CFIghter automatically builds, tests, and repairs LLVM’s Control-Flow Integrity (CFI) configurations for real-world C/C++ projects. It detects unintended CFI policy violations, functional failures, and visibility mismatches, and applies localized repairs so that projects can run under strict CFI with minimal manual effort.
- Clang/LLVM ≥ 15
- LTO-capable linker (
lld,gold) - A supported build system (Autotools, CMake, or custom)
CFIghter uses a single .cfg file describing how to configure, build, run, and
test your project.
| Section | Key | Type | Description | Example |
|---|---|---|---|---|
[project]* |
executables |
list | Names of executables to analyze and test | find, getlimits |
[project] |
executable_path |
string (path) | Absolute path to the primary binary | /home/user/findutils/find |
[project] |
exec_args |
string | Arguments passed to the executable | --version |
[project]* |
root_dir |
string (path) | Project root directory | /home/user/findutils |
[project] |
thin |
bool | Use ThinLTO instead of full LTO | false |
[configure]* |
command |
string | Command to configure the build | ./configure |
[build] |
combined |
bool | Perform combined full-LTO build | true |
[build]* |
command |
string | Build command | make -j4 |
[build]* |
clean |
string | Cleanup command | make clean |
[test]* |
command |
string | Full test suite entrypoint | make check |
[test] |
summary_pattern |
string | Pattern for locating summary lines | # TOTAL: {} |
[test] |
failure_idx |
int | Index of failure count in summary line | 1 |
[test] |
skipped_idx |
int | Index of skipped count | 1 |
[test] |
total_idx |
int | Index of total tests | 1 |
[test] |
summary_level |
int | Verbosity level for summary parsing | 2 |
[test]* |
single_test_template |
string | How to run a single test ({} = test name) |
make -C tests check TESTS={} |
[test] |
test_dir_hint |
string (path) | Directory containing test definitions | tests |
*required fields
[project]
root_dir = /path/to/project
executables = tool1
executable_path = /path/to/project/src/tool1
exec_args = --help
thin = false
[configure]
command = ./configure
[build]
combined = true
command = make -j4
clean = make clean
[test]
command = make check
summary_pattern = # TOTAL: {}
failure_idx = 1
skipped_idx = 1
total_idx = 1
summary_level = 2
single_test_template = make -C tests check TESTS={}
test_dir_hint = testscfighter --config project.cfg
CFIghter will:
- Configure and rebuild the project with LLVM CFI
- Run the test suite
- Detect CFI policy violations and functional failures
- Apply localized visibility or scope repairs
- Re-test until violations are resolved or deemed irreparable
- Produce an HTML report
Results appear under:
reports/
CFIghter_report_<timestamp>.html
The report contains:
- repaired & unrepaired CFI violations
- functional failures
- per-test outcomes
- visibility decisions
- protection statistics
- No support for JIT-compiled or runtime-generated code
- Only forward-edge LLVM CFI is handled
- Limited by test-suite coverage
- No cross-DSO CFI support