Specifies compiler generation of instructions to mitigate certain Spectre variant 1 security vulnerabilities.
The /Qspectre option is available in Visual Studio 2017 version 15.5.5 and later, and in Visual Studio 2015 Update 3 through KB 4338871. It causes the compiler to insert instructions to mitigate certain Spectre security vulnerabilities. These vulnerabilities are called speculative execution side-channel attacks. They affect many operating systems and modern processors, including processors from Intel, AMD, and ARM.
The /Qspectre option is off by default.
In its initial release, the /Qspectre option only worked on optimized code. In Visual Studio 2017 version 15.7 and later, the /Qspectre option is supported at all optimization levels.
Microsoft Visual C++ libraries are also available in versions with Spectre mitigation. The Spectre-mitigated libraries for Visual Studio 2017 and later can be downloaded in the Visual Studio Installer. They're found in the Individual Components tab under Compilers, build tools, and runtimes, and have "Libs for Spectre" in the name. Both DLL and static runtime libraries with mitigation enabled are available for a subset of the Visual C++ runtimes: VC++ start-up code, vcruntime140, msvcp140, concrt140, and vcamp140. The DLLs are supported for application-local deployment only. The contents of the Visual C++ 2017 and later Runtime Libraries Redistributable haven't been modified.
You can also install Spectre-mitigated libraries for MFC and ATL. They're found in the Individual Components tab under SDKs, libraries, and frameworks.
If your code operates on data that crosses a trust boundary, then we recommend you use the /Qspectre option to rebuild and redeploy your code to mitigate this issue as soon as possible. An example of such code is code that loads untrusted input that can affect execution. For example, code that makes remote procedure calls, parses untrusted input or files, or uses other local inter-process communication (IPC) interfaces. Standard sandboxing techniques may not be sufficient. Investigate your sandboxes carefully before you decide your code doesn't cross a trust boundary.
The /Qspectre option is available in Visual Studio 2017 version 15.5.5, and in all updates to Microsoft C++ compilers (MSVC) made on or after January 23, 2018. Use the Visual Studio Installer to update the compiler, and to install the Spectre-mitigated libraries as individual components. The /Qspectre option is also available in Visual Studio 2015 Update 3 through a patch. For more information, see KB 4338871.
All versions of Visual Studio 2017 version 15.5, and all Previews of Visual Studio 2017 version 15.6. include an undocumented option, /d2guardspecload. It's equivalent to the initial behavior of /Qspectre. You can use /d2guardspecload to apply the same mitigations to your code in these versions of the compiler. We recommend you update your build to use /Qspectre in compilers that support the option. The /Qspectre option may also support new mitigations in later versions of the compiler.
The /Qspectre option outputs code to mitigate Specter variant 1, Bounds Check Bypass, CVE-2017-5753. It works by insertion of instructions that act as a speculative code execution barrier. The specific instructions used to mitigate processor speculation depend upon the processor and its micro-architecture, and may change in future versions of the compiler.
When you enable the /Qspectre option, the compiler attempts to identify instances where speculative execution may bypass bounds checks. That's where it inserts the barrier instructions. It's important to be aware of the limits to the analysis that a compiler can do to identify instances of variant 1. As such, there's no guarantee that all possible instances of variant 1 are instrumented under /Qspectre.
The performance impact of /Qspectre appeared to be negligible in several sizable code bases. However, there are no guarantees that performance of your code under /Qspectre remains unaffected. You should benchmark your code to determine the effect of the option on performance. If you know that the mitigation isn't required in a performance-critical block or loop, You can selectively disable the mitigation by use of a __declspec(spectre(nomitigation)) directive. This directive isn't available in compilers that only support the /d2guardspecload option.
The /Qspectre compiler option generates code that implicitly links versions of the runtime libraries built to provide Spectre mitigations. These libraries are optional components that must be installed by using the Visual Studio Installer:
- MSVC version version_numbers Libs for Spectre [(x86 and x64) | (ARM) | (ARM64)]
- Visual C++ ATL for [(x86/x64) | ARM | ARM64] with Spectre Mitigations
- Visual C++ MFC for [x86/x64 | ARM | ARM64] with Spectre Mitigations
If you build your code by using /Qspectre and these libraries aren't installed, the build system reports warning MSB8038: Spectre mitigation is enabled but Spectre mitigated libraries are not found. If your MFC or ATL code fails to build, and the linker reports an error such as fatal error LNK1104: cannot open file 'oldnames.lib', these missing libraries may be the cause.
For more information, see the official Microsoft Security Advisory ADV180002, Guidance to mitigate speculative execution side-channel vulnerabilities. Guidance is also available from Intel, Speculative Execution Side Channel Mitigations, and ARM, Cache Speculation Side-channels. For a Windows-specific overview of Spectre and Meltdown mitigations, see Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems. For an overview of Spectre vulnerabilities addressed by the MSVC mitigations, see Spectre mitigations in MSVC on the C++ Team Blog.
To set this compiler option in the Visual Studio development environment
Open the project's Property Pages dialog box. For details, see Set C++ compiler and build properties in Visual Studio.
Select the Configuration Properties > C/C++ > Command Line property page.
Enter the /Qspectre compiler option in the Additional Options box. Choose OK to apply the change.
To set this compiler option programmatically
- See AdditionalOptions.