AKA PaX both coined and implemented ASLR, so what's the gripe? Why should PaX not be discussed in the history of the very thing they created? I think the point you're missing is that there's a reason ASLR is being used and not other academic approaches discussed around the time.

None of this was controversial at all years ago, this seems to be a contrived argument from people either too young to know or too ignorant of history and wanting to create some alternate history for some reason. I don't know which, but it's getting old.

I see you mentioning ALSR but not the claim that i'm actually refering to: PaX saying he deserves credit for CFI. pax-future.txt has *some* ideas, not all. You see what I'm trying to say?

Well, because he does. If we're talking about who should be credited with developing the first compiler that implements a form of CFI, then it's obviously be Microsoft. I don't think that's controversial ;) But any person can look at the code it generates...

and see that it's effectively no different from what was discussed in pax-future.txt. When later people implemented CFI, did they use Microsoft's source code? (which correct me if I'm wrong, wasn't released) So why should PaX be left out of this history as well?

I'm not saying PaX should he left out of history, where did I say that :) all I'm saying is that PaX did not coin CFI nor did he first implement it. Isn't that a fact?

i didn't call it CFI but i had described the *exact* same thing that was later rediscovered by academics (in fact, it seems that my threat model was even more generic than anyone else's then or since). correct about the implementation, but then noone funded my work either.

You described the *exact* same thing for rets, not calls/jumps. CFI is an extention of that. While it's obvious you had an influence in its creation, we can't really say you invented it. Noone is blaming you for not being funded for your work.

as i said already, the type hash was *exemplified* with returns, it's obvious that the same defense (down to the machine code sequence) works for calls too as you can see it in RAP/FPValidator. but then again this was written for subject matter experts at the time, not laymen :).

And as I said already, pax-future.txt (your doc) says that function pointers were "different" (c.2). I'm just quoting it.