mac: Use -fstack-protector-strong instead of -fstack-protector-all.

mac: Use -fstack-protector-strong instead of -fstack-protector-all.

This should reduce binary size quite a bit, without less security.
We currently use different -fstack-protector flags on different platforms,
and I think -fstack-protector-strong is where we eventually want all platforms
to be.  Chrome OS has been using that flag for a long time already.  Linux
will use it eventually (see bug linked to in the comment I'm adding here.)
clang-cl is very likely going to hook up /GS to -fstack-protector-strong.

BUG=none

Committed: https://crrev.com/53b9133ec5956418541ae10e40547558ae70b387
Cr-Commit-Position: refs/heads/master@{#397174}

[Nico, 2016-06-01 16:11:11]

thakis@chromium.org changed reviewers:
+ mark@chromium.org

[Mark Mentovai, 2016-06-01 16:40:39]

LGTM

[Nico, 2016-06-01 16:44:28]

The CQ bit was checked by thakis@chromium.org

[commit-bot: I haz the power, 2016-06-01 16:44:44]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2029633002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/2029633002/1

[commit-bot: I haz the power, 2016-06-01 17:53:09]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-06-01 17:56:05]

Description was changed from

==========
mac: Use -fstack-protector-strong instead of -fstack-protector-all.

This should reduce binary size quite a bit, without less security.
We currently use different -fstack-protector flags on different platforms,
and I think -fstack-protector-strong is where we eventually want all platforms
to be.  Chrome OS has been using that flag for a long time already.  Linux
will use it eventually (see bug linked to in the comment I'm adding here.)
clang-cl is very likely going to hook up /GS to -fstack-protector-strong.

BUG=none
==========

to

==========
mac: Use -fstack-protector-strong instead of -fstack-protector-all.

This should reduce binary size quite a bit, without less security.
We currently use different -fstack-protector flags on different platforms,
and I think -fstack-protector-strong is where we eventually want all platforms
to be.  Chrome OS has been using that flag for a long time already.  Linux
will use it eventually (see bug linked to in the comment I'm adding here.)
clang-cl is very likely going to hook up /GS to -fstack-protector-strong.

BUG=none

Committed: https://crrev.com/53b9133ec5956418541ae10e40547558ae70b387
Cr-Commit-Position: refs/heads/master@{#397174}
==========

[commit-bot: I haz the power, 2016-06-01 17:56:06]

Patchset 1 (id:??) landed as
https://crrev.com/53b9133ec5956418541ae10e40547558ae70b387
Cr-Commit-Position: refs/heads/master@{#397174}

[Nico, 2016-06-01 19:15:22]

thakis@chromium.org changed reviewers:
+ rsesek@chromium.org

[Nico, 2016-06-01 19:15:23]

I was wondering why this didn't change the size of the final binary
(https://build.chromium.org/p/chromium.chrome/builders/Google%20Chrome%20Mac/b...)
– looks like we only pass this for debug builds on os x, but we do pass it for
release builds too in the gn build. So this should reduce the size of the final
binary in the gn build, but this also means the gn binary will be larger (since
it builds with stack protector on but gyp doesn't – and the default is
-fstack-protector, which is smaller than -fstack-protector-strong).

[Robert Sesek, 2016-06-10 20:41:15]

On 2016/06/01 19:15:23, Nico (traveling...slow) wrote:
> I was wondering why this didn't change the size of the final binary
>
(https://build.chromium.org/p/chromium.chrome/builders/Google%20Chrome%20Mac/b...)
> – looks like we only pass this for debug builds on os x, but we do pass it for
> release builds too in the gn build. So this should reduce the size of the
final
> binary in the gn build, but this also means the gn binary will be larger
(since
> it builds with stack protector on but gyp doesn't – and the default is
> -fstack-protector, which is smaller than -fstack-protector-strong).

Switching from -fstack-protector-strong to just -fstack-protector in the GN
official build gets the size compared to GYP just about the same (100 kb delta,
gn being larger).