[PATCH] Implement Control Flow Integrity for virtual calls.
Peter Collingbourne
peter at pcc.me.uk
Thu Feb 19 11:58:31 PST 2015
================
Comment at: docs/ControlFlowIntegrity.rst:20
@@ +19,3 @@
+program's control flow. These schemes have been optimized for performance,
+allowing developers to enable them in release builds.
+
----------------
jfb wrote:
> jfb wrote:
> > Is there a reference number we can quote, or a benchmark that users can run to check what the overheads are?
> Also, a warning on binary size bloat should be here.
Done.
================
Comment at: docs/ControlFlowIntegrity.rst:48
@@ +47,3 @@
+exempted from checking, and therefore programs may be linked against a
+regular standard library, but this may change in the future.
+
----------------
jfb wrote:
> s/regular/pre-built/ or something along those lines.
>
> That makes me wonder: for PNaCl we could have a version of libc++.a that also has CFI. Could the exclusion list be done through module metadata merging? i.e. doing LTO on a module without CFI lists its classes and adds exclusions for them, and modules with CFI "just work"?
>
> I wouldn't do this in the current patch.
> s/regular/pre-built/ or something along those lines.
Done.
> That makes me wonder: for PNaCl we could have a version of libc++.a that also has CFI. Could the exclusion list be done through module metadata merging? i.e. doing LTO on a module without CFI lists its classes and adds exclusions for them, and modules with CFI "just work"?
Possibly, but if the overhead is low enough it may be simplest to turn it on for everything.
================
Comment at: docs/ControlFlowIntegrity.rst:63
@@ +62,2 @@
+Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway,
+Ulfar Erlingsson, Luis Lozano, Geoff Pike.
----------------
jfb wrote:
> Ăšlfar, here and above?
Done.
http://reviews.llvm.org/D7424
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
More information about the cfe-commits
mailing list