[all-commits] [llvm/llvm-project] 58edd2: [BOLT] Gadget scanner: account for BRK when search...

[Anatoly Trosinenko via All-commits]

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 58edd2767097cfcbeb4a076ca51b379e307a3573
      https://github.com/llvm/llvm-project/commit/58edd2767097cfcbeb4a076ca51b379e307a3573
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-08-25 (Mon, 25 Aug 2025)

  Changed paths:
    M bolt/include/bolt/Core/MCPlusBuilder.h
    M bolt/lib/Passes/PAuthGadgetScanner.cpp
    M bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
    M bolt/test/binary-analysis/AArch64/gs-pauth-address-checks.s
    M bolt/test/binary-analysis/AArch64/gs-pauth-authentication-oracles.s
    M bolt/test/binary-analysis/AArch64/gs-pauth-signing-oracles.s
    A bolt/test/binary-analysis/AArch64/trap-instructions.s

  Log Message:
  -----------
  [BOLT] Gadget scanner: account for BRK when searching for auth oracles (#137975)

An authenticated pointer can be explicitly checked by the compiler via a
sequence of instructions that executes BRK on failure. It is important
to recognize such BRK instruction as checking every register (as it is
expected to immediately trigger an abnormal program termination) to
prevent false positive reports about authentication oracles:

      autia   x2, x3
      autia   x0, x1
      ; neither x0 nor x2 are checked at this point
      eor     x16, x0, x0, lsl #1
      tbz     x16, #62, on_success ; marks x0 as checked
      ; end of BB: for x2 to be checked here, it must be checked in both
      ; successor basic blocks
    on_failure:
      brk     0xc470
    on_success:
      ; x2 is checked
      ldr     x1, [x2] ; marks x2 as checked



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications