Input: Instrumented LLVM-IR code generated in stage-4 of tag-protection pass; memory |
map table ; Dedicated tag address |
Output: Final Instrumented LLVM-IR code generated through LLVM opt command using stage-5 of tag-protection pass |
for each function definition in do |
for each instruction in do |
if is function call without definition and not a memory allocation or deallocation call then |
for each function argument in do |
Create two memory objects and . Retrieve respective |
and marks from . |
Read address location next to address before instruction and |
store the read value in . |
Read address location next to address after instruction and store |
the read value in . |
Place tag check instruction after function call comparing and memory objects. |
end |
end |
if is a STORE instruction and updates a memory object then |
Retrieve respective and marks from and get address |
to be accessed by the instruction. |
Perform dangling pointer dereference check. compare with the . |
Perform address comparison checks: with the and . |
end |
if is a LOAD instruction and read from allocated memory object then |
Retrieve respective and marks from and get address to be accessed |
by the instruction. |
Perform dangling pointer dereference check. compare with the . |
Perform address comparison checks: with the and . |
end |
end |
end |
Delete memory map table . |
Save modified LLVM-IR code as a final instrumented LLVM-IR code |