  • Make off_t and ino_t 64 bit by default

Copy relocations support in GCC and binutils makes the performance on x86_64 of PIE literally zero for many programs.

SSE 2 was introduced in 2000, almost 15 years ago, and all current IA-32 implementations known to the proponent (which meet Fedora's other requirements, such as support for atomic instructions) support it.

64 bit inode values in file systems are increasingly 64 bit by default, and using a 32-bit ino_t type introduces spurious failures.

Benefit to Fedora

PIE-by-default provides better address-space randomization (ASLR).

SSE 2 slightly increases performance of floating-point heavy code.

SSE 2 support brings simplifications to code generators, and many upstreams have expressed a desire to deprecate i387 support:

Scope

  • Proposal owners: If this proposal is accepted, a patch for redhat-rpm-config will have to be written.
  • Other developers: redhat-rpm-config needs to be updated accordingly. Some tools which do not recognize PIE binaries (such as Nautilus, see [bug 737849]) will have to be fixed.
  • Release engineering: This change requires a mass rebuild with new binutils and GCC 5.0.
  • Policies and guidelines: Packages which follow the guidelines will automatically inherit the flags from redhat-rpm-config.

Upgrade/compatibility impact

Hardware which does not support SSE 2 will not be able to run Fedora binaries. For current hardware, the update will be transparent.

How To Test

PIE support is visible using file. It will display (among other things) 

ELF 32-bit LSB shared object

instead of: 

ELF 32-bit LSB executable

SSE 2 support will be exercised during regular installation testing.

User Experience

Ideally, users will not observe any change.

Dependencies

This change depends on GCC 5.0 and binutils 2.25.

Contingency Plan

  • Contingency mechanism: If binutils 2.25 does not make it into Fedora 22, the copy-relocations optimization can be dropped.
  • Contingency deadline: before the last mass rebuild
  • Blocks release? No.
  • Blocks product? No.

Documentation

From an upstream perspective, these changes are very minor, so there is no extensive documentation.

Release Notes

  • Natively-compiled Fedora programs are now position-independent executables by default. This provides better address space randomization (ASLR) and therefore improved security hardening.
  • Fedora for i386 now requires a CPU with SSE 2 support.
Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/Modernise_GCC_Flags&oldid=401193"