Add options for enable code gen with CFI `-fcf-protection=[full|branc…

src/toolchain-conventions.adoc

@@ -406,6 +406,29 @@ NOTE: This option does not affect inline assembly.
 The precedence among `-m[no]-scalar-strict-align`, `-m[no-]vector-strict-align`,
 and `-m[no-]strict-align` is determined by the last one specified.
 
+=== `-fcf-protection=[full|branch|return|none]`/`-fcf-protection`
+
+
+Enable control flow protection. The compiler will insert control flow integrity
+instructions to protect the program against control flow hijacking attacks.
+
+`-fcf-protection` is alias to `-fcf-protection=full`.
+
+- `none`: Disable control flow protection.
+- `full`: Protect all control flow instructions, will enable branch protection
+  and return protection if the `Zimop` extension is available.
+- `branch`: Protect branch instructions only by insert landing pad.
+- `return`: Protect return instructions only, this require `Zimop` extension.
+
+=== `-mcf-branch-label-scheme=[unlabeled|func-sig]`
+
+Specify the label scheme for the `-fcf-protection=branch`. The default is value
+is platform defined.
+
+- `unlabeled`: Use simple label scheme, the label is always `0`.
+- `func-sig`: Use function signature as the label, the label is generated by the
+  compiler, the rule is defined in psABI spec.
+
 == TODO
 
 - `-mdiv`, `-mno-div`, `-mfdiv`, `-mno-fdiv`, `-msave-restore`,