<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/98054>98054</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [PAC][AArch64] Unify LR signing implementations
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          kovdan01
      </td>
    </tr>
</table>

<pre>
    Currently, two LR signing implementations exist:
1. One enabled with `-mbranch-protection=pac-ret[+b-key|+leaf|+pc]*`. This is present in current mainline llvm. Details:
   a)`sign-return-address` llvm module flag is set (and optionally `sign-return-address-all` with `+leaf`);
   b) `PAUTH_PROLOGUE` and `PAUTH_EPILOGUE` pseudo-instructions are emitted in `AArch64FrameLowering::emitPrologue` and `AArch64FrameLowering::emitEpilogue`; these pseudos are later expanded by `AArch64PointerAuth` pass;
   c) both A and B keys can be used (depending on `+b-key` and corresponding function attribute `sign-return-address-key` or module flag `sign-return-address-with-bkey`);
   d) using `pc` register as additional modifier is supported with `+pc` (corresponding module flag is `branch-protection-pauth-lr`).

2. One enabled with `-fptrauth-returns`. This is present in Apple downstream and is a subject for upstreaming.
   a) `ptrauth-returns` attribute is set on functions we want this to be enabled;
   b) actual codegen logic is implemented in `AArch64FrameLowering::emitPrologue` and `AArch64FrameLowering::emitEpilogue` - we emit actual instructions like `pacibsp` directly there;
   c) B key is always used;
   d) using `pc` register as additional modifier is **not** supported.

See also https://github.com/llvm/llvm-project/pull/97237#discussion_r1666090234

TODO:

1. Ensure if `fptrauth-returns` is equal to `-mbranch-protection=pac-ret+b-key`. Several downstream patches are subject for investigation here:
   a) https://github.com/ahmedbougacha/llvm-project/commit/c84e3837e017cf1335405855b73b2ccd2754a263
 b) https://github.com/ahmedbougacha/llvm-project/commit/252558afa626a700770b77dd629bd0b0ca575027

 If there is downstream functionality present for `-fptrauth-returns` in downstream but not present for `-mbranch-protection=pac-ret` in mainline - upstream that.

2. Make upstream generate code equal to downstream when `-fptrauth-returns` is passed without bringing the second implementation to mainline. Only present mainline implementation should be left in terms of codegen, probably with some additions (see previous point). Possible ways to do that:

   a) set "sign-return-address" and "sign-return-address-with-bkey" function attributes when `-fptrauth-returns` is passed;
   b) set "ptrauth-returns" function attribute (like in downstream and similar to other attributes like "ptrauth-calls", "ptrauth-auth-traps", etc) and add a check against that near existing checks against "sign-return-address" and "sign-return-address-with-bkey".

3. Support `-mbranch-protection=pauthabi+pac-ret+b-key`. Since `pac-ret+b-key` should do the same thing as `-fptrauth-returns`, it's a subset of `pauthabi`, so no reason for not supporting that. As for now, we explicitly do not support that (see #97237)

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy8V11v47oR_TX0y8CGQlmS9eAHZ7NpL7BFgru7zxcUOZbYUKRKUvH63xdDyY6dr7boxX1JBJPzdXjmDClC0K1F3LLilhV3CzHGzvntk3tWwmY3i8ap4_bL6D3aaI6Mf4F4cPDtdyAzbVvQ_WCwRxtF1M4GwF86RJbvWHbHst3NCh4sAlrRGFRw0LEDVmbLvvHCym45eBdRkiXL7wYhlx4jZcJvm-UTHln1hfFbg2I_fQ2SFXeM71iZreBHpwPoAIPHgDaCtiCnRKEX2hptEYx57ldwh1FoE85ZAYBgvGZlRlVQzNHbpVDKYwiszJIZ9E6NBmFvREthAkZgfCOsAjdQxsKYI7zvYymMIT-nek9F0FfN8ttzGg3jNW143P388fc_Hn9_-Pbwt59fyZTinBe-Pv52XhgCjsottQ3Rj3ICXXgE7HWMqAgGVma7nZddub73osdv7oBe25bqz3e079E749oRLwJ9bvB10CcDlt9C7DDgnMkU3YiIHvDXIKxCBc3xwuej0zai342xSwWIEC4xkIRB42IHu5TMLTzhMYAUFhqEMaAi3BUOaBUxztkZ0okicwnSeY9hcNOe_WgTNCBi9LoZI350UrML56_O-4PNdJ7LZjJ5dZKKqhgDBWdlNkhy6rHVgXARAYRSemINBdJ7jT6xahwG5-NFb0w0LzMq-rqoV4RkZfami5YDNfDS-CnB1ZTe9Jd_0Iv7IfpkNRUbPmqu3TAYBOUOxDwUfYJdBxAQxuafKCPsnYdxmFa1bVdX3ZZgeRPp4oDmHnP2fHoBDggHYSNESic6IsSc_5suEjKOwoB0Clu0YFyrJfk8C9Rf0BuwpIzpx1M6V21q9FPi4SCkbsJABkp7lNEcqaU8vmmL1AsJZHMQx5C64U9gHUko31kXp48XFl4R5jsiCBMcdDEOST35PeP3rY7d2Kyk6xm_J6Wc_xENiQaM3w-jMYzf1xXPK8ZzpYMcQ9DO_uFvyrLM6ozn68tQPx7uHs7yfB4dX20YPYLeU3Hv0JRKwX8RzNH957HyIhgr-I7P6IW5ZPMgouxwUrNLQmv7jCHqNs03mE7peo58ho_oelSNG1shO_EWKOn6XqePzRrzTV5hdlPJ_U2eF-us2BRFU-UNl1LxqlgLXuZz4OZPCssLXhQbsRclL0WVZVWVNVWlVMnrRmVNJkVRFRmvLg8GfttPbCX4LwA8da0wOh7PwkEQfqAy1I4X9s0Ywbr4xvLTQ528nOf98qw_EDsRX-vfP8QTvuxo0aIXEZNmvBDpIqVDh_bj7EMaZbOUujFCQ8JAvRg7hIDSkUBe3Y_I_ylZkmPzAtS5hlcWoXOjUaR8BvdJiCP6PoDbn7SObmWDd41ozHGS9eB6PPc-tfsmIFKkZ-3GAAMNZBoP8OhC0I0hlT2GqfgE3KtePBF9ugPx925NnE9q-e7qxeDk_J3hHP5LpN-I_pzQa5t3gxAMSYGvaUdZB91rIzwB4Ijal5lNov0SQwpjKAKhfvFz-hO9GE5rGJOCk3uhFAiQHconEK2gmZBQBovCTzdmYk3aEM47_m-gr9ifr-D7pPKfNdUYO9FouoK8J5raytP8erV4YmmiD0IQPdLMti0NoQ-OlUAiEarmK0Qa_vvJ_5zHtCk4sA48ikB3A-eTSswja-o2EVewC_PagWxoDP8ajJaahqtylzYT9nNTMJ7PY6qegFqoba7qvBYL3N5UPFsXdb6uF90Wq7LaZ40o6kZmN2WxERLzvFpvqqKo9gVf6C3P-Dqrss1NxTnfrOpa4Vpt8jzf1FLViq0z7IU2q_Qscb5d6BBG3NabrFgvjGjQhPQQ49ziAdIisam4W_htkvBmbANbZ0aHGF68RB1NesE97r7QA6m4nW8srLiDn1bvj5-82BajN9v_ecKn3ALN-JT785b_OwAA__9HT7hy">