AD2034: PeEnableLtoDwarf¶
Summary¶
| Property | Value |
|---|---|
| ID | AD2034 |
| Name | PeEnableLtoDwarf |
| Category | Security |
| Severity | Warning |
| Applies to | PE (Windows, MinGW/GCC compiled) |
Description¶
PE binaries compiled with GCC/MinGW should enable Link-Time Optimization (LTO) for improved security and performance. This rule checks DWARF debug information for LTO indicators.
How It Works¶
The rule examines DWARF debug information to detect:
- LTO-related compilation unit attributes
- LTO plugin symbols
- Whole-program optimization indicators
Why This Matters¶
Link-Time Optimization enables whole-program analysis, which is required for effective Control Flow Integrity (CFI) and other advanced security features.
LTO Security Benefits¶
| Benefit | Description |
|---|---|
| CFI enablement | Whole-program visibility for call validation |
| Dead code elimination | Reduces attack surface |
| Cross-module inlining | Better optimization, smaller binaries |
| IPO | Interprocedural security analysis |
How LTO Works¶
Without LTO:
file1.c → file1.o ─┐
file2.c → file2.o ─┼→ Linker → binary
file3.c → file3.o ─┘
(Each file compiled in isolation)
With LTO:
file1.c → file1.bc ─┐
file2.c → file2.bc ─┼→ LTO Plugin → Whole Program Optimization → binary
file3.c → file3.bc ─┘
(Compiler sees entire program)
Build Time vs Security Trade-off¶
| Aspect | Without LTO | With LTO |
|---|---|---|
| Build time | Faster | Slower |
| Binary size | Larger | Smaller |
| CFI quality | Limited | Complete |
| Performance | Good | Better |
Resolution¶
Enable LTO in your MinGW/GCC build:
# GCC
gcc -flto -O2 -o program file1.c file2.c
# With fat LTO objects for debugging
gcc -flto -ffat-lto-objects -O2 -o program file1.c file2.c