diff options
Diffstat (limited to 'clang/docs/ControlFlowIntegrity.rst')
| -rw-r--r-- | clang/docs/ControlFlowIntegrity.rst | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/clang/docs/ControlFlowIntegrity.rst b/clang/docs/ControlFlowIntegrity.rst index 35b03a0e639..5e837db731d 100644 --- a/clang/docs/ControlFlowIntegrity.rst +++ b/clang/docs/ControlFlowIntegrity.rst @@ -104,10 +104,10 @@ dynamic type; that is, the dynamic type of the called object must be a derived class of the static type of the object used to make the call. This CFI scheme can be enabled on its own using ``-fsanitize=cfi-vcall``. -For this scheme to work, all translation units containing the definition -of a virtual member function (whether inline or not), other than members -of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with -``-fsanitize=cfi-vcall`` enabled and be statically linked into the program. +For this scheme to work, all translation units containing the definition of +a virtual member function (whether inline or not), other than members of +:ref:`blacklisted <cfi-blacklist>` types, must be compiled with ``-flto`` +or ``-flto=thin`` enabled and be statically linked into the program. Performance ----------- @@ -152,9 +152,9 @@ functions may be :ref:`blacklisted <cfi-blacklist>`. For this scheme to work, all translation units containing the definition of a virtual member function (whether inline or not), other than members -of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with -``-fsanitize=cfi-derived-cast`` or ``-fsanitize=cfi-unrelated-cast`` enabled -and be statically linked into the program. +of :ref:`blacklisted <cfi-blacklist>` types or types with public :doc:`LTO +visibility <LTOVisibility>`, must be compiled with ``-flto`` or ``-flto=thin`` +enabled and be statically linked into the program. Non-Virtual Member Function Call Checking ========================================= @@ -168,8 +168,9 @@ polymorphic class type. This CFI scheme can be enabled on its own using For this scheme to work, all translation units containing the definition of a virtual member function (whether inline or not), other than members -of :ref:`blacklisted <cfi-blacklist>` types, must be compiled with -``-fsanitize=cfi-nvcall`` enabled and be statically linked into the program. +of :ref:`blacklisted <cfi-blacklist>` types or types with public :doc:`LTO +visibility <LTOVisibility>`, must be compiled with ``-flto`` or ``-flto=thin`` +enabled and be statically linked into the program. .. _cfi-strictness: |
