[all-commits] [llvm/llvm-project] 6e4796: [CodeGen][KCFI] Allow setting type hash from xxHas...

Kees Cook via All-commits all-commits at lists.llvm.org
Wed Dec 3 15:09:26 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 6e479668ba746ee3778b7ab59b7c415976719c93
      https://github.com/llvm/llvm-project/commit/6e479668ba746ee3778b7ab59b7c415976719c93
  Author: Kees Cook <kees at kernel.org>
  Date:   2025-12-03 (Wed, 03 Dec 2025)

  Changed paths:
    M clang/include/clang/Basic/CodeGenOptions.h
    M clang/include/clang/Options/Options.td
    M clang/lib/CodeGen/CodeGenModule.cpp
    M clang/test/CodeGen/cfi-salt.c
    A clang/test/CodeGen/kcfi-hash.c
    M clang/test/CodeGen/kcfi.c
    A llvm/include/llvm/Support/Hash.h
    M llvm/lib/Support/CMakeLists.txt
    A llvm/lib/Support/Hash.cpp
    M llvm/lib/Transforms/Instrumentation/KCFI.cpp
    M llvm/lib/Transforms/Utils/ModuleUtils.cpp

  Log Message:
  -----------
  [CodeGen][KCFI] Allow setting type hash from xxHash64 to FNV-1a (#167254)

When emitting the assembly .set directive, KCFI needs to use
getZExtValue(). However, this means that FileCheck pattern matching can't
match between the .set directive and the IR when the high bit of a 32-bit
value is set. We had gotten lucky with the existing tests happening to
just not have had the high bit set. The coming hash change will expose
this, though.

LLVM IR's default printing behavior uses APInt::operator<<, which calls
APInt::print(OS, /*isSigned=*/true). This means KCFI operand bundles in
call instructions print as signed (e.g. [ "kcfi"(i32 -1208803271) ]),
and KCFI type metadata prints as signed (e.g. !3 = !{i32 -1208803271}).
Changing the IR to print unsigned i32 values would impact hundreds of
existing tests, so it is best to just leave it be.

Update the KCFI .set direct to use getSExtValue() in a comment so that
we can both build correctly and use FileCheck with pattern matching in
tests.

KCFI generates hashes in two places. Instead of exposing the hash
implementation in both places, introduce a helper that wraps the
specific hash implementation in a single place, llvm::getKCFITypeID.

In order to transition between KCFI hash, we need to be able to specify
them. Add the Clang option -fsanitize-kcfi-hash= and a IR module option
"kcfi-hash" that can choose between xxHash64 and FNV-1a. Default to
xxHash64 to stay backward compatible, as we'll need to also update rustc
to take a new option to change the hash to FNV-1a for interop with the
coming GCC KCFI.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list