Developer Guide and Reference

Contents

mconditional-branch, Qconditional-branch

Lets you identify and fix code that may be vulnerable to speculative execution side-channel attacks, which can leak your secure data as a result of bad speculation of a conditional branch direction.

Syntax

Linux:
-mconditional-branch
=
keyword
macOS:
-mconditional-branch
=
keyword
Windows:
/Qconditional-branch
:
keyword
Arguments
keyword
Indicates to the compiler what action to take. Possible values are:
keep
Tells the compiler to not attempt any vulnerable code detection or fixing. This is equivalent to not specifying the
-mconditional-branch
option.
pattern-report
Tells the compiler to perform a search of vulnerable code patterns in the compilation and report all occurrences to stderr.
pattern-fix
Tells the compiler to perform a search of vulnerable code patterns in the compilation and generate code to ensure that the identified data accesses are not executed speculatively. It will also report any fixed patterns to stderr.
This setting does not guarantee total mitigation, it only fixes cases where all components of the vulnerability can be seen or determined by the compiler. The pattern detection will be more complete if advanced optimization options are specified or are in effect, such as option
O3
and option
-ipo
(or
/Qipo
).
all-fix