Building with hardening build flags

[infinity0]

Debian builds with these build flags by default:

CFLAGS=-g -O2 -fdebug-prefix-map=/home/infinity0/var/lib/rust/wasi-sysroot=. -fstack-protector-strong -Wformat -Werror=format-security
LDFLAGS=-Wl,-z,relro

Overriding WASM_CFLAGS with these, results in the following metadata diff:

--- a/expected/wasm32-wasi/predefined-macros.txt
+++ b/expected/wasm32-wasi/predefined-macros.txt
@@ -1143,7 +1143,6 @@
 #define NAN (0.0f/0.0f)
 #define NBBY 8
 #define NCARGS 131072
-#define NDEBUG 1
 #define ND_NA_FLAG_OVERRIDE 0x00000020
 #define ND_NA_FLAG_ROUTER 0x00000080
 #define ND_NA_FLAG_SOLICITED 0x00000040
@@ -2765,6 +2764,7 @@
 #define __SIZE_MAX__ 4294967295UL
 #define __SIZE_TYPE__ long unsigned int
 #define __SIZE_WIDTH__ 32
+#define __SSP_STRONG__ 2
 #define __STDARG_H 
 #define __STDC_HOSTED__ 1
 #define __STDC_IEC_559__ 1
@@ -3173,7 +3173,7 @@
 #define and_eq &=
 #define asin(x) __tg_real_complex(asin, (x))
 #define asinh(x) __tg_real_complex(asinh, (x))
-#define assert(x) (void)0
+#define assert(x) ((void)((x) || (__assert_fail(#x, __FILE__, __LINE__, __func__),0)))
 #define atan(x) __tg_real_complex(atan, (x))
 #define atan2(x,y) __tg_real_2(atan2, (x), (y))
 #define atanh(x) __tg_real_complex(atanh, (x))
--- a/expected/wasm32-wasi/undefined-symbols.txt
+++ b/expected/wasm32-wasi/undefined-symbols.txt
@@ -13,6 +13,8 @@
 __letf2
 __lttf2
 __netf2
+__stack_chk_fail
+__stack_chk_guard
 __stack_pointer
 __subtf3
 __trunctfdf2

Of course, I don't expect hardening flags to make much sense on wasm32 right now, but perhaps they would make sense in the future. Please advise me on whether I should retain these flags, or drop them, bearing in mind the future.

[infinity0]

This results in undefined reference later, however when I try to add the relevant musl sources into the build:

    $(LIBC_TOP_HALF_MUSL_SRC_DIR)/env/__stack_chk_fail.c \

the build complains about missing SYS_futex. Oh right, because musl's stack guard implementation is per-thread, but WASI doesn't support that at the moment. So I suppose the proper fix would be to implement a non-threaded version of this stack guard.

[sunfishcode]

The warning flags should work as expected.

-fstack-protector is indeed not implemented yet, and yes, you may be right that all that's needed right now is a non-threaded implementation. That said, the -fstack-protector feature is not nearly as important on wasm as it is on typilcal native platforms because wasm's callstack is outside of the program address space, so it's never possible to clobber a return address on the stack.

-Wl,-z,relro isn't yet meaningful on wasm, since we don't have dynamic linking yet, and depending on how dynamic linking ends up working, relro may not be needed.

[infinity0]

Thanks for confirming! For now I'll just append the -fno-stack-protector flag then, this seems to work OK and nothing is broken.

[sunfishcode]

Closing as answered; feel free to reopen or file a new issue if there are further questions!