Open andrew-m-leonard opened 3 months ago
Builds of jdk-22+35 (Not the GA level!) with a bunch of options. Note that while there are a lot of links in here and the builds are being retained for now this is purely as a convenience while they are being tested and they will not be retained in the future.
Architecture | Options set | AQA Result | Perf result |
---|---|---|---|
x64 | 1 | TBC s/o e/o | TBC |
aarch64 | 1 | TBC s/o e/o | TBC |
x64 | 2 | TBC | TBC |
aarch64 | 2 | TBC | TBC |
x64 | 3 | TBC s/o e/o | TBC |
aarch64 | 3 | TBC s/o e/o | TBC |
Initial AQA runs have been done but the openjdk set are being re-run due to them missing the testimage archive which caused a number of failures.
Noting that the -W
options generate a significant amount of additional content in the logs. This is from the aarch64 builds:
$ grep -irw warning: jdk22w.none.log | cut -d: -f4- | sort | uniq -c
2
3 call to 'free' declared with attribute warning: use os::free [-Wattribute-warning]
1 warning: call to 'calloc' declared with attribute warning: use os::malloc and zero out manually [-Wattribute-warning]
2 warning: call to '_exit' declared with attribute warning: use os::exit [-Wattribute-warning]
2 warning: call to 'exit' declared with attribute warning: use os::exit [-Wattribute-warning]
1520 warning: call to 'free' declared with attribute warning: use os::free [-Wattribute-warning]
740 warning: call to 'malloc' declared with attribute warning: use os::malloc [-Wattribute-warning]
18 warning: call to 'posix_memalign' declared with attribute warning: don't use [-Wattribute-warning]
7 warning: call to 'realloc' declared with attribute warning: use os::realloc [-Wattribute-warning]
4 warning: call to 'realpath' declared with attribute warning: use os::Posix::realpath [-Wattribute-warning]
29 warning: call to 'vsnprintf' declared with attribute warning: use os::vsnprintf [-Wattribute-warning]
1 warning: 'jfr_event_writer_flush' violates the C++ One Definition Rule [-Wodr]
1 warning: 'jfr_register_stack_filter' violates the C++ One Definition Rule [-Wodr]
1 warning: 'jfr_type_id' violates the C++ One Definition Rule [-Wodr]
1 warning: 'jfr_unregister_stack_filter' violates the C++ One Definition Rule [-Wodr]
1 warning: 'memset' writing 696 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
1 warning: type of 'get_lwp_regs' does not match original declaration [-Wlto-type-mismatch]
1 warning: type of 'init_libproc' does not match original declaration [-Wlto-type-mismatch]
sxa@fedora:~/bench/x$
I'm going to ignore that earlier table for now as there were some issues with those executions. These are all run with:
Architecture | Job number | Options | sanity | extended[*] | perf result | Comment |
---|---|---|---|---|---|---|
x64 | 22+35-ea | None | (G9769nti) G9785 β | G9806 βπβ | 3 failures (2*net+β) on test-docker-ubuntu2204-x64-2 G9842 πͺ | |
aarch64 | 22+35-ea | None | (G9768nti) G9783 β | (G9776nti) G9784 βπ | Multicast test-docker-centos8-armv8-1 Re-run:9803 β‘οΈ G9843 πͺ β‘οΈ | |
x64 | 38 | RO | G9782 β | G9804 πβ | β on test-docker-ubuntu2004-x64-2 G9841 πͺ | |
aarch64 | 24 | RO | G9770 β | G9777 πβ‘οΈ | β‘οΈ on test-docker-sles15-armv8l-1 Re-run G9802 β β‘οΈ+β G9744 πͺ β | |
x64 | 51 | -cfi-vh | G9786 β | G9787 β | test-docker-ubuntu2004-x64-5 | |
aarch64 | 34 | -cfi-vh | G9771 β | G9778 βπ | sun/tools/jssdb failures on test-aws-rhel76-armv8-1 Re-run:G9801 β G9745 πͺπβ | |
x64 | 42 | All | G9877 β | G9789 β π | Failed java/foreign in sanity, various JFR, JMX etc. tests on test-docker-ubuntu2204-x64-6 Re-run e/o G9846πͺ | |
aarch64 | 26 | All | G9772 β | G9779 πβ | Failed java/foreign in sanity, β on extended) |
[*] - Note: A number of the extended runs failed RuntimeImageTest - I am excluding those from the analysis here as they have been seen elsewhere as per this slack thread and this triage comment so those are unrelated to the new compiler options and should therefore be discarded in drawing any conclusions here
--with-extra-cflags
and --with-extra-cxxflags
:
-cfi-vh
is with -fstack-protector-all -fstack-clash-protection -flto
RO
is with fstack-protector-strong --param=ssp-buffer-size=4
all
is with -fvisibility=hidden -fstack-protector-all -fstack-clash-protection -fvisibility=hidden -flto
(Note that -fvisibility=hidden
is included in some of the default options for the JDK, but likely not HotSpot)Noting that the
-W
options generate a significant amount of additional content in the logs. This is from the aarch64 builds:$ grep -irw warning: jdk22w.none.log | cut -d: -f4- | sort | uniq -c 2 3 call to 'free' declared with attribute warning: use os::free [-Wattribute-warning] 1 warning: call to 'calloc' declared with attribute warning: use os::malloc and zero out manually [-Wattribute-warning] 2 warning: call to '_exit' declared with attribute warning: use os::exit [-Wattribute-warning] 2 warning: call to 'exit' declared with attribute warning: use os::exit [-Wattribute-warning] 1520 warning: call to 'free' declared with attribute warning: use os::free [-Wattribute-warning] 740 warning: call to 'malloc' declared with attribute warning: use os::malloc [-Wattribute-warning] 18 warning: call to 'posix_memalign' declared with attribute warning: don't use [-Wattribute-warning] 7 warning: call to 'realloc' declared with attribute warning: use os::realloc [-Wattribute-warning] 4 warning: call to 'realpath' declared with attribute warning: use os::Posix::realpath [-Wattribute-warning] 29 warning: call to 'vsnprintf' declared with attribute warning: use os::vsnprintf [-Wattribute-warning] 1 warning: 'jfr_event_writer_flush' violates the C++ One Definition Rule [-Wodr] 1 warning: 'jfr_register_stack_filter' violates the C++ One Definition Rule [-Wodr] 1 warning: 'jfr_type_id' violates the C++ One Definition Rule [-Wodr] 1 warning: 'jfr_unregister_stack_filter' violates the C++ One Definition Rule [-Wodr] 1 warning: 'memset' writing 696 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=] 1 warning: type of 'get_lwp_regs' does not match original declaration [-Wlto-type-mismatch] 1 warning: type of 'init_libproc' does not match original declaration [-Wlto-type-mismatch] sxa@fedora:~/bench/x$
Yes, this is an awful lot of warnings! Given it's usefulness, I won't try adding these extra -W flags
The Adoptium security audit outlined some suggested compiler flags for enhanced security, we need to look at evaluating those, and implementing and testing their use.
As part of the Eclipse Adoptium security audit, the following gcc options were suggested as being used to enhance the security of the JDK binaries. Code generation suggestions:
Compiler Warning suggestions: