base.txt

# Extra C flags appended to every static-archive translation unit across both
# netty and netty-tcnative, on EVERY platform and target. One flag per line;
# blank lines and `#`-comment lines are ignored.
#
# Read by scripts/stage-natives.sh and scripts/stage-natives-tcnative.sh,
# threaded into Makefile.static via the USER_CFLAGS make variable.
#
# Sibling files in this directory layer on top of base.txt:
#   linux.txt / darwin.txt                                       — per-OS
#   linux-amd64.txt / linux-arm64.txt /
#     darwin-amd64.txt / darwin-arm64.txt                        — per OS+arch
#   linux-bin.txt / darwin-bin.txt                               — per-OS final-link
#   linux-amd64-bin.txt / linux-arm64-bin.txt /
#     darwin-amd64-bin.txt / darwin-arm64-bin.txt                — per OS+arch final-link
# Compile rollup: base → os → os-arch.
# Binary  rollup: base → os → os-arch → os-bin → os-arch-bin.
# See cli/cflags.{sh,ts} for the canonical resolver.
#
# Toolchain assumption: clang 22.x on every supported platform (no GCC, no
# Apple-clang). Flags here must work on mainline clang for both Linux and
# macOS. Anything GCC-only or platform-specific belongs in a sibling file.

# Enable thin LTO; generates LLVM bitcode for library outputs, instead of e.g. machO
# or ELF. Then, applies whole-program optimization at final link stages.
-flto=thin

# Emit each function and data object into its own section so the linker
# (with --gc-sections / -dead_strip) can drop anything unreferenced. Trims
# binary size and removes dead code from the final image.
-ffunction-sections
-fdata-sections

# Silence clang's -Wunused-command-line-argument warning. Several upstream
# native poms hardcode -Werror, which combines with the warning to turn
# benign link-only flags (e.g. -fuse-ld=lld passed during a compile-only
# conftest) into fatal errors. -Qunused-arguments tells clang to swallow
# those silently — equivalent to -Wno-unused-command-line-argument but the
# canonical clang spelling.
-Qunused-arguments

# Gate out netty-jni-util's dladdr branch in JNI_OnLoad. That branch
# discovers the loaded library's name at runtime by passing a function
# pointer back through dladdr — which fails on a stripped statically-linked
# binary (dladdr returns 0) and emits "FATAL: netty_<lib> JNI call to
# dladdr failed!" at startup. SVM static-JNI builds always know the library
# name at compile time, so the branch is unnecessary anyway. Threads through
# USER_CFLAGS into every transport + tcnative static-archive build.
-DNETTY_JNI_UTIL_BUILD_STATIC

# Always generate debug information; the final binary is stripped when needed,
# and debug symbols are used in later pipeline stages.
-g

# Prefer optimizing at level 3.
-O3

# Aggressive constant merging: dedupe equal string and numeric constant
# pool entries across translation units. Smaller binary, fewer
# relocations to apply at load — a small but free startup win. Mild
# ISO C/C++ violation: the standard guarantees distinct addresses for
# distinct string literals, but our code does not depend on that.
-fmerge-all-constants

# Position-independent code/executables. PIC is required for objects that
# may end up in shared libraries; PIE is required for the final executable
# to participate in ASLR. Including both covers objects destined for either.
-fPIC
-fPIE

