X-Git-Url: https://ruderich.org/simon/gitweb/?p=blhc%2Fblhc.git;a=blobdiff_plain;f=bin%2Fblhc;h=262458520b8f84dab87b9bc53bc673cc444e0035;hp=2bf99cc6145e6ca40459a253fab32103ba9afd0f;hb=d569fff93bdd0e2f2bf8c041a6534d8a19613969;hpb=6a266054ba6327a2b19fe1462cdbcfbb13f3b403 diff --git a/bin/blhc b/bin/blhc index 2bf99cc..2624585 100755 --- a/bin/blhc +++ b/bin/blhc @@ -48,6 +48,9 @@ my $cc_regex_normal = qr/ /x; # Regex to catch (GCC) compiler warnings. my $warning_regex = qr/^(.+?):(\d+):\d+: warning: (.+?) \[(.+?)\]$/; +# Regex to catch libtool commands and not lines which show commands executed +# by libtool (e.g. libtool: link: ...). +my $libtool_regex = qr/\blibtool\s.*--mode=/; # List of source file extensions which require preprocessing. my @source_preprocess_compile_cpp = ( @@ -180,7 +183,12 @@ my $file_extension_regex = qr/ # real regexps below for better execution speed). my @def_cflags = ( '-g', - '-O(?:2|3)', + '-O(?:2|3)', # keep at index 1, search for @def_cflags_debug to change it +); +my @def_cflags_debug = ( + # These flags indicate a debug build which disables checks for -O2. + '-O0', + '-Og', ); my @def_cflags_format = ( '-Wformat(?:=2)?', # -Wformat=2 implies -Wformat, accept it too @@ -245,6 +253,7 @@ my @flag_refs = ( # References to all used flags. my @flag_refs_all = ( @flag_refs, + \@def_cflags_debug, \@def_cppflags_fortify_bad, \@def_ldflags_pic, ); @@ -429,6 +438,20 @@ sub pic_pie_conflict { sub is_non_verbose_build { my ($line, $next_line, $skip_ref) = @_; + if ($line =~ /$libtool_regex/o) { + # libtool's --silent hides the real compiler flags. + if ($line =~ /\s--silent/) { + return 1; + # If --silent is not present, skip this line as some compiler flags + # might be missing (e.g. -fPIE) which are handled correctly by libtool + # internally. libtool displays the real compiler command on the next + # line, so the flags are checked as usual. + } else { + ${$skip_ref} = 1; + return 0; + } + } + if (not (index($line, 'checking if you want to see long compiling messages... no') == 0 or $line =~ /^\s*\[?(?:CC|CCLD|C\+\+|CXX|CXXLD|LD|LINK)\]?\s+(.+?)$/ or $line =~ /^\s*[Cc]ompiling\s+(.+?)(?:\.\.\.)?$/ @@ -478,7 +501,7 @@ sub is_non_verbose_build { return 1; } -# Remove @flags from $flag_refs_ref, and $flag_renames_ref. +# Remove @flags from $flag_refs_ref, uses $flag_renames_ref as reference. sub remove_flags { my ($flag_refs_ref, $flag_renames_ref, @flags) = @_; @@ -775,6 +798,7 @@ foreach my $file (@ARGV) { my $continuation = 0; my $complete_line = undef; + my $non_verbose; while (my $line = <$fh>) { # And stop at the end of the build log. Package details (reported by # the buildd logs) are not important for us. This also prevents false @@ -782,6 +806,10 @@ foreach my $file (@ARGV) { last if index($line, 'Build finished at ') == 0 and $line =~ /^Build finished at \d{8}-\d{4}$/; + if (not $continuation) { + $non_verbose = 0; + } + # Detect architecture automatically unless overridden. if (not $arch and index($line, 'dpkg-buildpackage: host architecture ') == 0) { @@ -811,7 +839,9 @@ foreach my $file (@ARGV) { } # Check if this line indicates a non verbose build. - my $non_verbose = is_non_verbose_build($line); + my $skip = 0; + $non_verbose |= is_non_verbose_build($line, undef, \$skip); + next if $skip; # One line may contain multiple commands (";"). Treat each one as # single line. parse_line() is slow, only use it when necessary. @@ -1150,6 +1180,13 @@ LINE: $statistics{link}++ if $link; } + # Check if there are flags indicating a debug build. If that's true, + # skip the check for -O2. This prevents fortification, but that's fine + # for a debug build. + if (any_flags_used($line, @def_cflags_debug)) { + remove_flags([\@cflags], \%flag_renames, $def_cflags[1]); + } + # Check hardening flags. my @missing; if ($compile and not all_flags_used($line, \@missing, @cflags)