[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: detect signing oracles (PR #134146)
Kristof Beyls via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Fri Apr 25 04:45:54 PDT 2025
================
@@ -591,7 +591,9 @@ obscure_indirect_call_arg_nocfg:
.globl safe_lr_at_function_entry_nocfg
.type safe_lr_at_function_entry_nocfg, at function
safe_lr_at_function_entry_nocfg:
-// CHECK-NOT: safe_lr_at_function_entry_nocfg
+// Due to state being reset after a label, paciasp is reported as
+// a signing oracle - this is a known false positive, ignore it.
+// CHECK-NOT: non-protected call{{.*}}safe_lr_at_function_entry_nocfg
cbz x0, 1f
ret // LR is safe at the start of the function
1:
----------------
kbeyls wrote:
<!--__GRAPHITE_HTML_TAG_START__--><p class='graphite__hidden'><i>[Re: lines +594 to +600]</i></p><!--__GRAPHITE_HTML_TAG_END__-->
I'm wondering if this false positive pattern could end up appearing quite a few times in real code, specifically in code that has been shrink-wrap optimized?
Did you run this scanner on a larger code base? How many and what kind of false positives did you see?
<!--__GRAPHITE_HTML_TAG_START__--><p class='graphite__hidden'>See this comment inline on <a href="https://app.graphite.dev/github/pr/llvm/llvm-project/134146?utm_source=unchanged-line-comment">Graphite</a>.</p><!--__GRAPHITE_HTML_TAG_END__-->
https://github.com/llvm/llvm-project/pull/134146
More information about the llvm-branch-commits
mailing list