“…In general, there are two main approaches to protect the integrity of backward edges during runtime: (1) check-based approaches including µRAI [2], PittyPat [18], CFL [7], PT-CFI [25], τ CFI [34], which check if the function ret instruction targets the legitimate return address; and (2) stack-discipline-based approaches including SafeStack [15], RAD [13], Microsoft's RFG [52], Zieris et al [55], Shadesmar [11], BinCFI [54], GCC's ShadowStack [19], and double stacks [17]. However, most shadow stack techniques rely on information hiding for security.…”