Trampoline assembly requires recent binutils

[maleadt]

On binutils 2.26:

[16:23:43]  gcc -m64 -O0 -ggdb2 -DJL_DEBUG_BUILD -fstack-protector -DDEP_LIBS="\"$("/usr/bin/python" /workspace/srcdir/contrib/relative_path.py /workspace/srcdir/usr/lib /workspace/srcdir/usr/lib/libgcc_s.so.1):$("/usr/bin/python" /workspace/srcdir/contrib/relative_path.py /workspace/srcdir/usr/lib /workspace/srcdir/usr/lib/libopenlibm.so):$("/usr/bin/python" /workspace/srcdir/contrib/relative_path.py /workspace/srcdir/usr/lib /workspace/srcdir/usr/lib/libjulia-internal-debug.so.1.6)\"" -std=gnu99 -pipe -fPIC -fno-strict-aliasing -D_FILE_OFFSET_BITS=64 -I/workspace/srcdir/src -I/workspace/srcdir/src -I/workspace/srcdir/src/support -I/workspace/srcdir/usr/include -ffreestanding /workspace/srcdir/cli/trampolines/trampolines_x86_64.S -c -o loader_trampolines.o
[16:23:43] /workspace/srcdir/cli/trampolines/trampolines_x86_64.S: Assembler messages:
[16:23:43] /workspace/srcdir/cli/trampolines/trampolines_x86_64.S:44: Error: no such instruction: `endbr64'

That means Julia can't be built by BinaryBuilder anymore, which ships binutils 2.24: https://github.com/JuliaPackaging/Yggdrasil/blob/a8837c7ced39dbdd5a0475a2c3c624ef5986c713/B/Binutils/build_tarballs.jl#L11. That in turn means no PkgEval anymore.

Works with binutils 2.30, but I don't know what the exact version needed is. Either Yggdrasil needs to be updated (and this requirement probably documented, because it prevents building Julia on e.g. Ubuntu 16.04, which I'm sure some users will complain about), or the trampoline assembly needs to updated if possible.

[vtjnash]

I'll fix:

-fcf-protection=[full|branch|return|none|check]
Enable code instrumentation of control-flow transfers to increase program security by checking that target addresses of control-flow transfer instructions (such as indirect function call, function return, indirect jump) are valid. This prevents diverting the flow of control to an unexpected target. This is intended to protect against such threats as Return-oriented Programming (ROP), and similarly call/jmp-oriented programming (COP/JOP).

The value branch tells the compiler to implement checking of validity of control-flow transfer at the point of indirect branch instructions, i.e. call/jmp instructions. The value return implements checking of validity at the point of returning from a function. The value full is an alias for specifying both branch and return. The value none turns off instrumentation.

The value check is used for the final link with link-time optimization (LTO). An error is issued if LTO object files are compiled with different -fcf-protection values. The value check is ignored at the compile time.

The macro __CET__ is defined when -fcf-protection is used. The first bit of __CET__ is set to 1 for the value branch and the second bit of __CET__ is set to 1 for the return.

You can also use the nocf_check attribute to identify which functions and calls should be skipped from instrumentation (see Function Attributes).

Currently the x86 GNU/Linux target provides an implementation based on Intel Control-flow Enforcement Technology (CET).