Compiler-level strict Control-Flow Integrity (CFI) is difficult to deploy in large C/C++ projects due to missing symbol visibility, type inconsistencies, and runtime behavioral anomalies. Method: This paper presents the first fully automated framework for enabling and evaluating CFI, integrating whole-program static analysis, guided runtime monitoring, and incremental policy tuning. It uniquely supports automatic detection, classification, and repair of CFI violations. Contribution/Results: Through iterative minimization and localized scope control, the framework injects necessary symbol visibility without manual code modification while strictly enforcing type-level CFI. Evaluated on GNU projects including util-linux, it resolves 95.8% of unintended CFI violations and preserves strict CFI for over 89% of indirect call sites, completely eliminating build-time visibility errors.

Compiler-based Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software due to visibility mismatches, type inconsistencies, and unintended behavioral failures. We present CFIghter, the first fully automated system that enables strict, type-based CFI in real-world projects by detecting, classifying, and repairing unintended policy violations exposed by the test suite. CFIghter integrates whole-program analysis with guided runtime monitoring and iteratively applies the minimal necessary adjustments to CFI enforcement only where required, stopping once all tests pass or remaining failures are deemed unresolvable. We evaluate CFIghter on four GNU projects. It resolves all visibility-related build errors and automatically repairs 95.8% of unintended CFI violations in the large, multi-library util-linux codebase, while retaining strict enforcement at over 89% of indirect control-flow sites. Across all subjects, CFIghter preserves strict type-based CFI for the majority of the codebase without requiring manual source-code changes, relying only on automatically generated visibility adjustments and localized enforcement scopes where necessary. These results show that automated compatibility repair makes strict compiler CFI practically deployable in mature, modular C software.