You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Instrumentation-Options.html 51KB

3 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  2. <html>
  3. <!-- Copyright (C) 1988-2020 Free Software Foundation, Inc.
  4. Permission is granted to copy, distribute and/or modify this document
  5. under the terms of the GNU Free Documentation License, Version 1.3 or
  6. any later version published by the Free Software Foundation; with the
  7. Invariant Sections being "Funding Free Software", the Front-Cover
  8. Texts being (a) (see below), and with the Back-Cover Texts being (b)
  9. (see below). A copy of the license is included in the section entitled
  10. "GNU Free Documentation License".
  11. (a) The FSF's Front-Cover Text is:
  12. A GNU Manual
  13. (b) The FSF's Back-Cover Text is:
  14. You have freedom to copy and modify this GNU Manual, like GNU
  15. software. Copies published by the Free Software Foundation raise
  16. funds for GNU development. -->
  17. <!-- Created by GNU Texinfo 6.5, http://www.gnu.org/software/texinfo/ -->
  18. <head>
  19. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  20. <title>Instrumentation Options (Using the GNU Compiler Collection (GCC))</title>
  21. <meta name="description" content="Instrumentation Options (Using the GNU Compiler Collection (GCC))">
  22. <meta name="keywords" content="Instrumentation Options (Using the GNU Compiler Collection (GCC))">
  23. <meta name="resource-type" content="document">
  24. <meta name="distribution" content="global">
  25. <meta name="Generator" content="makeinfo">
  26. <link href="index.html#Top" rel="start" title="Top">
  27. <link href="Option-Index.html#Option-Index" rel="index" title="Option Index">
  28. <link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
  29. <link href="Invoking-GCC.html#Invoking-GCC" rel="up" title="Invoking GCC">
  30. <link href="Preprocessor-Options.html#Preprocessor-Options" rel="next" title="Preprocessor Options">
  31. <link href="Optimize-Options.html#Optimize-Options" rel="prev" title="Optimize Options">
  32. <style type="text/css">
  33. <!--
  34. a.summary-letter {text-decoration: none}
  35. blockquote.indentedblock {margin-right: 0em}
  36. blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
  37. blockquote.smallquotation {font-size: smaller}
  38. div.display {margin-left: 3.2em}
  39. div.example {margin-left: 3.2em}
  40. div.lisp {margin-left: 3.2em}
  41. div.smalldisplay {margin-left: 3.2em}
  42. div.smallexample {margin-left: 3.2em}
  43. div.smalllisp {margin-left: 3.2em}
  44. kbd {font-style: oblique}
  45. pre.display {font-family: inherit}
  46. pre.format {font-family: inherit}
  47. pre.menu-comment {font-family: serif}
  48. pre.menu-preformatted {font-family: serif}
  49. pre.smalldisplay {font-family: inherit; font-size: smaller}
  50. pre.smallexample {font-size: smaller}
  51. pre.smallformat {font-family: inherit; font-size: smaller}
  52. pre.smalllisp {font-size: smaller}
  53. span.nolinebreak {white-space: nowrap}
  54. span.roman {font-family: initial; font-weight: normal}
  55. span.sansserif {font-family: sans-serif; font-weight: normal}
  56. ul.no-bullet {list-style: none}
  57. -->
  58. </style>
  59. </head>
  60. <body lang="en">
  61. <a name="Instrumentation-Options"></a>
  62. <div class="header">
  63. <p>
  64. Next: <a href="Preprocessor-Options.html#Preprocessor-Options" accesskey="n" rel="next">Preprocessor Options</a>, Previous: <a href="Optimize-Options.html#Optimize-Options" accesskey="p" rel="prev">Optimize Options</a>, Up: <a href="Invoking-GCC.html#Invoking-GCC" accesskey="u" rel="up">Invoking GCC</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Option-Index.html#Option-Index" title="Index" rel="index">Index</a>]</p>
  65. </div>
  66. <hr>
  67. <a name="Program-Instrumentation-Options"></a>
  68. <h3 class="section">3.12 Program Instrumentation Options</h3>
  69. <a name="index-instrumentation-options"></a>
  70. <a name="index-program-instrumentation-options"></a>
  71. <a name="index-run_002dtime-error-checking-options"></a>
  72. <a name="index-profiling-options"></a>
  73. <a name="index-options_002c-program-instrumentation"></a>
  74. <a name="index-options_002c-run_002dtime-error-checking"></a>
  75. <a name="index-options_002c-profiling"></a>
  76. <p>GCC supports a number of command-line options that control adding
  77. run-time instrumentation to the code it normally generates.
  78. For example, one purpose of instrumentation is collect profiling
  79. statistics for use in finding program hot spots, code coverage
  80. analysis, or profile-guided optimizations.
  81. Another class of program instrumentation is adding run-time checking
  82. to detect programming errors like invalid pointer
  83. dereferences or out-of-bounds array accesses, as well as deliberately
  84. hostile attacks such as stack smashing or C++ vtable hijacking.
  85. There is also a general hook which can be used to implement other
  86. forms of tracing or function-level instrumentation for debug or
  87. program analysis purposes.
  88. </p>
  89. <dl compact="compact">
  90. <dd><a name="index-prof"></a>
  91. <a name="index-gprof"></a>
  92. </dd>
  93. <dt><code>-p</code></dt>
  94. <dt><code>-pg</code></dt>
  95. <dd><a name="index-p"></a>
  96. <a name="index-pg"></a>
  97. <p>Generate extra code to write profile information suitable for the
  98. analysis program <code>prof</code> (for <samp>-p</samp>) or <code>gprof</code>
  99. (for <samp>-pg</samp>). You must use this option when compiling
  100. the source files you want data about, and you must also use it when
  101. linking.
  102. </p>
  103. <p>You can use the function attribute <code>no_instrument_function</code> to
  104. suppress profiling of individual functions when compiling with these options.
  105. See <a href="Common-Function-Attributes.html#Common-Function-Attributes">Common Function Attributes</a>.
  106. </p>
  107. </dd>
  108. <dt><code>-fprofile-arcs</code></dt>
  109. <dd><a name="index-fprofile_002darcs"></a>
  110. <p>Add code so that program flow <em>arcs</em> are instrumented. During
  111. execution the program records how many times each branch and call is
  112. executed and how many times it is taken or returns. On targets that support
  113. constructors with priority support, profiling properly handles constructors,
  114. destructors and C++ constructors (and destructors) of classes which are used
  115. as a type of a global variable.
  116. </p>
  117. <p>When the compiled
  118. program exits it saves this data to a file called
  119. <samp><var>auxname</var>.gcda</samp> for each source file. The data may be used for
  120. profile-directed optimizations (<samp>-fbranch-probabilities</samp>), or for
  121. test coverage analysis (<samp>-ftest-coverage</samp>). Each object file&rsquo;s
  122. <var>auxname</var> is generated from the name of the output file, if
  123. explicitly specified and it is not the final executable, otherwise it is
  124. the basename of the source file. In both cases any suffix is removed
  125. (e.g. <samp>foo.gcda</samp> for input file <samp>dir/foo.c</samp>, or
  126. <samp>dir/foo.gcda</samp> for output file specified as <samp>-o dir/foo.o</samp>).
