[llvm-branch-commits] [clang] [clang] Define ptrauth_sign_constant builtin. (PR #93904)

[Ahmed Bougacha via llvm-branch-commits]

================
@@ -58,6 +58,35 @@ void test_string_discriminator(const char *str) {
 }
 
 
+void test_sign_constant(int *dp, int (*fp)(int)) {
+  __builtin_ptrauth_sign_constant(&dv, VALID_DATA_KEY); // expected-error {{too few arguments}}
+  __builtin_ptrauth_sign_constant(&dv, VALID_DATA_KEY, &dv, &dv); // expected-error {{too many arguments}}
+
+  __builtin_ptrauth_sign_constant(mismatched_type, VALID_DATA_KEY, 0); // expected-error {{signed value must have pointer type; type here is 'struct A'}}
+  __builtin_ptrauth_sign_constant(&dv, mismatched_type, 0); // expected-error {{passing 'struct A' to parameter of incompatible type 'int'}}
+  __builtin_ptrauth_sign_constant(&dv, VALID_DATA_KEY, mismatched_type); // expected-error {{extra discriminator must have pointer or integer type; type here is 'struct A'}}
+
+  (void) __builtin_ptrauth_sign_constant(NULL, VALID_DATA_KEY, &dv); // expected-error {{argument to ptrauth_sign_constant must refer to a global variable or function}}
----------------
ahmedbougacha wrote:

We could special-case null pointers, but they're already covered by the diagnostic, which asks for global variables or functions – which NULL isn't.  For auth/sign, we don't have that sort of constraint on the pointer: it really is NULL and NULL alone that's special.

Now, the more interesting question is whether we should allow null pointers at all here.  Since defining these original builtins we have taught the qualifier to have a mode that signs/authenticates null, for some specific use-cases where replacing a signed value with NULL (which is otherwise never signed or authenticated) would bypass signing in a problematic way.
We haven't had the chance or need to revisit the builtins to allow sign/auth of NULL, but it's reasonable to add that support in the future.  We'd have to consider how to expose that in the builtins, because it's probably still something that's almost always a mistake;  more builtins would be an easy solution but maybe not a sophisticated one.

https://github.com/llvm/llvm-project/pull/93904