From 14207e1cf83737443636a25534075427f65c1de4 Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Sun, 24 Mar 2024 23:45:25 -0700 Subject: Build with traps on signed overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is UB, we should not be doing it, and we can cheaply turn it into crashes reliably. We would much rather have crashes than the program doing something silly. Benchmarks, but i wonder if they are nonsense because they get identical times across compilers?! | Command | Mean [ms] | Min [ms] | Max [ms] | Relative | |:---|---:|---:|---:|---:| | `result-clang/bin/nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix` | 375.5 ± 24.0 | 353.8 | 408.8 | 1.00 | | `result-gcc/bin/nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix` | 407.9 ± 26.0 | 385.1 | 449.5 | 1.09 ± 0.10 | | `result-clangsan/bin/nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix` | 382.2 ± 26.6 | 354.9 | 419.0 | 1.02 ± 0.10 | | `result-gccsan/bin/nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix` | 408.6 ± 24.6 | 384.5 | 441.9 | 1.09 ± 0.10 | | Command | Mean [s] | Min [s] | Max [s] | Relative | |:---|---:|---:|---:|---:| | `result-clang/bin/nix search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello` | 17.199 ± 0.167 | 16.930 | 17.499 | 1.01 ± 0.01 | | `result-gcc/bin/nix search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello` | 17.409 ± 0.126 | 17.242 | 17.633 | 1.02 ± 0.01 | | `result-clangsan/bin/nix search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello` | 17.080 ± 0.137 | 16.879 | 17.350 | 1.00 | | `result-gccsan/bin/nix search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello` | 17.396 ± 0.160 | 17.131 | 17.660 | 1.02 ± 0.01 | | Command | Mean [s] | Min [s] | Max [s] | Relative | |:---|---:|---:|---:|---:| | `result-clang/bin/nix eval --raw --impure --expr 'with import {}; system'` | 6.267 ± 0.069 | 6.197 | 6.415 | 1.02 ± 0.01 | | `result-gcc/bin/nix eval --raw --impure --expr 'with import {}; system'` | 6.232 ± 0.045 | 6.180 | 6.311 | 1.01 ± 0.01 | | `result-clangsan/bin/nix eval --raw --impure --expr 'with import {}; system'` | 6.162 ± 0.020 | 6.133 | 6.196 | 1.00 | | `result-gccsan/bin/nix eval --raw --impure --expr 'with import {}; system'` | 6.229 ± 0.031 | 6.199 | 6.289 | 1.01 ± 0.01 | | Command | Mean [s] | Min [s] | Max [s] | Relative | |:---|---:|---:|---:|---:| | `GC_INITIAL_HEAP_SIZE=10g result-clang/bin/nix eval --raw --impure --expr 'with import {}; system'` | 4.683 ± 0.044 | 4.630 | 4.761 | 1.00 | | `GC_INITIAL_HEAP_SIZE=10g result-gcc/bin/nix eval --raw --impure --expr 'with import {}; system'` | 4.750 ± 0.041 | 4.680 | 4.812 | 1.01 ± 0.01 | | `GC_INITIAL_HEAP_SIZE=10g result-clangsan/bin/nix eval --raw --impure --expr 'with import {}; system'` | 4.703 ± 0.040 | 4.640 | 4.760 | 1.00 ± 0.01 | | `GC_INITIAL_HEAP_SIZE=10g result-gccsan/bin/nix eval --raw --impure --expr 'with import {}; system'` | 4.766 ± 0.037 | 4.727 | 4.844 | 1.02 ± 0.01 | Change-Id: I616ca3eab670317587d47b41870d8ac963c019ae --- package.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'package.nix') diff --git a/package.nix b/package.nix index 3c4971605..ef3557387 100644 --- a/package.nix +++ b/package.nix @@ -287,7 +287,9 @@ in stdenv.mkDerivation (finalAttrs: { strictDeps = true; - hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; + # strictoverflow is disabled because we trap on signed overflow instead + hardeningDisable = [ "strictoverflow" ] + ++ lib.optional stdenv.hostPlatform.isStatic "pie"; meta.platforms = lib.platforms.unix; -- cgit v1.2.3