  127. See <a href="Cross_002dprofiling.html#Cross_002dprofiling">Cross-profiling</a>.
  128. </p>
  129. <a name="index-gcov"></a>
  130. </dd>
  131. <dt><code>--coverage</code></dt>
  132. <dd><a name="index-coverage"></a>
  133. <p>This option is used to compile and link code instrumented for coverage
  134. analysis. The option is a synonym for <samp>-fprofile-arcs</samp>
  135. <samp>-ftest-coverage</samp> (when compiling) and <samp>-lgcov</samp> (when
  136. linking). See the documentation for those options for more details.
  137. </p>
  138. <ul>
  139. <li> Compile the source files with <samp>-fprofile-arcs</samp> plus optimization
  140. and code generation options. For test coverage analysis, use the
  141. additional <samp>-ftest-coverage</samp> option. You do not need to profile
  142. every source file in a program.
  143. </li><li> Compile the source files additionally with <samp>-fprofile-abs-path</samp>
  144. to create absolute path names in the <samp>.gcno</samp> files. This allows
  145. <code>gcov</code> to find the correct sources in projects where compilations
  146. occur with different working directories.
  147. </li><li> Link your object files with <samp>-lgcov</samp> or <samp>-fprofile-arcs</samp>
  148. (the latter implies the former).
  149. </li><li> Run the program on a representative workload to generate the arc profile
  150. information. This may be repeated any number of times. You can run
  151. concurrent instances of your program, and provided that the file system
  152. supports locking, the data files will be correctly updated. Unless
  153. a strict ISO C dialect option is in effect, <code>fork</code> calls are
  154. detected and correctly handled without double counting.
  155. </li><li> For profile-directed optimizations, compile the source files again with
  156. the same optimization and code generation options plus
  157. <samp>-fbranch-probabilities</samp> (see <a href="Optimize-Options.html#Optimize-Options">Options that
  158. Control Optimization</a>).
  159. </li><li> For test coverage analysis, use <code>gcov</code> to produce human readable
  160. information from the <samp>.gcno</samp> and <samp>.gcda</samp> files. Refer to the
  161. <code>gcov</code> documentation for further information.
  162. </li></ul>
  163. <p>With <samp>-fprofile-arcs</samp>, for each function of your program GCC
  164. creates a program flow graph, then finds a spanning tree for the graph.
  165. Only arcs that are not on the spanning tree have to be instrumented: the
  166. compiler adds code to count the number of times that these arcs are
  167. executed. When an arc is the only exit or only entrance to a block, the
  168. instrumentation code can be added to the block; otherwise, a new basic
  169. block must be created to hold the instrumentation code.
  170. </p>
  171. </dd>
  172. <dt><code>-ftest-coverage</code></dt>
  173. <dd><a name="index-ftest_002dcoverage"></a>
  174. <p>Produce a notes file that the <code>gcov</code> code-coverage utility
  175. (see <a href="Gcov.html#Gcov"><code>gcov</code>&mdash;a Test Coverage Program</a>) can use to
  176. show program coverage. Each source file&rsquo;s note file is called
  177. <samp><var>auxname</var>.gcno</samp>. Refer to the <samp>-fprofile-arcs</samp> option
  178. above for a description of <var>auxname</var> and instructions on how to
  179. generate test coverage data. Coverage data matches the source files
  180. more closely if you do not optimize.
  181. </p>
  182. </dd>
  183. <dt><code>-fprofile-abs-path</code></dt>
  184. <dd><a name="index-fprofile_002dabs_002dpath"></a>
  185. <p>Automatically convert relative source file names to absolute path names
  186. in the <samp>.gcno</samp> files. This allows <code>gcov</code> to find the correct
  187. sources in projects where compilations occur with different working
  188. directories.
  189. </p>
  190. </dd>
  191. <dt><code>-fprofile-dir=<var>path</var></code></dt>
  192. <dd><a name="index-fprofile_002ddir"></a>
  193. <p>Set the directory to search for the profile data files in to <var>path</var>.
  194. This option affects only the profile data generated by
  195. <samp>-fprofile-generate</samp>, <samp>-ftest-coverage</samp>, <samp>-fprofile-arcs</samp>
  196. and used by <samp>-fprofile-use</samp> and <samp>-fbranch-probabilities</samp>
  197. and its related options. Both absolute and relative paths can be used.
  198. By default, GCC uses the current directory as <var>path</var>, thus the
  199. profile data file appears in the same directory as the object file.
  200. In order to prevent the file name clashing, if the object file name is
  201. not an absolute path, we mangle the absolute path of the
  202. <samp><var>sourcename</var>.gcda</samp> file and use it as the file name of a
  203. <samp>.gcda</samp> file. See similar option <samp>-fprofile-note</samp>.
  204. </p>
  205. <p>When an executable is run in a massive parallel environment, it is recommended
  206. to save profile to different folders. That can be done with variables
  207. in <var>path</var> that are exported during run-time:
  208. </p>
  209. <dl compact="compact">
  210. <dt><code>%p</code></dt>
  211. <dd><p>process ID.
  212. </p>
  213. </dd>
  214. <dt><code>%q{VAR}</code></dt>
  215. <dd><p>value of environment variable <var>VAR</var>
  216. </p>
  217. </dd>
  218. </dl>
  219. </dd>
  220. <dt><code>-fprofile-generate</code></dt>
  221. <dt><code>-fprofile-generate=<var>path</var></code></dt>
  222. <dd><a name="index-fprofile_002dgenerate"></a>
  223. <p>Enable options usually used for instrumenting application to produce
  224. profile useful for later recompilation with profile feedback based
  225. optimization. You must use <samp>-fprofile-generate</samp> both when
  226. compiling and when linking your program.
  227. </p>
  228. <p>The following options are enabled:
  229. <samp>-fprofile-arcs</samp>, <samp>-fprofile-values</samp>,
  230. <samp>-finline-functions</samp>, and <samp>-fipa-bit-cp</samp>.
  231. </p>
  232. <p>If <var>path</var> is specified, GCC looks at the <var>path</var> to find
  233. the profile feedback data files. See <samp>-fprofile-dir</samp>.
  234. </p>
  235. <p>To optimize the program based on the collected profile information, use
  236. <samp>-fprofile-use</samp>. See <a href="Optimize-Options.html#Optimize-Options">Optimize Options</a>, for more information.
  237. </p>
  238. </dd>
  239. <dt><code>-fprofile-note=<var>path</var></code></dt>
  240. <dd><a name="index-fprofile_002dnote"></a>
  241. <p>If <var>path</var> is specified, GCC saves <samp>.gcno</samp> file into <var>path</var>
  242. location. If you combine the option with multiple source files,
  243. the <samp>.gcno</samp> file will be overwritten.
  244. </p>
  245. </dd>
  246. <dt><code>-fprofile-prefix-path=<var>path</var></code></dt>
  247. <dd><a name="index-fprofile_002dprefix_002dpath"></a>
  248. <p>This option can be used in combination with
  249. <samp>profile-generate=</samp><var>profile_dir</var> and
  250. <samp>profile-use=</samp><var>profile_dir</var> to inform GCC where is the base
  251. directory of built source tree. By default <var>profile_dir</var> will contain
  252. files with mangled absolute paths of all object files in the built project.
  253. This is not desirable when directory used to build the instrumented binary
  254. differs from the directory used to build the binary optimized with profile
  255. feedback because the profile data will not be found during the optimized build.
