https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111034
Bug ID: 111034
Summary: Precompiled headers still non-deterministic
Product: gcc
Version: 13.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: skunk at iskunk dot org
Target Milestone: ---
This is a follow-on of bug #92717.
In that bug, it was noted that .gch files are basically GCC memory dumps, and
that because ASLR is typically enabled on modern Linux systems, this results in
non-deterministic output every time such a file is generated.
The solution given was to disable ASLR, e.g. by using "setarch -R". And I
confirmed that if I generate the same .gch file multiple times in a tight loop
with ASLR disabled, every file comes out identical.
That was only a test, however. My production fix was to disable ASLR for the
entire build process, with "setarch -R make bootstrap".
And that yielded much spottier results. After multiple attempts, maybe 10% of
the pairs of bootstraps that I ran came out with identical .gch files. And that
was running on the same container host---if I tried the build in the same
container architecture/environment but a different host, the files would end up
different as a matter of course.
I think, in the interests of reproducibility, the way .gch files are generated
needs to be reworked in a way that does not depend on the runtime environment.
The current approach may be fine for PCH purposes, but the security
implications of any opaque non-determinism will only get worse with time.
