Compiler Infrastructure LLVM 15 brings security features to the Clang compiler

Version 15 of the LLVM compiler infrastructure has been released every six months. It brings some additions to the backends, including an experimental DirectX connection. In the current release, the Clang compiler has security functions and the first features of the upcoming C++ standard on board.

Clean before returning

Clang now knows the parameter for x86 architectures -fzero-call-used-regs, which zeroes out the contents of certain registers before returning from a function. The procedure reduces the risk of attacks by Return-Oriented Programming (ROP) and the variants Jump-Oriented Programming (JOP) and Call-Oriented Programming (COP). The attacks manipulate the call stack and change the program flow or the control structure.

In addition, Clang can randomize the layout of C structures to make it more difficult for attackers to read data from structures. The attribute randomize_layout controls randomization, which takes a seed value and is deterministic based on it. Randomization is only possible for C code.

Preview of C++23 and C23

Some Clang features pick up on the upcoming C and C++ standards, which will likely appear as C23 and C++23, respectively. In Clang they are marked as C2X and C++2b. For the latter standard, Clang can, among other things, process the multidimensional subscript operator, i.e. multidimensional arrays in square brackets like a[x, y].

In interaction with C23, Clang recognizes true and false as keywords as foreseen in the standardization proposal. So far, the Boolean literals in C, unlike many other languages ​​like C++, are not dedicated keywords. In addition, in C23 the attribute [[noreturn]] the previous functional award _Noreturn replace to indicate that a function does not return program flow to the caller after its execution. The syntax is intended to provide consistent markup across C and C++, and Clang 15 is handling the proposed change.

Backends for ARM and DirectX

Beyond the innovations in the Clang compiler, LLVM 15 brings some additions. The new backends in the ARM environment are worth mentioning, including the ARMv9-A, ARMv9.1-A and ARMv9.2 architectures. The connection to the shader language developed for DirectX, proposed by the HLSL (High Level Shading Language) community in spring, is bearing fruit with the experimental DirectX backend in LLVM 15. Microsoft had already released the HLSL as an open source project in 2017. For the DirectX backend is a manual build of LLVM with the parameter -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=DirectX required in the CMake configuration as the binding is missing in the ready-made binaries.

In addition, one internal change is worth mentioning: For the intermediate code (Intermediate Representation, IR), LLVM will no longer explicitly specify pointee types, i.e. the type of the values ​​to which a pointer points like i8* or void()**. In the future, the system will use the uniform opaque pointer type instead ptr. The change was first proposed in 2015. The explicit Pointee types were originally intended to provide more type safety and allow for optimizations, but these largely failed to materialize. Instead, they have complicated the processing in intermediate code.

Further innovations and changes can be found in the release notes for Clang 15 and LLVM 15. Meanwhile, with the change of the C++ standard from C++14 to C++17, the first innovation for LLVM 16 is already pending.