On 04/03/2015 01:34 PM, Joseph Myers wrote:
On Tue, 31 Mar 2015, Ilya Enkovich wrote:+library. It also passes '-z bndplt' to a linker in case it supports this +option (which is checked on libmpx configuration). Note that old versions +of linker may ignore option. Gold linker doesn't support '-z bndplt' +option. With no '-z bndplt' support in linker all calls to dynamic libraries +lose passed bounds reducing overall protection level. It's highly +recommended to use linker with '-z bndplt' support. In case such linker +is not available it is adviced to always use @option{-static-libmpxwrappers} +for better protection level or use @option{-static} to completely avoid +external calls to dynamic libraries. MPX-based instrumentationUse @samp{-z bndplt} rather than '' quoting (but Sandra may have further advice on the substance of this documentation).
To tell the truth, I can't figure out what this means from a user perspective. How does a user know whether the linker option is being ignored, or if they have a new enough linker? If the linker available at configuration time doesn't support the option, does that mean the option will never be passed and users will never know that there are gaping holes in the pointer bounds checking?
My suggestion would be to pass the option unconditionally and make the documentation say something like
It also passes @option{-z bndplt} to the linker. LD version xxx or later is required to use this feature. If no linker support for @option{-z bndplt} is available, you should link with @option{-static-libmpxwrappers} or @option{-static} instead; otherwise calls to dynamic libraries lose bounds checking protection.
... where you need to fill in "version xxx" appropriately. -Sandra
