Re: [PATCH] Implement Control Flow Integrity for virtual calls.

REPOSITORY rL LLVM http://reviews.llvm.org/D7424 Files: cfe/trunk/docs/ControlFlowIntegrity.rst cfe/trunk/docs/ControlFlowIntegrityDesign.rst cfe/trunk/docs/UsersManual.rst cfe/trunk/docs/index.rst cfe/trunk/include/clang/AST/Mangle.h cfe/trunk/include/clang/Basic/Sanitizers.def c

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

lgtm http://reviews.llvm.org/D7424 EMAIL PREFERENCES http://reviews.llvm.org/settings/panel/emailpreferences/ ___ cfe-commits mailing list cfe-commits@cs.uiuc.edu http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

- Improve docs http://reviews.llvm.org/D7424 Files: docs/ControlFlowIntegrity.rst docs/ControlFlowIntegrityDesign.rst docs/UsersManual.rst docs/index.rst include/clang/AST/Mangle.h include/clang/Basic/Sanitizers.def include/clang/Driver/Driver.h include/clang/Driver/SanitizerArgs

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

Comment at: docs/ControlFlowIntegrity.rst:20 @@ +19,3 @@ +program's control flow. These schemes have been optimized for performance, +allowing developers to enable them in release builds. + jfb wrote: > jfb wrote: > > Is there a reference number we can quote, or a

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

Comment at: docs/ControlFlowIntegrity.rst:20 @@ +19,3 @@ +program's control flow. These schemes have been optimized for performance, +allowing developers to enable them in release builds. + jfb wrote: > Is there a reference number we can quote, or a benchmark that

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

This patch lgtm: IIUC it sounds like devirtualization will still be possible with this approach. Comment at: docs/ControlFlowIntegrity.rst:20 @@ +19,3 @@ +program's control flow. These schemes have been optimized for performance, +allowing developers to enable them in release bu

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

- Add design doc http://reviews.llvm.org/D7424 Files: docs/ControlFlowIntegrity.rst docs/ControlFlowIntegrityDesign.rst docs/UsersManual.rst docs/index.rst include/clang/AST/Mangle.h include/clang/Basic/Sanitizers.def include/clang/Driver/Driver.h include/clang/Driver/SanitizerAr

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

In http://reviews.llvm.org/D7424#120046, @pcc wrote: > In my opinion, adding checks in LLVM would add significant complexity and/or > require changing axioms relating to how IR is transformed. The transform to > move the check after devirtualization would be relatively simple. > > > Also: if we

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

In my opinion, adding checks in LLVM would add significant complexity and/or require changing axioms relating to how IR is transformed. The transform to move the check after devirtualization would be relatively simple. > Also: if we want to do CFI for non-virtual indirect calls, will we be addin

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

So, the effort to remove the redundant checks is reasonable, but not zero. Will this effort be greater than the effort to add the checks downstream in llvm after all the devirtualization has happened? Also: if we want to do CFI for non-virtual indirect calls, will we be adding it in clang or in

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

- Add note that schemes are under development http://reviews.llvm.org/D7424 Files: docs/ControlFlowIntegrity.rst docs/UsersManual.rst docs/index.rst include/clang/AST/Mangle.h include/clang/Basic/Sanitizers.def include/clang/Driver/Driver.h include/clang/Driver/SanitizerArgs.h li

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

I've verified that this scheme does not inhibit the current scheme of devirtualization via constant propagation. For example, in the following program: struct A { virtual void f() = 0; }; struct B : A { virtual void f(); }; void B::f() {} A* ptr() { return new B;

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

So, you've decided to implement this in clang, as opposed to llvm. My concern with this is that if devirtualization (either partial or full) happens later in llvm the checks will remain. Or even worse, the checks may potentially inhibit devirtualization and we will never know. Your valid concern

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

Comment at: docs/ControlFlowIntegrity.rst:3 @@ +2,3 @@ +Control Flow Integrity +== + jfb wrote: > Could you add a section which contains links to publications on CFI, for the > approaches that are implemented as well as ones that aren't but may

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

- Address review comments http://reviews.llvm.org/D7424 Files: docs/ControlFlowIntegrity.rst docs/UsersManual.rst docs/index.rst include/clang/AST/Mangle.h include/clang/Basic/Sanitizers.def include/clang/Driver/Driver.h include/clang/Driver/SanitizerArgs.h lib/AST/ItaniumMangle.

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

Comment at: lib/AST/ItaniumMangle.cpp:3945 @@ +3944,3 @@ +SourceManager &SM = getASTContext().getSourceManager(); +Out << "[" << SM.getFileEntryForID(SM.getMainFileID())->getName() << "]"; + } jfb wrote: > Is that just the basename? Does it take capitaliza

Re: [PATCH] Implement Control Flow Integrity for virtual calls.

Comment at: docs/ControlFlowIntegrity.rst:3 @@ +2,3 @@ +Control Flow Integrity +== + Could you add a section which contains links to publications on CFI, for the approaches that are implemented as well as ones that aren't but may be relevant.

[PATCH] Implement Control Flow Integrity for virtual calls.

Hi jfb, kcc, silvas, This patch introduces the -fsanitize=cfi-vptr flag, which enables a control flow integrity scheme that checks that virtual calls take place using a vptr of the correct dynamic type. More details in the new docs/ControlFlowIntegrity.rst file. It also introduces the -fsanitize=