[all-commits] [llvm/llvm-project] 850b49: [BOLT][binary-analysis] Add initial pac-ret gadget...

Kristof Beyls via All-commits all-commits at lists.llvm.org
Sun Feb 23 23:26:51 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 850b49297615a613ac83adca2c9cf823a4b8ef95
      https://github.com/llvm/llvm-project/commit/850b49297615a613ac83adca2c9cf823a4b8ef95
  Author: Kristof Beyls <kristof.beyls at arm.com>
  Date:   2025-02-24 (Mon, 24 Feb 2025)

  Changed paths:
    M bolt/docs/BinaryAnalysis.md
    M bolt/include/bolt/Core/MCPlusBuilder.h
    A bolt/include/bolt/Passes/NonPacProtectedRetAnalysis.h
    M bolt/include/bolt/Utils/CommandLineOpts.h
    M bolt/lib/Passes/CMakeLists.txt
    A bolt/lib/Passes/NonPacProtectedRetAnalysis.cpp
    M bolt/lib/Rewrite/RewriteInstance.cpp
    M bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
    M bolt/test/binary-analysis/AArch64/cmdline-args.test
    A bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s
    A bolt/test/binary-analysis/AArch64/gs-pacret-multi-bb.s
    M bolt/test/binary-analysis/AArch64/lit.local.cfg

  Log Message:
  -----------
  [BOLT][binary-analysis] Add initial pac-ret gadget scanner (#122304)

This adds an initial pac-ret gadget scanner to the
llvm-bolt-binary-analysis-tool.

The scanner is taken from the prototype that was published last year at
https://github.com/llvm/llvm-project/compare/main...kbeyls:llvm-project:bolt-gadget-scanner-prototype,
and has been discussed in RFC

https://discourse.llvm.org/t/rfc-bolt-based-binary-analysis-tool-to-verify-correctness-of-security-hardening/78148
and in the EuroLLVM 2024 keynote "Does LLVM implement security
hardenings correctly? A BOLT-based static analyzer to the rescue?"
[Video](https://youtu.be/Sn_Fxa0tdpY)
[Slides](https://llvm.org/devmtg/2024-04/slides/Keynote/Beyls_EuroLLVM2024_security_hardening_keynote.pdf)

In the spirit of incremental development, this PR aims to add a minimal
implementation that is "fully working" on its own, but has major
limitations, as described in the bolt/docs/BinaryAnalysis.md
documentation in this proposed commit. These and other limitations will
be fixed in follow-on PRs, mostly based on code already existing in the
prototype branch. I hope incrementally upstreaming will make it easier
to review the code.

Note that I believe that this could also form the basis of a scanner to
analyze correct implementation of PAuthABI.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list