Implement Control Flow Integrity for virtual calls.

This patch introduces the -fsanitize=cfi-vptr flag, which enables a control flow integrity scheme that checks that virtual calls take place using a vptr of the correct dynamic type. More details in the new docs/ControlFlowIntegrity.rst file. It also introduces the -fsanitize=cfi flag, which is currently a synonym for -fsanitize=cfi-vptr, but will eventually cover all CFI checks implemented in Clang. Differential Revision: http://reviews.llvm.org/D7424 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@230055 91177308-0d34-0410-b5e6-96231b3b80d8
author: Peter Collingbourne <peter@pcc.me.uk> 2015-02-20 20:30:56 +0000
committer: Peter Collingbourne <peter@pcc.me.uk> 2015-02-20 20:30:56 +0000
commit: f9d64b33ebc403c7cf746b848352b1606e2beb0b (patch)
tree: 04cd318bd0a0686bc3ed06812361404c0b74b152 /include/clang/Basic/Sanitizers.def
parent: 01ec5f25641bc4a985138e068cf4b739531cc298 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/clang/Basic/Sanitizers.def b/include/clang/Basic/Sanitizers.def
index 91a1ef4d19..a0acce967f 100644
--- a/include/clang/Basic/Sanitizers.def
+++ b/include/clang/Basic/Sanitizers.def
@@ -76,6 +76,10 @@ SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
 // DataFlowSanitizer
 SANITIZER("dataflow", DataFlow)
 
+// Control Flow Integrity
+SANITIZER("cfi-vptr", CFIVptr)
+SANITIZER_GROUP("cfi", CFI, CFIVptr)
+
 // -fsanitize=undefined includes all the sanitizers which have low overhead, no
 // ABI or address space layout implications, and only catch undefined behavior.
 SANITIZER_GROUP("undefined", Undefined,
author	Peter Collingbourne <peter@pcc.me.uk>	2015-02-20 20:30:56 +0000
committer	Peter Collingbourne <peter@pcc.me.uk>	2015-02-20 20:30:56 +0000
commit	f9d64b33ebc403c7cf746b848352b1606e2beb0b (patch)
tree	04cd318bd0a0686bc3ed06812361404c0b74b152 /include/clang/Basic/Sanitizers.def
parent	01ec5f25641bc4a985138e068cf4b739531cc298 (diff)