  256. In such setups <samp>-fprofile-prefix-path=</samp><var>path</var> with <var>path</var>
  257. pointing to the base directory of the build can be used to strip the irrelevant
  258. part of the path and keep all file names relative to the main build directory.
  259. </p>
  260. </dd>
  261. <dt><code>-fprofile-update=<var>method</var></code></dt>
  262. <dd><a name="index-fprofile_002dupdate"></a>
  263. <p>Alter the update method for an application instrumented for profile
  264. feedback based optimization. The <var>method</var> argument should be one of
  265. &lsquo;<samp>single</samp>&rsquo;, &lsquo;<samp>atomic</samp>&rsquo; or &lsquo;<samp>prefer-atomic</samp>&rsquo;.
  266. The first one is useful for single-threaded applications,
  267. while the second one prevents profile corruption by emitting thread-safe code.
  268. </p>
  269. <p><strong>Warning:</strong> When an application does not properly join all threads
  270. (or creates an detached thread), a profile file can be still corrupted.
  271. </p>
  272. <p>Using &lsquo;<samp>prefer-atomic</samp>&rsquo; would be transformed either to &lsquo;<samp>atomic</samp>&rsquo;,
  273. when supported by a target, or to &lsquo;<samp>single</samp>&rsquo; otherwise. The GCC driver
  274. automatically selects &lsquo;<samp>prefer-atomic</samp>&rsquo; when <samp>-pthread</samp>
  275. is present in the command line.
  276. </p>
  277. </dd>
  278. <dt><code>-fprofile-filter-files=<var>regex</var></code></dt>
  279. <dd><a name="index-fprofile_002dfilter_002dfiles"></a>
  280. <p>Instrument only functions from files where names match
  281. any regular expression (separated by a semi-colon).
  282. </p>
  283. <p>For example, <samp>-fprofile-filter-files=main.c;module.*.c</samp> will instrument
  284. only <samp>main.c</samp> and all C files starting with &rsquo;module&rsquo;.
  285. </p>
  286. </dd>
  287. <dt><code>-fprofile-exclude-files=<var>regex</var></code></dt>
  288. <dd><a name="index-fprofile_002dexclude_002dfiles"></a>
  289. <p>Instrument only functions from files where names do not match
  290. all the regular expressions (separated by a semi-colon).
  291. </p>
  292. <p>For example, <samp>-fprofile-exclude-files=/usr/*</samp> will prevent instrumentation
  293. of all files that are located in <samp>/usr/</samp> folder.
  294. </p>
  295. </dd>
  296. <dt><code>-fprofile-reproducible=<span class="roman">[</span>multithreaded<span class="roman">|</span>parallel-runs<span class="roman">|</span>serial<span class="roman">]</span></code></dt>
  297. <dd><a name="index-fprofile_002dreproducible"></a>
  298. <p>Control level of reproducibility of profile gathered by
  299. <code>-fprofile-generate</code>. This makes it possible to rebuild program
  300. with same outcome which is useful, for example, for distribution
  301. packages.
  302. </p>
  303. <p>With <samp>-fprofile-reproducible=serial</samp> the profile gathered by
  304. <samp>-fprofile-generate</samp> is reproducible provided the trained program
  305. behaves the same at each invocation of the train run, it is not
  306. multi-threaded and profile data streaming is always done in the same
  307. order. Note that profile streaming happens at the end of program run but
  308. also before <code>fork</code> function is invoked.
  309. </p>
  310. <p>Note that it is quite common that execution counts of some part of
  311. programs depends, for example, on length of temporary file names or
  312. memory space randomization (that may affect hash-table collision rate).
  313. Such non-reproducible part of programs may be annotated by
  314. <code>no_instrument_function</code> function attribute. <code>gcov-dump</code> with
  315. <samp>-l</samp> can be used to dump gathered data and verify that they are
  316. indeed reproducible.
  317. </p>
  318. <p>With <samp>-fprofile-reproducible=parallel-runs</samp> collected profile
  319. stays reproducible regardless the order of streaming of the data into
  320. gcda files. This setting makes it possible to run multiple instances of
  321. instrumented program in parallel (such as with <code>make -j</code>). This
  322. reduces quality of gathered data, in particular of indirect call
  323. profiling.
  324. </p>
  325. </dd>
  326. <dt><code>-fsanitize=address</code></dt>
  327. <dd><a name="index-fsanitize_003daddress"></a>
  328. <p>Enable AddressSanitizer, a fast memory error detector.
  329. Memory access instructions are instrumented to detect
  330. out-of-bounds and use-after-free bugs.
  331. The option enables <samp>-fsanitize-address-use-after-scope</samp>.
  332. See <a href="https://github.com/google/sanitizers/wiki/AddressSanitizer">https://github.com/google/sanitizers/wiki/AddressSanitizer</a> for
  333. more details. The run-time behavior can be influenced using the
  334. <code>ASAN_OPTIONS</code> environment variable. When set to <code>help=1</code>,
  335. the available options are shown at startup of the instrumented program. See
  336. <a href="https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags">https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags</a>
  337. for a list of supported options.
  338. The option cannot be combined with <samp>-fsanitize=thread</samp>.
  339. </p>
  340. </dd>
  341. <dt><code>-fsanitize=kernel-address</code></dt>
  342. <dd><a name="index-fsanitize_003dkernel_002daddress"></a>
  343. <p>Enable AddressSanitizer for Linux kernel.
  344. See <a href="https://github.com/google/kasan/wiki">https://github.com/google/kasan/wiki</a> for more details.
  345. </p>
  346. </dd>
  347. <dt><code>-fsanitize=pointer-compare</code></dt>
  348. <dd><a name="index-fsanitize_003dpointer_002dcompare"></a>
  349. <p>Instrument comparison operation (&lt;, &lt;=, &gt;, &gt;=) with pointer operands.
  350. The option must be combined with either <samp>-fsanitize=kernel-address</samp> or
  351. <samp>-fsanitize=address</samp>
  352. The option cannot be combined with <samp>-fsanitize=thread</samp>.
  353. Note: By default the check is disabled at run time. To enable it,
  354. add <code>detect_invalid_pointer_pairs=2</code> to the environment variable
  355. <code>ASAN_OPTIONS</code>. Using <code>detect_invalid_pointer_pairs=1</code> detects
  356. invalid operation only when both pointers are non-null.
  357. </p>
  358. </dd>
  359. <dt><code>-fsanitize=pointer-subtract</code></dt>
  360. <dd><a name="index-fsanitize_003dpointer_002dsubtract"></a>
  361. <p>Instrument subtraction with pointer operands.
  362. The option must be combined with either <samp>-fsanitize=kernel-address</samp> or
  363. <samp>-fsanitize=address</samp>
  364. The option cannot be combined with <samp>-fsanitize=thread</samp>.
  365. Note: By default the check is disabled at run time. To enable it,
  366. add <code>detect_invalid_pointer_pairs=2</code> to the environment variable
  367. <code>ASAN_OPTIONS</code>. Using <code>detect_invalid_pointer_pairs=1</code> detects
  368. invalid operation only when both pointers are non-null.
  369. </p>
  370. </dd>
  371. <dt><code>-fsanitize=thread</code></dt>
  372. <dd><a name="index-fsanitize_003dthread"></a>
  373. <p>Enable ThreadSanitizer, a fast data race detector.
