From: Peter Collingbourne Date: Wed, 13 Jun 2018 23:18:26 +0000 (+0000) Subject: docs: Correct some misstatements in the control flow integrity docs. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d23eb76fcccaf326c6b869b8ea69153df610d0c1;p=clang docs: Correct some misstatements in the control flow integrity docs. These were true at one point but haven't been true for a long time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@334669 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/docs/ControlFlowIntegrity.rst b/docs/ControlFlowIntegrity.rst index 35b03a0e63..5e837db731 100644 --- a/docs/ControlFlowIntegrity.rst +++ b/docs/ControlFlowIntegrity.rst @@ -104,10 +104,10 @@ dynamic type; that is, the dynamic type of the called object must be a derived class of the static type of the object used to make the call. This CFI scheme can be enabled on its own using ``-fsanitize=cfi-vcall``. -For this scheme to work, all translation units containing the definition -of a virtual member function (whether inline or not), other than members -of :ref:`blacklisted ` types, must be compiled with -``-fsanitize=cfi-vcall`` enabled and be statically linked into the program. +For this scheme to work, all translation units containing the definition of +a virtual member function (whether inline or not), other than members of +:ref:`blacklisted ` types, must be compiled with ``-flto`` +or ``-flto=thin`` enabled and be statically linked into the program. Performance ----------- @@ -152,9 +152,9 @@ functions may be :ref:`blacklisted `. For this scheme to work, all translation units containing the definition of a virtual member function (whether inline or not), other than members -of :ref:`blacklisted ` types, must be compiled with -``-fsanitize=cfi-derived-cast`` or ``-fsanitize=cfi-unrelated-cast`` enabled -and be statically linked into the program. +of :ref:`blacklisted ` types or types with public :doc:`LTO +visibility `, must be compiled with ``-flto`` or ``-flto=thin`` +enabled and be statically linked into the program. Non-Virtual Member Function Call Checking ========================================= @@ -168,8 +168,9 @@ polymorphic class type. This CFI scheme can be enabled on its own using For this scheme to work, all translation units containing the definition of a virtual member function (whether inline or not), other than members -of :ref:`blacklisted ` types, must be compiled with -``-fsanitize=cfi-nvcall`` enabled and be statically linked into the program. +of :ref:`blacklisted ` types or types with public :doc:`LTO +visibility `, must be compiled with ``-flto`` or ``-flto=thin`` +enabled and be statically linked into the program. .. _cfi-strictness: