"We can insert magic bytes anywhere in a function, just not before the function or at the beginning of the function. We can perform a magic check at the target of a return (indirect control flow transfer) but not the target of a call (indirect control flow transfer)"

The mental gymnastics required for that -- you don't seriously believe it do you?

Try to respect the work of people like Abadi, one of the very top academic researcher in the world, if you ever hope to get the same level of respect from people like him. You’re turning a deaf ear on this part of the community to your detriment.

Respect what? The only problem with respect here is the people trying to deny the credit to the person who justly deserves it, by any lame excuse possible. You neither answered my question nor apologized for making your 100% provably false claim above.

Hero culture is poisonous in computer security. You’ve been in this business for ~20 years and you’re still offended by a missed citation in a paper that supposedly you have no respect for. Grow a pair, I don’t know what else to say.

That doesn't look like an apology or an answer to my question. Why devolve into personal attacks when you can't answer a simple question or admit you were wrong about something easily proven false with a simple search?

I’m not denying the contribution of pax-future.txt, which, as its title indicates, was “future work” at the time. Mentioning “prototype” somewhere doesn’t count as an actual definition of a type-based CFI algorithm. This was my last post on this thread.

So "magic based off a callee's prototype" being used for the check isn't clearly the basis for type-based CFI to you, got it. What else could it possibly be I wonder? It's too bad you can't be honest/sensible with something as clear as this, no wonder you're not taken seriously.

You match based on function prototypes for the returns which is a massive over-approximation and, for the majority of applications, not a strong defense. You don't mention anything about the forward edge as it gets more complicated. (But I've told you this before...) 🙃

Is there a RAP paper/implementation somewhere? I suspect there would be more citations and acknowledgment if RAP was more discoverable to those doing research in the field.