  374. Memory access instructions are instrumented to detect
  375. data race bugs. See <a href="https://github.com/google/sanitizers/wiki#threadsanitizer">https://github.com/google/sanitizers/wiki#threadsanitizer</a> for more
  376. details. The run-time behavior can be influenced using the <code>TSAN_OPTIONS</code>
  377. environment variable; see
  378. <a href="https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags">https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags</a> for a list of
  379. supported options.
  380. The option cannot be combined with <samp>-fsanitize=address</samp>,
  381. <samp>-fsanitize=leak</samp>.
  382. </p>
  383. <p>Note that sanitized atomic builtins cannot throw exceptions when
  384. operating on invalid memory addresses with non-call exceptions
  385. (<samp>-fnon-call-exceptions</samp>).
  386. </p>
  387. </dd>
  388. <dt><code>-fsanitize=leak</code></dt>
  389. <dd><a name="index-fsanitize_003dleak"></a>
  390. <p>Enable LeakSanitizer, a memory leak detector.
  391. This option only matters for linking of executables and
  392. the executable is linked against a library that overrides <code>malloc</code>
  393. and other allocator functions. See
  394. <a href="https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer">https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer</a> for more
  395. details. The run-time behavior can be influenced using the
  396. <code>LSAN_OPTIONS</code> environment variable.
  397. The option cannot be combined with <samp>-fsanitize=thread</samp>.
  398. </p>
  399. </dd>
  400. <dt><code>-fsanitize=undefined</code></dt>
  401. <dd><a name="index-fsanitize_003dundefined"></a>
  402. <p>Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector.
  403. Various computations are instrumented to detect undefined behavior
  404. at runtime. Current suboptions are:
  405. </p>
  406. <dl compact="compact">
  407. <dt><code>-fsanitize=shift</code></dt>
  408. <dd><a name="index-fsanitize_003dshift"></a>
  409. <p>This option enables checking that the result of a shift operation is
  410. not undefined. Note that what exactly is considered undefined differs
  411. slightly between C and C++, as well as between ISO C90 and C99, etc.
  412. This option has two suboptions, <samp>-fsanitize=shift-base</samp> and
  413. <samp>-fsanitize=shift-exponent</samp>.
  414. </p>
  415. </dd>
  416. <dt><code>-fsanitize=shift-exponent</code></dt>
  417. <dd><a name="index-fsanitize_003dshift_002dexponent"></a>
  418. <p>This option enables checking that the second argument of a shift operation
  419. is not negative and is smaller than the precision of the promoted first
  420. argument.
  421. </p>
  422. </dd>
  423. <dt><code>-fsanitize=shift-base</code></dt>
  424. <dd><a name="index-fsanitize_003dshift_002dbase"></a>
  425. <p>If the second argument of a shift operation is within range, check that the
  426. result of a shift operation is not undefined. Note that what exactly is
  427. considered undefined differs slightly between C and C++, as well as between
  428. ISO C90 and C99, etc.
  429. </p>
  430. </dd>
  431. <dt><code>-fsanitize=integer-divide-by-zero</code></dt>
  432. <dd><a name="index-fsanitize_003dinteger_002ddivide_002dby_002dzero"></a>
  433. <p>Detect integer division by zero as well as <code>INT_MIN / -1</code> division.
  434. </p>
  435. </dd>
  436. <dt><code>-fsanitize=unreachable</code></dt>
  437. <dd><a name="index-fsanitize_003dunreachable"></a>
  438. <p>With this option, the compiler turns the <code>__builtin_unreachable</code>
  439. call into a diagnostics message call instead. When reaching the
  440. <code>__builtin_unreachable</code> call, the behavior is undefined.
  441. </p>
  442. </dd>
  443. <dt><code>-fsanitize=vla-bound</code></dt>
  444. <dd><a name="index-fsanitize_003dvla_002dbound"></a>
  445. <p>This option instructs the compiler to check that the size of a variable
  446. length array is positive.
  447. </p>
  448. </dd>
  449. <dt><code>-fsanitize=null</code></dt>
  450. <dd><a name="index-fsanitize_003dnull"></a>
  451. <p>This option enables pointer checking. Particularly, the application
  452. built with this option turned on will issue an error message when it
  453. tries to dereference a NULL pointer, or if a reference (possibly an
  454. rvalue reference) is bound to a NULL pointer, or if a method is invoked
  455. on an object pointed by a NULL pointer.
  456. </p>
  457. </dd>
  458. <dt><code>-fsanitize=return</code></dt>
  459. <dd><a name="index-fsanitize_003dreturn"></a>
  460. <p>This option enables return statement checking. Programs
  461. built with this option turned on will issue an error message
  462. when the end of a non-void function is reached without actually
  463. returning a value. This option works in C++ only.
  464. </p>
  465. </dd>
  466. <dt><code>-fsanitize=signed-integer-overflow</code></dt>
  467. <dd><a name="index-fsanitize_003dsigned_002dinteger_002doverflow"></a>
  468. <p>This option enables signed integer overflow checking. We check that
  469. the result of <code>+</code>, <code>*</code>, and both unary and binary <code>-</code>
  470. does not overflow in the signed arithmetics. Note, integer promotion
  471. rules must be taken into account. That is, the following is not an
  472. overflow:
  473. </p><div class="smallexample">
  474. <pre class="smallexample">signed char a = SCHAR_MAX;
  475. a++;
  476. </pre></div>
  477. </dd>
  478. <dt><code>-fsanitize=bounds</code></dt>
  479. <dd><a name="index-fsanitize_003dbounds"></a>
  480. <p>This option enables instrumentation of array bounds. Various out of bounds
  481. accesses are detected. Flexible array members, flexible array member-like
  482. arrays, and initializers of variables with static storage are not instrumented.
  483. </p>
  484. </dd>
  485. <dt><code>-fsanitize=bounds-strict</code></dt>
  486. <dd><a name="index-fsanitize_003dbounds_002dstrict"></a>
  487. <p>This option enables strict instrumentation of array bounds. Most out of bounds
  488. accesses are detected, including flexible array members and flexible array
  489. member-like arrays. Initializers of variables with static storage are not
  490. instrumented.
  491. </p>
  492. </dd>
  493. <dt><code>-fsanitize=alignment</code></dt>
  494. <dd><a name="index-fsanitize_003dalignment"></a>
  495. <p>This option enables checking of alignment of pointers when they are
  496. dereferenced, or when a reference is bound to insufficiently aligned target,
  497. or when a method or constructor is invoked on insufficiently aligned object.
  498. </p>
  499. </dd>
  500. <dt><code>-fsanitize=object-size</code></dt>
  501. <dd><a name="index-fsanitize_003dobject_002dsize"></a>
  502. <p>This option enables instrumentation of memory references using the
  503. <code>__builtin_object_size</code> function. Various out of bounds pointer
  504. accesses are detected.
  505. </p>
  506. </dd>
  507. <dt><code>-fsanitize=float-divide-by-zero</code></dt>
  508. <dd><a name="index-fsanitize_003dfloat_002ddivide_002dby_002dzero"></a>
  509. <p>Detect floating-point division by zero. Unlike other similar options,
  510. <samp>-fsanitize=float-divide-by-zero</samp> is not enabled by
  511. <samp>-fsanitize=undefined</samp>, since floating-point division by zero can
  512. be a legitimate way of obtaining infinities and NaNs.
