[Privoxy-devel] compiler options for testing privoxy?

Fabian Keil fk at fabiankeil.de
Sun Apr 22 08:38:29 UTC 2018 

Lee <ler762 at gmail.com> wrote:

> what compiler/loader options do you use when testing privoxy?

I usually use:
    ./configure -C --with-debug --enable-extended-host-patterns \
        --enable-accept-filter --enable-no-gifs --enable-compression \
        --enable-strptime-sanity-checks --enable-external-filters \
        --enable-client-tags

Sometimes I add:
    export CFLAGS="-fsanitize=address -ggdb"
    export CPPFLAGS=-I/usr/local/include/
    export LDFLAGS="-fsanitize=address -L/usr/local/lib"
    export ASAN_OPTIONS='abort_on_error=1'
    export AFL_USE_ASAN=1
    export AFL_HARDEN=1 

And --enable-fuzz when fuzz testing.

Fabian
> $ cat MYconfigure
> #!/bin/sh
> autoheader
> autoconf
> 
> ####### configure options:
> # --enable-mingw32                Use mingw32 for a Windows GUI
> # --disable-pthread               Use native threads instead of POSIX
> pthreads library
> # --disable-dynamic-pcre          Use the built-in, static pcre, even
> if libpcre is available
> # --with-docbook=yes              Enable docbook documentation creation
> #
> ### normal plus docbook generation
> # ./configure --build=i686-pc-cygwin --host=i686-pc-mingw32
> --enable-mingw32 --enable-zlib --with-docbook=yes
> # make
> # make dok       > /tmp/make-dok.txt
> # make dok-tidy >> /tmp/make-dok.txt
> 
> 
> export CFLAGS="-O2"
> # note: configure.in line 155
> #         if test "X$CFLAGS" = "X "; then # if CFLAGS were unset (see above)
> #   In other words, if you set CFLAGS you need to include -O2 if you
> want optimization
> #   assume I'll set cflags below, so set O2 now
> 
> export LDFLAGS=""
> # start with initially empty flags
> 
> 
> ####### what does c99 get me?
> # CFLAGS="${CFLAGS} -std=c99"
> # https://gcc.gnu.org/c99status.html
> #    C99 is substantially completely supported as of GCC 4.5 (with
> -std=c99 -pedantic-errors used)
> # build dies if -pedantic-errors used
> 
> 
> CFLAGS="${CFLAGS} -fstack-protector-strong"
> LDFLAGS="${LDFLAGS} -fstack-protector-strong"
> # enable stack checking.  NOTE: need to specify when compiling _and_ linking
> # see  https://en.wikipedia.org/wiki/Buffer_overflow_protection
> # NOTE: needs --enable-static-linking or [?? /cygwin/bin ??] in the path
> 
> CFLAGS="${CFLAGS} -march=native"
> # -march=cpu-type
> #   Generate instructions for the machine type cpu-type.  In contrast
> to -mtune=cpu-type, which merely tunes the
> #   generated code for the specified cpu-type, -march=cpu-type allows
> GCC to generate code that may not run at all on
> #   processors other than the one indicated.
> #   Specifying -march=cpu-type implies -mtune=cpu-type.
> #
> # -march=native
> #   This selects the CPU to generate code for at compilation time by
> determining the processor type of the compiling
> #   machine.  Using -march=native enables all instruction subsets
> supported by the local machine (hence the result
> #   might not run on different machines).  Using -mtune=native
> produces code optimized for the local machine under
> #   the constraints of the selected instruction set.
> 
> CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
> # enable lightweight buffer overflow protection to some memory and
> string functions.
> # https://stackoverflow.com/questions/13517526/difference-between-gcc-d-fortify-source-1-and-d-fortify-source-2
> #   Essentially, _FORTIFY_SOURCE level 2 is more secure, but is a
> slightly riskier compilation strategy;
> #   if you use it, make sure you have very strong regression tests for
> your compiled code to prove the
> #   compiler hasn't introduced any unexpected behaviour.
> 
> LDFLAGS="${LDFLAGS} -Wl,--nxcompat"
> # You can enable DEP with -Wl,--nxcompat
> # DEP: https://blogs.technet.microsoft.com/askperf/2008/06/17/to-dep-or-not-to-dep/
> 
> LDFLAGS="${LDFLAGS} -Wl,--dynamicbase,--export-all-symbols"
> #   ALSR with gcc has a problem: -Wl,--dynamicbase doesn't emit the
> necessary relocation table.
> #   As a workaround, you can pass -Wl,--dynamicbase,--export-all-symbols
> 
> 
> CFLAGS="${CFLAGS} -Wall"
> # -Wall   doesn't actually turn on all warnings, so add  -Wextra
> #    but then plenty too many complaints by
> #      -Wmissing-field-initializers
> #      -Wsign-compare
> #      -Wtype-limits (strptime.h)
> CFLAGS="${CFLAGS} -Wextra -Wno-missing-field-initializers
> -Wno-sign-compare -Wno-type-limits"
> 
> CFLAGS="${CFLAGS} -Warray-bounds=2"
> #   -Wall enables -Warray-bounds=1
> # This warning level also warns about out of bounds access for arrays
> at the end of a struct and for arrays
> # accessed through pointers. This warning level may give a larger
> number of false positives and is deactivated
> # by default.
> 
> ### CFLAGS="${CFLAGS} -Wconversion"
> ###    way too many warnings for things that don't look like a problem
> 
> CFLAGS="${CFLAGS} -Wlogical-op"
> # Warn about suspicious uses of logical operators in expressions.
> 
> ### CFLAGS="${CFLAGS} -fsanitize=bounds-strict"
> ###   results in
> ### /usr/lib/gcc/i686-w64-mingw32/6.4.0/../../../../i686-w64-mingw32/bin/ld:
> cannot find -lubsan
> ### collect2: error: ld returned 1 exit status
> 
> CFLAGS="${CFLAGS} -Wshadow"
> # Warn whenever a local variable or type declaration shadows another variable
> 
> ### CFLAGS="${CFLAGS} -Wwrite-strings"
> ###   These warnings help you find at compile time code that can try to write
> ###   into a string constant, but only if you have been very careful about
> ###   using const in declarations and prototypes.
> ###   >>> Otherwise, it is just a nuisance. <<<  -- this, very much this
> 
> ## CFLAGS="${CFLAGS} -pg"
> ## LDFLAGS="${LDFLAGS} -pg"
> # compile in execution profile code for use w/ gprof
> # NOTE: need to specify when compiling _and_ linking
> # use
> #   ./privoxy.exe
> #   /usr/bin/i686-w64-mingw32-gprof.exe privoxy.exe gmon.out >| analysis.txt
> ### is CFLAGS="-O2" a problem with -pg?  with: privoxy hangs at exit,
> without everything seems fine
> 
> echo "CFLAGS=${CFLAGS}"
> echo "LDFLAGS=${LDFLAGS}"
> 
> ./configure --host=i686-w64-mingw32 --enable-mingw32 \
>             --enable-static-linking \
>             --disable-pthread  --disable-dynamic-pcre  --enable-zlib \
>             --with-docbook=yes
> 
> ## ./configure cross-compilation options:
> ##    --build: the system on which the program will be built.
> ##    --host:  the system on which the generated program will run.
> ##    --target: only used to build a cross-compiling toolchain.
> ##
> ## ./configure  --build=i686-pc-cygwin  --host=i686-w64-mingw32
> ##
> _______________________________________________
> Privoxy-devel mailing list
> Privoxy-devel at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20180422/15e8befe/attachment.bin>

More information about the Privoxy-devel mailing list