From f3a5314f95959db80ab88c825b6d8cce13af1a90 Mon Sep 17 00:00:00 2001 From: Jordan Gonzalez <30836115+duncanista@users.noreply.github.com> Date: Tue, 23 Jun 2026 22:46:32 -0400 Subject: [PATCH] perf(build): set -Ctarget-cpu for Graviton2 / x86-64-v2 Lambda CPUs are known at build time: arm64 is Graviton2 (neoverse-n1) and x86_64 is targeted at the universally-safe x86-64-v2 baseline. Pin -Ctarget-cpu per PLATFORM in both compile Dockerfiles so codegen can use the available ISA extensions (helps crypto/compression during init). x86-64-v3 is deliberately avoided: it is not guaranteed across all Lambda x86 hosts and a wrong ISA surfaces as SIGILL at runtime. --- images/Dockerfile.bottlecap.alpine.compile | 7 ++++++- images/Dockerfile.bottlecap.compile | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/images/Dockerfile.bottlecap.alpine.compile b/images/Dockerfile.bottlecap.alpine.compile index 9858c5662..fc8a4f742 100644 --- a/images/Dockerfile.bottlecap.alpine.compile +++ b/images/Dockerfile.bottlecap.alpine.compile @@ -38,10 +38,15 @@ RUN --mount=type=cache,target=/root/.cargo/git \ else \ export FEATURES=default; \ fi; \ + # Tune codegen for the known Lambda CPUs: arm64 is Graviton2 (neoverse-n1), + # x86_64 uses the universally-safe x86-64-v2 baseline (NOT v3, which risks SIGILL). + if [ "${PLATFORM}" = "aarch64" ]; then TARGET_CPU="neoverse-n1"; else TARGET_CPU="x86-64-v2"; fi; \ if [ "${PLATFORM}" = "x86_64" ]; then \ # The `libddwaf` crate links against static objects that require `libclang_rt.builtins`, but # this is not presented to the linker by default on this platform, so we force it in. - export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m)"; \ + export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m) -Ctarget-cpu=${TARGET_CPU}"; \ + else \ + export RUSTFLAGS="${RUSTFLAGS:-} -Ctarget-cpu=${TARGET_CPU}"; \ fi; \ # We use a wrapper to allow `libddwaf-sys`' build.rs to be compiled with # -Ctarget-feature=-crt-static so that it is capable of dynamically loading diff --git a/images/Dockerfile.bottlecap.compile b/images/Dockerfile.bottlecap.compile index 12a23f64b..d297c9eee 100644 --- a/images/Dockerfile.bottlecap.compile +++ b/images/Dockerfile.bottlecap.compile @@ -43,9 +43,12 @@ RUN --mount=type=cache,target=/usr/local/cargo/git \ export BUILD_MODE=debug; \ export BUILD_FLAG=""; \ fi; \ + # Tune codegen for the known Lambda CPUs: arm64 is Graviton2 (neoverse-n1), + # x86_64 uses the universally-safe x86-64-v2 baseline (NOT v3, which risks SIGILL). + if [ "${PLATFORM}" = "aarch64" ]; then TARGET_CPU="neoverse-n1"; else TARGET_CPU="x86-64-v2"; fi; \ # The `libddwaf` crate links against static objects that require `libclang_rt.builtins`, but # this is not presented to the linker by default on this platform, so we force it in. - export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m)"; \ + export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m) -Ctarget-cpu=${TARGET_CPU}"; \ cargo +stable build --verbose --locked --no-default-features --features="${FEATURES}" ${BUILD_FLAG} && \ mkdir -p /tmp/out && cp "/tmp/dd/bottlecap/target/${BUILD_MODE}/bottlecap" /tmp/out/bottlecap