On Thu, Aug 30, 2018 at 10:21:09AM -0500, Tom Ritter wrote: > CFI vcall requires one to specify a -fvisibility flag on the command line, > with hidden being the preffered. We set visibility explicitly in some > difficult-to-quickly-identify ways, and adding -fvisibility=hidden > triggered issues with NSS (as well as apparently being redundant to what we > currently do). I tracked them in > https://bugzilla.mozilla.org/show_bug.cgi?id=1459314
The real requirement is for the maximum number of symbols not to be exported, which usually doesn't happen. But it does in our build system, without -fvisibility. If clang doesn't want to honor this, that is a problem, and short-sighted on their part. > That bug includes a monster patch to set visibility manually on a ton of > NSS stuff to get the browser running as a POC, but CFI vcall would need > something much more intelligent. I think the answer is to change the > compiler to not require the flag be present. > > > For Firefox, simply having an equivalent to `-fvisilbility=hidden` so > that all the symbols in the generated static library are hidden would be > sufficient to meet our current needs > > The understanding I got from my bug was that we were already doing the > equivalent of this... somehow. Rust doesn't export as many symbols as C++ does by default. Practically speaking, it's doing the same as we do for C++, without an explicit compiler flag. The "problem" is that it still places *some* symbols public, but we don't need them to be, and it would be better for us to be able to *force* those to be hidden. Mike _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