  513. </p>
  514. </dd>
  515. <dt><code>-fsanitize=float-cast-overflow</code></dt>
  516. <dd><a name="index-fsanitize_003dfloat_002dcast_002doverflow"></a>
  517. <p>This option enables floating-point type to integer conversion checking.
  518. We check that the result of the conversion does not overflow.
  519. Unlike other similar options, <samp>-fsanitize=float-cast-overflow</samp> is
  520. not enabled by <samp>-fsanitize=undefined</samp>.
  521. This option does not work well with <code>FE_INVALID</code> exceptions enabled.
  522. </p>
  523. </dd>
  524. <dt><code>-fsanitize=nonnull-attribute</code></dt>
  525. <dd><a name="index-fsanitize_003dnonnull_002dattribute"></a>
  526. <p>This option enables instrumentation of calls, checking whether null values
  527. are not passed to arguments marked as requiring a non-null value by the
  528. <code>nonnull</code> function attribute.
  529. </p>
  530. </dd>
  531. <dt><code>-fsanitize=returns-nonnull-attribute</code></dt>
  532. <dd><a name="index-fsanitize_003dreturns_002dnonnull_002dattribute"></a>
  533. <p>This option enables instrumentation of return statements in functions
  534. marked with <code>returns_nonnull</code> function attribute, to detect returning
  535. of null values from such functions.
  536. </p>
  537. </dd>
  538. <dt><code>-fsanitize=bool</code></dt>
  539. <dd><a name="index-fsanitize_003dbool"></a>
  540. <p>This option enables instrumentation of loads from bool. If a value other
  541. than 0/1 is loaded, a run-time error is issued.
  542. </p>
  543. </dd>
  544. <dt><code>-fsanitize=enum</code></dt>
  545. <dd><a name="index-fsanitize_003denum"></a>
  546. <p>This option enables instrumentation of loads from an enum type. If
  547. a value outside the range of values for the enum type is loaded,
  548. a run-time error is issued.
  549. </p>
  550. </dd>
  551. <dt><code>-fsanitize=vptr</code></dt>
  552. <dd><a name="index-fsanitize_003dvptr"></a>
  553. <p>This option enables instrumentation of C++ member function calls, member
  554. accesses and some conversions between pointers to base and derived classes,
  555. to verify the referenced object has the correct dynamic type.
  556. </p>
  557. </dd>
  558. <dt><code>-fsanitize=pointer-overflow</code></dt>
  559. <dd><a name="index-fsanitize_003dpointer_002doverflow"></a>
  560. <p>This option enables instrumentation of pointer arithmetics. If the pointer
  561. arithmetics overflows, a run-time error is issued.
  562. </p>
  563. </dd>
  564. <dt><code>-fsanitize=builtin</code></dt>
  565. <dd><a name="index-fsanitize_003dbuiltin"></a>
  566. <p>This option enables instrumentation of arguments to selected builtin
  567. functions. If an invalid value is passed to such arguments, a run-time
  568. error is issued. E.g.&nbsp;passing 0 as the argument to <code>__builtin_ctz</code>
  569. or <code>__builtin_clz</code> invokes undefined behavior and is diagnosed
  570. by this option.
  571. </p>
  572. </dd>
  573. </dl>
  574. <p>While <samp>-ftrapv</samp> causes traps for signed overflows to be emitted,
  575. <samp>-fsanitize=undefined</samp> gives a diagnostic message.
  576. This currently works only for the C family of languages.
  577. </p>
  578. </dd>
  579. <dt><code>-fno-sanitize=all</code></dt>
  580. <dd><a name="index-fno_002dsanitize_003dall"></a>
  581. <p>This option disables all previously enabled sanitizers.
  582. <samp>-fsanitize=all</samp> is not allowed, as some sanitizers cannot be used
  583. together.
  584. </p>
  585. </dd>
  586. <dt><code>-fasan-shadow-offset=<var>number</var></code></dt>
  587. <dd><a name="index-fasan_002dshadow_002doffset"></a>
  588. <p>This option forces GCC to use custom shadow offset in AddressSanitizer checks.
  589. It is useful for experimenting with different shadow memory layouts in
  590. Kernel AddressSanitizer.
  591. </p>
  592. </dd>
  593. <dt><code>-fsanitize-sections=<var>s1</var>,<var>s2</var>,...</code></dt>
  594. <dd><a name="index-fsanitize_002dsections"></a>
  595. <p>Sanitize global variables in selected user-defined sections. <var>si</var> may
  596. contain wildcards.
  597. </p>
  598. </dd>
  599. <dt><code>-fsanitize-recover<span class="roman">[</span>=<var>opts</var><span class="roman">]</span></code></dt>
  600. <dd><a name="index-fsanitize_002drecover"></a>
  601. <a name="index-fno_002dsanitize_002drecover"></a>
  602. <p><samp>-fsanitize-recover=</samp> controls error recovery mode for sanitizers
  603. mentioned in comma-separated list of <var>opts</var>. Enabling this option
  604. for a sanitizer component causes it to attempt to continue
  605. running the program as if no error happened. This means multiple
  606. runtime errors can be reported in a single program run, and the exit
  607. code of the program may indicate success even when errors
  608. have been reported. The <samp>-fno-sanitize-recover=</samp> option
  609. can be used to alter
  610. this behavior: only the first detected error is reported
  611. and program then exits with a non-zero exit code.
  612. </p>
  613. <p>Currently this feature only works for <samp>-fsanitize=undefined</samp> (and its suboptions
  614. except for <samp>-fsanitize=unreachable</samp> and <samp>-fsanitize=return</samp>),
  615. <samp>-fsanitize=float-cast-overflow</samp>, <samp>-fsanitize=float-divide-by-zero</samp>,
  616. <samp>-fsanitize=bounds-strict</samp>,
  617. <samp>-fsanitize=kernel-address</samp> and <samp>-fsanitize=address</samp>.
  618. For these sanitizers error recovery is turned on by default,
  619. except <samp>-fsanitize=address</samp>, for which this feature is experimental.
  620. <samp>-fsanitize-recover=all</samp> and <samp>-fno-sanitize-recover=all</samp> is also
  621. accepted, the former enables recovery for all sanitizers that support it,
  622. the latter disables recovery for all sanitizers that support it.
  623. </p>
  624. <p>Even if a recovery mode is turned on the compiler side, it needs to be also
  625. enabled on the runtime library side, otherwise the failures are still fatal.
  626. The runtime library defaults to <code>halt_on_error=0</code> for
  627. ThreadSanitizer and UndefinedBehaviorSanitizer, while default value for
  628. AddressSanitizer is <code>halt_on_error=1</code>. This can be overridden through
  629. setting the <code>halt_on_error</code> flag in the corresponding environment variable.
  630. </p>
  631. <p>Syntax without an explicit <var>opts</var> parameter is deprecated. It is
  632. equivalent to specifying an <var>opts</var> list of:
  633. </p>
  634. <div class="smallexample">
  635. <pre class="smallexample">undefined,float-cast-overflow,float-divide-by-zero,bounds-strict
  636. </pre></div>
  637. </dd>
  638. <dt><code>-fsanitize-address-use-after-scope</code></dt>
  639. <dd><a name="index-fsanitize_002daddress_002duse_002dafter_002dscope"></a>
  640. <p>Enable sanitization of local variables to detect use-after-scope bugs.
