Closed Bug 1574989 Opened 5 years ago Closed 4 years ago

Integrate clang support for full CFG

Categories

(Core :: Security, enhancement)

Product:
Core
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: sec-want)

Clang may soon get support for CFG in whole, rather than just marking it on system dll's. When that happens we should be careful when upgrading clang as we might automatically enable it. However, it would be nice to enable it - just knowingly. And perhaps with tests.

https://reviews.llvm.org/D65761

Cool, thanks for the pointer!

Since LLVM just began a new release cycle, it would be at least six months until we pick this up in the normal course of things. But I think as soon as the feature lands, we should do try pushes with perf tests so that this doesn't take us by surprise.

Summary: Integrate clang supposrt for full CFG → Integrate clang support for full CFG

Note that Win64 builds will need to pick up https://bugs.llvm.org/show_bug.cgi?id=44049.

Depends on: 1598119
Depends on: build-clang-trunk

I haven't tested thoroughly yet but initial numbers suggest that the full CFG might cost us 1-1.5% on Speedometer.

Nice! I think that's the same as what we were expecting out of clang's cfi_icall scheme.

No further work needed here, the last piece was bug 1660340. Resolving to appease bug managers.

Status: NEW → RESOLVED
Closed: 4 years ago
Depends on: 1660340
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.