# Hardening, unwind, and debuggability flags:
#   exceptions                  - emit unwind tables for all code so stack unwinding
#                                 (C++ exceptions, Rust panics, foreign runtimes)
#                                 can traverse C frames cleanly.
#   asynchronous-unwind-tables  - emit unwind info usable from arbitrary signal/
#                                 sample points (profilers, perf, crash collectors),
#                                 not just at call boundaries. Stronger than the
#                                 plain `-funwind-tables` implied by -fexceptions.
#                                 Kept on for now — better profiling > the table size.
#   no-omit-frame-pointer       - preserve %rbp/x29 for reliable backtraces in
#                                 profilers, debuggers, and crash handlers.
#   no-strict-aliasing          - disable type-based alias analysis; matches the
#                                 assumptions most systems C/C++ code is actually written under.
#   no-strict-overflow          - treat signed integer overflow as wrapping rather than UB,
#                                 closing a class of optimizer-induced bounds-check removals.
#   no-delete-null-pointer-checks - keep explicit null checks even after a prior deref;
#                                 prevents silent removal of defensive code.
#
# NOTE: -fstack-protector-strong and -fzero-call-used-regs=used-gpr are
# parked in labs.disabled.txt while we prioritise startup time.
# -fstack-clash-protection lives in linux.txt because Apple's clang
# rejects it on darwin (no codegen support).
-fexceptions
-fasynchronous-unwind-tables
-fno-omit-frame-pointer
-fno-strict-aliasing
-fno-strict-overflow
-fno-delete-null-pointer-checks

# General definitions which always apply.
-DELIDE

# Warning configuration — clang-compatible set applied on every platform.
# (GCC-only diagnostics like -Wlogical-op, -Wduplicated-cond/branches,
# -Wtraditional-conversion, -Wformat-signedness, -Wformat-overflow=N,
# -Wformat-truncation=N, -Wstringop-overflow=N, -Wtrampolines,
# -Warith-conversion, -Whardened are deliberately omitted: clang either
# rejects them outright or accepts them as no-ops, and combined with the
# upstream -Werror they would either fail the build or give false confidence.)
#
#   Baselines:
#     Wall, Wextra, Wpedantic      - standard escalation; Wpedantic enforces strict ISO C/C++.
#
#   Format strings:
#     Wformat=2, Wformat-security  - maximum scrutiny on printf/scanf families:
#                                    arg-type mismatches and %s on non-literal format strings.
#
#   Memory and bounds:
#     Wnull-dereference            - flag paths that may deref a known-null pointer.
#     Warray-bounds                - out-of-bounds index detection.
#     Wframe-larger-than=1000000   - warn on any function whose stack frame exceeds 1 MB.
#                                    clang's analogue of GCC's -Wstack-usage=N (clang
#                                    rejects -Wstack-usage with "unknown warning option"
#                                    even on mainline clang 22).
#
#   Stack/control-flow surface:
#     Wstack-protector             - warn when a canary was requested but couldn't be inserted.
#     Walloca, Wvla                - warn on dynamic stack allocation (alloca + VLAs);
#                                    both defeat stack-usage analysis and clash protection.
#
#   Integer/conversion correctness:
#     Wshift-overflow              - flag shifts that overflow or shift the sign bit.
#     Wstrict-overflow             - call out optimizations that assume signed overflow is UB.
#     (-Wconversion is intentionally NOT enabled: too noisy across Netty's
#      JNI glue and BoringSSL's x86 intrinsics, drowns the signal we do want.)
#
#   Logic and control flow:
#     Wimplicit-fallthrough        - require an explicit attribute to fall through a case.
#     Wswitch-default, Wswitch-enum - require a default and exhaustive enum coverage.
#     Wshadow                      - any identifier shadowing in nested scopes.
#     Wundef                       - referencing an undefined identifier in #if.
#
#   Types, casts, prototypes:
#     Wcast-qual                   - casts that strip const/volatile.
#     Wcast-align                  - casts to a stricter-aligned type.
#     Wstrict-prototypes           - reject K&R-style () declarations (C only; harmless on C++).
-Wall
-Wextra
-Wpedantic
-Wformat=2
-Wformat-security
-Wnull-dereference
-Wstack-protector
-Walloca
-Wvla
-Warray-bounds
-Wimplicit-fallthrough
-Wshift-overflow
-Wcast-qual
-Wcast-align
-Wshadow
-Wundef
-Wstrict-prototypes
-Wstrict-overflow
-Wswitch-default
-Wswitch-enum
-Wframe-larger-than=1000000