<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 17, 2015 at 12:35 PM, Peter Collingbourne <span dir="ltr"><<a href="mailto:peter@pcc.me.uk" target="_blank">peter@pcc.me.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":rx5" class="a3s" style="overflow:hidden">Hi,<br>
<br>
In <a href="http://reviews.llvm.org/D7424" target="_blank">http://reviews.llvm.org/D7424</a> we've been discussing whether to insert<br>
control flow integrity checks in Clang or LLVM. The main challenge is that<br>
the checks need something like a string associated with each call, and<br>
there's currently no stable way to ensure that the string stays with the call.<br>
<br>
The current version of the patch does the checks with an intrinsic, but<br>
there's a concern that this may interfere with devirtualization.<br>
<br>
Does anyone have any opinions besides what's been discussed on the review<br>
thread?</div></blockquote></div><br></div><div class="gmail_extra">My primary concern is that I would very much like the CFI implementation to be truly generic for indirect function calls rather than specific to type hierarchies.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Is the issue that for virtual calls there is a dramatically cheaper way to structure the CFI implementation than there is for fully general indirect calls?</div><div class="gmail_extra"><br></div><div class="gmail_extra">Is the issue that detecting and instrumenting the calls in the IR is particularly complex?</div></div>