  641. The option sets <samp>-fstack-reuse</samp> to &lsquo;<samp>none</samp>&rsquo;.
  642. </p>
  643. </dd>
  644. <dt><code>-fsanitize-undefined-trap-on-error</code></dt>
  645. <dd><a name="index-fsanitize_002dundefined_002dtrap_002don_002derror"></a>
  646. <p>The <samp>-fsanitize-undefined-trap-on-error</samp> option instructs the compiler to
  647. report undefined behavior using <code>__builtin_trap</code> rather than
  648. a <code>libubsan</code> library routine. The advantage of this is that the
  649. <code>libubsan</code> library is not needed and is not linked in, so this
  650. is usable even in freestanding environments.
  651. </p>
  652. </dd>
  653. <dt><code>-fsanitize-coverage=trace-pc</code></dt>
  654. <dd><a name="index-fsanitize_002dcoverage_003dtrace_002dpc"></a>
  655. <p>Enable coverage-guided fuzzing code instrumentation.
  656. Inserts a call to <code>__sanitizer_cov_trace_pc</code> into every basic block.
  657. </p>
  658. </dd>
  659. <dt><code>-fsanitize-coverage=trace-cmp</code></dt>
  660. <dd><a name="index-fsanitize_002dcoverage_003dtrace_002dcmp"></a>
  661. <p>Enable dataflow guided fuzzing code instrumentation.
  662. Inserts a call to <code>__sanitizer_cov_trace_cmp1</code>,
  663. <code>__sanitizer_cov_trace_cmp2</code>, <code>__sanitizer_cov_trace_cmp4</code> or
  664. <code>__sanitizer_cov_trace_cmp8</code> for integral comparison with both operands
  665. variable or <code>__sanitizer_cov_trace_const_cmp1</code>,
  666. <code>__sanitizer_cov_trace_const_cmp2</code>,
  667. <code>__sanitizer_cov_trace_const_cmp4</code> or
  668. <code>__sanitizer_cov_trace_const_cmp8</code> for integral comparison with one
  669. operand constant, <code>__sanitizer_cov_trace_cmpf</code> or
  670. <code>__sanitizer_cov_trace_cmpd</code> for float or double comparisons and
  671. <code>__sanitizer_cov_trace_switch</code> for switch statements.
  672. </p>
  673. </dd>
  674. <dt><code>-fcf-protection=<span class="roman">[</span>full<span class="roman">|</span>branch<span class="roman">|</span>return<span class="roman">|</span>none<span class="roman">|</span>check<span class="roman">]</span></code></dt>
  675. <dd><a name="index-fcf_002dprotection"></a>
  676. <p>Enable code instrumentation of control-flow transfers to increase
  677. program security by checking that target addresses of control-flow
  678. transfer instructions (such as indirect function call, function return,
  679. indirect jump) are valid. This prevents diverting the flow of control
  680. to an unexpected target. This is intended to protect against such
  681. threats as Return-oriented Programming (ROP), and similarly
  682. call/jmp-oriented programming (COP/JOP).
  683. </p>
  684. <p>The value <code>branch</code> tells the compiler to implement checking of
  685. validity of control-flow transfer at the point of indirect branch
  686. instructions, i.e. call/jmp instructions. The value <code>return</code>
  687. implements checking of validity at the point of returning from a
  688. function. The value <code>full</code> is an alias for specifying both
  689. <code>branch</code> and <code>return</code>. The value <code>none</code> turns off
  690. instrumentation.
  691. </p>
  692. <p>The value <code>check</code> is used for the final link with link-time
  693. optimization (LTO). An error is issued if LTO object files are
  694. compiled with different <samp>-fcf-protection</samp> values. The
  695. value <code>check</code> is ignored at the compile time.
  696. </p>
  697. <p>The macro <code>__CET__</code> is defined when <samp>-fcf-protection</samp> is
  698. used. The first bit of <code>__CET__</code> is set to 1 for the value
  699. <code>branch</code> and the second bit of <code>__CET__</code> is set to 1 for
  700. the <code>return</code>.
  701. </p>
  702. <p>You can also use the <code>nocf_check</code> attribute to identify
  703. which functions and calls should be skipped from instrumentation
  704. (see <a href="Function-Attributes.html#Function-Attributes">Function Attributes</a>).
  705. </p>
  706. <p>Currently the x86 GNU/Linux target provides an implementation based
  707. on Intel Control-flow Enforcement Technology (CET).
  708. </p>
  709. </dd>
  710. <dt><code>-fstack-protector</code></dt>
  711. <dd><a name="index-fstack_002dprotector"></a>
  712. <p>Emit extra code to check for buffer overflows, such as stack smashing
  713. attacks. This is done by adding a guard variable to functions with
  714. vulnerable objects. This includes functions that call <code>alloca</code>, and
  715. functions with buffers larger than or equal to 8 bytes. The guards are
  716. initialized when a function is entered and then checked when the function
  717. exits. If a guard check fails, an error message is printed and the program
  718. exits. Only variables that are actually allocated on the stack are
  719. considered, optimized away variables or variables allocated in registers
  720. don&rsquo;t count.
  721. </p>
  722. </dd>
  723. <dt><code>-fstack-protector-all</code></dt>
  724. <dd><a name="index-fstack_002dprotector_002dall"></a>
  725. <p>Like <samp>-fstack-protector</samp> except that all functions are protected.
  726. </p>
  727. </dd>
  728. <dt><code>-fstack-protector-strong</code></dt>
  729. <dd><a name="index-fstack_002dprotector_002dstrong"></a>
  730. <p>Like <samp>-fstack-protector</samp> but includes additional functions to
  731. be protected &mdash; those that have local array definitions, or have
  732. references to local frame addresses. Only variables that are actually
  733. allocated on the stack are considered, optimized away variables or variables
  734. allocated in registers don&rsquo;t count.
  735. </p>
  736. </dd>
  737. <dt><code>-fstack-protector-explicit</code></dt>
  738. <dd><a name="index-fstack_002dprotector_002dexplicit"></a>
  739. <p>Like <samp>-fstack-protector</samp> but only protects those functions which
  740. have the <code>stack_protect</code> attribute.
  741. </p>
  742. </dd>
  743. <dt><code>-fstack-check</code></dt>
  744. <dd><a name="index-fstack_002dcheck"></a>
  745. <p>Generate code to verify that you do not go beyond the boundary of the
  746. stack. You should specify this flag if you are running in an
  747. environment with multiple threads, but you only rarely need to specify it in
  748. a single-threaded environment since stack overflow is automatically
  749. detected on nearly all systems if there is only one stack.
  750. </p>
  751. <p>Note that this switch does not actually cause checking to be done; the
  752. operating system or the language runtime must do that. The switch causes
  753. generation of code to ensure that they see the stack being extended.
  754. </p>
  755. <p>You can additionally specify a string parameter: &lsquo;<samp>no</samp>&rsquo; means no
  756. checking, &lsquo;<samp>generic</samp>&rsquo; means force the use of old-style checking,
  757. &lsquo;<samp>specific</samp>&rsquo; means use the best checking method and is equivalent
  758. to bare <samp>-fstack-check</samp>.
