[all-commits] [llvm/llvm-project] b5a5ea: [BOLT] Introduce helpers to match `MCInst`s one at...
Anatoly Trosinenko via All-commits
all-commits at lists.llvm.org
Tue Aug 26 13:47:29 PDT 2025
Branch: refs/heads/users/atrosinenko/bolt-gs-modernize
Home: https://github.com/llvm/llvm-project
Commit: b5a5ea9b2fc7a85760064994bea7153bb91b746b
https://github.com/llvm/llvm-project/commit/b5a5ea9b2fc7a85760064994bea7153bb91b746b
Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
Date: 2025-08-26 (Tue, 26 Aug 2025)
Changed paths:
M bolt/include/bolt/Core/MCInstUtils.h
M bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
Log Message:
-----------
[BOLT] Introduce helpers to match `MCInst`s one at a time (NFC)
Introduce matchInst helper function to capture and/or match the operands
of MCInst. Unlike the existing `MCPlusBuilder::MCInstMatcher` machinery,
matchInst is intended for the use cases when precise control over the
instruction order is required. For example, when validating PtrAuth
hardening, all registers are usually considered unsafe after a function
call, even though callee-saved registers should preserve their old
values *under normal operation*.
Commit: 750f4224326073253eecd81d16a1e410b2f489ef
https://github.com/llvm/llvm-project/commit/750f4224326073253eecd81d16a1e410b2f489ef
Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
Date: 2025-08-26 (Tue, 26 Aug 2025)
Changed paths:
M bolt/include/bolt/Core/MCInstUtils.h
M bolt/include/bolt/Core/MCPlusBuilder.h
M bolt/lib/Core/MCInstUtils.cpp
M bolt/lib/Passes/PAuthGadgetScanner.cpp
M bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
A bolt/test/binary-analysis/AArch64/gs-pauth-jump-table.s
Log Message:
-----------
[BOLT] Gadget scanner: prevent false positives due to jump tables
As part of PAuth hardening, AArch64 LLVM backend can use a special
BR_JumpTable pseudo (enabled by -faarch64-jump-table-hardening
Clang option) which is expanded in the AsmPrinter into a contiguous
sequence without unsafe instructions in the middle.
This commit adds another target-specific callback to MCPlusBuilder
to make it possible to inhibit false positives for known-safe jump
table dispatch sequences. Without special handling, the branch
instruction is likely to be reported as a non-protected call (as its
destination is not produced by an auth instruction, PC-relative address
materialization, etc.) and possibly as a tail call being performed with
unsafe link register (as the detection whether the branch instruction
is a tail call is an heuristic).
For now, only the specific instruction sequence used by the AArch64
LLVM backend is matched.
Commit: ca11a615dfd5e589cbc864aacbb5bc165b81ad05
https://github.com/llvm/llvm-project/commit/ca11a615dfd5e589cbc864aacbb5bc165b81ad05
Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
Date: 2025-08-26 (Tue, 26 Aug 2025)
Changed paths:
M bolt/test/binary-analysis/AArch64/gs-pauth-jump-table.s
Log Message:
-----------
Update warning message in tests
Commit: fb4ed5bb184bed623ad052ae849532f7d12c840d
https://github.com/llvm/llvm-project/commit/fb4ed5bb184bed623ad052ae849532f7d12c840d
Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
Date: 2025-08-26 (Tue, 26 Aug 2025)
Changed paths:
M bolt/lib/Passes/PAuthGadgetScanner.cpp
M bolt/test/binary-analysis/AArch64/cmdline-args.test
M bolt/test/binary-analysis/AArch64/gs-pauth-authentication-oracles.s
M bolt/test/binary-analysis/AArch64/gs-pauth-calls.s
M bolt/test/binary-analysis/AArch64/gs-pauth-debug-output.s
M bolt/test/binary-analysis/AArch64/gs-pauth-jump-table.s
M bolt/test/binary-analysis/AArch64/gs-pauth-signing-oracles.s
M bolt/test/binary-analysis/AArch64/gs-pauth-tail-calls.s
Log Message:
-----------
[BOLT] Gadget scanner: optionally assume auth traps on failure
On AArch64 it is possible for an auth instruction to either return an
invalid address value on failure (without FEAT_FPAC) or generate an
error (with FEAT_FPAC). It thus may be possible to never emit explicit
pointer checks, if the target CPU is known to support FEAT_FPAC.
This commit implements an --auth-traps-on-failure command line option,
which essentially makes "safe-to-dereference" and "trusted" register
properties identical and disables scanning for authentication oracles
completely.
Commit: d0603f27461070d4c633e84b8225022cb4f32824
https://github.com/llvm/llvm-project/commit/d0603f27461070d4c633e84b8225022cb4f32824
Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
Date: 2025-08-26 (Tue, 26 Aug 2025)
Changed paths:
M bolt/lib/Passes/PAuthGadgetScanner.cpp
M bolt/test/binary-analysis/AArch64/gs-pauth-debug-output.s
Log Message:
-----------
[BOLT] Gadget scanner: make use of C++17 features and LLVM helpers
Perform trivial syntactical cleanups:
* make use of structured binding declarations
* use LLVM utility functions when appropriate
* omit braces around single expression inside single-line LLVM_DEBUG()
This patch is NFC aside from minor debug output changes.
Compare: https://github.com/llvm/llvm-project/compare/648a25cd1f4f...d0603f274610
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list