matthewlevy97 wrote: @efriedma-quic That is correct about this just tracking where mitigations are emitted. I believe the emissions points should largely correlate with where they would get instrumented, but if this analysis runs super late (after all optimizations, etc.) to determine exactly if/where mitigations actually get instrumented, it might become more of a binary analysis task and greatly increase complexity. I am open to suggestions on different approaches.
The use case isn't really to verify that mitigations are enabled, but provide a way of tracking incremental deployments of mitigations (e.g., large binary where a given mitigation being deployed causes to large of a regression so only certain sub-units have a given mitigation). I have a follow-up diff that outputs a summary instead of a per-function tracking to show overall coverage on mitigations in the binary which I assume will be the more used option. https://github.com/llvm/llvm-project/pull/130103 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
