I’m not denying the contribution of pax-future.txt, which, as its title indicates, was “future work” at the time. Mentioning “prototype” somewhere doesn’t count as an actual definition of a type-based CFI algorithm. This was my last post on this thread.

So "magic based off a callee's prototype" being used for the check isn't clearly the basis for type-based CFI to you, got it. What else could it possibly be I wonder? It's too bad you can't be honest/sensible with something as clear as this, no wonder you're not taken seriously.

You match based on function prototypes for the returns which is a massive over-approximation and, for the majority of applications, not a strong defense. You don't mention anything about the forward edge as it gets more complicated. (But I've told you this before...) 🙃

Is there a RAP paper/implementation somewhere? I suspect there would be more citations and acknowledgment if RAP was more discoverable to those doing research in the field.

RAP works, which is more than I can say for a good number of academia papers. There is a public presentation (RAP: RIP ROP) and source. I doubt anyone today can claim to do CFI research and not know about it.

Yeah, the presentation was mentioned a couple of times but it is incredibly sparse and lacks, e.g., target set discussions and other details. Most CFI academics know RAP but it's hard to evaluate/compare without details/specification

(I have long ago stopped following this -imo useful, if heated - discussion -- but afaik grsec ships RAP? So at least in theory asking would be possible? Apologies for intruding into the thread from the sidelines with dangerous half-knowledge).

I really didn't want to enter the heated part, was just pointing out that RAP is likely well known at this point in academia :)

I sincerely doubt it. I myself get a paywall when trying to get the RAP kernel patches. Where is the public version? Its hard to find. If @paxteam wants RAP to become a mainstream academic reference, they should release a PoC code for public evaluation and write a detailed paper.

So, I've set out to evaluate RAP this morning, comparing RAP with LLVM-CFI. I've searched for the RAP download for 30min but did not find an open (or even binary) version of the RAP gcc plugin for user-space.