Docs: Document -fcf-protection without argument [PR112589]

gcc/ChangeLog
	PR middle-end/112589
	* common.opt (-fcf-protection): Add documentation string.
	* doc/invoke.texi (Option Summary): Add entry for -fcf-protection
	without argument.
	(Instrumentation Options): Tidy the -fcf-protection entry and
	and add documention for the form without an argument.

diff --git a/gcc/common.opt b/gcc/common.opt
index b9e74cd3ac411f318db0c68ff77b7ee96ab610ef..2c8fdde54f34e60ea8feb54f38bc8b48d1057191 100644 (file)
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -2055,6 +2055,7 @@ Enum(ilsop_fn) String(memset) Value(ILSOP_MEMSET) Set(4)
 
 fcf-protection
 Common RejectNegative Alias(fcf-protection=,full)
+Equivalent to -fcf-protection=full.
 
 fcf-protection=
 Common Joined RejectNegative Enum(cf_protection_level) EnumSet Var(flag_cf_protection) Init(CF_NONE)

diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 4c9af429ab08fa3ce3721fea0f10c3c1246c7416..8f51ea6d3e11194b2609f6ed4bcd5548918e4b53 100644 (file)
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -673,7 +673,7 @@ Objective-C and Objective-C++ Dialects}.
 -fsanitize=@var{style}  -fsanitize-recover  -fsanitize-recover=@var{style}
 -fsanitize-trap   -fsanitize-trap=@var{style}
 -fasan-shadow-offset=@var{number}  -fsanitize-sections=@var{s1},@var{s2},...
--fsanitize-undefined-trap-on-error  -fbounds-check
+-fsanitize-undefined-trap-on-error  -fbounds-check  -fcf-protection
 -fcf-protection=@r{[}full@r{|}branch@r{|}return@r{|}none@r{|}check@r{]}
 -fharden-compares -fharden-conditional-branches  -fhardened
 -fharden-control-flow-redundancy  -fhardcfr-skip-leaf
@@ -18373,7 +18373,8 @@ operand constant, @code{__sanitizer_cov_trace_cmpf} or
 
 @opindex fcf-protection
 @item -fcf-protection=@r{[}full@r{|}branch@r{|}return@r{|}none@r{|}check@r{]}
-Enable code instrumentation of control-flow transfers to increase
+@itemx -fcf-protection
+Enable code instrumentation to increase
 program security by checking that target addresses of control-flow
 transfer instructions (such as indirect function call, function return,
 indirect jump) are valid.  This prevents diverting the flow of control
@@ -18381,22 +18382,30 @@ to an unexpected target.  This is intended to protect against such
 threats as Return-oriented Programming (ROP), and similarly
 call/jmp-oriented programming (COP/JOP).
 
+The @option{-fcf-protection=} keywords are interpreted as follows.
+
 The value @code{branch} tells the compiler to implement checking of
 validity of control-flow transfer at the point of indirect branch
-instructions, i.e.@: call/jmp instructions.  The value @code{return}
-implements checking of validity at the point of returning from a
-function.  The value @code{full} is an alias for specifying both
-@code{branch} and @code{return}. The value @code{none} turns off
-instrumentation.
+instructions, i.e.@: call/jmp instructions.
+
+The value @code{return} implements checking of validity at the point of
+returning from a function.
 
-To override @option{-fcf-protection}, @option{-fcf-protection=none}
-needs to be added and then with @option{-fcf-protection=xxx}.
+The value @code{full} is an alias for specifying both
+@code{branch} and @code{return}.
 
 The value @code{check} is used for the final link with link-time
 optimization (LTO).  An error is issued if LTO object files are
 compiled with different @option{-fcf-protection} values.  The
 value @code{check} is ignored at the compile time.
 
+The value @code{none} turns off instrumentation.
+
+@option{-fcf-protection} is an alias for @option{-fcf-protection=full}.
+To override a previous @option{-fcf-protection} option on the command
+line, add @option{-fcf-protection=none} and then
+@option{-fcf-protection=@var{kind}}.
+
 The macro @code{__CET__} is defined when @option{-fcf-protection} is
 used.  The first bit of @code{__CET__} is set to 1 for the value
 @code{branch} and the second bit of @code{__CET__} is set to 1 for