Automated CFI for Legacy C/C++ Systems
Published:Dec 27, 2025 20:38
•1 min read
•ArXiv
Analysis
This paper presents CFIghter, an automated system to enable Control-Flow Integrity (CFI) in large C/C++ projects. CFI is important for security, and the automation aspect addresses the significant challenges of deploying CFI in legacy codebases. The paper's focus on practical deployment and evaluation on real-world projects makes it significant.
Key Takeaways
- •CFIghter automates the deployment of CFI in legacy C/C++ systems.
- •It addresses visibility mismatches, type inconsistencies, and behavioral failures.
- •The system uses whole-program analysis, runtime monitoring, and iterative adjustments.
- •Evaluation on GNU projects demonstrates high success rates in violation repair and CFI enforcement.
Reference
“CFIghter automatically repairs 95.8% of unintended CFI violations in the util-linux codebase while retaining strict enforcement at over 89% of indirect control-flow sites.”