  759. </p>
  760. <p>Old-style checking is a generic mechanism that requires no specific
  761. target support in the compiler but comes with the following drawbacks:
  762. </p>
  763. <ol>
  764. <li> Modified allocation strategy for large objects: they are always
  765. allocated dynamically if their size exceeds a fixed threshold. Note this
  766. may change the semantics of some code.
  767. </li><li> Fixed limit on the size of the static frame of functions: when it is
  768. topped by a particular function, stack checking is not reliable and
  769. a warning is issued by the compiler.
  770. </li><li> Inefficiency: because of both the modified allocation strategy and the
  771. generic implementation, code performance is hampered.
  772. </li></ol>
  773. <p>Note that old-style stack checking is also the fallback method for
  774. &lsquo;<samp>specific</samp>&rsquo; if no target support has been added in the compiler.
  775. </p>
  776. <p>&lsquo;<samp>-fstack-check=</samp>&rsquo; is designed for Ada&rsquo;s needs to detect infinite recursion
  777. and stack overflows. &lsquo;<samp>specific</samp>&rsquo; is an excellent choice when compiling
  778. Ada code. It is not generally sufficient to protect against stack-clash
  779. attacks. To protect against those you want &lsquo;<samp>-fstack-clash-protection</samp>&rsquo;.
  780. </p>
  781. </dd>
  782. <dt><code>-fstack-clash-protection</code></dt>
  783. <dd><a name="index-fstack_002dclash_002dprotection"></a>
  784. <p>Generate code to prevent stack clash style attacks. When this option is
  785. enabled, the compiler will only allocate one page of stack space at a time
  786. and each page is accessed immediately after allocation. Thus, it prevents
  787. allocations from jumping over any stack guard page provided by the
  788. operating system.
  789. </p>
  790. <p>Most targets do not fully support stack clash protection. However, on
  791. those targets <samp>-fstack-clash-protection</samp> will protect dynamic stack
  792. allocations. <samp>-fstack-clash-protection</samp> may also provide limited
  793. protection for static stack allocations if the target supports
  794. <samp>-fstack-check=specific</samp>.
  795. </p>
  796. </dd>
  797. <dt><code>-fstack-limit-register=<var>reg</var></code></dt>
  798. <dt><code>-fstack-limit-symbol=<var>sym</var></code></dt>
  799. <dt><code>-fno-stack-limit</code></dt>
  800. <dd><a name="index-fstack_002dlimit_002dregister"></a>
  801. <a name="index-fstack_002dlimit_002dsymbol"></a>
  802. <a name="index-fno_002dstack_002dlimit"></a>
  803. <p>Generate code to ensure that the stack does not grow beyond a certain value,
  804. either the value of a register or the address of a symbol. If a larger
  805. stack is required, a signal is raised at run time. For most targets,
  806. the signal is raised before the stack overruns the boundary, so
  807. it is possible to catch the signal without taking special precautions.
  808. </p>
  809. <p>For instance, if the stack starts at absolute address &lsquo;<samp>0x80000000</samp>&rsquo;
  810. and grows downwards, you can use the flags
  811. <samp>-fstack-limit-symbol=__stack_limit</samp> and
  812. <samp>-Wl,--defsym,__stack_limit=0x7ffe0000</samp> to enforce a stack limit
  813. of 128KB. Note that this may only work with the GNU linker.
  814. </p>
  815. <p>You can locally override stack limit checking by using the
  816. <code>no_stack_limit</code> function attribute (see <a href="Function-Attributes.html#Function-Attributes">Function Attributes</a>).
  817. </p>
  818. </dd>
  819. <dt><code>-fsplit-stack</code></dt>
  820. <dd><a name="index-fsplit_002dstack"></a>
  821. <p>Generate code to automatically split the stack before it overflows.
  822. The resulting program has a discontiguous stack which can only
  823. overflow if the program is unable to allocate any more memory. This
  824. is most useful when running threaded programs, as it is no longer
  825. necessary to calculate a good stack size to use for each thread. This
  826. is currently only implemented for the x86 targets running
  827. GNU/Linux.
  828. </p>
  829. <p>When code compiled with <samp>-fsplit-stack</samp> calls code compiled
  830. without <samp>-fsplit-stack</samp>, there may not be much stack space
  831. available for the latter code to run. If compiling all code,
  832. including library code, with <samp>-fsplit-stack</samp> is not an option,
  833. then the linker can fix up these calls so that the code compiled
  834. without <samp>-fsplit-stack</samp> always has a large stack. Support for
  835. this is implemented in the gold linker in GNU binutils release 2.21
  836. and later.
  837. </p>
  838. </dd>
  839. <dt><code>-fvtable-verify=<span class="roman">[</span>std<span class="roman">|</span>preinit<span class="roman">|</span>none<span class="roman">]</span></code></dt>
  840. <dd><a name="index-fvtable_002dverify"></a>
  841. <p>This option is only available when compiling C++ code.
  842. It turns on (or off, if using <samp>-fvtable-verify=none</samp>) the security
  843. feature that verifies at run time, for every virtual call, that
  844. the vtable pointer through which the call is made is valid for the type of
  845. the object, and has not been corrupted or overwritten. If an invalid vtable
  846. pointer is detected at run time, an error is reported and execution of the
  847. program is immediately halted.
  848. </p>
  849. <p>This option causes run-time data structures to be built at program startup,
  850. which are used for verifying the vtable pointers.
  851. The options &lsquo;<samp>std</samp>&rsquo; and &lsquo;<samp>preinit</samp>&rsquo;
  852. control the timing of when these data structures are built. In both cases the
  853. data structures are built before execution reaches <code>main</code>. Using
  854. <samp>-fvtable-verify=std</samp> causes the data structures to be built after
  855. shared libraries have been loaded and initialized.
  856. <samp>-fvtable-verify=preinit</samp> causes them to be built before shared
  857. libraries have been loaded and initialized.
  858. </p>
  859. <p>If this option appears multiple times in the command line with different
  860. values specified, &lsquo;<samp>none</samp>&rsquo; takes highest priority over both &lsquo;<samp>std</samp>&rsquo; and
  861. &lsquo;<samp>preinit</samp>&rsquo;; &lsquo;<samp>preinit</samp>&rsquo; takes priority over &lsquo;<samp>std</samp>&rsquo;.
  862. </p>
  863. </dd>
  864. <dt><code>-fvtv-debug</code></dt>
  865. <dd><a name="index-fvtv_002ddebug"></a>
  866. <p>When used in conjunction with <samp>-fvtable-verify=std</samp> or
  867. <samp>-fvtable-verify=preinit</samp>, causes debug versions of the
  868. runtime functions for the vtable verification feature to be called.
  869. This flag also causes the compiler to log information about which
  870. vtable pointers it finds for each class.
  871. This information is written to a file named <samp>vtv_set_ptr_data.log</samp>
  872. in the directory named by the environment variable <code>VTV_LOGS_DIR</code>
  873. if that is defined or the current working directory otherwise.
  874. </p>
  875. <p>Note: This feature <em>appends</em> data to the log file. If you want a fresh log
  876. file, be sure to delete any existing one.
  877. </p>
  878. </dd>
  879. <dt><code>-fvtv-counts</code></dt>
  880. <dd><a name="index-fvtv_002dcounts"></a>
  881. <p>This is a debugging flag. When used in conjunction with
  882. <samp>-fvtable-verify=std</samp> or <samp>-fvtable-verify=preinit</samp>, this
  883. causes the compiler to keep track of the total number of virtual calls
  884. it encounters and the number of verifications it inserts. It also
  885. counts the number of calls to certain run-time library functions
  886. that it inserts and logs this information for each compilation unit.
