LLVM’s forward-edge Control-Flow Integrity (CFI) lacks practical guidance for vulnerability-specific deployment in real-world development. Method: We propose the first systematic taxonomy mapping CFI protection capabilities to memory vulnerability categories, grounded in the KEV Top 10 critical vulnerabilities. We identify and validate four representative memory corruption classes (e.g., use-after-free, stack overflow) through CVE case studies, attack pattern modeling, and empirical reproduction in realistic environments. Contribution/Results: Experiments demonstrate that CFI effectively prevents control-flow hijacking for two vulnerability classes, while precisely delineating its protection boundaries and failure modes—particularly against vulnerabilities exploiting unvalidated indirect call targets. Our findings provide empirically grounded decision frameworks, deployment strategies, and optimization guidelines for incrementally integrating CFI into legacy codebases, thereby addressing a critical methodological gap in CFI’s practical adoption and engineering deployment.

Memory corruption vulnerabilities remain one of the most severe threats to software security. They often allow attackers to achieve arbitrary code execution by redirecting a vulnerable program's control flow. While Control Flow Integrity (CFI) has gained traction to mitigate this exploitation path, developers are not provided with any direction on how to apply CFI to real-world software. In this work, we establish a taxonomy mapping LLVM's forward-edge CFI variants to memory corruption vulnerability classes, offering actionable guidance for developers seeking to deploy CFI incrementally in existing codebases. Based on the Top 10 Known Exploited Vulnerabilities (KEV) list, we identify four high-impact vulnerability categories and select one representative CVE for each. We evaluate LLVM's CFI against each CVE and explain why CFI blocks exploitation in two cases while failing in the other two, illustrating its potential and current limitations. Our findings support informed deployment decisions and provide a foundation for improving the practical use of CFI in production systems.