From d4d6eda9427ff4616c49092cd92e4e99f16300ed Mon Sep 17 00:00:00 2001
From: Alexandre Oliva <oliva@adacore.com>
Date: Wed, 28 Jun 2023 01:36:53 -0300
Subject: ada: hardcfr: optionally disable in leaf functions

Document -fhardcfr-skip-leaf.

gcc/ada/

	* doc/gnat_rm/security_hardening_features.rst (Control Flow
	Hardening): Document -fhardcfr-skip-leaf.
	* gnat_rm.texi: Regenerate.
---
 gcc/ada/doc/gnat_rm/security_hardening_features.rst | 5 +++++
 gcc/ada/gnat_rm.texi                                | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
index cf8c8a2..e057af2e 100644
--- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst
+++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
@@ -369,6 +369,11 @@ basic blocks take note as control flows through them, and, before
 returning, subprograms verify that the taken notes are consistent with
 the control-flow graph.
 
+The performance impact of verification on leaf subprograms can be much
+higher, while the averted risks are much lower on them.
+Instrumentation can be disabled for leaf subprograms with
+:switch:`-fhardcfr-skip-leaf`.
+
 Functions with too many basic blocks, or with multiple return points,
 call a run-time function to perform the verification.  Other functions
 perform the verification inline before returning.
diff --git a/gcc/ada/gnat_rm.texi b/gcc/ada/gnat_rm.texi
index 988bb77..0d11be0 100644
--- a/gcc/ada/gnat_rm.texi
+++ b/gcc/ada/gnat_rm.texi
@@ -29515,6 +29515,11 @@ basic blocks take note as control flows through them, and, before
 returning, subprograms verify that the taken notes are consistent with
 the control-flow graph.
 
+The performance impact of verification on leaf subprograms can be much
+higher, while the averted risks are much lower on them.
+Instrumentation can be disabled for leaf subprograms with
+@code{-fhardcfr-skip-leaf}.
+
 Functions with too many basic blocks, or with multiple return points,
 call a run-time function to perform the verification.  Other functions
 perform the verification inline before returning.
-- 
cgit v1.1