Lines Matching +full:- +full:fsanitize

22 To enable Clang's available CFI schemes, use the flag ``-fsanitize=cfi``.
23 You can also enable a subset of available :ref:`schemes <cfi-schemes>`.
24 As currently implemented, all schemes rely on link-time optimization (LTO);
25 so it is required to specify ``-flto``, and the linker used must support LTO,
38 The ``-fsanitize=cfi-{vcall,nvcall,derived-cast,unrelated-cast}`` flags
39 require that a ``-fvisibility=`` flag also be specified. This is because the
40 default visibility setting is ``-fvisibility=default``, which would disable
42 to specify ``-fvisibility=hidden``, which enables CFI checks for such classes.
44 Experimental support for :ref:`cross-DSO control flow integrity
45 <cfi-cross-dso>` exists that does not require classes to have hidden LTO
46 visibility. This cross-DSO support has unstable ABI at this time.
50 .. _cfi-schemes:
57   -  ``-fsanitize=cfi-cast-strict``: Enables :ref:`strict cast checks
58      <cfi-strictness>`.
59   -  ``-fsanitize=cfi-derived-cast``: Base-to-derived cast to the wrong
61   -  ``-fsanitize=cfi-unrelated-cast``: Cast from ``void*`` or another
63   -  ``-fsanitize=cfi-nvcall``: Non-virtual call via an object whose vptr is of
65   -  ``-fsanitize=cfi-vcall``: Virtual call via an object whose vptr is of the
67   -  ``-fsanitize=cfi-icall``: Indirect call of a function with wrong dynamic
70 You can use ``-fsanitize=cfi`` to enable all the schemes and use
71 ``-fno-sanitize`` flag to narrow down the set of schemes as desired.
73 ``-fsanitize=cfi -fno-sanitize=cfi-nvcall,cfi-icall``
74 to use all schemes except for non-virtual member function call and indirect call
77 Remember that you have to provide ``-flto`` if at least one CFI scheme is
84 flow integrity violation. You can use the :ref:`-fno-sanitize-trap=
85 <controlling-code-generation>` flag to cause CFI to print a diagnostic
88 .. code-block:: console
90 …bad-cast.cpp:109:7: runtime error: control flow integrity check for type 'B' failed during base-to…
96 execution instead of aborting by using the :ref:`-fsanitize-recover=
97 <controlling-code-generation>` flag.
99 Forward-Edge CFI for Virtual Calls
105 This CFI scheme can be enabled on its own using ``-fsanitize=cfi-vcall``.
109 of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with
110 ``-fsanitize=cfi-vcall`` enabled and be statically linked into the program.
113 -----------
118 virtual-call-heavy SPEC 2006 xalancbmk.
137 ``-fsanitize=cfi-derived-cast``), and bad casts from a pointer of
139 ``-fsanitize=cfi-unrelated-cast``).
151 functions may be :ref:`blacklisted <cfi-blacklist>`.
155 of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with
156 ``-fsanitize=cfi-derived-cast`` or ``-fsanitize=cfi-unrelated-cast`` enabled
159 Non-Virtual Member Function Call Checking
162 This scheme checks that non-virtual calls take place using an object of
167 ``-fsanitize=cfi-nvcall``.
171 of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with
172 ``-fsanitize=cfi-nvcall`` enabled and be statically linked into the program.
174 .. _cfi-strictness:
177 ----------
179 If a class has a single non-virtual base and does not introduce or override
189 default. It can be disabled with ``-fsanitize=cfi-cast-strict``.
197 using ``-fsanitize=cfi-icall``.
200 than calls in :ref:`blacklisted <cfi-blacklist>` functions, must call a
201 function which was either compiled with ``-fsanitize=cfi-icall`` enabled,
203 ``-fsanitize=cfi-icall``.
205 If a function in a translation unit compiled with ``-fsanitize=cfi-icall``
206 takes the address of a function not compiled with ``-fsanitize=cfi-icall``,
208 unit not compiled with ``-fsanitize=cfi-icall``. This is technically a
211 Each translation unit compiled with ``-fsanitize=cfi-icall`` must be
214 ``-fsanitize=cfi-icall``.
218 ``-fsanitize=cfi-icall`` and ``-fsanitize=function``
219 ----------------------------------------------------
221 This tool is similar to ``-fsanitize=function`` in that both tools check
223 on the design space; ``-fsanitize=function`` is a developer tool designed
224 to find bugs in local development builds, whereas ``-fsanitize=cfi-icall``
227 ``-fsanitize=function`` has a higher space and time overhead due to a more
228 complex type check at indirect call sites, as well as a need for run-time
230 of the need for RTTI, ``-fsanitize=function`` can only be used with C++
231 programs, whereas ``-fsanitize=cfi-icall`` can protect both C and C++ programs.
233 On the other hand, ``-fsanitize=function`` conforms more closely with the C++
239 .. _cfi-blacklist:
248 .. code-block:: bash
258 .. _cfi-cross-dso:
263 Use **-f[no-]sanitize-cfi-cross-dso** to enable the cross-DSO control
266 built with ``-flto``.
269 visibility. With this flag enabled, the compiler will emit cross-DSO CFI
281 `Control-Flow Integrity: Principles, Implementations, and Applications <http://research.microsoft.c…
284 `Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM <http://www.pcc.me.uk/~peter/acad/usen…