[PATCH] D112941: [clang] Add support for the new pointer authentication builtins.

Kristof Beyls via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Nov 5 03:07:28 PDT 2021 

kristof.beyls added inline comments.


================
Comment at: clang/include/clang/Driver/Options.td:2865-2872
+let Group = f_Group in {
+  let Flags = [CC1Option] in {
+    def fptrauth_intrinsics : Flag<["-"], "fptrauth-intrinsics">,
+      HelpText<"Enable pointer-authentication intrinsics">;
+  }
+  def fno_ptrauth_intrinsics : Flag<["-"], "fno-ptrauth-intrinsics">;
+}
----------------
My impression is that generally for `__builtin_XXX` intrinsics, there are no compiler flags to make them available or remove their availability.
Is there a good reason why a command line option is needed for the `__builtin_ptrauth` intrinsics, but not (IIUC) for most or any other existing `__builtin_XXX` intrinsic?
If there is no good reason, it seems better to me to not have a command line option so there is better consistency across all `__builtin_XXX` intrinsics?

(after having read more of the patch): my impression has changed now that the f(no-)ptrauth-intrinsics flag rather selects whether the ptrauth intrinsics get lowered to PAuth hardware instructions, or to "regular" instructions emulating the behavior of authenticated pointers. If that is correct (and assuming it's a useful option to have), I would guess a different name for the command line option could be less misleading. As is, it suggests this selects whether ptrauth_ intrinsics are available or not. If instead, as I'm guessing above, this selects whether ptrauth_ intrinsics get lowered to PAuth instructions or not, maybe something like '-femulate-ptrauth' would describe the effect of the command line switch a bit better?


================
Comment at: clang/lib/Headers/ptrauth.h:19-37
+  /* A process-independent key which can be used to sign code pointers.
+     Signing and authenticating with this key is a no-op in processes
+     which disable ABI pointer authentication. */
+  ptrauth_key_process_independent_code = ptrauth_key_asia,
+
+  /* A process-specific key which can be used to sign code pointers.
+     Signing and authenticating with this key is enforced even in processes
----------------
I think, but am not sure, that the decision of which keys are process independent and which ones are process-dependent is a software platform choice?
If so, maybe ptrauth_key_process_{in,}dependent_* should only get defined conditionally?
I'm not sure if any decisions have been taken already for e.g. linux, Android, other platforms.
If not, maybe this block of code should be surrounded by an ifdef that is enabled only when targeting Darwin?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D112941/new/

https://reviews.llvm.org/D112941

More information about the cfe-commits mailing list