[Pkg-pascal-devel] Status of FPC with hardening
Michalis Kamburelis
michalis.kambi at gmail.com
Thu Feb 6 21:04:41 GMT 2025
> As you may noticed, I was recently very busy with making FPC provide an easy way to build hardened programs.
>
> I think I'm now done with that and 3.2.2-45 should be, I hope, the last upload with regards to that goal. It fixed the aarch64 architecture, the only remaining architecture for which FPC supports PIC/PIE.
>
> The current situation makes developers live easy, just add @hardening to your fpc compilation command line and it will do it.
I'm interested -- can you provide some details, what does exactly the
"hardening" imply, what happens as a result? E.g. does this mean
enabling things like range checking, overflow checking using FPC
options, to catch buffer overflows etc. in certain cases, or something
else? I read https://wiki.debian.org/Hardening , from what I
understand the precise meaning of "hardening" depends on the compiler
and toolchain, so in Debian+Pascal context the "hardening" implies
passing certain command-line options to the FPC compiler. What are
these options exactly, so that I can confirm that e.g. Castle Game
Engine really supports it 100%?
Sorry in advance if this is already documented somewhere, in wiki or
source code, just point me to it :)
Note that CGE does support debug and release modes of compilation, and
we fully support compiling the CGE codebase with range checking,
overflow etc. enabled. But this is not 100% true for all Pascal code,
I recall some FPC RTL code that was doing tricks and just assuming
that range checking is off, otherwise an "innocent" (actually valid)
code will raise range errors.
> Now, there was a price for that, and one additional unitary test is now failing on i386. It deals with generics, which I don't think too much people use, but I hope it will get fixed soon by 3.2.4 that I expect to be in the few coming weeks.
Note that Castle Game Engine uses generics very intensively. And I do
recommend everyone to use generics in my "Modern Object Pascal
Introduction for Programmers", providing examples e.g. here
https://castle-engine.io/modern_pascal#generic-containers-section .
Regards and thank you for all the work,
Michalis
More information about the Pkg-pascal-devel
mailing list