Skip to content

Automatically detect file-bearing compiler/linker flags for fingerprint invalidation#53

Open
Orphis wants to merge 1 commit into
feature/TIPI-1757/transitive-dependency-handlingfrom
feature/file-flag-detection
Open

Automatically detect file-bearing compiler/linker flags for fingerprint invalidation#53
Orphis wants to merge 1 commit into
feature/TIPI-1757/transitive-dependency-handlingfrom
feature/file-flag-detection

Conversation

@Orphis

@Orphis Orphis commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Flags such as -fsanitize-memory-ignorelist=msan.ignore or -include forced.h take a file as their argument. HFC's toolchain fingerprint already captured the flag string, but not the content of the referenced file, so editing that file left dependencies reused with stale instrumentation. Users worked around this by hashing the file themselves and injecting the digest on the command line.

This detects file-bearing flags automatically and folds each referenced file's SHA256 content hash into the toolchain fingerprint, so editing the file triggers a rebuild with no manual hashing.

  • hfc_scan_file_flags.cmake: built-in GCC/Clang table (sanitizer/coverage ignore/allow-lists, PGO/sample/auto profiles, XRay lists, modules, plugins/ specs, -include/-imacros, linker --version-script/--dynamic-list/-T incl. -Wl,/-Xlinker unwrapping, @response files). Attached "flag=path" and separated "flag path" forms, deterministic sorted output, unresolved files skipped.
  • Wired into both fingerprint paths: literal flags in compute_live_toolchain_fingerprint, GENEX-resolved flags in compute_augmented_toolchain_fingerprint_isolated.
  • On by default; HERMETIC_FETCHCONTENT_DISABLE_FILE_FLAG_DETECTION opt-out and HERMETIC_FETCHCONTENT_ADDITIONAL_FILE_FLAGS user-extensible list.
  • End-to-end test (AtBuildTime + AtConfigureTime) plus docs.

Change-Id: I1b32bf81f1aca2d35210d0d33ea10423a032761c

…nt invalidation

Flags such as -fsanitize-memory-ignorelist=msan.ignore or -include forced.h
take a file as their argument. HFC's toolchain fingerprint already captured the
flag string, but not the content of the referenced file, so editing that file
left dependencies reused with stale instrumentation. Users worked around this by
hashing the file themselves and injecting the digest on the command line.

This detects file-bearing flags automatically and folds each referenced file's
SHA256 content hash into the toolchain fingerprint, so editing the file triggers
a rebuild with no manual hashing.

- hfc_scan_file_flags.cmake: built-in GCC/Clang table (sanitizer/coverage
  ignore/allow-lists, PGO/sample/auto profiles, XRay lists, modules, plugins/
  specs, -include/-imacros, linker --version-script/--dynamic-list/-T incl.
  -Wl,/-Xlinker unwrapping, @response files). Attached "flag=path" and separated
  "flag path" forms, deterministic sorted output, unresolved files skipped.
- Wired into both fingerprint paths: literal flags in
  compute_live_toolchain_fingerprint, GENEX-resolved flags in
  compute_augmented_toolchain_fingerprint_isolated.
- On by default; HERMETIC_FETCHCONTENT_DISABLE_FILE_FLAG_DETECTION opt-out and
  HERMETIC_FETCHCONTENT_ADDITIONAL_FILE_FLAGS user-extensible list.
- End-to-end test (AtBuildTime + AtConfigureTime) plus docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Change-Id: I1b32bf81f1aca2d35210d0d33ea10423a032761c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant