[cfe-dev] GCC's -fmpx in clang?

[David Chisnall]

On 14 Sep 2014, at 10:07, Szabolcs Nagy <nsz at port70.net> wrote:

> mpx is for hardening deployed code with bounds check instructions

Using MPX requires:

- Code that has a stricter memory model than implied by the C standard.  For example, casting from a pointer to a field to a pointer to the enclosing structure (as done by the containerof() macro in Linux, inherited from the CONTAINER macro in 4BSD) will not work.

- No threads (the bounds and pointer are not updated atomically, unless the compiler decides to use RTM to wrap every single pointer store to heap memory in a transaction).

The primary goal of MPX appears to be the ability to add a tick in a marketing checkbox.  As a debugging aid, it allows you to do something that you can already do in software, only in a less flexible way (and probably without much speedup, as on Intel chips you already get a relatively high degree of ILP out of the software implementations).  As a security tool, it's a joke (we pondered writing a paper about all of the ways to break MPX, but eventually decided that it was so fragile that no security venue would regard it as a serious project).

David