OpenBSD-specific behavior of
On OpenBSD, the LLVM/clang compiler exhibits the following characteristics:
clangdoes not search under /usr/local for include files or libraries: as a system compiler, it only searches the system paths by default.
clangcomes with stack protection enabled by default, equivalent to the
-fstack-protector-strongoption on other systems. The system will report any violation of the stack protector cookie along with the function name via syslog(3) at
clangwill generate PIE code by default, allowing the system to load the resulting binary at a random location. This behavior can be turned off by passing
-fno-pieto the compiler and
-nopieto the linker. It is also turned off when the
-pgflag is used.
-fstrict-aliasingoption is turned off by default unless
-Ofasthas been selected.
clangdoes not store its version string in objects. There is no option to control this.
-pflag is an alias of
clangdoes not warn for passing pointer arguments or assignment with different signedness outside of
-pedantic. This can be re-enabled with the
- The warning option
-Waddress-of-packed-memberis disabled by default.
- Color diagnostic messages are disabled by default and can be re-enabled
-fwrapvoption to treat signed integer overflows as defined is enabled by default to prevent dangerous optimizations which could remove security critical overflow checks.
- The base system includes the ubsan_minimal sanitizer runtime but not the
fully-featured ubsan runtime. See the documentation for the
- The malloc(3), calloc(3), realloc(3), strdup(3), strndup(3), valloc(3) and free(3) builtins are disabled to prevent undesirable optimizations of calls to these functions.
clangincludes a security pass that exchanges some ROP-friendly instructions with safer alternatives on i386 and amd64. This can be disabled with the
clangincludes the retguard security feature on amd64, arm64, mips64, powerpc and powerpc64. This feature can be disabled with the
-mretpolineenabled by default on amd64 to protect against branch target injection attacks. It can be disabled with
- A new warning for
%nformat specifier usage in printf(3) family functions has been added.