[PATCH] Implement Control Flow Integrity for virtual calls.

Kostya Serebryany kcc at google.com
Tue Feb 17 11:35:12 PST 2015

In http://reviews.llvm.org/D7424#120046, @pcc wrote:

> In my opinion, adding checks in LLVM would add significant complexity and/or require changing axioms relating to how IR is transformed. The transform to move the check after devirtualization would be relatively simple.
> > Also: if we want to do CFI for non-virtual indirect calls, will we be adding it in clang or in llvm?
> We would presumably be emitting the checks in clang.

This may deserve a separate thread on llvmdev/cfe-dev. I'd like to hear other opinions. Could you please start the discussion?
(where to insert the vcall and indir-call checks: in clang or in llvm)
Emitting the checks in clang means that the optimizations will have to undo the checks somehow when indir calls turn into direct calls and potentially inlined.



More information about the cfe-commits mailing list