[cfe-dev] [LLVMdev] Adding CFI checks to clang vs llvm

Chandler Carruth chandlerc at google.com
Tue Feb 17 19:00:14 PST 2015


On Tue, Feb 17, 2015 at 12:35 PM, Peter Collingbourne <peter at pcc.me.uk>
wrote:

> Hi,
>
> In http://reviews.llvm.org/D7424 we've been discussing whether to insert
> control flow integrity checks in Clang or LLVM. The main challenge is that
> the checks need something like a string associated with each call, and
> there's currently no stable way to ensure that the string stays with the
> call.
>
> The current version of the patch does the checks with an intrinsic, but
> there's a concern that this may interfere with devirtualization.
>
> Does anyone have any opinions besides what's been discussed on the review
> thread?
>

My primary concern is that I would very much like the CFI implementation to
be truly generic for indirect function calls rather than specific to type
hierarchies.

Is the issue that for virtual calls there is a dramatically cheaper way to
structure the CFI implementation than there is for fully general indirect
calls?

Is the issue that detecting and instrumenting the calls in the IR is
particularly complex?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150217/473ff9f8/attachment.html>


More information about the cfe-dev mailing list