This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: I2fb7f0bfccbfa5d22ca8858309a133469edbc7b6
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: I3ce7a73c5cf36eba5c74df37367f3d3475b0a4ed
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: I55a9fdbf5777ccdeed9f2e9a23c73bb94ad7b646
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: I97a2187cebac64e3b9f22b691d4676b6da083ebd
The .dex.toc files are created by dexdump, which outputs all
information in a .dex file which may affect compilation of
other modules.
For prebuilt java libraries and static java libraries, we'll
output empty .toc files and don't set restat=1. .dex.toc files
are necessary even for static java libraries because they can
be referenced by LOCAL_JAVA_LIBRARIES (instead of
LOCAL_STATIC_JAVA_LIBRARIES).
We don't use this optimization for apps build. We cannot build
dexdump for apps build due to lack of libc++.
Performance:
$ m && touch \
frameworks/base/core/java/com/google/android/util/Procedure.java \
&& time m
Before: 3m48s
After: 1m46s
Bug: 24597504
Change-Id: Id1665923b414dee705dc60af4c021390a19ea26f
This was previously working because for some reason prebuilts/ndk had
a tangled mess of hand assembled symlinks that pointed lib -> lib64
for the multilib architectures.
Change-Id: I294d67f58f2008b1a53790cf676f5223df449cbc
This makes the signapk tool use Conscrypt (where possible) instead of
the platform-default JCA providers and the Bouncy Castle JCA provider.
This speeds up (by 10-30%) APK and OTA update signing because
Conscrypt's crypto primitives are backed by BoringSSL.
Previously, the signapk tool consisted only of the signapk.jar.
Because Conscrypt is backed by native code, signapk now consists of
signapk.jar and crypto_openjdk_jni shared library. This requires that
users of the tool be updated to provide a suitable -Djava.library.path
argument to the Java runtime. This change updates all known users of
the tool inside the Android source tree to do so.
Bug: 26097626
Change-Id: I8411b37d7f771ed99269751a3007dff103083552
When USE_CLANG_PLATFORM_BUILD is not set, default will be clang/llvm.
USE_CLANG_PLATFORM_BUILD=false can be used to select gcc as default.
BUG: 23163853
BUG: 26102335
Change-Id: I00604c2aef4849e8c3505b2c4002eb1c46cd1fd1
libext2_uuid_host was renamed to libext2_uuid-host to match the
"-host" suffix used in most libraries.
Bug: 24619596
TEST=make dist
Change-Id: Ic5faccb4d5fdbbf3d3bba6f4a35cf99d4961bb54
Also install and update the server if necessary.
The target start-jack-server produces no file so it's always built.
Since the dependency is "order only", it doesn't cause force rebuilt of
jack targets after start-jack-server execution.
Bug: 25443108
Change-Id: I1608d87d186694d47307e00337b1905f0b8079c4
Without this if a Java libraryw with LOCAL_NO_STANDARD_LIBRARIES doesn't
have core-libart in its LOCAL_JAVA_LIBRARIES, it would use core-libart
as bootclasspath but without having dependency on it.
Change-Id: I611a5a5df2bf0ad59e0be50ed1ad1afe8b843e90
(cherry-pick from commit c6a301756c)
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: Ie83d381e09d94deb34c5ff142a101ba3d14cf3ba
When $(call func) in the makefile text expansion includes newline, gmake
reports error "missing separator". But it's fine if the expansion includes
only spaces. That's a bit odd.
This change fixes the "missing separator".
Change-Id: I094e5ae1725699ebfa4ed66544eef037dd68714c
This changes the build system to no longer run zipalign except for
those prebuilts which do not need to re-signed.
Running zipalign is no longer needed because signapk takes care of
alignment. For those prebuilts which do not need to be re-signed
signapk is not invoked and thus zipalign is still needed because the
prebuilts may not have been aligned properly. This exemption will go
away once prebuilts are properly aligned.
Bug: 25794543
Change-Id: I31f10af80b9baa3c9481cb36f41e5e5046e852f9
Error out if there is a file listed in LOCAL_SRC_FILES_EXCLUDE but not in
LOCAL_SRC_FILES. This should catch typos or other mistakes that would
otherwise be missed.
Change-Id: Iaddf575a6ce35238998ac47b59591a7d05fbcd0d
AIDL is defined in the sometimes-prebuilt tools section, remove the
extra definition that was overriding it.
Change-Id: I677bf46475fd5fd4a9258c77d91ecee806e5f205
Currently, if a version script is passed to the linker (using
-Wl,--version-script,...), it is used to limit symbol visibility and
assign symbol versions. But if a symbol is listed in the version script
but is not present in the binary, no error or warning is given.
Pass -Wl,--no-undefined-version to the linker so that it verifies all
(non-wildcard, C) entries in the version script match symbols in the
binary.
Change-Id: I65878931ab61124ae75e2c738cc733adfb107afc
Don't install the prebuilt SDK tools for TARGET_BUILD_APPS builds, just
execute them in place. Avoids issues with duplicate rules for the
prebuilts and source modules when building with TARGET_BUILD_APPS in a
full platform tree.
Change-Id: I3cdb4f1a8208e8750310a5cc6130657613b683d1
the value of USER is dependent from the compilation environment,so
when compiling one same device project, the BUILD_FINGERPRINT may
exceed 91 characters because ${USER} is long, but with short ${USER}
the compilation can pass.
Signed-off-by: wei qiao <qiaowei224@gmail.com>
Change-Id: Ia0f7dfa9cf7d605f1f2603f70dd0e6877482eb8a
