[PATCH] Implement Control Flow Integrity for virtual calls.
jfb at chromium.org
Thu Feb 19 09:47:50 PST 2015
This patch lgtm: IIUC it sounds like devirtualization will still be possible with this approach.
Comment at: docs/ControlFlowIntegrity.rst:20
@@ +19,3 @@
+program's control flow. These schemes have been optimized for performance,
+allowing developers to enable them in release builds.
Is there a reference number we can quote, or a benchmark that users can run to check what the overheads are?
Comment at: docs/ControlFlowIntegrity.rst:48
@@ +47,3 @@
+exempted from checking, and therefore programs may be linked against a
+regular standard library, but this may change in the future.
s/regular/pre-built/ or something along those lines.
That makes me wonder: for PNaCl we could have a version of libc++.a that also has CFI. Could the exclusion list be done through module metadata merging? i.e. doing LTO on a module without CFI lists its classes and adds exclusions for them, and modules with CFI "just work"?
I wouldn't do this in the current patch.
Comment at: docs/ControlFlowIntegrity.rst:63
@@ +62,2 @@
+Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway,
+Ulfar Erlingsson, Luis Lozano, Geoff Pike.
Úlfar, here and above?
More information about the cfe-commits