diff --git a/tosa_converter_for_tflite/BUILD b/tosa_converter_for_tflite/BUILD index aafd70c3163506e57f8fc993143408921fb40ca5..fe9abfbffb24464f4dc1d75a7806d24669090a95 100644 --- a/tosa_converter_for_tflite/BUILD +++ b/tosa_converter_for_tflite/BUILD @@ -6,6 +6,51 @@ load("@pybind11_bazel//:build_defs.bzl", "pybind_extension") +# ----------------------------------------------------------------------------- +# Hardened compile flags +# ----------------------------------------------------------------------------- +TCFT_HARDENED_COPTS = [ + # optimizations and warnings + "-Wall", + "-Wformat", + "-Wformat=2", + "-Wconversion", + "-Wimplicit-fallthrough", + "-Werror=format-security", + + # fortify + "-U_FORTIFY_SOURCE", + "-D_FORTIFY_SOURCE=3", + "-D_GLIBCXX_ASSERTIONS", + + # strict arrays + "-fstrict-flex-arrays=3", + + # stack protection + "-fstack-clash-protection", + "-fstack-protector-strong", + + # overflow/null-pointer checks + "-fno-delete-null-pointer-checks", + "-fno-strict-overflow", + "-fno-strict-aliasing", + "-ftrivial-auto-var-init=zero", + + # pthreads exception support + "-fexceptions", +] + +# ----------------------------------------------------------------------------- +# Hardened link flags +# ----------------------------------------------------------------------------- +TCFT_HARDENED_LINKOPTS = [ + "-Wl,-z,noexecstack", + "-Wl,-z,relro", + "-Wl,-z,now", + "-Wl,--as-needed", + "-Wl,--no-copy-dt-needed-entries", +] + cc_library( name = "tosa_converter_for_tflite_lib", srcs = ["tosa_converter_for_tflite.cc", "override_tflite_input_shape.cc"], @@ -14,6 +59,7 @@ cc_library( "@org_tensorflow//tensorflow/compiler/mlir/lite:flatbuffer_translate_lib", "@org_tensorflow//tensorflow/compiler/mlir/tosa:tfl_passes", ], + copts = TCFT_HARDENED_COPTS, ) pybind_extension( @@ -24,6 +70,8 @@ pybind_extension( deps = [ ":tosa_converter_for_tflite_lib", ], + copts = TCFT_HARDENED_COPTS, + linkopts = TCFT_HARDENED_LINKOPTS, ) py_library(