mirror of
https://github.com/amd/blis.git
synced 2026-05-11 17:50:00 +00:00
aa95a8ce4a
Following Flags have been added. 1. D_FORTIFY_SOURCE=2 What it does • At compile time the header files replace certain libc calls (strcpy, sprintf, …) with inline wrappers that perform a compile-time length check whenever the size of the destination buffer is known. • At run time an extra check is executed only if the compiler could not prove the copy is safe. Cost • Only functions that call those specific libc routines pay anything. 2. fstack-protector-strong What it does • Functions that contain local arrays, address‐taken locals, or alloca get a canary word inserted into the stack frame. • The function prologue writes the canary; the epilogue verifies it before the ret. Cost • 8 bytes of additional stack per protected function frame. • Two or three extra instructions per entry/exit. 4. Wl,-z,relro What it does • Marks the relocation tables read-only after relocation is finished. • No effect once the library is fully loaded. Cost • None at run time. 5. Wl,-z,now What it does • Forces the dynamic loader to resolve all external symbols in the library up-front instead of lazily on first call. Cost • Startup: one extra relocation pass. • Steady-state execution: zero or slightly faster, because PLT stubs are bypassed. Usage: cmake -DENABLE_SECURITY_FLAGS=off cmake -DENABLE_SECURITY_FLAGS=on configure --enable-security-flags configure --disable-security-flags AMD-Internal: [CPUPL-6886]