toolchain: gcc: add fanalyzer config option

Add gcc config option for fanalyzer. As a result of this option, a static analysis of the program flow is conducted, allowing interprocedural paths to be identified and warnings to be issued if problems are identified. Link: https://github.com/openwrt/openwrt/pull/12576 Signed-off-by: Nick Hainke <vincent@systemli.org>
2025-12-07 05:04:00 -05:00 · 2023-05-10 03:53:34 +02:00 · 2023-05-10 03:53:34 +02:00 · 557c174a3c
commit 557c174a3c
parent 57e8eb6208
2 changed files with 15 additions and 0 deletions
--- a/config/Config-build.in
+++ b/config/Config-build.in
@ -250,6 +250,15 @@ menu "Global build settings"

 	comment "Hardening build options"

+	config PKG_FANALYZER
+		bool
+		prompt "Enable gcc fanalyzer"
+		default n
+		help
+		  Add -fanalyzer to the CFLAGS. As a result of this option, a static analysis
+		  of the program flow is conducted, allowing interprocedural paths to be
+		  identified and warnings to be issued if problems are identified.
+
 	config PKG_CHECK_FORMAT_SECURITY
 		bool
 		prompt "Enable gcc format-security"
--- a/include/hardening.mk
+++ b/include/hardening.mk
@ -9,6 +9,7 @@ PKG_SSP ?= 1
 PKG_FORTIFY_SOURCE ?= 1
 PKG_RELRO ?= 1
 PKG_DT_RELR ?= 1
+PKG_FANALYZER ?= 0

 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
  ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
@ -77,3 +78,8 @@ ifdef CONFIG_PKG_DT_RELR
  endif
 endif

+ifdef CONFIG_PKG_FANALYZER
+  ifeq ($(strip $(PKG_FANALYZER)),1)
+    TARGET_CFLAGS +=  -fanalyzer
+  endif
+endif