Keil Logo

Technical Support

On-Line Manuals

Compiler Reference Guide

Preface Arm Compiler Tools Overview armclang Reference armclang Command-line Options Summary of armclang command-line options -C (armclang) -c (armclang) -D -E -e -fbare-metal-pie -fbracket-depth=N -fcommon, -fno-common -fdata-sections, -fno-data-sections -ffast-math, -fno-fast-math -ffixed-rN -ffp-mode -ffunction-sections, -fno-function-sections -fident, -fno-ident @file -fldm-stm, -fno-ldm-stm -fno-builtin -fno-inline-functions -flto, -fno-lto -fexceptions, -fno-exceptions -fomit-frame-pointer, -fno-omit-frame-pointer -fpic, -fno-pic -fropi, -fno-ropi -fropi-lowering, -fno-ropi-lowering -frwpi, -fno-rwpi -frwpi-lowering, -fno-rwpi-lowering -fsanitize -fshort-enums, -fno-short-enums -fshort-wchar, -fno-short-wchar -fstack-protector, -fstack-protector-all, -fstack- -fstrict-aliasing, -fno-strict-aliasing -fsysv, -fno-sysv -ftrapv -fvectorize, -fno-vectorize -fvisibility -fwrapv -g, -gdwarf-2, -gdwarf-3, -gdwarf-4 (armclang) -I -include -L -l -M, -MM -MD, -MMD -MF -MG -MP -MT -march -marm -masm -mbig-endian -mbranch-protection -mcmodel -mcmse -mcpu -mexecute-only -mfloat-abi -mfpu -mimplicit-it -mlittle-endian -mno-neg-immediates -moutline, -mno-outline -mpixolib -munaligned-access, -mno-unaligned-access -mthumb -nostdlib -nostdlibinc -o (armclang) -O (armclang) -pedantic -pedantic-errors -Rpass -S -save-temps -shared (armclang) -std --target -U -u (armclang) -v (armclang) --version (armclang) --version_number (armclang) --vsn (armclang) -W -Wl -Xlinker -x (armclang) -### Compiler-specific Keywords and Operators Compiler-specific keywords and operators __alignof__ __asm __declspec attributes __declspec(noinline) __declspec(noreturn) __declspec(nothrow) __inline __promise __unaligned Global named register variables Compiler-specific Function, Variable, and Type Att Function attributes __attribute__((always_inline)) function attribute __attribute__((cmse_nonsecure_call)) function attr __attribute__((cmse_nonsecure_entry)) function att __attribute__((const)) function attribute __attribute__((constructor(priority))) function at __attribute__((format_arg(string-index))) function __attribute__((interrupt("type"))) function attrib __attribute__((malloc)) function attribute __attribute__((naked)) function attribute __attribute__((noinline)) function attribute __attribute__((nonnull)) function attribute __attribute__((noreturn)) function attribute __attribute__((nothrow)) function attribute __attribute__((pcs("calling_convention"))) functio __attribute__((pure)) function attribute __attribute__((section("name"))) function attribut __attribute__((unused)) function attribute __attribute__((used)) function attribute __attribute__((value_in_regs)) function attribute __attribute__((visibility("visibility_type"))) fun __attribute__((weak)) function attribute __attribute__((weakref("target"))) function attrib Type attributes __attribute__((aligned)) type attribute __attribute__((packed)) type attribute __attribute__((transparent_union)) type attribute Variable attributes __attribute__((alias)) variable attribute __attribute__((aligned)) variable attribute __attribute__((deprecated)) variable attribute __attribute__((packed)) variable attribute __attribute__((section("name"))) variable attribut __attribute__((unused)) variable attribute __attribute__((used)) variable attribute __attribute__((visibility("visibility_type"))) var __attribute__((weak)) variable attribute __attribute__((weakref("target"))) variable attrib Compiler-specific Intrinsics __breakpoint intrinsic __current_pc intrinsic __current_sp intrinsic __disable_fiq intrinsic __disable_irq intrinsic __enable_fiq intrinsic __enable_irq intrinsic __force_stores intrinsic __memory_changed intrinsic __schedule_barrier intrinsic __semihost intrinsic __vfp_status intrinsic Compiler-specific Pragmas #pragma clang system_header #pragma clang diagnostic #pragma clang section #pragma once #pragma pack(...) #pragma unroll[(n)], #pragma unroll_completely #pragma weak symbol, #pragma weak symbol1 = symbol Other Compiler-specific Features ACLE support Predefined macros Inline functions Half-precision floating-point data types Half-precision floating-point number format Half-precision floating-point intrinsics Library support for _Float16 data type BFloat16 floating-point number format TT instruction intrinsics Non-secure function pointer intrinsics armclang Integrated Assembler Syntax of assembly files for integrated assembler Assembly expressions Alignment directives Data definition directives String definition directives Floating-point data definition directives Section directives Conditional assembly directives Macro directives Symbol binding directives Org directive AArch32 Target selection directives AArch64 Target selection directives Space-filling directives Type directive Integrated assembler support for the CSDB instruct armclang Inline Assembler Inline Assembly File-scope inline assembly Inline assembly statements within a function Assembly string Output and input operands Clobber list volatile Inline assembly constraint strings Constraint modifiers Constraint codes Constraint codes common to AArch32 state and AArch Constraint codes for AArch32 state Constraint codes for AArch64 state Using multiple alternative operand constraints Inline assembly template modifiers Template modifiers common to AArch32 state and AAr Template modifiers for AArch32 state Template modifiers for AArch64 state Forcing inline assembly operands into specific reg Symbol references and branches into and out of inl Duplication of labels in inline assembly statement armlink Reference fromelf Reference armar Reference armasm Legacy Assembler Reference Appendixes

-fsanitize

B1.28 -fsanitize

-fsanitize selects the sanitizer option that is used in code generation. It is an [ALPHA] feature.

