remove need for -fno-pie and -no-pie#1817
remove need for -fno-pie and -no-pie#1817solskogen wants to merge 2 commits intoBlitterStudio:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to stop forcing non-PIE builds for JIT and removes the ARM-side compile-time guard that rejected PIE builds.
Changes:
- Removed the
__pie__/__PIE__compile-time error from the ARM JIT support file. - Removed the
-fno-pieand-no-piecompile/link flags from the CMake target (but left behind emptytarget_*_options()calls).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/jit/arm/compemu_support_arm.cpp |
Allows building the ARM JIT code even when the toolchain defines PIE (__pie__/__PIE__). |
cmake/SourceFiles.cmake |
Stops explicitly overriding PIE in non-Android/non-Windows builds (currently leaving empty options calls). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cmake/SourceFiles.cmake
Outdated
| if(NOT ANDROID AND NOT WIN32) | ||
| target_compile_options(${PROJECT_NAME} PRIVATE -fno-pie) | ||
| target_link_options(${PROJECT_NAME} PRIVATE -no-pie) | ||
| target_compile_options(${PROJECT_NAME} PRIVATE ) | ||
| target_link_options(${PROJECT_NAME} PRIVATE ) |
There was a problem hiding this comment.
The if(NOT ANDROID AND NOT WIN32) block now calls target_compile_options / target_link_options with no options, which is a no-op at best and makes the build logic harder to understand. Remove these empty calls (and likely the whole if branch) rather than leaving placeholder commands behind.
There was a problem hiding this comment.
@copilot update pull request to apply changes based on this feedback
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
cmake/SourceFiles.cmake:568
- Dropping the global
-fno-pie/-no-pieoverride means Linux/BSD toolchains that default to PIE will now build the main executable as PIE. The x86_64 JIT exception-handler path still contains logic that relies on non-PIE global placement (it allocatesveccodewithUAE_VM_32BIT/MAP_32BITspecifically because it expects globals to be within range of low 2GB mappings). This can cause runtime failures when RIP-relative references fromveccodecan’t reach PIE-loaded globals. Consider either (1) keeping non-PIE only for the affected JIT configurations/architectures, or (2) making the exception handler’sveccodeallocation anchor near the .data segment so PIE builds remain safe.
if(WIN32 AND CMAKE_SIZEOF_VOID_P EQUAL 8)
# x86_64 JIT is now 64-bit pointer-clean: no longer needs ASLR-disabling
# linker flags or forced low image base.
# Mark as GUI application in Release builds to suppress the console
# window. Debug builds keep the console for convenience.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
midwan
left a comment
midwan
left a comment
There was a problem hiding this comment.
@solskogen did you test this on x86-64? It seems likely that it would break JIT there. It's probably safe for ARM64 JIT however.
ARM64 — The PIE guard removal is safe. ARM64 JIT is already fully 64-bit pointer-clean: UAE_VM_32BIT is dropped for natmem, vm_acquire()/vm_acquire_code() clear the 32-bit flag on CPU_AARCH64, and there's no RIP-relative addressing.
x86-64 — The PIE guard removal is unsafe. The x86-64 JIT generates RIP-relative [rip+disp32] encodings (via _r_X macro in codegen_x86.h:423) to reference globals like regs.pc_p, specflags, live.state[].mem, and bi->pc_p. These 32-bit displacements require all targets within ±2GB of the JIT code. With PIE, ASLR moves globals to high addresses while JIT code sits in the low 2GB (via MAP_32BIT), breaking the ±2GB invariant.
Additionally, the exception handler (exception_handler.cpp:890-894) explicitly documents its dependency on non-PIE globals being in range.
Recommended approach:
- Split the PR — accept ARM64 PIE support, keep x86-64 restrictions
- Or scope the CMake flags to x86-64 only:
if(NOT ANDROID AND NOT WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64")
target_compile_options(${PROJECT_NAME} PRIVATE -fno-pie)
target_link_options(${PROJECT_NAME} PRIVATE -no-pie)
endif()
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if(NOT ANDROID AND NOT WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64") | ||
| target_compile_options(${PROJECT_NAME} PRIVATE -fno-pie) | ||
| target_link_options(${PROJECT_NAME} PRIVATE -no-pie) |
There was a problem hiding this comment.
The PR title indicates we no longer need to force non-PIE builds, but SourceFiles.cmake still applies -fno-pie/-no-pie for non-Android/non-Windows x86_64/amd64. If PIE is now supported (as implied by removing the __pie__/__PIE__ hard-error guards), these options should be removed; otherwise the PR still disables PIE/ASLR on those builds and doesn’t match the stated goal.
| # come after static libs that depend on them (enet, etc.). | ||
|
|
||
| if(NOT ANDROID AND NOT WIN32) | ||
| if(NOT ANDROID AND NOT WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64") |
There was a problem hiding this comment.
CMAKE_SYSTEM_PROCESSOR matching is case-sensitive. "x86_64|amd64" covers the standard Linux and FreeBSD values, but some cross-compilation setups or toolchains might report X86_64 or AMD64. A safer pattern would be:
if(NOT ANDROID AND NOT WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "[xX]86_64|[aA][mM][dD]64")
Low risk in practice since native builds always report lowercase, but worth considering for robustness.
| #endif | ||
| #include "uae/log.h" | ||
|
|
||
| #if defined(__pie__) || defined (__PIE__) |
There was a problem hiding this comment.
This is a problematic change. The x86-64 JIT fundamentally depends on non-PIE:
RIP-relative [rip+disp32] encodings require globals within ±2GB of JIT code
UAE_VM_32BIT (MAP_32BIT) anchors natmem allocations in the low 4GB
There are 432 uses of JITPTR and related pointer arithmetic across 8 files
The exception handler (exception_handler.cpp:890-894) explicitly documents this dependency
The CMake flag change protects standard Linux/FreeBSD builds, but the #error guard is a defense-in-depth mechanism that catches:
Custom build systems (Makefiles, Meson, etc.) that don't use CMake
CMake misconfigurations or overrides (-DCMAKE_POSITION_INDEPENDENT_CODE=ON)
Distro packaging scripts that force PIE globally
Recommendation: Keep the guard in the x86 JIT but scope it to x86-64 only:
#if defined(CPU_x86_64) && (defined(__pie__) || defined(__PIE__))
#error Position-independent code (PIE) cannot be used with x86-64 JIT
#endif
This lets ARM64 builds proceed with PIE while still catching dangerous x86-64 PIE builds at compile time.
There was a problem hiding this comment.
Or ideally we'll need to do the work to make x86-64 JIT truly 64-bit clean, not needing PIE as well (like the work I did on the ARM64 JIT).
|
This PR is obsolete with the changes in #1820 |
@midwan