ControlFlowIntegrity.rst - OpenGrok cross reference for /external/clang/docs/ControlFlowIntegrity.rst

Lines Matching refs:cfi
22 To enable Clang's available CFI schemes, use the flag ``-fsanitize=cfi``.
23 You can also enable a subset of available :ref:`schemes <cfi-schemes>`.
32 :ref:`cross-DSO control flow integrity <cfi-cross-dso>` exists that
45   -  ``-fsanitize=cfi-cast-strict``: Enables :ref:`strict cast checks
46      <cfi-strictness>`.
47   -  ``-fsanitize=cfi-derived-cast``: Base-to-derived cast to the wrong
49   -  ``-fsanitize=cfi-unrelated-cast``: Cast from ``void*`` or another
51   -  ``-fsanitize=cfi-nvcall``: Non-virtual call via an object whose vptr is of
53   -  ``-fsanitize=cfi-vcall``: Virtual call via an object whose vptr is of the
55   -  ``-fsanitize=cfi-icall``: Indirect call of a function with wrong dynamic
58 You can use ``-fsanitize=cfi`` to enable all the schemes and use
61 ``-fsanitize=cfi -fno-sanitize=cfi-nvcall,cfi-icall``
93 This CFI scheme can be enabled on its own using ``-fsanitize=cfi-vcall``.
97 of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with
98 ``-fsanitize=cfi-vcall`` enabled and be statically linked into the program.
125 ``-fsanitize=cfi-derived-cast``), and bad casts from a pointer of
127 ``-fsanitize=cfi-unrelated-cast``).
138 functions may be :ref:`blacklisted <cfi-blacklist>`.
142 of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with
143 ``-fsanitize=cfi-derived-cast`` or ``-fsanitize=cfi-unrelated-cast`` enabled
154 ``-fsanitize=cfi-nvcall``.
158 of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with
159 ``-fsanitize=cfi-nvcall`` enabled and be statically linked into the program.
176 default. It can be disabled with ``-fsanitize=cfi-cast-strict``.
184 using ``-fsanitize=cfi-icall``.
187 than calls in :ref:`blacklisted <cfi-blacklist>` functions, must call a
188 function which was either compiled with ``-fsanitize=cfi-icall`` enabled,
190 ``-fsanitize=cfi-icall``.
192 If a function in a translation unit compiled with ``-fsanitize=cfi-icall``
193 takes the address of a function not compiled with ``-fsanitize=cfi-icall``,
195 unit not compiled with ``-fsanitize=cfi-icall``. This is technically a
198 Each translation unit compiled with ``-fsanitize=cfi-icall`` must be
201 ``-fsanitize=cfi-icall``.
205 ``-fsanitize=cfi-icall`` and ``-fsanitize=function``
211 to find bugs in local development builds, whereas ``-fsanitize=cfi-icall``
218 programs, whereas ``-fsanitize=cfi-icall`` can protect both C and C++ programs.
257 Use **-f[no-]sanitize-cfi-cross-dso** to enable the cross-DSO control