ControlFlowIntegrity is a relatively new safety mechanism available for native code. I learned about it from Kees Cook's talk.
To allow the checks to be implemented efficiently, the program must be structured such that certain object files are compiled with CFI enabled, and are statically linked into the program. This may preclude the use of shared libraries in some cases.
We should consider turning it on for all modes except perhaps release-fast when compiling C code (with --c-source).
For zig code, some of the mechanisms may just provide inspiration for our own safety checks. However we should aim for have a mechism for integrity of both forward and reverse edges.
ControlFlowIntegrity is a relatively new safety mechanism available for native code. I learned about it from Kees Cook's talk.
We should consider turning it on for all modes except perhaps release-fast when compiling C code (with
--c-source).For zig code, some of the mechanisms may just provide inspiration for our own safety checks. However we should aim for have a mechism for integrity of both forward and reverse edges.