Using Intel® Compilers to Mitigate Speculative Execution Side-Channel Issues

Por Jennifer L Jiang,

Publicado:03/23/2018   Última actualización:03/23/2018


Side channel methods are techniques that may allow an attacker to obtain secret or privileged information through observing the system that they would not normally be able to access, such as measuring microarchitectural properties about the system. For background information relevant to this article, refer to the overview in Intel Analysis of Speculative Execution Side Channels. This article describes Intel® C++ Compiler support and Intel® Fortran Compiler support for speculative execution side channel mitigations.

Mitigating Bounds Check Bypass (Spectre Variant 1)

Please read Intel's Analysis of Speculative Execution Side Channels for details, exploit conditions, and mitigations for the exploit known as bounds check bypass (Spectre variant 1).

One mitigation for Spectre variant 1 is through use of the LFENCE instruction. The LFENCE instruction does not execute until all prior instructions have completed locally, and no later instruction begins execution until LFENCE completes. _mm_lfence() is a compiler intrinsic or assembler inline that issues an LFENCE instruction and also ensures that compiler optimizations do not move memory references across that boundary. Inserting an LFENCE between a bounds check condition and memory loads helps ensure that the loads do not occur until the bounds check condition has actually been completed.

Use the following options to get automatic mitigation for Spectre variant 1 from Intel C++ and Fortran compilers: 

Intel® C++/Fortran 
Compiler versions
Linux or macOS Windows
18.0.3 or newer -mconditional-branch=keep

The Intel C++ Compiler and Intel Fortran Compiler both allow programmers to insert LFENCE instructions, which can be used to help mitigate bounds check bypass (Spectre variant 1).


You can insert LFENCE instructions in a C/C++ program as shown in the example below:

#include <intrin.h>
#pragma intrinsic(_mm_lfence)

    if (user_value >= LIMIT)
        _mm_lfence();	/* manually inserted by developer */
        x = table[user_value];
        node = entry[x];

LFENCE in Fortran

You can insert an LFENCE instruction in Fortran applications as shown in the example below.
Implement the following subroutine, which calls _mm_lfence() intrinsics:

        subroutine for_lfence() bind (C, name = "_mm_lfence") 
            !DIR$ attributes known_intrinsic, default :: for_lfence
        end subroutine for_lfence
    end interface
    if (untrusted_index_from_user .le. iarr1%length) then
        call for_lfence()
        ival = iarr1%data(untrusted_index_from_user)
        index2 = (IAND(ival,1)*z'100') + z'200'    
        if(index2 .le. iarr2%length) 
            ival2 = iarr2%data(index2)

The LFENCE intrinsic is supported in the following Intel compilers:

  • Intel C++ Compiler 8.0 and later for Windows*, Linux*, and macOS*
  • Intel Fortran Compiler 14.0 and later for Windows, Linux and macOS in order to apply the intrinsic using the above method

Mitigating Branch Target Injection (Spectre Variant 2)

Intel's whitepaper on Retpoline: A Branch Target Injection Mitigation discusses the details, exploit conditions, and mitigations for the exploit known as branch target injection (Spectre variant 2). While there are a number of possible mitigation techniques for this side channel method, the mitigation technique described in that document is known as retpoline, which is a technique employed by the Intel® C++ and Fortran compilers.

The Intel C++ and Fortran compilers have command line options “-mindirect-branch=CHOICE” & “-mfunction-return=CHOICE” support just like gcc as documented at

The compiler options implemented are below in the corresponding compiler versions:

Intel® C++/Fortran Compiler versions Linux or macOS Windows
18.0.3 or newer -mfunction-return={keep,thunk-inline,
18.0.2 or newer -mindirect-branch=thunk-inline
17.0.7 or newer
16.0.8 or newer
-mfunction-return={keep,thunk-inline, thunk-extern,thunk}
-mindirect-branch={keep,thunk-inline, thunk-extern,thunk}
/Qfunction-return:{keep,thunk-inline, thunk-extern,thunk}
/Qindirect-branch:{keep,thunk-inline, thunk-extern,thunk}

Refer to the Intel Compilers - Supported compiler versions for the list of supported Intel Compilers.

How to Obtain the Latest Intel® C++ Compiler and Intel® Fortran Compiler

The Intel® C++ Compiler is distributed as part of the Intel® Parallel Studio XE and Intel® System Studio tool suites. The Intel® Fortran Compiler is distributed as part of Intel® Parallel Studio XE. You can download these from Intel Registration Center when available:

  1. Intel® Parallel Studio XE 2018 update 2 or later
  2. Intel® Parallel Studio XE 2017 update 7 or newer
  3. Intel® Parallel Studio XE 2016 update 5 or newer
  4. Intel® System Studio 2018 update 1 or later

Refer to the Intel Compilers - Supported compiler versions for the list of supported Intel Compilers.

Conclusion and Further Reading

Visit the Intel Press Room for the latest updates regarding the Spectre and Meltdown issues, and Intel’s Side Channel Security Support website for additional software-specific, up-to-date information. You can find more detailed explanations of Speculative Execution Side-Channel Mitigations and Intel’s Mitigation Overview for Potential Side-Channel Cache Exploits in Linux* on our Side-Channel Security Support website.

Refer to our support site for support options if you experience any issues.

Intel continues to work on improving Intel® Software Development Products for the identified security issues. We will continue to revise this article with Intel® C++ Compiler and Intel Fortran Compiler product updates as they become available.


Intel technologies' features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel® products specifications and roadmaps.

Intel provides these materials as-is, with no express or implied warranties.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.

Copyright © [2018], Intel Corporation. All rights reserved.

Información sobre productos y desempeño


Los compiladores Intel pueden o no optimizar al mismo nivel para los microprocesadores que no son Intel en optimizaciones que no son exclusivas de los microprocesadores Intel. Estas optimizaciones incluyen los conjuntos de instrucciones SSE2, SSE3 y SSSE3, y otras optimizaciones. Intel no garantiza la disponibilidad, funcionalidad o eficacia de ninguna optimización en microprocesadores que no sean fabricados por Intel. Las optimizaciones dependientes del microprocesador en este producto fueron diseñadas para usarse con microprocesadores Intel. Ciertas optimizaciones no específicas de la microarquitectura Intel se reservan para los microprocesadores Intel. Consulte las guías de referencia y para el usuario para obtener más información acerca de los conjuntos de instrucciones específicos cubiertos por este aviso.

Revisión del aviso n.° 20110804