如何验证 Visual Studio 2017 中使用的 Spectre Mitigation 标志是否适用于 C++? [英] How to verify if the Spectre Mitigation flag used in Visual Studio 2017 works for C++?
问题描述
我想看看幽灵缓解标志如何解决一个问题,让我的团队相信我们需要将此标志添加到我们即将开展的项目的大型代码库中.
我正在搜索具有幽灵漏洞的示例项目,并通过添加上周在 Visual Studio 2017 中引入的幽灵缓解标志来解决.
有人可以帮助我通过 POC 向我更大的团队演示 Microsoft 最近在 Visual Studio 中添加的支持如何克服这个问题吗?
这是 Microsoft 为 VS 发布的最新
我没有注意到单个组件选项卡.在选项卡中,我错过了一些重要的依赖项(感谢 @Retired Ninja).安装后,该消息不再出现在构建幽灵缓解示例中.
不过,我仍在寻找更具体的用例.
I want to see how the spectre mitigation flag solved a problem to convince my team that we need to add this flag to our large code base for upcoming projects.
I am searching for sample projects that have a spectre vulnerability and is resolved by adding a spectre mitigation flag introduced last week in Visual Studio 2017.
Can some one please help me in putting across a POC to demo to my larger team as to how the recently added support from Microsoft in Visual Studio overcomes the problem?
Here is latest release notes from Microsoft for VS 2017.
Edite to question: August 23 2018
In the pursuit for an answer, I tried the following code form microsoft Spectre Mitigation page:
#include "stdafx.h"
int G, G1, G2;
__forceinline
int * bar(int **p, int i)
{
return p[i];
}
__forceinline
void bar1(int ** p, int i)
{
if (i < G1) {
auto x = p[i]; // mitigation here
G = *x;
}
}
__forceinline
void foo(int * p)
{
G = *p;
}
void baz(int ** p, int i)
{
if (i < G1) {
foo(bar(p, i + G2));
}
bar1(p, i);
}
int main()
{
return 0;
}
When I compile the code with the spectre mitigation flag enabled:
Project Properties > Configuration Properties > C/C++ > Spectre Mitigation > Enabled
Three additional changes also need to be done to incorporate this change:
- Change from /Od to /O2 in Optimization
Project Properties > Configuration Properties > C/C++ > Optimization > /O2
- Basic Run time Checks to Default
Project Properties > Configuration Properties > C/C++ > Code Generation > Basic Run time Checks > Default
- Added VC library directory to Linker path
Project Properties > Configuration Properties > Linker > General > Additional Library Directories > C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Tools\MSVC\14.15.26726\lib\x86
Note: instead of hardcoding the path like this
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Tools\MSVC\14.15.26726\lib\x86
, you can use a Visual studio variable like this:
$(VCToolsInstallDir)\lib\x86\
I get the following Output:
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(402,5): warning MSB8038: Spectre mitigation is enabled but Spectre mitigated libraries are not found. Verify that the Visual Studio Workload includes the Spectre mitigated libraries. See https://aka.ms/Ofhn4c for more information.
I don't know what to do at this point. I get an output executable, but I want the Spectre mitigation feature to be testable. Please help me.
I modified VS 2017 Installer and compared my installation against the default selected items from the Microsoft page for Spectre Mitigation.
I had failed to notice the Individual Components Tab. In the tab I had missed some important dependencies, (thanks to @Retired Ninja). After installing that, the message stopped appearing in the build for spectre mitigation example.
However, I am still looking for a more concrete use case.
这篇关于如何验证 Visual Studio 2017 中使用的 Spectre Mitigation 标志是否适用于 C++?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
