Wrote-up a blog post explaining LLVM's SafeStack


We thought this might be a good explanation of the feature for general developers. If there are any inaccuracies please let me know and we’ll make corrections.

Thanks for all the great work from pcc and the rest of the LLVM team to implement this feature into 3.8!


Should it live in http://llvm.org/docs ?

A minor correction: Code Pointer Integrity is CPI, not CFI (Control Flow Integrity is something different).

If you’re claiming to talk about the weaknesses, then you should probably mention this Oakland paper, which shows how the CPI implementation that uses SafeStack can be broken: