Skip to content

[WIP] Implement CFI#492

Draft
mohanson wants to merge 39 commits intodevelopfrom
cfi
Draft

[WIP] Implement CFI#492
mohanson wants to merge 39 commits intodevelopfrom
cfi

Conversation

@mohanson
Copy link
Copy Markdown
Collaborator

@mohanson mohanson commented Nov 10, 2025
edited
Loading

More information: Design of CFI in CKB-VM.

@mohanson mohanson marked this pull request as draft November 10, 2025 04:07
@mohanson mohanson force-pushed the cfi branch 3 times, most recently from 7f854da to d6d87a3 Compare November 21, 2025 12:40
@XuJiandong XuJiandong mentioned this pull request Nov 27, 2025
Draft
@XuJiandong XuJiandong mentioned this pull request Dec 11, 2025
Merged
@XuJiandong
Copy link
Copy Markdown
Collaborator

XuJiandong commented Dec 11, 2025

See dedicated fuzzing tests here: nervosnetwork/ckb-vm-fuzzing-test#15

@mohanson mohanson force-pushed the cfi branch 2 times, most recently from 67c6a02 to 46f8401 Compare December 23, 2025 09:58
XuJiandong and others added 18 commits December 24, 2025 15:25
@XuJiandong @mohanson
test: add more
1dda2e2
@mohanson
Reduce the use of temporary registers
84b1b4a
@mohanson
Optimize error naming
b532d5f
@mohanson
Simplify .note.gnu.property section's parsing
02404bd
@mohanson
Rewrite lpad 4-byte aligned check
1e786a5
@mohanson
Fix fuzz
8fa107c
@XuJiandong @mohanson
test: add CFI test for unaligned lpad and update existing tests (#498)
a585e2c
@mohanson
ssamoswap is treated as an invalid instruction when ss is not active
2cc0c45
@mohanson
Update ss test
f8132e2
@mohanson
Change shadow stack type to Vec<u8>
d01f0e8
@mohanson
AsmCoreMachine only retains the pointer to ss
ef63075
@XuJiandong @mohanson
Add CFI document (#499)
dcf51e8 
* docs: add documentation for RISC-V CFI extension
@mohanson
Add cfi flags into snapshot
2fd5690
@mohanson
Refine the error message
ea2fbbb
@mohanson
Optimize shadow stack storage
a77ec77
@XuJiandong @mohanson
test: update fuzzing targets
32a5364
@mohanson
Use expect instead of unwrap
6003b6d
@mohanson
Set the cycles of the CFI instruction
7af88f3
@XuJiandong
Copy link
Copy Markdown
Collaborator

XuJiandong commented Mar 3, 2026

In LLVM 21 and 22, the following command line can be used to enable CFI support:

--target=riscv64-unknown-elf -march=rv64imc_zba_zbb_zbc_zbs_zicfiss1p0_zicfilp1p0 \
-menable-experimental-extensions -fcf-protection=full -mcf-branch-label-scheme=func-sig

There is no change in CFI support between version 21 and 22.

Flag / Extension Status in LLVM 22 Notes
zicfilp1p0 Still experimental
zicfiss1p0 Still experimental
-menable-experimental-extensions Still required Both extensions remain experimental, so this flag is mandatory
-fcf-protection=full Still supported Values: return, branch, full, none
-mcf-branch-label-scheme=func-sig Still supported Values: unlabeled, func-sig (default for RISC-V is now func-sig)

One minor note: func-sig is now the default branch label scheme for RISC-V, but it is not truly implemented in LLVM 22. The flag is accepted by the Clang frontend, however the backend does not actually generate per-function-signature landing pad labels. Instead, the backend uses a single fixed label (default 0) for all functions.

Suggest not merging this PR now because:

  1. CFI support for RISC-V is still experimental.
  2. No improvement or new feature is introduced in LLVM 22.

We can revisit this when LLVM 23 is out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mohanson @XuJiandong