  887. The compiler writes this information to a file named
  888. <samp>vtv_count_data.log</samp> in the directory named by the environment
  889. variable <code>VTV_LOGS_DIR</code> if that is defined or the current working
  890. directory otherwise. It also counts the size of the vtable pointer sets
  891. for each class, and writes this information to <samp>vtv_class_set_sizes.log</samp>
  892. in the same directory.
  893. </p>
  894. <p>Note: This feature <em>appends</em> data to the log files. To get fresh log
  895. files, be sure to delete any existing ones.
  896. </p>
  897. </dd>
  898. <dt><code>-finstrument-functions</code></dt>
  899. <dd><a name="index-finstrument_002dfunctions"></a>
  900. <p>Generate instrumentation calls for entry and exit to functions. Just
  901. after function entry and just before function exit, the following
  902. profiling functions are called with the address of the current
  903. function and its call site. (On some platforms,
  904. <code>__builtin_return_address</code> does not work beyond the current
  905. function, so the call site information may not be available to the
  906. profiling functions otherwise.)
  907. </p>
  908. <div class="smallexample">
  909. <pre class="smallexample">void __cyg_profile_func_enter (void *this_fn,
  910. void *call_site);
  911. void __cyg_profile_func_exit (void *this_fn,
  912. void *call_site);
  913. </pre></div>
  914. <p>The first argument is the address of the start of the current function,
  915. which may be looked up exactly in the symbol table.
  916. </p>
  917. <p>This instrumentation is also done for functions expanded inline in other
  918. functions. The profiling calls indicate where, conceptually, the
  919. inline function is entered and exited. This means that addressable
  920. versions of such functions must be available. If all your uses of a
  921. function are expanded inline, this may mean an additional expansion of
  922. code size. If you use <code>extern inline</code> in your C code, an
  923. addressable version of such functions must be provided. (This is
  924. normally the case anyway, but if you get lucky and the optimizer always
  925. expands the functions inline, you might have gotten away without
  926. providing static copies.)
  927. </p>
  928. <p>A function may be given the attribute <code>no_instrument_function</code>, in
  929. which case this instrumentation is not done. This can be used, for
  930. example, for the profiling functions listed above, high-priority
  931. interrupt routines, and any functions from which the profiling functions
  932. cannot safely be called (perhaps signal handlers, if the profiling
  933. routines generate output or allocate memory).
  934. See <a href="Common-Function-Attributes.html#Common-Function-Attributes">Common Function Attributes</a>.
  935. </p>
  936. </dd>
  937. <dt><code>-finstrument-functions-exclude-file-list=<var>file</var>,<var>file</var>,&hellip;</code></dt>
  938. <dd><a name="index-finstrument_002dfunctions_002dexclude_002dfile_002dlist"></a>
  939. <p>Set the list of functions that are excluded from instrumentation (see
  940. the description of <samp>-finstrument-functions</samp>). If the file that
  941. contains a function definition matches with one of <var>file</var>, then
  942. that function is not instrumented. The match is done on substrings:
  943. if the <var>file</var> parameter is a substring of the file name, it is
  944. considered to be a match.
  945. </p>
  946. <p>For example:
  947. </p>
  948. <div class="smallexample">
  949. <pre class="smallexample">-finstrument-functions-exclude-file-list=/bits/stl,include/sys
  950. </pre></div>
  951. <p>excludes any inline function defined in files whose pathnames
  952. contain <samp>/bits/stl</samp> or <samp>include/sys</samp>.
  953. </p>
  954. <p>If, for some reason, you want to include letter &lsquo;<samp>,</samp>&rsquo; in one of
  955. <var>sym</var>, write &lsquo;<samp>\,</samp>&rsquo;. For example,
  956. <samp>-finstrument-functions-exclude-file-list='\,\,tmp'</samp>
  957. (note the single quote surrounding the option).
  958. </p>
  959. </dd>
  960. <dt><code>-finstrument-functions-exclude-function-list=<var>sym</var>,<var>sym</var>,&hellip;</code></dt>
  961. <dd><a name="index-finstrument_002dfunctions_002dexclude_002dfunction_002dlist"></a>
  962. <p>This is similar to <samp>-finstrument-functions-exclude-file-list</samp>,
  963. but this option sets the list of function names to be excluded from
  964. instrumentation. The function name to be matched is its user-visible
  965. name, such as <code>vector&lt;int&gt; blah(const vector&lt;int&gt; &amp;)</code>, not the
  966. internal mangled name (e.g., <code>_Z4blahRSt6vectorIiSaIiEE</code>). The
  967. match is done on substrings: if the <var>sym</var> parameter is a substring
  968. of the function name, it is considered to be a match. For C99 and C++
  969. extended identifiers, the function name must be given in UTF-8, not
  970. using universal character names.
  971. </p>
  972. </dd>
  973. <dt><code>-fpatchable-function-entry=<var>N</var>[,<var>M</var>]</code></dt>
  974. <dd><a name="index-fpatchable_002dfunction_002dentry"></a>
  975. <p>Generate <var>N</var> NOPs right at the beginning
  976. of each function, with the function entry point before the <var>M</var>th NOP.
  977. If <var>M</var> is omitted, it defaults to <code>0</code> so the
  978. function entry points to the address just at the first NOP.
  979. The NOP instructions reserve extra space which can be used to patch in
  980. any desired instrumentation at run time, provided that the code segment
  981. is writable. The amount of space is controllable indirectly via
  982. the number of NOPs; the NOP instruction used corresponds to the instruction
  983. emitted by the internal GCC back-end interface <code>gen_nop</code>. This behavior
  984. is target-specific and may also depend on the architecture variant and/or
  985. other compilation options.
  986. </p>
  987. <p>For run-time identification, the starting addresses of these areas,
  988. which correspond to their respective function entries minus <var>M</var>,
  989. are additionally collected in the <code>__patchable_function_entries</code>
  990. section of the resulting binary.
  991. </p>
  992. <p>Note that the value of <code>__attribute__ ((patchable_function_entry
  993. (N,M)))</code> takes precedence over command-line option
  994. <samp>-fpatchable-function-entry=N,M</samp>. This can be used to increase
  995. the area size or to remove it completely on a single function.
  996. If <code>N=0</code>, no pad location is recorded.
  997. </p>
  998. <p>The NOP instructions are inserted at&mdash;and maybe before, depending on
  999. <var>M</var>&mdash;the function entry address, even before the prologue.
  1000. </p>
  1001. </dd>
  1002. </dl>
  1003. <hr>
  1004. <div class="header">
  1005. <p>
  1006. Next: <a href="Preprocessor-Options.html#Preprocessor-Options" accesskey="n" rel="next">Preprocessor Options</a>, Previous: <a href="Optimize-Options.html#Optimize-Options" accesskey="p" rel="prev">Optimize Options</a>, Up: <a href="Invoking-GCC.html#Invoking-GCC" accesskey="u" rel="up">Invoking GCC</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Option-Index.html#Option-Index" title="Index" rel="index">Index</a>]</p>
  1007. </div>
  1008. </body>
  1009. </html>