Lets you identify and fix code that may be vulnerable to speculative execution side-channel attacks, which can leak your secure data as a result of bad speculation of a conditional branch direction.
- Indicates to the compiler what action to take. Possible values are:
- Tells the compiler to not attempt any vulnerable code detection or fixing. This is equivalent to not specifying the-mconditional-branchoption.
- Tells the compiler to perform a search of vulnerable code patterns in the compilation and report all occurrences to stderr.
- Tells the compiler to perform a search of vulnerable code patterns in the compilation and generate code to ensure that the identified data accesses are not executed speculatively. It will also report any fixed patterns to stderr.This setting does not guarantee total mitigation, it only fixes cases where all components of the vulnerability can be seen or determined by the compiler. The pattern detection will be more complete if advanced optimization options are specified or are in effect, such as optionO3and option-ipo(or/Qipo).