[LLVMdev] [RFC] Simple control-flow integrity
Tom Roeder
tmroeder at google.com
Tue Mar 25 12:36:41 PDT 2014
On Fri, Mar 21, 2014 at 1:46 PM, Peter Collingbourne <peter at pcc.me.uk> wrote:
> On Fri, Mar 21, 2014 at 12:54:07PM -0700, Tom Roeder wrote:
>> On Fri, Mar 21, 2014 at 12:15 PM, Peter Collingbourne <peter at pcc.me.uk> wrote:
>> >> The way I've implemented it (see the patch I sent to llvm-commits
>> >> yesterday), it's not just metadata: the intrinsic lowers to the
>> >> jumptable entry code given above. The CFI pass then generates a
>> >> function for each jump table; the function consists solely of these
>> >> intrinsic calls.
>> >
>> > Well, the intrinsic you proposed has no effect on the caller and has
>> > non-local effects on other specified functions. I'm not aware of any other
>> > intrinsic with similar behavior.
>>
>> I agree that it's not very similar to other intrinsics. But I don't
>> exactly follow these statements. There are definitely intrinsics that
>> have no effect on the caller, like llvm.var.annotation.
>
> Yes but the purpose of such intrinsics is to communicate information about
> a specific value that may have an effect on analysis, optimization or code
> generation for that caller. On the other hand, the intrinsic you are proposing
> has nothing to do with the caller.
>
Thanks for the clarification. I started working on doing this with a
function attribute, but then I realized that I probably don't even
need that: I don't ever need the information about the jump tables to
persist to modules in bitcode form since the CFI pass is only meant to
be run at LTO time, when all the modules have already been collected
and merged. I just need to pass the mapping from address-taken
function to newly created jump function down to CodeGen so that the
table can be emitted at the right time, probably at the beginning of
the Module.
So, I think it would be even simpler for the CFI pass to declare the
jump functions and do the replacement of address-taken functions like
it currently does, and record this mapping in the Module. At
AsmPrinter time, the Module can then emit the appropriate jump
table(s) given this map, using target-overridden calls.
What do you think about this?
Thanks,
Tom
More information about the llvm-dev
mailing list