[cfe-users] Does -fstack-protector[-all] actually do anything?

Dallman, John john.dallman at siemens.com
Tue Jun 3 03:54:28 PDT 2014

On the Windows/MSVC builds of the product I work on, I've turned on the
"GuardStack" compiler option (/GS) which puts in fences to detect buffer
overruns in functions that the compiler thinks need it. Now I'm looking
at other platforms.

GCC has -fstack-protector and -fstack-protector-all. There's also the fairly
new -fstack-protector-strong, but I need to support Linuxes that are too
old to have that.

Clang has Address Sanitizer, but that seems to cost too much performance
for production code - with a bit of work, one can get the /GS losses down
to 2% or less with MSVC.

Clang also accepts GCC's -fstack-protector and -fstack-protector-all, but
they don't seem to do anything: taking assembly listings for a simple test
program compiled with and without -fstack-protector-all and diffing them
reveals no differences at all. I'm using OS X 10.9.2 with a Clang from Xcode
that reports itself as:

    Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)

Are -fstack-protector and -fstack-protector-all just being accepted and


John Dallman

Siemens Industry Software Limited is a limited company registered in England and Wales.
Registered number: 3476850.
Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD.

More information about the cfe-users mailing list