1.\" $OpenBSD: clang-local.1,v 1.20 2019/10/27 00:21:47 mortimer Exp $ 2.\" 3.\" Copyright (c) 2016 Pascal Stumpf <pascal@stumpf.co> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.\" 18.Dd $Mdocdate: October 27 2019 $ 19.Dt CLANG-LOCAL 1 20.Os 21.Sh NAME 22.Nm clang-local 23.Nd OpenBSD-specific behavior of LLVM/clang 24.Sh DESCRIPTION 25On 26.Ox , 27the LLVM/clang compiler exhibits the following characteristics: 28.Bl -dash 29.It 30.Nm clang 31does not search under 32.Pa /usr/local 33for include files or libraries: 34as a system compiler, it only searches the system paths by default. 35.It 36.Nm clang 37comes with stack protection enabled by default, equivalent to the 38.Fl fstack-protector-strong 39option on other systems. 40The system will report any violation of the stack protector cookie along 41with the function name via 42.Xr syslog 3 43at 44.Dv LOG_CRIT 45priority. 46.It 47.Nm clang 48will generate PIE code by default, allowing the system to load the resulting 49binary at a random location. 50This behavior can be turned off by passing 51.Fl fno-pie 52to the compiler and 53.Fl nopie 54to the linker. 55It is also turned off when the 56.Fl pg 57flag is used. 58.It 59The 60.Fl fstrict-aliasing 61option is turned off by default unless 62.Fl Ofast 63has been selected. 64.It 65.Nm clang 66does not store its version string in objects. 67There is no option to control this. 68.It 69The 70.Fl p 71flag is an alias of 72.Fl pg . 73.It 74.Nm clang 75does not warn for passing pointer arguments or assignment with 76different signedness outside of 77.Fl pedantic . 78This can be 79re-enabled with the 80.Fl Wpointer-sign 81flag. 82.It 83The warning option 84.Fl Waddress-of-packed-member 85is disabled by default. 86.It 87Color diagnostic messages are disabled by default and can be re-enabled with 88.Fl fdiagnostics-color . 89.It 90The 91.Fl fwrapv 92option to treat signed integer overflows as defined is enabled by default to 93prevent dangerous optimizations which could remove security critical overflow 94checks. 95.It 96The 97.Xr malloc 3 , 98.Xr calloc 3 , 99.Xr realloc 3 , 100.Xr strdup 3 , 101.Xr strndup 3 , 102.Xr valloc 3 103and 104.Xr free 3 105builtins are disabled to prevent undesirable optimizations of calls to 106these functions. 107.It 108.Nm clang 109includes a security pass that exchanges some ROP-friendly instructions 110for safe alternatives on i386 and amd64. 111This can be disabled with the 112.Fl fno-fixup-gadgets 113option. 114.It 115.Nm clang 116includes the retguard security feature on amd64, arm64 and octeon. 117This feature can be disabled with the 118.Fl fno-ret-protector 119or 120.Fl fno-stack-protector 121options. 122.It 123.Nm clang 124has 125.Fl mretpoline 126enabled by default on amd64 to protect against branch target injection attacks. 127It can be disabled with 128.Fl mno-retpoline . 129.El 130.Sh SEE ALSO 131.Xr clang 1 132