|CLANG-LOCAL(1)||General Commands Manual||CLANG-LOCAL(1)|
OpenBSD-specific behavior of LLVM/clang
On OpenBSD, the LLVM/clang compiler exhibits the following characteristics:
clangdoes not search under /usr/local for include files or libraries: as a system compiler, it only searches the system paths by default.
clangcomes with stack protection enabled by default, equivalent to the
-fstack-protector-strongoption on other systems. The system will report any violation of the stack protector cookie along with the function name via syslog(3) at
clangwill generate PIE code by default, allowing the system to load the resulting binary at a random location. This behavior can be turned off by passing
-fno-pieto the compiler and
-nopieto the linker. It is also turned off when the
-pgflag is used.
-fstrict-aliasingoption is turned off by default unless
-Ofasthas been selected.
clangdoes not store its version string in objects. There is no option to control this.
-pflag is an alias of
clangdoes not warn for passing pointer arguments or assignment with different signedness outside of
-pedantic. This can be re-enabled with the
-Waddress-of-packed-memberis disabled by default.
-fwrapvoption to treat signed integer overflows as defined is enabled by default to prevent dangerous optimizations which could remove security critical overflow checks.
clangincludes a security pass that exchanges some ROP-friendly instructions with safer alternatives on i386 and amd64. This can be disabled with the
clangincludes the retguard security feature on amd64, arm64, mips64, powerpc and powerpc64. This feature can be disabled with the
-mretpolineenabled by default on amd64 to protect against branch target injection attacks. It can be disabled with
%nformat specifier usage in printf(3) family functions has been added.
|September 7, 2021||OpenBSD-current|