[PATCH] SafeStack documentation improvements
JF Bastien
jfb at chromium.org
Mon Jun 22 10:53:33 PDT 2015
================
Comment at: docs/SafeStack.rst:107
@@ +106,3 @@
+breaking the probabilistic security guarantees through information leaks, may
+be not complete yet. System library functions such as ``setjmp``, exception
+handling mechanisms, intrinsics such as ``__buildin_frame_address``, or
----------------
"may be not complete yet" is pretty awkward phrasing.
================
Comment at: docs/SafeStack.rst:111
@@ +110,3 @@
+such safe stack pointer leaks could be detected by a static binary analysis or
+a dynamic binary instrumentation based tools.
+
----------------
I'd strengthen this last statement: at the moment safe stack assumes that the compiler's implementation is correct. This has not been verified except through code inspection, and could always regress in the future. It's therefore desirable to have a separate static or dynamic binary analysis / checker.
http://reviews.llvm.org/D10598
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
More information about the cfe-commits
mailing list