Memory safety is a cornerstone of secure and robust software systems, as it prevents a wide range of vulnerabilities and exploitation techniques. Among these, we focus on Return-Oriented Programming (ROP). ROP works as such: the attacker takes control of the program's execution flow via a memory corruption attack, then takes advantages of code snippets already in the program's memory, dubbed "gadgets," to achieve the attacker's desired effect. In this paper, we introduce SafeLLVM, an approach to minimize the number of gadgets in x86-64 binaries compiled with the LLVM infrastructure. Building upon the techniques outlined in previous works, we implement a series of passes within the LLVM compiler's backend to minimize the number of gadgets present and thus prevent ROP attacks. We evaluated our approach by compiling a number of real-world applications, including cJSON, zlib, curl, and mimalloc. The results show our solution is able to prevent any form of ROP on the binaries compiled with SafeLLVM while maintaining the same functionality as the original binaries.

翻译：内存安全是构建安全可靠软件系统的基石，能够有效防范多种漏洞和利用技术。其中，我们重点关注面向返回编程（ROP）。ROP的攻击机制如下：攻击者通过内存破坏攻击控制程序执行流，随后利用已存在于程序内存中的代码片段（即"小工具"）达成预期攻击效果。本文提出SafeLLVM方案，旨在最小化基于LLVM基础设施编译的x86-64二进制文件中的小工具数量。基于先前工作提出的技术框架，我们在LLVM编译器后端实现了一系列优化遍（pass），通过最大程度削减现存小工具数量来防范ROP攻击。我们通过编译包括cJSON、zlib、curl和mimalloc在内的多个真实应用对方案进行评估。结果表明，本方案在保持与原始二进制相同功能的同时，能够完全阻止经SafeLLVM编译的二进制文件遭受任何形式的ROP攻击。