Note:

This topic describes an [ALPHA] feature. See Support level definitions.

Default

The default is no sanitizers are selected.

Syntax

-fsanitize=option

Parameters

option specifies the sanitizer option for code generation. The only supported option is -fsanitize=memtag.

Restrictions

Memory tagging stack protection (stack tagging) is available for the AArch64 state for architectures with the Memory Tagging Extension. The Memory Tagging Extension is optional in Arm®v8.5-A and later architectures. When compiling with -fsanitize=memtag, the compiler uses memory tagging instructions that are not available for architectures without the Memory Tagging Extension. The resulting code cannot execute on architectures without the Memory Tagging Extension. For more information, see the +memtag feature in B1.56 -mcpu.

Operation

Use -fsanitize=memtag to enable the generation of memory tagging code for protecting the memory allocations on the stack. When you enable memory tagging, the compiler checks that expressions that evaluate to addresses of objects on the stack are within the bounds of the object. If this cannot be guaranteed, the compiler generates code to ensure that the pointer and the object are tagged. When tagged pointers are dereferenced, the processor checks the tag on the pointer with the tag on the memory location being accessed. If the tags mismatch, the processor causes an exception and therefore tries to prevent the pointer from accessing any object that is different from the object whose address was taken.

For example, if a pointer to a variable on the stack is passed to another function, then the compiler might be unable to guarantee that this pointer is only used to access the same variable. In this situation, the compiler generates memory tagging code. The memory tagging instructions apply a unique tag to the pointer and to its corresponding allocation on the stack.

Note:

  • The ability of the compiler to determine whether a pointer access is bounded might be affected by optimizations. For example, if an optimization inlines a function, and as a result, if the compiler can guarantee that the pointer access is always safe, then the compiler might not generate memory tagging stack protection code. Therefore, the conditions for generating memory tagging stack protection code might not have a direct relationship to the source code.
  • When using -fsanitize=memtag, there is a high probability that an unbounded pointer access to the stack causes a processor exception. This does not guarantee that all unbounded pointer accesses to the stack cause a processor exception.
  • The [ALPHA] implementation of stack tagging does not protect variable-length allocations on the stack.

To ensure full memory tagging stack protection, you must also link your code with the library that provides stack protection with memory tagging. For more information, see C1.74 --library_security=protection.

armlink automatically selects the library with memory tagging stack protection if at least one object file is compiled with -fsanitize=memtag and at least one object file is compiled with pointer authentication, using -mbranch-protection. You can override the selected library by using the armlink --library_security option to specify the library that you want to use.

Note:

  • Use of -fsanitize=memtag to protect the stack increases the amount of memory that is allocated on the stack. This is because, the compiler has to allocate a separate 16-byte aligned block of memory on the stack for each variable whose stack allocation is protected by memory tagging.
  • Code that is compiled with stack tagging can be safely linked together with code that is compiled without stack tagging. However, if any object file is compiled with -fsanitize=memtag, and if setjmp, longjmp, or C++ exceptions are present anywhere in the image, then you must use the v8.5a library to avoid stack tagging related memory fault at runtime.
  • The -fsanitize=memtag option and the -fstack-protector options are independent and provide complementary stack protection. These options can be used together or in isolation.

Examples

The following example demonstrates the effect of the -fsanitize=memtag option.

Source file foo.c contains the following code:

extern void func2 (int* a);

void func1(void)
{
  int x=10;
  int y=20;

  func2(&x);
  func2(&y);
}

Compile foo.c, without memory tagging stack protection, using the following command line:

armclang --target=aarch64-arm-none-eabi -march=armv8.5-a+memtag -S -O1 foo.c -o mem_no_protect.s

The generated assembly file mem_no_protect.s contains the following code:

func1:                                  // @func1
// %bb.0:                               // %entry
        str     x30, [sp, #-16]!        // 8-byte Folded Spill
        mov     w8, #10
        mov     w9, #20
        add     x0, sp, #12             // =12
        stp     w9, w8, [sp, #8]
        bl      func2
        add     x0, sp, #8              // =8
        bl      func2
        ldr     x30, [sp], #16          // 8-byte Folded Reload
        ret

Compile foo.c, with memory tagging stack protection, using the following command line:

armclang --target=aarch64-arm-none-eabi -march=armv8.5-a+memtag -S -O1 foo.c -fsanitize=memtag -o mem_with_protect.s

The generated assembly file mem_with_protect.s contains the following code:

func1:                                  // @func1
// %bb.0:                               // %entry
        stp     x19, x30, [sp, #-16]!   // 16-byte Folded Spill
        sub     sp, sp, #32             // =32
        irg     x0, sp
        mov     w8, #10
        mov     w9, #20
        addg    x19, x0, #16, #1
        stg     x0, [x0]
        str     w8, [sp]
        stg     x19, [x19]
        str     w9, [sp, #16]
        bl      func2
        mov     x0, x19
        bl      func2
        add     x8, sp, xzr
        st2g    x8, [sp], #32
        ldp     x19, x30, [sp], #16     // 16-byte Folded Reload
        ret

When using the -fsanitize=memtag option:

Non-ConfidentialPDF file icon PDF version101754_0613_00_en
Copyright © 2019 Arm Limited or its affiliates. All rights reserved. 
  Arm logo
Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

Change Settings

Privacy Policy Update

Arm’s Privacy Policy has been updated. By continuing to use our site, you consent to Arm’s Privacy Policy. Please review our Privacy Policy to learn more about our collection, use and transfers
of your data.