Bratter: An Instruction Set Extension for Forward Control-Flow Integrity in RISC-V

In recent decades, there has been an increasing number of studies on control flow integrity (CFI), particularly those implementing hardware-assisted CFI solutions that utilize a special instruction set extension. More recently, ARM and Intel, which are prominent processor architectures, also announced instruction set extensions for CFI called branch target identification (BTI) and control-flow enhancement technology (CET), respectively. However, according to our preliminary analysis, they do not support various CFI solutions in an efficient and scalable manner. In this study, we propose Bratter, a new instruction set extension for forward CFI solutions on RISC-V. At the center of Bratter, there are Branch Tag Registers and dedicated instructions for these registers. We implemented well-known CFI solutions (i.e., branch regulation and function signature check) using Bratter to evaluate its performance. Our experimental results show that, by using Bratter, even when these two solutions work together, they impose only 1.20% and 5.99% overhead for code size and execution time, respectively.