The Devil Is in the Command Line: Associating the Compiler Flags With the Binary and Build Metadata

TL;DR

The paper tackles the problem of defects caused by subtle combinations of compiler flags that produce non-reproducible or incorrect binaries. It argues for a structured, queryable record of how compilers generate and link binaries, integrated with CI/CD metadata, to enable earlier defect detection and easier debugging. Potential approaches include parsing build logs to harvest flag data and associating it with builds, as well as optional methods like embedding flag data in binaries, which would demand changes to compiler toolchains. The work highlights practical impact on reproducibility, observability across configurations and architectures, and more robust build pipelines in industry settings.

Abstract

Engineers build large software systems for multiple architectures, operating systems, and configurations. A set of inconsistent or missing compiler flags generates code that catastrophically impacts the system's behavior. In the authors' industry experience, defects caused by an undesired combination of compiler flags are common in nontrivial software projects. We are unaware of any build and CI/CD systems that track how the compiler produces a specific binary in a structured manner. We postulate that a queryable database of how the compiler compiled and linked the software system will help to detect defects earlier and reduce the debugging time.