[PATCH] Add a flag to clang to support forward-edge control-flow integrity
Tom Roeder
tmroeder at google.com
Thu Nov 13 10:00:25 PST 2014
Pinging this clang patch now that FCFI is in LLVM. As a reminder, this
patch sets jumptable on all functions and turns on FCFI on LLVM through
-plugin-opt on gold or in llvm::TargetOptions.
On Mon, Jul 7, 2014 at 4:50 PM, Tom Roeder <tmroeder at google.com> wrote:
> On Sat, Jul 5, 2014 at 7:39 PM, Nick Lewycky <nicholas at mxc.ca> wrote:
> > +cc Kostya.
> >
> > Kostya, I'm wondering whether I could interest you or anyone on your
> team in
> > looking at http://reviews.llvm.org/D4167 . It's an IR transforming
> runtime
> > instrumentation with a lot in common with the asan/tsan/msan passes,
> except
> > that it has a different goal (security guarantees instead of bug finding)
> > and that it runs as part of llc due to its integration with the jump
> tables.
> > I think the sanitizers are the closest thing to this in llvm and it
> would be
> > nice to get a review from the sanitizer developers.
> >
> >
> > Tom Roeder wrote:
> >>
> >> This patch adds a clang flag -ffcfi that enables forward-edge
> >> control-flow integrity. It depends on the (not yet reviewed) FCFI
> >> patch at http://reviews.llvm.org/D4167.
> >>
> >> Specifically, it sets FCFI in llvm::TargetOptions when called LLVM
> >> directly, and it passes the LLVM flag -fcfi through LTO to LLVM when
> >> using gold.
> >
> >
> > There is not yet a -fcfi flag on the gold plugin. Is that out for review
> > already? I looked but I may have missed it.
>
> That's part of D4167 as of DIff 10978 on June 30th. It's in
> include/llvm/CodeGen/CommandFlags.h
>
> Thanks,
>
> Tom
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141113/9dac5777/attachment.html>
More information about the llvm-commits
mailing list