| Input: Instrumented LLVM-IR code generated in stage-4 of tag-protection pass; memory |
| map table ; Dedicated tag address |
| Output: Final Instrumented LLVM-IR code generated through LLVM opt command using stage-5 of tag-protection pass |
| for each function definition in do |
| for each instruction in do |
| if is function call without definition and not a memory allocation or deallocation call then |
| for each function argument in do |
| Create two memory objects and . Retrieve respective |
| and marks from . |
| Read address location next to address before instruction and |
| store the read value in . |
| Read address location next to address after instruction and store |
| the read value in . |
| Place tag check instruction after function call comparing and memory objects. |
| end |
| end |
| if is a STORE instruction and updates a memory object then |
| Retrieve respective and marks from and get address |
| to be accessed by the instruction. |
| Perform dangling pointer dereference check. compare with the . |
| Perform address comparison checks: with the and . |
| end |
| if is a LOAD instruction and read from allocated memory object then |
| Retrieve respective and marks from and get address to be accessed |
| by the instruction. |
| Perform dangling pointer dereference check. compare with the . |
| Perform address comparison checks: with the and . |
| end |
| end |
| end |
| Delete memory map table . |
| Save modified LLVM-IR code as a final instrumented LLVM-IR code |
