/Qspectre

Specifies compiler generation of instructions to mitigate certain Spectre variant 1 security vulnerabilities.

Syntax

/Qspectre

Remarks

The /Qspectre option causes the compiler to insert instructions to mitigate certain Spectre security vulnerabilities. These vulnerabilities, called speculative execution side-channel attacks, affect many operating systems and modern processors, including processors from Intel, AMD, and ARM.

The /Qspectre option is off by default.

In its initial release, the /Qspectre option only works on optimized code. You should make sure to compile your code with any of the optimization options (for example, /O2 or /O1 but not /Od) to make sure the mitigation is applied. Similarly, inspect any code that uses #pragma optimize("stg", off).

Applicability

If your code operates on data that crosses a trust boundary then we recommend that you use the /Qspectre option to rebuild and redeploy your code to mitigate this issue as soon as possible. Examples of code that operates on data that crosses a trust boundary include code that loads untrusted input that can affect execution, for example, code that makes remote procedure calls, parses untrusted input or files, or uses other local inter-process communication (IPC) interfaces. Standard sandboxing techniques may not be sufficient. You should investigate your sandboxes carefully before you decide that your code does not cross a trust boundary.

Availability

The /Qspectre option is available in Visual Studio 2017 version 15.5.5 and all updates to Microsoft Visual C++ compilers (MSVC) made on or after January 23, 2018.

All versions of Visual Studio 2017 version 15.5 and all Previews of Visual Studio version 15.6 already include an undocumented option, /d2guardspecload, that is equivalent to the initial behavior of /Qspectre. You can use /d2guardspecload to apply the same mitigations to your code in these versions of the compiler. Please update your build to use /Qspectre in compilers that support the option; the /Qspectre option may also support new mitigations in later versions of the compiler.

Effect

The /Qspectre option outputs code to mitigate Specter variant 1, Bounds Check Bypass, CVE-2017-5753. It works by insertion of instructions that act as a speculative code execution barrier. The specific instructions used to mitigate processor speculation depend upon the processor and its micro-architecture, and may change in future versions of the compiler.

When the /Qspectre option is enabled, the compiler attempts to identify instances where speculative execution may bypass bounds checks and inserts the barrier instructions. It is important to note that there are limits to the analysis that a compiler can perform to identify instances of variant 1. As such, there is no guarantee that all possible instances of variant 1 are instrumented under /Qspectre.

Performance impact

The performance impact of /Qspectre has been seen to be negligible in several very large code bases, but there are no guarantees that performance of your code under /Qspectre remains unaffected. You should benchmark your code to determine the effect of the option on performance. If you know that the mitigation is not required in a performance-critical block or loop, the mitigation can be selectively disabled by use of a __declspec(spectre(nomitigation)) directive. This directive is not available in compilers that only support the /d2guardspecload option.

Required libraries

The /Qspectre compiler option generates code that implicitly links versions of the runtime libraries that have been built to provide Spectre mitigations. These libraries are optional components that must be installed by using the Visual Studio Installer:

  • VC++ 2017 version version_number Libs for Spectre (x86 and x64)
  • Visual C++ ATL (x86/x64) with Spectre Mitigations
  • Visual C++ MFC for x86/x64 with Spectre Mitigations

If you build your code by using /Qspectre and these libraries are not installed, the build system reports warning MSB8038: Spectre mitigation is enabled but Spectre mitigated libraries are not found. If your MFC or ATL code fails to build and the linker reports an error such as fatal error LNK1104: cannot open file 'oldnames.lib', these missing libraries may be the cause.

Additional information

For more details please see the official Microsoft Security Advisory ADV180002, Guidance to mitigate speculative execution side-channel vulnerabilities. Guidance is also available from Intel, Speculative Execution Side Channel Mitigations, and ARM, Cache Speculation Side-channels. For a Windows-specific overview of Spectre and Meltdown mitigations, see Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems on the Microsoft Secure blog. For an overview of Spectre vulnerability addressed by the MSVC mitigations, see Spectre mitigations in MSVC on the Visual C++ Team Blog.

To set this compiler option in the Visual Studio development environment

  1. Open the project's Property Pages dialog box. For details, see Working with Project Properties.

  2. Select the Configuration Properties > C/C++ > Command Line property page.

  3. Enter the /Qspectre compiler option in the Additional Options box. Choose OK to apply the change.

To set this compiler option programmatically

See also

/Q Options (Low-Level Operations)
Compiler Options
Setting Compiler Options