[clang] [llvm] [analysis] Software Bill of Mitigations (PR #130103)
Matthew Levy via llvm-commits
llvm-commits at lists.llvm.org
Fri Mar 14 06:16:37 PDT 2025
matthewlevy97 wrote:
@efriedma-quic That is correct about this just tracking where mitigations are emitted. I believe the emissions points should largely correlate with where they would get instrumented, but if this analysis runs super late (after all optimizations, etc.) to determine exactly if/where mitigations actually get instrumented, it might become more of a binary analysis task and greatly increase complexity. I am open to suggestions on different approaches.
The use case isn't really to verify that mitigations are enabled, but provide a way of tracking incremental deployments of mitigations (e.g., large binary where a given mitigation being deployed causes to large of a regression so only certain sub-units have a given mitigation). I have a follow-up diff that outputs a summary instead of a per-function tracking to show overall coverage on mitigations in the binary which I assume will be the more used option.
https://github.com/llvm/llvm-project/pull/130103
More information about the llvm-commits
mailing list