| Input: Instrumented LLVM-IR code generated in stage-2 of tag-protection pass; memory |
| map table ; Dedicated tag address ; |
| Output: Instrumented LLVM-IR code generated through LLVM opt command using stage-3 of tag-protection pass |
| for each function definition in do |
| for each instruction in do |
| if is a memory object allocation instruction and does not create pointer object |
| then |
| if creates an array memory object then |
| Find start and end address, create and mark pointers and assign |
| them start and end addresses. |
| Store memory object , its type and tag marks information in |
| end |
| end |
| if is memory allocation instruction and creates pointer object then |
| Create local and mark pointers and initialize them with NULL value. |
| Store memory object instruction , its type and tag information in |
| end |
| if is heap memory allocation function call instruction then |
| Find start and end address of heap allocation. Find respective memory object and |
| retrieve and marks from . |
| Create new STORE instructions to assign start and end addresses to the tag marks. |
| end |
| if is heap memory deallocation function call instruction then |
| Retrieve corresponding tag marks from and initialize it with |
| end |
| if is a STORE instruction and updates an allocated memory object pointer address from source operand. then |
| Retrieve respective and marks from for source memory object. |
| Retrieve respective and marks from for destination memory object. |
| Create store instructions to copy address values from source to destination tag marks. |
| end |
| end |
| end |
| Save modified LLVM-IR code as an instrumented LLVM-IR code |
