I’m attempting to implement a buffer overflow protection mechanism very similar to safestack. The key difference of my approach is that the “unsafe stack” should be accessed using the target dependent frame pointer (as for now, I’m focusing on x86 architecture specifically).
However, I’m unsure how to go about this. Simply modifying the existing safestack pass seems to be insufficient: from my understanding, safestack lets the compiler choose a free GPR by design (see ) and I don’t see a way to force a specific register to be used at IR stage.
I thought about implementing an instruction similar to alloca (lets call it allocaUS for the moment), which replaces all “unsafe” allocas and works identically to alloca, but is eventually lowered in a way that it uses the frame pointer instead of the stack pointer. I know that adding a new instruction into the IR instruction set is discouraged, as stated at .
Another option would be to modify the the LLVM target-independent code generator , so that “unsafe” alloca instructions will be treated differently during the generation of the SelectionDAG or the instruction selection/register allocation phases.
Which stage of code generation would be a suitable starting point for me to implement such a mechanism? Did I miss an even better option?